IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
17 October 2025
Tianyu Zheng, Shang Gao, Yu Guo, Bin Xiao
Bastien Michel, Dounia M'foukh, María Naya-Plasencia
Alexander Karenin, Elena Kirshanova, Julian Nowakowski, Alexander May
Building on an idea by Espitau and Kirchner, Bernstein proposed in 2023 an LWE hybrid attack that asymptotically outperforms the primal attack. In a nutshell, Bernstein's attack enumerates some coordinates of an LWE key and uses the sophisticated Batch-CVP {\em (Randomized) Slicer} algorithm to solve LWE in a dimension-reduced lattice. The practical implications of this attack however remain widely unclear. One of the major obstacles for judging practicality is the lack of a fast, fully functional Slicer implementation. For the first time, we provide an efficient Slicer implementation that includes all required algorithmic ingredients like locality sensitive hashing.
Building on our Slicer implementation, we implement a generalization of Bernstein's algorithm. While Bernstein's attack works only for LWE, ours also applies to a more general BDD setting. Let $(\mathbf{B}, \mathbf{t})$ be a BDD instance, where the target $\mathbf{t}$ is off from the $d$-dimensional lattice $\mathcal{L}(\mathbf{B})$ by some error~$\mathbf{e}$, sampled coordinate-wise from a distribution $\mathcal{D}$. We show that for hard BDD instances, our BDD hybrid asymptotically speeds up primal's complexity of $T=2^{0.292d + o(d)}$ down to $T^{1-\mathcal{K}}$, where $\mathcal{K} \approx \big(1+\frac{H(\mathcal{D})}{0.058}\big)^{-1}$ with $H(\cdot)$ the Shannon entropy. Depending on $\mathcal{D}$, the constant $\mathcal{K}$ can be small, making practical improvements difficult. We test our Slicer-based implementation inside an implementation of our BDD hybrid lattice attack to tackle LWE instances. We choose two ternary LWE secrets with different entropies $H(\mathcal{D})$ as used in NTRU, and the centered binomial distribution as used in Kyber. For all three distributions in all tested LWE dimensions $n \in [160, 210]$, our Slicer-based implementation practically demonstrates measurable speedups over the primal attack, up to a factor of $5$. We also show that for parameters as originally suggested by Regev, the hybrid attack cannot improve over primal.
Jesús-Javier Chi-Domínguez
This paper studies the Inverse Matrix Code Equivalence Problem, focusing on the family of instances where the secret isometry is (skew) symmetric. Our main contribution corresponds to a new algorithm for solving these instances of the Inverse Matrix Code Equivalence Problem. As an implication, we identify weak instances of this kind of instantiation of the Inverse Matrix Code Equivalence Problem, for around 70% of the possible parameter set choices (i.e., code dimension $k$, and code lengths $m$ and $n$), our algorithm runs (heuristically) in polynomial time. In addition, our results spotlight an additional 35% of parameter sets where the best algorithm for solving the Matrix Code Equivalence Problem, proposed by Couvreur and Levrat (Crypto, 2025), does not apply.
Our results have a crucial security impact on the recent blind signature construction proposed by Kuchta, LeGrow, and Persichetti (ePrint IACR, 2025), whose security is closely related to the hardness of solving these kinds of instances of the Inverse Matrix Code Equivalent Problem.
Michele Battagliola, Ethan Chen, Hugo Sauerbier Couvée, Violetta Weger
Pierre Guillot, Auguste Hoang Duc, Michel Koskas, Florian Méhats
Andrew Huang, Vinod Vaikuntanathan
In this work, we address the inefficiency of the Shmueli-Zhandry construction which signs messages bit-by-bit, resulting in signing keys of $\Theta(\lambda^4)$ qubits and signatures of size $\Theta(\lambda^3)$ bits for polynomially long messages, where $\lambda$ is the security parameter. We construct a new, simple, direct, and efficient one-shot signature scheme which can sign messages of any polynomial length using signing keys of $\Theta(\lambda^2)$ qubits and signatures of size $\Theta(\lambda^2)$ bits. We achieve corresponding savings in runtimes, in both the oracle model and the plain model. In addition, unlike the Shmueli-Zhandry construction, our scheme achieves perfect correctness.
Our scheme also achieves strong signature incompressibility, which implies a public-key quantum fire scheme with perfect correctness among other applications, correcting an error in a recent work of Çakan, Goyal and Shmueli (QCrypt 2025) and recovering their applications.
