24 February 2025
Monash University, Melbourne, Australia
- Developing tools and techniques for FHE-based private cloud computation applications.
- Theory and applications of zk-SNARKs in FHE-based cloud computation.
- Secure and Efficient Implementations of zk-SNARK and FHE schemes and their applications.
The candidate will have the opportunity to work in an excellent research environment and collaborate with experts in cryptography and with CryptoLab industry partners, as well as contributing to supervision and training of PhD students.
Monash University is among the leading universities in Australia and is located in Melbourne, ranked as Australia's most liveable city and among the most liveable cities in the world.
Applicants should have (or be expected to complete in the next 6 months) a PhD in mathematics, theoretical computer science, cryptography, engineering or closely related areas. Research experience in at least one of lattice-based cryptography, zero-knowledge proofs, or FHE is required.
The candidate should have excellent English verbal and written communication skills. Programming experience and skills, especially in Sagemath, Python, Magma, and/or C/C++, are also highly desirable.
To apply: Please apply by filling in the application form by 21st Apr 2025 at the following URL: https://forms.gle/YYZBb5uGwq4eGpT27
Closing date for applications:
Contact: Ron Steinfeld (ron.steinfeld@monash.edu)
Research Institute Cyber Defence (CODE), Bundeswehr University Munich, Germany
We have an opening of multiple PhD and Post-Doc researchers at the Research Institute CODE in Munich, Germany. All positions are available for start from March/April 2025 and are fully funded at federal salary levels TV-ÖD E13/14. The researcher will work closely with Michael Hutter who will start a professorship in Embedded Systems Security. The candidate will have the opportunity to travel and tackle cutting-edge challenges currently facing the industry (e.g., PQShield). Candidates will also gain experience with supporting teaching activities.
We are seeking talented researchers with a strong interest and relevant experience in any of the following research areas:
- Applied cryptography with a focus on hardware and embedded systems security
- Physical attacks, side-channel leakage detection, fault analysis, hardware tampering, machine learning/deep learning/AI-driven techniques for SCA
- Secure and efficient implementations of cryptography, Post-Quantum Cryptography (PQC), privacy-preserving computing (MPC, FHE)
- ASIC/FPGA design security
Requirements:
- Master's degree or PhD in Computer Science, Information Security, etc.
- PostDoc candidates must have a strong track record
- High motivation for research work and ability to work independently
- Eager to disseminate research results through publications and presentations at top-tie conferences.
- Fluency in written and spoken English (German desirable but not required)
How to apply?
Send an email to Michael Hutter with subject "Application CODE" including your motivation letter, CV, transcripts of grades, and references.
Closing date for applications:
Contact: Prof. Michael Hutter (michutte [AT] gmail dot com)
Applications will be processed continuously until the positions are filled.
More information: https://www.unibw.de/code
University of Wollongong, Australia
Closing date for applications:
Contact: Please send your applications (CV, transcripts, contacts for references) to Dr Khoa Nguyen (khoa@uow.edu.au).
Luxembourg Institute of Science and Technology
Are you passionate about research? So are we! Come and join us
The Luxembourg Institute of Science and Technology (LIST) is a Research and Technology Organization (RTO) active in the fields of IT, materials and environment. By transforming scientific knowledge into technologies, smart data and tools, LIST empowers citizens in their choices, public authorities in their decisions and businesses in their strategies.
Do you want to know more about LIST? Check our website: https://www.list.lu/
How will you contribute?
We are looking for a motivated research engineer to support a project in the context of semi-autonomous cyber-range training and exercise scenario generation.
You will be mainly in charge of, but not limited to:
- Design and development of the architecture of a minimal testing platform for cyber range scenarios execution
- Design, development and integration of the semi-autonomous scenario generator tool
- Integration of threat intelligence sources for scenarios definition
- Prepare the tools and platform for deployment: running tests, designing, and developing APIs
- Contribution in design and develop cyber range training and exercise scenarios
- Test and validate the tools and platform on base of the selected scenarios
- Contribute to the writing of technical reports/project deliverables
Due to the nature of this position the applicant must be from a NATO member country, from an EU EEA/EFTA country or from one of the following NATO Indo-Pacific partners: Australia, Japan, Republic of South Korea and New Zealand
Closing date for applications:
Contact: Carolina DE LEON
More information: https://app.skeeled.com/offer/c/67af2e8a307a1c35c03a5ccb?lang=en&show_description=true
Mark Zhandry
Josh Alman, Yizhi Huang, Kevin Yeo
In our work, we consider whether this approach is viable by studying fine-grained complexity when all standard cryptographic assumptions are false. As our main result, we show that many popular fine-grained complexity problems are easy to solve in the average-case when one-way functions do not exist. In other words, many candidate hardness assumptions for building fine-grained cryptography are no longer options in Pessiland. As an example, we prove that the average-case $k$-$\mathsf{SUM}$ and $\mathsf{Zero}$-$k$-$\mathsf{Clique}$ conjectures are false for sufficiently large constant $k$ when no one-way functions exist. The average-case $\mathsf{Zero}$-$k$-$\mathsf{Clique}$ assumption was used to build fine-grained key-exchange by Lavigne et al. [CRYPTO'19].
