International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News

If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.

Here you can see all recent updates to the IACR webpage. These updates are also available:

email icon
via email
RSS symbol icon
via RSS feed

17 October 2025

Tianyu Zheng, Shang Gao, Yu Guo, Bin Xiao
ePrint Report ePrint Report
Accumulation is a core technique in state-of-the-art Incrementally Verifiable Computations (IVCs), enabling the avoidance of recursively implementing costly SNARK verification within circuits. However, the recursion overhead in existing IVCs remains significant due to the accumulation verifier complexity, which scales linearly with the number of accumulated instances. In this work, we present a novel accumulation scheme for multiple instances based on polynomial commitment schemes, achieving a theoretical verifier complexity that is sublinear in the number of instances. Technically, our scheme leverages partial evaluation of polynomials to replace random linear combinations, thereby minimizing the costly Commitment Random Linear Combination (CRC) operations on the verifier side. Building on this accumulation scheme, we introduce Quasar, a multi-instance IVC with small recursion overhead in practice. Notably, Quasar reduces the number of costly CRC operations in the recursive circuit from linear to quasi-linear, substantially improving practical performance. By instantiating Quasar with appropriate polynomial commitment schemes, it can achieve linear-time accumulation prover complexity, plausible post-quantum security, and support for parallelizable proving at each step.
Expand
Bastien Michel, Dounia M'foukh, María Naya-Plasencia
ePrint Report ePrint Report
Differential meet-in-the-middle attacks, introduced by Boura et al. in 2023, propose a new way of dealing with differential distinguishers. It allows, in particular, to combine differential attacks with initial structures, that were usually used exclusively for meet-in-the-middle attacks. Several applications of this new technique have been published, but so far the results on Feistel constructions have not improved much upon previous best known attacks. In this paper, we apply them on Feistel constructions with all the improvements proposed so far, and we propose some additional new ideas to generically improve these kinds of attacks. We also propose an automatized tool for optimizing the attacks on Simon-like constructions. Our tool outputs a graphical representation of the attack that makes it very easy to verify. All this has allowed us to provide improved single-key key-recovery attacks on most of the variants of Simon, Simeck and CLEFIA-256, that increase the highest number of rounds attacked by 1 or 2 in nearly all the cases.
Expand
Alexander Karenin, Elena Kirshanova, Julian Nowakowski, Alexander May
ePrint Report ePrint Report
We study the practicality of a primal hybrid lattice attack on LWE. Despite significant research efforts, the state-of-the-art in practical LWE record computations so far is the plain primal attack with Kannan's embedding.

Building on an idea by Espitau and Kirchner, Bernstein proposed in 2023 an LWE hybrid attack that asymptotically outperforms the primal attack. In a nutshell, Bernstein's attack enumerates some coordinates of an LWE key and uses the sophisticated Batch-CVP {\em (Randomized) Slicer} algorithm to solve LWE in a dimension-reduced lattice. The practical implications of this attack however remain widely unclear. One of the major obstacles for judging practicality is the lack of a fast, fully functional Slicer implementation. For the first time, we provide an efficient Slicer implementation that includes all required algorithmic ingredients like locality sensitive hashing.