Binyi Chen
Léo Ducas, Lynn Engelberts, Paola de Perthuis
In this work, we present a concrete average-case analysis of module-lattice reduction. Specifically, we address the question of the expected slope after running module-BKZ, and pinpoint the discriminant $\Delta_K$ of the number field at hand as the main quantity driving this slope. We convert this back into a gain or loss on the blocksize $\beta$: module-BKZ in a number field $K$ of degree $d$ requires an SVP oracle of dimension $\beta + \log(|\Delta_K| / d^d)\beta /(d\log \beta) + o(\beta / \log \beta)$ to reach the same slope as unstructured BKZ with blocksize $\beta$. This asymptotic summary hides further terms that we predict concretely using experimentally verified heuristics. Incidentally, we provide the first open-source implementation of module-BKZ for some cyclotomic fields.
For power-of-two cyclotomic fields, we have $|\Delta_K| = d^d$, and conclude that module-BKZ requires a blocksize larger than its unstructured counterpart by $d-1+o(1)$. On the contrary, for all other cyclotomic fields we have $|\Delta_K| < d^d$, so module-BKZ provides a sublinear $\Theta(\beta/\log \beta)$ gain on the required blocksize, yielding a subexponential speedup of $\exp(\Theta(\beta/\log \beta))$.
Lizhen Zhang, Shang Gao, Sherman S. M. Chow, Kurt Pan, Bin Xiao
Building on sublinear schemes such as $\mathsf{Greyhound}$ (CRYPTO'24) and $\mathsf{BrakeDown}$ (CRYPTO'23), we generalize the two-dimensional approach to a $k$-dimensional witness-folding recursion, yielding a $k$-round hyperdimensional proof. Each round folds the witness along one axis, reducing the tensor arity by one, giving overall cost $O(k N^{1/k})$; choosing $k = \log N$ yields $O(\log N)$ verification time and proof size. For standard $\ell_2$ soundness, we give an exact Euclidean-norm proof tailored to lattice relations: we prove $\langle \vec{f}, \vec{f}\rangle \bmod q$ via an inner-product argument and enforce a small-coefficient bound on $\|\vec{f}\|_\infty$ so that $\langle \vec{f}, \vec{f}\rangle \bmod q = \langle \vec{f}, \vec{f}\rangle$ over $\mathbb{Z}$. Both sub-proofs admit the same structure for $O(\log N)$ complexity.
We further compact the proof using a proof-of-proof IPA \`{a}~la LaBRADOR (CRYPTO'23), attaining $O(\log\log\log{N})$ while preserving logarithmic verification and linear proving. We also describe a candidate optimization that achieves $O(\log\log N)$ proofs without LaBRADOR. For $N = 2^{30}$, $\mathsf{HyperWolf}$ features a ${\sim}53$ KB proof size and, compared to $\mathsf{Greyhound}$, reduces verifier work from $\Theta(\sqrt{N})$ to $\Theta(\log N)$, yielding $2$ to $3$ orders of magnitude improvement for large $N$ while maintaining comparable size.
16 October 2025
Belfort @ Leuven
Closing date for applications:
Contact: Furkan Turan
More information: https://www.linkedin.com/jobs/view/4314095801/
Belfort @ Leuven
Closing date for applications:
Contact: Furkan Turan
More information: https://www.linkedin.com/jobs/view/4314224579/
Computer-Aided Verification Group (CAVE), Ruhr University Bochum, Germany
We are continuously looking for PhD students for the 6-year project CAVE, funded by the German Research Foundation (Deutsche Forschungsgemeinschaft, DFG) through the Emmy Noether Programme. During your PhD, you will be working on cutting-edge research in Hardware Security Engineering and Verification.
Deadline: Reviewing of applications will continue until positions are filled.
Why should you apply? The position involves exploring innovative methods in the field of Computer-Aided Security Engineering and Verification, with the goal of publishing in leading international venues, broadening the research network, initiating global collaborations, and formulating independent research inquiries. For this, I work closely with my PhD students, including regular one-to-one meetings, to support and foster your research.
Location: The newly established junior research group on Computer-Aided Verification of Physical Security Properties (CAVE) is affiliated with the Horst Goertz Institute for IT Security (HGI) and the Faculty of Computer Science at Ruhr University Bochum (RUB). RUB has been a leader in IT security in Europe for more than two decades, and this expertise is integral to the HGI and the Faculty of Computer Science.
Requirements: A Master’s Degree or a strong Bachelor's Degree in Computer Science or related fields. Excellent interpersonal and communication skills in English as well as solid background in any of the following fields are expected: cryptographic engineering, hardware security, physical implementation attacks (SCA & FIA), or profound knowledge of formal verification techniques.
Application: If you are interested in applying, please send an email to Dr. Pascal Sasdrich (pascal.sasdrich@rub.de) with the following documents in a single PDF (max. 10 MB) and subject line "[CAVE] Application for PhD position":
- Your CV, including a transcript of records.
- A brief cover letter describing your research interests.
- Contact details of 2-3 potential references.
