International Association
for Cryptologic Research

Department of Mathematics and Computer Science - Institute of Computer Science 2 Positions for Research Associates (m/f/d) with 100% full-time employment limited until 31.07.2027 Salary Group 13 TV-L FU Reference: WiMi EASEPROFIT Responsibilities: Collaboration in the EASEPROFIT joint project with academic and industry partners from the financial sector. The work involves the development of innovative post-quantum cryptography and security protocols for the "typical" financial transactions between banks and customers over the internet. Further information can be found at http://www.mi.fu-berlin.de/en/inf/groups/ag-comm/index.html. Requirements: Applicants must have completed a scientific degree (Master’s or equivalent) in Computer Science, Mathematics, or a related field. The position can be designed as either a PhD position or a postdoctoral position (for candidates with an existing doctorate). (Professional) Experience: Knowledge of mathematical cryptography and experience with security protocols are required. Additional knowledge in post-quantum cryptography or cryptographic protocols in the financial sector is an advantage.

Closing date for applications:

Contact: Please send your application until 31.12.2024 with relevant documents in PDF format (preferably as a single file) electronically by email, including the reference number, to [email protected] (cc: [email protected]).

More information: https://www.fu-berlin.de/universitaet/beruf-karriere/jobs/wiss/19_fb-mathematik-und-informatik/MI-WiMi-EASEPROFIT.html

The Theory of Computer Science Group from the Informatics Institute of the University of Amsterdam is seeking a PhD student to carry out cutting-edge research in cryptography, with an expected focus on Secure Multi-Party Computation. This position is funded by the NWO Gravitation project “Challenges in Cyber Security”, a collaboration with partners from TU Eindhoven, Radboud University, CWI and Vrije Universiteit Amsterdam.

For more information and to apply, please visit https://werkenbij.uva.nl/en/vacancies/phd-position-in-secure-multi-party-computation-netherlands-13605. The closing date for the applications is 15 April 2025 (for full consideration, you are encouraged to apply on or before 15 March 2025).

Closing date for applications:

Contact: Divya Ravi ([email protected])

More information: https://werkenbij.uva.nl/en/vacancies/phd-position-in-secure-multi-party-computation-netherlands-13605

Multiple Tenure Track and Tenured Faculty Positions Available at USF. Job IDs: 38362 38363 38364

Closing date for applications:

Contact: See the advertisement for the details.

More information: https://www.usf.edu/work-at-usf/careers/

The CSE Department at UC Santa Cruz invites applications for PhD students and postdocs in applied cryptography, security/privacy, private computation, metadata-private communication, and secure databases/systems. Candidates should have background or interest in one or more of the following areas: applied cryptography, searchable encryption, secure databases/systems, oblivious and multi-party computation, hardware enclaves, computer/cloud security, side-channel/leakage-abuse attacks/defenses, and anonymous communication (including traffic-analysis resistance).

My group’s focus is on bridging the security/efficiency gap between cryptography/security and real-world systems/databases. We conduct our research and publish our findings in top-tier venues in security (e.g., USENIX Security, IEEE Security & Privacy, CCS, NDSS), cryptography (e.g., CRYPTO, Eurocrypt), and systems/databases (e.g., SIGMOD, VLDB, SOSP). Our research mission is to develop cryptographic solutions and real systems that are simultaneously practical, efficient, and provably secure. You can review my recent publications on my website: https://idemertzis.com .

(1) PhD applicants should hold a BS/MS in computer science, electrical and computer engineering, information security, mathematics, or a related field, with strong analytical, mathematical, coding, and software engineering skills. Interested candidates should email me their CV, a brief summary of research experience and interests, and a personal website link (if available).
Please submit your application here: https://grad.soe.ucsc.edu/admissions​ (Computer Science & Engineering→ Apply to PhD) and mention my name in your application.

(2) Post-doctoral applicants please email me your CV and your research statement (if available).

Closing Date for Application: December 20, 2024

Closing date for applications:

Contact: Ioannis Demertzis ([email protected])

The Research Unit of Privacy Enhanced Technologies at TU Wien is offering a 40 hours/week position as university assistant (prae-doc) limited to expected 4 years. **PhD position in Privacy-Enhancing Technologies at the Vienna University of Technology**.

The TU Wien, Austria's leading institution for technology and science, invites applications for a PhD position in Privacy-Enhancing Technologies (PET). Our research spans cryptographic protocols, zero-knowledge proof systems, information-theoretic approaches such as differential privacy, and challenges in distributed settings, including privacy-preserving cryptocurrencies. We aim to advance both fundamental theory and practical solutions with real-world impact.

Your profile:

• Academic Excellence: Outstanding Master’s degree in Computer Science, Mathematics, or a closely related field.
• Problem-Solving Passion: Enthusiastic about tackling challenging and complex problems.
• Curiosity: Eager to learn and grow in a dynamic research environment.
• Team Spirit: Positive thinker with a supportive and collaborative mindset.
• Research Experience: Prior experience in privacy, cryptography, or distributed systems is an advantage but not required.
• Communication: Proficient in written and spoken English for effective collaboration and dissemination of research.
• Independent Thinking: Capable of working autonomously while contributing to a team-oriented environment.
• Innovative Mindset: Open to exploring novel approaches and solutions in privacy-enhancing technologies.

