IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
28 August 2025
Jens Groth, Harjasleen Malvai, Andrew Miller, Yi-Nuo Zhang
We propose a constraint-efficient alternative: a map-to-elliptic-curve-group relation that bypasses the need for cryptographic hash functions and can serve as a drop-in replacement for hash-to-curve constructions in practical settings, including the aforementioned applications. Our relation naturally supports non-deterministic map-to-curve choices making them more efficient in constraint programming frameworks and enabling efficient integration into zero-knowledge proofs. We formally analyze the security of our approach in the elliptic curve generic group model (EC-GGM).
Our implementation in Noir/Barretenberg demonstrates the efficiency of our construction in constraint programming: it achieves over $23\times$ fewer constraints than the best hash-to-elliptic-curve-group alternatives, and, enables $50$-$100\times$ faster proving times at scale.
Sayon Duttagupta, Dave Singelée, Xavier Carpent, Volkan Guler, Takahito Yoshizawa, Seyed Farhad Aghili, Aysajan Abidin, Bart Preneel
Riddhi Ghosal, Isaac M. Hair, Aayush Jain, Amit Sahai
Dmitry Khovratovich, Mikhail Vladimirov, Benedikt Wagner
We demonstrate a novel solution to this dilemma, which we call hybrid compression. Our method allows us to use two different hash functions—one optimized for the proof circuit, and another optimized for on-chain verification—thereby combining the efficiency advantages of both. We prove the security of this approach in the standard model under reasonable assumptions about the two hash functions, and our benchmarks show that it achieves near-optimal performance in both gas usage and prover time. As an example, compressing an 8 KB statement with our approach results in a 10-second prover time and a smart contract spending 270K gas, whereas the existing approaches either need a much longer proof generation (290 seconds for SHA-256 hashing) or a much more expensive contract (5M gas for Poseidon hashing).
Along the way, we develop a two-party protocol of independent interest in communication complexity: an efficient deterministic method for checking input equality when the two parties do not share the same hash function.
Qi Cheng, Hongru Cao, Sian-Jheng Lin, Nenghai Yu, Yunghsiang S. Han, Xianhong Xie
Yimeng Sun, Jiamin Cui, Shiyao Chen, Meiqin Wang, Longzheng Cui, Chao Niu
In this paper, to address such counter-intuitive gaps between existing attacks on LowMC with full S-box layers using a single and two plaintext/ciphertext pairs, we first develop an algebraic key-derived attack framework, where an algebraic property of the key-derived difference is utilized to build an equation system with lower algebraic degree. This directly contributes to less cost for solving equation system and naturally works under known-plaintext setting, which can be further enhanced with chosen-plaintext attack setting. We then present an improved difference enumeration attack framework. Instead of enumerating all possible differences in the second round, variables for part of S-boxes in the second and third rounds are introduced to derive cubic equations, which will lead to fewer variables for the last round. Finally, applying our new attack frameworks to LowMC, we propose \text{8-round} attacks on LowMC for the very first time, which remain under known-plaintext setting. Moreover, we give the first attacks on three LowMC instances, \ie 129-bit block size of 6 rounds and 129-/192-bit block size of 7 rounds, which cannot be obtained using previous attacking methods. Also, previous attacks on LowMC from 4 to 7 rounds could be improved for almost all three LowMC instances in this paper. All these results, we believe, could be a positive answer that given one more pair, more information indeed can be gained to improve attacks on LowMC when compared to those using only a single plaintext. As well as our newly proposed algebraic key-derived attack framework, we hope that, could provide more insights into the cryptanalysis of LowMC with low allowable data complexity.
Yanyi Liu, Rafael Pass
Roughly speaking, our main result shows that under a natural strengthening of standard-type derandomization assumptions, worst-case hardness of the \emph{boundary} version of this classic problem characterizes OWFs.
In more detail, let $\bKtA$ denote the problem of, given an instance $x$, deciding whether (a) $K^{t_2}(x)\geq n-1$, or (b) $K^{t_1}(x) < n-1$ \emph{but} $K^{t_2}> n - \log n$; that is, deciding whether $x$ is $K^t$-random, or just ``near" $K^t$-random. We say that $\bKpolyA \notin \ioBPP$ if $\bKpolyA \notin \ioBPP$ for all polynomials $t_1,t_2$.
We show that under a natural strengthening of standard derandomization assumptions (namely, there exists a constant $\varepsilon > 0$ such that $\E \not\subseteq {\sf ioNTIME}[2^{kn}] \slash 2^{\varepsilon n}$ for every $k \in \N$), OWF exist iff $\bKpolyA \notin \ioBPP$. Along the way, we also demonstrate that if we consider the probabilistic version of Kolmogorov complexity (referred to as $pK^t$) instead, then the characterization holds unconditionally.
We finally observe that for most standard optimization problems, hardness ``along boundary" is equivalent to ``plain" worst-case hardness, indicating that assuming hardness along the boundary may be WLOG.
Julius Hermelink, Erik Mårtensson, Maggie Tran
We then discuss several oracle instantiations based on the noisy Hamming weight model. These oracles rely on widely accepted assumptions while also being easy to simulate and allowing for fair comparisons between different attacks. Furthermore, we take masking countermeasures into account. Our evaluations in these and previous models show that PC-oracle attacks are highly noise-tolerant -- on an entirely different scale compared to previous work. These improvements are of algorithmic nature and orthogonal to the fact that the Fujisaki-Okamoto transform in ML-KEM offers a large attack surface. We discuss the implications of our findings for protected ML-KEM implementations.