Building on our Slicer implementation, we implement a generalization of Bernstein's algorithm. While Bernstein's attack works only for LWE, ours also applies to a more general BDD setting. Let $(\mathbf{B}, \mathbf{t})$ be a BDD instance, where the target $\mathbf{t}$ is off from the $d$-dimensional lattice $\mathcal{L}(\mathbf{B})$ by some error~$\mathbf{e}$, sampled coordinate-wise from a distribution $\mathcal{D}$. We show that for hard BDD instances, our BDD hybrid asymptotically speeds up primal's complexity of $T=2^{0.292d + o(d)}$ down to $T^{1-\mathcal{K}}$, where $\mathcal{K} \approx \big(1+\frac{H(\mathcal{D})}{0.058}\big)^{-1}$ with $H(\cdot)$ the Shannon entropy. Depending on $\mathcal{D}$, the constant $\mathcal{K}$ can be small, making practical improvements difficult. We test our Slicer-based implementation inside an implementation of our BDD hybrid lattice attack to tackle LWE instances. We choose two ternary LWE secrets with different entropies $H(\mathcal{D})$ as used in NTRU, and the centered binomial distribution as used in Kyber. For all three distributions in all tested LWE dimensions $n \in [160, 210]$, our Slicer-based implementation practically demonstrates measurable speedups over the primal attack, up to a factor of $5$. We also show that for parameters as originally suggested by Regev, the hybrid attack cannot improve over primal.
Expand
Jesús-Javier Chi-Domínguez
ePrint Report ePrint Report
Nowadays, the Matrix Code Equivalence Problem shows potential applicability in constructing efficient and secure advanced digital signatures, focusing on linkable ring signatures, threshold signatures, and blind signatures. Current constructions of these advanced signatures rely on relaxed instantiations of the Matrix Code Equivalence Problem: given two pairs of equivalent matrix codes, find (if it exists) the secret isometry connecting the pairs. For example, the linkable ring signature construction by Chou et al. (AFRICACRYPT, 2023) builds on top of the Inverse Matrix Code Equivalence Problem: given three equivalent matrix codes, where one pair of the codes is connected by the secret isometry and another by the inverse of that isometry, find the secret isometry.

This paper studies the Inverse Matrix Code Equivalence Problem, focusing on the family of instances where the secret isometry is (skew) symmetric. Our main contribution corresponds to a new algorithm for solving these instances of the Inverse Matrix Code Equivalence Problem. As an implication, we identify weak instances of this kind of instantiation of the Inverse Matrix Code Equivalence Problem, for around 70% of the possible parameter set choices (i.e., code dimension $k$, and code lengths $m$ and $n$), our algorithm runs (heuristically) in polynomial time. In addition, our results spotlight an additional 35% of parameter sets where the best algorithm for solving the Matrix Code Equivalence Problem, proposed by Couvreur and Levrat (Crypto, 2025), does not apply.

Our results have a crucial security impact on the recent blind signature construction proposed by Kuchta, LeGrow, and Persichetti (ePrint IACR, 2025), whose security is closely related to the hardness of solving these kinds of instances of the Inverse Matrix Code Equivalent Problem.
Expand
Michele Battagliola, Ethan Chen, Hugo Sauerbier Couvée, Violetta Weger
ePrint Report ePrint Report
Abstract. CROSS is a code-based signature based on the Restricted Syndrome Decoding Problem (R-SDP) that is currently among the fourteen candidates in the NIST standardization process. While CROSS enjoys a very competitive verification time, its primary drawback is its significantly large signature size. In this work, we introduce a new Multi-Party Computation in the Head (MPCitH) protocol for the R-SDP with the primary goal of reducing CROSS signature size. To do so, we design a publicly verifiable secret sharing scheme tailored for restricted vectors and a new multiplicative-to-additive conversion for it. These new cryptographic gadgets may be of independent interest as they can serve as building blocks for future research in multi-party computation, such as a threshold version of CROSS.
Expand
Pierre Guillot, Auguste Hoang Duc, Michel Koskas, Florian Méhats
ePrint Report ePrint Report
We present GRAFHEN, a new cryptographic scheme which offers Fully Homomorphic Encryption without the need for bootstrapping (or in other words, without noise). Building on the work of Nuida and others, we achieve this using encodings in groups. The groups are represented on a machine using rewriting systems. In this way the subgroup membership problem, which an attacker would have to solve in order to break the scheme, becomes maximally hard, while performance is preserved. In fact we include a simple benchmark demonstrating that our implementation runs several orders of magnitude faster than existing standards. We review many possible attacks against our protocol and explain how to protect the scheme in each case.
Expand
Andrew Huang, Vinod Vaikuntanathan
ePrint Report ePrint Report
One-shot signatures (OSS) are a powerful and uniquely quantum cryptographic primitive which allows anyone, given common reference string, to come up with a public verification key $\mathsf{pk}$ and a secret signing state $\ket{\mathsf{sk}}$. With the secret signing state, one can produce the signature of any one message, but no more. In a recent breakthrough work, Shmueli and Zhandry (CRYPTO 2025) constructed one-shot signatures, either unconditionally in a classical oracle model or assuming post-quantum indistinguishability obfuscation and the hardness of Learning with Errors (LWE) in the plain model.