We also show that barriers for reductions in fine-grained complexity may be explained by problems in cryptography. First, we show that finding faster algorithms for computing discrete logarithms is equivalent to designing average-case equivalence between $k$-$\mathsf{SUM}$ and $k$-$\mathsf{CYC}$ (an extension of $k$-$\mathsf{SUM}$ to cyclic groups). In particular, finding such a reduction from $k$-$\mathsf{CYC}$ to $k$-$\mathsf{SUM}$ could potentially lead to breakthrough algorithms for the discrete logarithm, factoring, RSA and quadratic residuosity problems. Finally, we show that discrete logarithms with preprocessing may be reduced to the $k$-$\mathsf{CYC}$-$\mathsf{Index}$ problem, and we present faster algorithms for average-case $k$-$\mathsf{SUM}$-$\mathsf{Index}$ and $k$-$\mathsf{CYC}$-$\mathsf{Index}$.
Yao-Ching Hsieh, Brent Waters, David J. Wu
Gentry and Waters (EUROCRYPT 2009) described a compiler that takes any semi-statically-secure broadcast encryption scheme and transforms it into an adaptively-secure scheme in the random oracle model. While semi-static security is easier to achieve and constructions are known from witness encryption as well as search (and target-group) assumptions on pairing groups, the transformed scheme relies on random oracles. In this work, we show that using publicly-sampleable projective PRGs, we can achieve adaptive security in the plain model. We then show how to build publicly-sampleable projective PRGs from many standard number-theoretic assumptions (e.g., CDH, LWE, RSA).
Our compiler yields the first adaptively-secure broadcast encryption scheme from search assumptions as well as the first such scheme from witness encryption in the plain model. We also obtain the first adaptively-secure pairing-based scheme in the plain model with $O_\lambda(N)$-size public keys and $O_\lambda(1)$-size ciphertexts (where $O_\lambda(\cdot)$ suppresses polynomial factors in the security parameter $\lambda$). Previous adaptively-secure pairing-based schemes in the plain model with $O_\lambda(1)$-size ciphertexts required $O_\lambda(N^2)$-size public keys.
William J Buchanan, Hisham Ali
Roberto Avanzi, Orr Dunkelman, Shibam Ghosh
The original version of the feature uses a 12-round version the $\textsf{QARMA-64}$ block cipher. The output is then truncated to between 3 and 32 bits, in order to be inserted into unused bits of 64-bit pointers. A later revision of the specification allows the use of an 8-round version of $\textsf{QARMA-64}$. This reduction may introduce vulnerabilities such as high-probability distinguishers, potentially enabling key recovery attacks. The present paper explores this avenue.
A cryptanalysis of the $\textsf{PAC}$ computation function entails restricting the inputs to valid virtual addresses, meaning that certain most significant bits are fixed to zero, and considering only the truncated output. Within these constraints, we present practical attacks on various $\textsf{PAC}$ configurations. These attacks, while not presenting immediate threat to the $\textsf{PAC}$ mechanism, show that some versions of the feature do miss the security targets made for the original function. This offers new insights into the practical security of constructing $\textsf{MAC}$ from truncated block ciphers, expanding on the mostly theoretical understanding of creating PRFs from truncated PRPs.
We note that the results do not affect the security of $\textsf{QARMA-64}$ when used with the recommended number of rounds for general purpose applications.
Shan Chen, Vukašin Karadžić
First, we construct three basic transforms that combine AE with a single hash function, which we call $\mathsf{HtAE}, \mathsf{AEaH}$ and $\mathsf{EtH}$. They all guarantee strong security, and $\mathsf{EtH}$ can be applied to both AE and basic privacy-only encryption schemes. Next, for MR security, we propose two advanced hash-based transforms that we call $\mathsf{AEtH}$ and $\mathsf{chaSIV}$. $\mathsf{AEtH}$ is an MRAE-preserving transform that adds committing security to an MR-secure AE scheme. $\mathsf{chaSIV}$ is the first generic transform that can directly elevate basic AE to one with both committing and MR security; moreover, $\mathsf{chaSIV}$ also works with arbitrary privacy-only encryption schemes. Both of them feature a simple design and ensure strong security.
For performance evaluation, we compare our transforms to similar existing ones, both in theory and through practical implementations. The results show that our $\mathsf{AEaH}$ achieves the highest practical efficiency among basic transforms, while $\mathsf{AEtH}$ excels in MRAE-preserving transforms. Our MRAE-lifting transform $\mathsf{chaSIV}$ demonstrates comparable performance to MRAE-preserving ones and surpasses them for messages larger than approximately $360$ bytes; for longer messages, it even outperforms the benchmark, non-committing standardized $\mathsf{AES}\text{-}\mathsf{GCM}\text{-}\mathsf{SIV}$.