Tim Beyne, Gregor Leander, Immo Schütt
Haoyu Liao, Qingbin Luo
Yao Sun, Ting Li
Cong Ling
21 August 2025
Taipei, Taiwan, 8 March 2026
Submission deadline: 1 November 2025
Notification: 19 December 2025
Groningen, Netherlands, 6 July - 10 July 2026
Submission deadline: 27 January 2026
Notification: 20 April 2026
Bengaluru, India, 1 June - 6 June 2026
Submission deadline: 25 August 2025
Notification: 19 November 2025
ATSEC Information Security Corporation, Austin, TX
atsec is looking for cryptography experts to join our team in Austin, TX as product-oriented information security analysts. These positions may be at an entry, senior or principal level, depending on your applicable work experience and skill sets.
- As an analyst, you are expected to:
- Learn and use security concepts and techniques such as entropy, access control, authentication, auditing, side-channel analysis, etc.
- Become fluent in security standards such as FIPS 140 and Common Criteria
- Master and serve as an authority in technical domains such as cryptography, network protocols/security, hardware security, software engineering, database, mobile devices, virtualization and operating systems
- Apply your knowledge and talents to scrutinize the security architecture, implementation, and deployment of a variety of cutting-edge IT products
- Support atsec customers in security related areas and become, or continue to be, a recognized industry expert in your field
Qualifications:
Candidates possessing a solid understanding of cryptography and its use in data protection will have an advantage in our hiring process.
- This position does requires the following:
- A degree in Mathematics or Electric Engineering with Computer Science emphasis or vice versa (equivalent experience may be acceptable)
- Knowledge of cryptographic algorithms, and the mathematical concepts behind them
- Strong programming and code analysis skills
- Familiarity with Unix-based command line environments (e.g., Linux)
- Knowledge of network protocols (e.g., TLS/SSL, SSH, IPsec, IKE, SRTP, SNMP)
- Knowledge of information security (e.g., authentication, access control, network security)
- Strong technical report writing skills
- Team player who can work independently
- Eagerness to delve into technical subjects
- Enthusiasm, good customer interface skills, positive attitude, strong communication skills (written and verbal), and effective teamwork and technical collaboration skills
- The flexibility to travel
Closing date for applications:
Contact: Send resume to us-jobs@atsec.com
More information: https://www.atsec.com/
University of South Florida, Tampa, Florida
The required expertise includes:
- Master’s in Computer Engineering or Computer Science with hardware background (do not contact if you have not obtained a Master’s degree, this position is not for direct Bachelor’s to Ph.D.)
- Solid background in cryptographic engineering and theory of cryptography
- Solid HDL and FPGA/ARM expertise
- Outstanding English (if English tests are taken) to be eligible for funding
- Motivation to work beyond the expectations from an average Ph.D. student and publish in top tier venues Please closely observe the admission requirement details before emailing.
We are looking for motivated, talented, and hardworking applicants who have background and are interested in working on different aspects of Cryptographic Engineering with emphasis on hardware/software implementation, and side-channel attacks.
Please send email me your updated CV (including list of publications, language test marks, and references), transcripts for B.Sc. and M.Sc., and a statement of interest to: mehran2 (at) usf.edu as soon as possible. NOTE: The successful candidate will be asked to apply formally very soon to the college, so all the material has to be ready. We do not require GRE.
Research Webpage: https://cse.usf.edu/~mehran2/
Closing date for applications:
Contact: Mehran Mozaffari Kermani
DTU Electro, DTU, Denmark
Closing date for applications:
Contact: stakr@dtu.dk
University of Canterbury, Department of Computer Science and Software Engineering; Christchurch, NZ
We invite applications for a Lecturer/Senior Lecturer position in Cybersecurity. The level of appointment will depend on the successful candidate's relevant experience.
We welcome applications from candidates conducting cutting-edge research in any area of cybersecurity. Areas of interest include, but are not limited to: adversarial machine learning, post-quantum cryptography, privacy-enhancing technologies, software and supply chain security, secure systems and memory-safe languages, cloud and virtualization security, human-centred and usable security, and the security implications of AI systems. We are particularly interested in candidates whose work addresses emerging threats, combines theory and practice, or takes an interdisciplinary approach to security and privacy.
You will contribute to teaching in core cybersecurity and computer networking subjects, as well as being encouraged to develop a strong, externally funded research programme, supervise undergraduate and postgraduate students, and collaborate with other academics in the department's teaching and research activities. The appointee will be expected to develop links with and contribute to the wider computer science and/or software engineering profession at local, national and international levels.
More information on eligibility criteria and how to apply here: https://jobs.canterbury.ac.nz/jobdetails/ajid/TFkG9/Lecturer-Senior-Lecturer-Computer-Security,26437
Closing date for applications:
Contact:
We do not accept applications by email, however, we are happy to answer any queries at WorkatUC@canterbury.ac.nz.
For further information specifically about the role, please contact: Ben Adams, benjamin.adams@canterbury.ac.nz.
More information: https://jobs.canterbury.ac.nz/jobdetails/ajid/TFkG9/Lecturer-Senior-Lecturer-Computer-Security,26437
20 August 2025
Arka Rai Choudhuri, Aarushi Goel, Aditya Hegde, Abhishek Jain
Prior work on HSS focuses on the setting where the servers are semi-honest. In this work we study HSS in the setting of malicious evaluators. We propose the notion of HSS with verifiable evaluation (ve-HSS) that guarantees correctness of output even when all the servers are corrupted. ve-HSS retains all the attractive features of HSS and adds the new feature of succinct public verification of output.
We present black-box constructions of ve-HSS by devising generic transformations for semi-honest HSS schemes (with negligible error). This provides a new non-interactive method for verifiable and private outsourcing of computation.