In this work, we address the inefficiency of the Shmueli-Zhandry construction which signs messages bit-by-bit, resulting in signing keys of $\Theta(\lambda^4)$ qubits and signatures of size $\Theta(\lambda^3)$ bits for polynomially long messages, where $\lambda$ is the security parameter. We construct a new, simple, direct, and efficient one-shot signature scheme which can sign messages of any polynomial length using signing keys of $\Theta(\lambda^2)$ qubits and signatures of size $\Theta(\lambda^2)$ bits. We achieve corresponding savings in runtimes, in both the oracle model and the plain model. In addition, unlike the Shmueli-Zhandry construction, our scheme achieves perfect correctness.

Our scheme also achieves strong signature incompressibility, which implies a public-key quantum fire scheme with perfect correctness among other applications, correcting an error in a recent work of Çakan, Goyal and Shmueli (QCrypt 2025) and recovering their applications.
Expand
Binyi Chen
ePrint Report ePrint Report
Folding schemes are a powerful tool for building scalable proof systems. However, existing folding-based SNARKs require embedding hash functions (modeled as random oracles) into SNARK circuits, introducing both security concerns and significant proving overhead. We re-envision how to use folding, and introduce Symphony, the first folding-based SNARK that avoids embedding hashes in SNARK circuits. It is memory-efficient, parallelizable, streaming-friendly, plausibly post-quantum secure, with polylogarithmic proof size and verification, and a prover dominated by committing to the input witnesses. As part of our construction, we introduce a new lattice-based folding scheme that compresses a large number of NP-complete statements into one in a single shot, which may be of independent interest. Furthermore, we design a generic compiler that converts a folding scheme into a SNARK without embedding the Fiat-Shamir circuit into proven statements. Our evaluation shows its concrete efficiency, making Symphony a promising candidate for applications such as zkVM, proof of learning, and post-quantum aggregate signatures.
Expand
Léo Ducas, Lynn Engelberts, Paola de Perthuis
ePrint Report ePrint Report
Is module-lattice reduction better than unstructured lattice reduction? This question was highlighted as 'Q8' in the Kyber NIST standardization submission (Avanzi et al., 2021), as potentially affecting the concrete security of Kyber and other module-lattice-based schemes. Foundational works on module-lattice reduction (Lee, Pellet-Mary, Stehlé, and Wallet, ASIACRYPT 2019; Mukherjee and Stephens-Davidowitz, CRYPTO 2020) confirmed the existence of such module variants of LLL and block-reduction algorithms, but focus only on provable worst-case asymptotic behavior.

In this work, we present a concrete average-case analysis of module-lattice reduction. Specifically, we address the question of the expected slope after running module-BKZ, and pinpoint the discriminant $\Delta_K$ of the number field at hand as the main quantity driving this slope. We convert this back into a gain or loss on the blocksize $\beta$: module-BKZ in a number field $K$ of degree $d$ requires an SVP oracle of dimension $\beta + \log(|\Delta_K| / d^d)\beta /(d\log \beta) + o(\beta / \log \beta)$ to reach the same slope as unstructured BKZ with blocksize $\beta$. This asymptotic summary hides further terms that we predict concretely using experimentally verified heuristics. Incidentally, we provide the first open-source implementation of module-BKZ for some cyclotomic fields.

For power-of-two cyclotomic fields, we have $|\Delta_K| = d^d$, and conclude that module-BKZ requires a blocksize larger than its unstructured counterpart by $d-1+o(1)$. On the contrary, for all other cyclotomic fields we have $|\Delta_K| < d^d$, so module-BKZ provides a sublinear $\Theta(\beta/\log \beta)$ gain on the required blocksize, yielding a subexponential speedup of $\exp(\Theta(\beta/\log \beta))$.
Expand
Lizhen Zhang, Shang Gao, Sherman S. M. Chow, Kurt Pan, Bin Xiao
ePrint Report ePrint Report
We present $\mathsf{HyperWolf}^*$, a lattice-based, fully transparent polynomial commitment scheme (PCS) for univariate and multilinear polynomials. To the best of our knowledge, it is the first lattice PCS to simultaneously achieve logarithmic proof size and verification time with standard soundness under standard lattice assumptions over polynomial~rings.