Jinyi Qiu
21 February 2025
Karim Baghery, Ehsan Ebrahimi, Omid Mirzamohammadi, Mahdi Sedaghat
Nico Döttling, Jesko Dujmovic, Julian Loss, Maciej Obremski
Albert Garreta, Hendrik Waldner, Keterina Hristova, Luca Dall'Ava
At its core, $\mathsf{Zinc}$ is a succinct argument for proving relations over the rational numbers $\mathbb{Q}$, even though when applied to integer statements, an honest prover and verifier will only operate with small integers. $\mathsf{Zinc}$ consists of two main components: 1) $\mathsf{Zinc}$-$\mathsf{PIOP}$, a framework for proving algebraic statements over the rationals by reducing modulo a randomly chosen prime $q$, followed by running a suitable PIOP over $\mathbb{F}_q$ (this is similar to the approach taken in prior works, with the difference that we use localizations of $\mathbb{Q}$ to enable prime modular projection); and 2) $\mathsf{Zip}$, a Brakedown-type polynomial commitment scheme built from an IOP of proximity to the integers, a novel primitive that we introduce. The latter primitive guarantees that a prover is using a polynomial with coefficients close to being integral. With these two primitives in place, one can use a lookup argument over the rationals to ensure that the witness contains only integer elements.
Antonio Flórez-Gutiérrez, Eran Lambooij, Gaëtan Leurent, Håvard Raddum, Tyge Tiessen, Michiel Verbauwhede
Yu Long Chen, Avijit Dutta, Ashwin Jha, Mridul Nandi
Shang Gao, Lizhen Zhang, Bin Xiao
Dan Boneh, Aditi Partap, Lior Rotem
Our traceable threshold VRF is built from a VRF based on Paillier encryption. The starting point for our tracing algorithm is the tracing technique of Boneh-Partap-Rotem (Crypto 2024) designed for tracing leaks in the context of secret sharing. However, there are multiple technical challenges in making this approach work, and we develop the necessary tools to overcome all these challenges. The end result is a threshold VRF with a provably secure tracing algorithm.
Suvradip Chakraborty, Dennis Hofheinz, Roman Langrehr, Jesper Buus Nielsen, Christoph Striecks, Daniele Venturi
In this work, we investigate malleable SNARKs, a generalization of this concept of recursion. An adaptation of the existing concept of malleable NIZKs, malleable SNARKs allow to modify SNARK proofs to show related statements, but such that such mauled proofs are indistinguishable from “properly generated” fresh proofs of the related statement. We show how to instantiate malleable SNARKs for universal languages and relations, and give a number of applications: the first post-quantum RCCA-secure rerandomizable and updatable encryption schemes, a generic construction of reverse firewalls, and an unlinkable (i.e., computation-hiding) targeted malleable homomorphic encryption scheme.
Technically, our malleable SNARK construction relies on recursive proofs, but with a twist: in order to support the strong indistinguishability properties of mauled and fresh SNARK proofs, we need to allow an unbounded recursion depth. To still allow for a reasonable notion of extractability in this setting (and in particular to guarantee that extraction eventually finishes with a “proper” witness that does not refer to a previous SNARK proof), we rely on a new and generic computational primitive called adversarial one-way function (AOWF) that may be of independent interest. We give an AOWF candidate and prove it secure in the random oracle model.
Suvradip Chakraborty, Dennis Hofheinz, Roman Langrehr
In this work, we propose a NIKE variant that generalizes public-key and identity-based NIKE: a multi-authority identity-based NIKE (MA-ID-NIKE) is defined like an identity-based NIKE, only with several identity domains (i.e., several instances of an identity-based NIKE), and such that users from different identity domains can compute shared keys. This makes MA-ID-NIKE schemes more versatile than existing NIKE or identity-based NIKE schemes, for instance, in an application in which users from different (centrally managed) companies need to compute shared keys.
We show several results for MA-ID-NIKE schemes: - We show that MA-ID-NIKE schemes generically imply public-key NIKEs, identity-based NIKEs, as well as forward-secure NIKE schemes, the latter of which are notoriously hard to construct. - We propose two simple constructions of MA-ID-NIKE schemes from indistinguishability obfuscation (iO) and multilinear maps, respectively. These constructions achieve only selective security, but can be leveraged to adaptive security for small groups of users (that want to be able to agree on a joint shared key) in the random oracle model. - We give a simple and elegant construction of MA-ID-NIKEs from identity-based encryption (IBE) and universal samplers. This construction achieves adaptive security also for large groups of users based on the adaptive security of the used universal samplers. Universal samplers, in turn, are known to be achievable using iO in the random oracle model. As a nice feature, the same construction yields hierarchical MA-ID-NIKEs or public-key NIKEs when instantiated with hierarchical IBE or public-key encryption instead of IBE schemes. While these results are clearly only feasibility results, they do demonstrate the achievability of a concept that itself has very practical use cases.