Closing date for applications:
Contact: Dr. Pascal Sasdrich
Department of Computer and Science Engineering, Indian Institute of Technology Hyderabad (IITH)
IIT Hyderabad invites applications from exceptionally bright and motivated qualified candidates for faculty positions at the levels of Assistant Professor, Associate Professor, and Professor in the Department of Computer Science and Engineering, in specializations including cryptography and privacy, systems security, post-quantum cryptography, quantum cryptography, and cyber security.
For more details, please refer to the advertisement: https://iith.ac.in/assets/files/careers/faculty/Faculty-Recruitment-Advt-Oct2025.pdf.
For more details about the department, please visit https://cse.iith.ac.in/.
To apply please use the link: https://faculty.recruitment.iith.ac.in/index1.html.
The deadline is 5.30 pm (IST) on 31 October 2025.
Closing date for applications:
Contact: For any questions please reach out to Maria Francis (mariaf@cse.iith.ac.in).
Technical University of Darmstadt, Germany
Your profile:
- Completed PhD degree (or equivalent) at a top university in IT security, computer science, mathematics, electrical engineering, or a similar area.
- Publications at top venues for IT security and cryptography (e.g., EUROCRYPT, CRYPTO, ASIACRYPT, S&P, CCS, TCC),
- Good knowledge in one of the topics mentioned above is a plus.
- Experience in project management and supervising students is a plus.
TU Darmstadt is a top research university for IT Security, Cryptography, and Computer Science in Europe. We offer an excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for its high quality of life. The review of applications starts immediately until the position is filled.
Please send your application to: job@cac.tu-darmstadt.de
Closing date for applications:
Contact: Sebastian Faust
More information: https://www.informatik.tu-darmstadt.de/cac/cac/index.en.jsp
Indian Institute of Technology Roorkee, Roorkee, Uttarakhand, India
Closing date for applications:
Contact: Dr. Raghvendra Rohit (raghvendra.rohit@cs.iitr.ac.in)
National University of Singapore (NUS)
Closing date for applications:
Contact: Dr Prosanta Gope (p.gope@sheffield.ac.uk)
a16z Crypto - New York, NY, USA
The a16z crypto research lab is seeking interns for summer 2026 in all technical areas pertaining to blockchains/Web3, including in particular cryptography and distributed computing. For more details and to submit an application, see https://a16z.com/about/jobs/?gh_jid=7489894003. For full consideration, please apply by November 10, 2025.
The Role
a16z crypto research is a new kind of multidisciplinary lab that bridges the worlds of academic theory and industry practice to advance the science and technology of the next generation of the internet. In addition to fundamental research, we collaborate with portfolio companies to solve hard technical and conceptual problems. Research interns will have the opportunity to learn from the firm’s investment and engineering teams, although this is a research role with no responsibility for investment decisions. We are seeking students with a strong research background and an interest in blockchains and web3 to join the group for the summer. Specific research areas of interest include cryptography, security, distributed computing, economics (both micro and macro), incentives, quantitative finance, political science and governance, and market and mechanism design. This list is not exhaustive and we encourage applicants with different backgrounds who may have unique perspectives on the space to apply.
Preferred Qualifications
- Enrolled in a PhD program in a relevant field such as computer science, economics, mathematics, operations research, political science, etc. (Exceptional masters and undergraduate students will also be considered.)
- Passionate and knowledgeable about blockchains/Web3 and their underlying technologies.
- Familiar with fundamental research and publishing in peer-reviewed conferences and journals.
Internship Details
- In-person residency required in New York, NY
- Duration: June 2–August 21, 2026 (min 10, max 12 weeks)
Closing date for applications:
Contact: Ertem Nusret Tas - ntas@a16z.com
More information: https://a16z.com/about/jobs/?gh_jid=7489894003
Katholieke Universiteit Leuven, Belgium
Closing date for applications:
Contact: jobs-cosic@esat.kuleuven.be
More information: https://www.esat.kuleuven.be/cosic/vacancies/
CISPA Helmholtz Center for Information Security, Saabrücken & St. Ingbert, Germany
Tenure-Track Faculty in all areas related to Information Security (f/m/d)
All applicants are expected to grow a research team that pursues an internationally visible research agenda. To aid you in achieving this, CISPA provides institutional base funding for three full-time researcher positions and a generous budget for expenditures. Upon successful tenure evaluation, you will hold a position that is equivalent to an endowed full professorship at a top research university. We invite applications of candidates with excellent track records in all areas related to Information Security.
CISPA values diversity and is committed to equality. We provide special dual-career support. We explicitly encourage female and diverse researchers to apply.
Closing date for applications:
Contact: Scientific Talent Acquisition Team: career@cispa.de
More information: https://career.cispa.de/jobs/tenure-track-faculty-in-all-areas-related-to-information-security-f-m-d-2025-2026-74