Building on sublinear schemes such as $\mathsf{Greyhound}$ (CRYPTO'24) and $\mathsf{BrakeDown}$ (CRYPTO'23), we generalize the two-dimensional approach to a $k$-dimensional witness-folding recursion, yielding a $k$-round hyperdimensional proof. Each round folds the witness along one axis, reducing the tensor arity by one, giving overall cost $O(k N^{1/k})$; choosing $k = \log N$ yields $O(\log N)$ verification time and proof size. For standard $\ell_2$ soundness, we give an exact Euclidean-norm proof tailored to lattice relations: we prove $\langle \vec{f}, \vec{f}\rangle \bmod q$ via an inner-product argument and enforce a small-coefficient bound on $\|\vec{f}\|_\infty$ so that $\langle \vec{f}, \vec{f}\rangle \bmod q = \langle \vec{f}, \vec{f}\rangle$ over $\mathbb{Z}$. Both sub-proofs admit the same structure for $O(\log N)$ complexity.

We further compact the proof using a proof-of-proof IPA \`{a}~la LaBRADOR (CRYPTO'23), attaining $O(\log\log\log{N})$ while preserving logarithmic verification and linear proving. We also describe a candidate optimization that achieves $O(\log\log N)$ proofs without LaBRADOR. For $N = 2^{30}$, $\mathsf{HyperWolf}$ features a ${\sim}53$ KB proof size and, compared to $\mathsf{Greyhound}$, reduces verifier work from $\Theta(\sqrt{N})$ to $\Theta(\log N)$, yielding $2$ to $3$ orders of magnitude improvement for large $N$ while maintaining comparable size.
Expand

16 October 2025

Belfort @ Leuven
Job Posting Job Posting
As a cryptographer and/or software developer you will transform the newest research ideas into practical applications. This role is highly technical and involves designing, implementing, and optimizing cryptographic primitives and protocols. We are looking for someone who enjoys deep technical challenges, has a decent understanding of modern cryptography, and takes pride in writing efficient and secure code. You will collaborate closely with researchers and engineers to bring new ideas from concept to production.

Closing date for applications:

Contact: Furkan Turan

More information: https://www.linkedin.com/jobs/view/4314095801/

Expand
Belfort @ Leuven
Job Posting Job Posting
As a Senior GPU Acceleration Engineer, you will extend Belfort’s cryptographic acceleration technology into high-performance GPU platforms. You will lead efforts in adapting and optimizing our algorithms for modern GPU architectures, ensuring maximum throughput, scalability, and energy efficiency.

Closing date for applications:

Contact: Furkan Turan

More information: https://www.linkedin.com/jobs/view/4314224579/

Expand
Computer-Aided Verification Group (CAVE), Ruhr University Bochum, Germany
Job Posting Job Posting

We are continuously looking for PhD students for the 6-year project CAVE, funded by the German Research Foundation (Deutsche Forschungsgemeinschaft, DFG) through the Emmy Noether Programme. During your PhD, you will be working on cutting-edge research in Hardware Security Engineering and Verification.

Deadline: Reviewing of applications will continue until positions are filled.

Why should you apply? The position involves exploring innovative methods in the field of Computer-Aided Security Engineering and Verification, with the goal of publishing in leading international venues, broadening the research network, initiating global collaborations, and formulating independent research inquiries. For this, I work closely with my PhD students, including regular one-to-one meetings, to support and foster your research.

Location: The newly established junior research group on Computer-Aided Verification of Physical Security Properties (CAVE) is affiliated with the Horst Goertz Institute for IT Security (HGI) and the Faculty of Computer Science at Ruhr University Bochum (RUB). RUB has been a leader in IT security in Europe for more than two decades, and this expertise is integral to the HGI and the Faculty of Computer Science.

Requirements: A Master’s Degree or a strong Bachelor's Degree in Computer Science or related fields. Excellent interpersonal and communication skills in English as well as solid background in any of the following fields are expected: cryptographic engineering, hardware security, physical implementation attacks (SCA & FIA), or profound knowledge of formal verification techniques.

Application: If you are interested in applying, please send an email to Dr. Pascal Sasdrich (pascal.sasdrich@rub.de) with the following documents in a single PDF (max. 10 MB) and subject line "[CAVE] Application for PhD position":

  • Your CV, including a transcript of records.
  • A brief cover letter describing your research interests.
  • Contact details of 2-3 potential references.

Closing date for applications:

Contact: Dr. Pascal Sasdrich

Expand
Department of Computer and Science Engineering, Indian Institute of Technology Hyderabad (IITH)
Job Posting Job Posting

IIT Hyderabad invites applications from exceptionally bright and motivated qualified candidates for faculty positions at the levels of Assistant Professor, Associate Professor, and Professor in the Department of Computer Science and Engineering, in specializations including cryptography and privacy, systems security, post-quantum cryptography, quantum cryptography, and cyber security.

For more details, please refer to the advertisement: https://iith.ac.in/assets/files/careers/faculty/Faculty-Recruitment-Advt-Oct2025.pdf.

For more details about the department, please visit https://cse.iith.ac.in/.

To apply please use the link: https://faculty.recruitment.iith.ac.in/index1.html.

The deadline is 5.30 pm (IST) on 31 October 2025.

Closing date for applications:

Contact: For any questions please reach out to Maria Francis (mariaf@cse.iith.ac.in).

Expand
Technical University of Darmstadt, Germany
Job Posting Job Posting
The Applied Cryptography Group at Technical University of Darmstadt offers a fully funded postdoc position. Topics of interest include (but are not limited to) distributed cryptography, anonymous credentials, blockchain protocols, multiparty computation, zero-knowledge and more. You will conduct research and publish/present the results at top venues for research in cryptography and IT Security. The position is to be filled as soon as possible for initially 2 years with the possibility of an extension.

Your profile:
  • Completed PhD degree (or equivalent) at a top university in IT security, computer science, mathematics, electrical engineering, or a similar area.
  • Publications at top venues for IT security and cryptography (e.g., EUROCRYPT, CRYPTO, ASIACRYPT, S&P, CCS, TCC),
  • Good knowledge in one of the topics mentioned above is a plus.
  • Experience in project management and supervising students is a plus.
Your application should contain a CV, list of publications, a short research statement and at least one contact for a reference letter.

TU Darmstadt is a top research university for IT Security, Cryptography, and Computer Science in Europe. We offer an excellent working environment in the heart of the Frankfurt Metropolitan Area, which is internationally well-known for its high quality of life. The review of applications starts immediately until the position is filled.

Please send your application to: job@cac.tu-darmstadt.de

Closing date for applications:

Contact: Sebastian Faust

More information: https://www.informatik.tu-darmstadt.de/cac/cac/index.en.jsp

Expand
Indian Institute of Technology Roorkee, Roorkee, Uttarakhand, India
Job Posting Job Posting
We are looking for a junior research fellow for the project "A Post-Quantum Secure ZKP-based Authentication Protocol for Connected and Autonomous Vehicles". The candidate should have M.Tech in Computer Science and Engineering or related disciplines. Prior experience on cryptography and Zero-Knowledge-Proofs systems along with a solid background in programming is essential and will be preferred. Interested candidates can email to Dr. Raghvendra Rohit at raghvendra.rohit@cs.iitr.ac.in with their resume.

Closing date for applications:

Contact: Dr. Raghvendra Rohit (raghvendra.rohit@cs.iitr.ac.in)

Expand
National University of Singapore (NUS)
Job Posting Job Posting
PhD Opportunities at the National University of Singapore (NUS). The candidates will have opportunities to work at NUS. Requirements for a PhD. Position • Completed Master’s degree (or equivalent) at a top university in information security, computer science, applied mathematics, electrical engineering, or a similar area • Research experience (such as publishing papers as a first author in reputable venues) • Self-motivated, reliable, creative, can work in a team and want to do excellent research on challenging scientific problems with practical relevance. Desire to publish at top venues (CORE rank A*/A) for information security/applied cryptography (e.g., TDSC, TIFS, S&P, CCS, NDSS, USENIX SEC), ideally on security protocols and secure computation How to apply? Please send me your CV with detailed information. Contact: Dr Prosanta Gope (p.gope@sheffield.ac.uk) Closing date for applications:

Closing date for applications:

Contact: Dr Prosanta Gope (p.gope@sheffield.ac.uk)

Expand
a16z Crypto - New York, NY, USA
Job Posting Job Posting

The a16z crypto research lab is seeking interns for summer 2026 in all technical areas pertaining to blockchains/Web3, including in particular cryptography and distributed computing. For more details and to submit an application, see https://a16z.com/about/jobs/?gh_jid=7489894003. For full consideration, please apply by November 10, 2025.

The Role

a16z crypto research is a new kind of multidisciplinary lab that bridges the worlds of academic theory and industry practice to advance the science and technology of the next generation of the internet. In addition to fundamental research, we collaborate with portfolio companies to solve hard technical and conceptual problems. Research interns will have the opportunity to learn from the firm’s investment and engineering teams, although this is a research role with no responsibility for investment decisions. We are seeking students with a strong research background and an interest in blockchains and web3 to join the group for the summer. Specific research areas of interest include cryptography, security, distributed computing, economics (both micro and macro), incentives, quantitative finance, political science and governance, and market and mechanism design. This list is not exhaustive and we encourage applicants with different backgrounds who may have unique perspectives on the space to apply.

Preferred Qualifications

  • Enrolled in a PhD program in a relevant field such as computer science, economics, mathematics, operations research, political science, etc. (Exceptional masters and undergraduate students will also be considered.)
  • Passionate and knowledgeable about blockchains/Web3 and their underlying technologies.
  • Familiar with fundamental research and publishing in peer-reviewed conferences and journals.

Internship Details

  • In-person residency required in New York, NY
  • Duration: June 2–August 21, 2026 (min 10, max 12 weeks)

Closing date for applications:

Contact: Ertem Nusret Tas - ntas@a16z.com

More information: https://a16z.com/about/jobs/?gh_jid=7489894003

Expand
Katholieke Universiteit Leuven, Belgium
Job Posting Job Posting
We are looking for a motivated candidate for a PhD position on multi-factor authentication protocols. The student will be part of the SCAMPER project team. The research will include design and implementation of novel multi-factor authentication protocols using advanced cryptographic techniques such as MPC, Anonymous Credential, in combination with biometric template protection methods. The student will collaborate closely with academic and industrial partners. Responsibilities • Design efficient protocols for multifactor authentication including fuzzy authentication factors • Perform security analysis and evaluations • Collaborate with industry stakeholders The candidate must hold a Master’s degree in Electrical Engineering, Computer Science, or Mathematics, have good grades and a keen interest in cryptography. We prefer candidates who can demonstrate that they have developed their research skills during their Master’s studies. Strong background on the following is required: • Mathematics, including Probability and Statistics • Coding Theory • Programming skills • It would also be considered as a merit to have some background in cryptography

Closing date for applications:

Contact: jobs-cosic@esat.kuleuven.be

More information: https://www.esat.kuleuven.be/cosic/vacancies/

Expand
CISPA Helmholtz Center for Information Security, Saabrücken & St. Ingbert, Germany
Job Posting Job Posting
CISPA is a world-leading research center that focuses on Information Security and Machine Learning at large. To expand and further strengthen our center, we are looking for

Tenure-Track Faculty in all areas related to Information Security (f/m/d)

All applicants are expected to grow a research team that pursues an internationally visible research agenda. To aid you in achieving this, CISPA provides institutional base funding for three full-time researcher positions and a generous budget for expenditures. Upon successful tenure evaluation, you will hold a position that is equivalent to an endowed full professorship at a top research university. We invite applications of candidates with excellent track records in all areas related to Information Security.

CISPA values diversity and is committed to equality. We provide special dual-career support. We explicitly encourage female and diverse researchers to apply.

Closing date for applications:

Contact: Scientific Talent Acquisition Team: career@cispa.de

More information: https://career.cispa.de/jobs/tenure-track-faculty-in-all-areas-related-to-information-security-f-m-d-2025-2026-74

Expand
◄ Previous Next ►