How to apply

Applications must be submitted over the TU Wien here https://jobs.tuwien.ac.at/Job/244516"> More information: https://www.pets.wien

Closing date for applications:

Contact: Univ. Prof. Dr. Dominique Schröder

More information: https://jobs.tuwien.ac.at/Job/244516

We are looking for a motivated PhD student to work on Post-quantum cryptography for Cloud Computing. The position is fully funded with 3.5-year duration and the starting date is negotiable. The applicant should have a solid background in Computer Science, Mathematics, or relevant fields. If interested, please send your CV and transcripts to us.

Closing date for applications:

Contact: Willy Susilo ([email protected]) and Dung Hoang Duong ([email protected])

We are looking for

a candidate with internationally outstanding qualification in an early career phase with promising potential (W2 Tenure Track) or

an experienced candidate with an outstanding scientific track record and international visibility (W3)

to represent the field of "Cybersecurity and Artificial Intelligence" in both research and teaching. The scientific focus of the position should be on application-oriented aspects of cybersecurity with strong references to machine learning and other artificial intelligence techniques, e.g.:

Safeguarding AI processes and systems against cyberattacks;

Analysis and defense against cyberattacks and attack methods that specifically exploit AI;

Applying AI techniques to detect and analyze cyberattacks and to improve cybersecurity;

Methods of AI, esp. machine learning with special security and privacy properties.

For more information on the structure of the professorship and the opportunity to apply, please refer to the full advertisement on the TU Darmstadt website.

Closing date for applications:

Contact: For further information or questions, please contact Prof. Dr. Michael Waidner (professor of TU Darmstadt and CEO of ATHENE): [email protected]

More information: https://www.tu-darmstadt.de/universitaet/karriere_an_der_tu/stellenangebote/aktuelle_stellenangebote/stellenausschreibungen_detailansichten_1_572736.en.jsp

We are looking for

a candidate with internationally outstanding qualification in an early career phase with promising potential (W2 Tenure Track) or

an experienced candidate with an outstanding scientific track record and international visibility (W3)

to represent the field of "Applied Cybersecurity" in both research and teaching.

The scientific focus of the position should be on application-oriented aspects of cybersecurity, e.g.:

User-centric security, combination of usability and security/privacy;

Business aspects of IT security, security management, risk and compliance management, certification of security properties;

Enterprise security, i.e., security from the perspective of a company, a data center, an IT service provider, etc.;

Identity management, privacy management, secure digital identities, privacy-friendly technologies;

Security from and through methods of artificial intelligence, machine learning, data analysis.

For more information on the structure of the professorship and the opportunity to apply, please refer to the full advertisement on the TU Darmstadt website.

Closing date for applications:

Contact: For further information or questions, please contact Prof. Dr. Michael Waidner (professor of TU Darmstadt and CEO of ATHENE): [email protected]

More information: https://www.tu-darmstadt.de/universitaet/karriere_an_der_tu/stellenangebote/aktuelle_stellenangebote/stellenausschreibungen_detailansichten_1_572672.en.jsp

We are looking for 1-2 bright researchers with strong interest and suitable experience in any of the following research areas:

• Advanced encryption: algorithmic techniques for FHE and SNARKs, updatable encryption
• Secure computation: MPC techniques and protocol design, PSI
• PQC techniques for any of the aforementioned areas

Candidates will lead our research in ongoing / upcoming externally funded projects across the domains of secure multi-party computation and advanced post-quantum secure encryption, and can work closely with existing PhD students.

They will work closely with members of the Privacy and Applied Cryptography (PACY) lab, led by Prof. Mark Manulis, and the Quantum-Safe and Advanced Cryptography (QuSAC) lab, led by Prof. Daniel Slamanig. Candidates will benefit from our modern infrastructure and availability of funds to support own research. Also, Munich is amongst best places to live in Germany.

Positions are available for immediate start (~58k to 74k EUR p.a. depending on qualifications and experience). Initial contracts are for 1.5 - 2 years.

Requirements:

• Master's degree (or equivalent) or PhD in Mathematics, Cryptography, or Computer Science with excellent grades
• Solid knowledge and demonstrable experience in any of the aforementioned research areas
• Post-doc candidates must have a strong track record (ideally with publications at IACR conferences and/or the top 4 security conferences) and good academic writing and presentation skills
• Experience with cryptographic implementations (desirable)
• Proficiency in English (essential) and German (desirable but not essential)
• Eligible candidates must hold a working permit for the EU.

Applications will be processed continuously until the positions are filled.

Closing date for applications:

Contact: Applications (cover letter, CV, transcripts, contacts for references) can be emailed to Prof. Mark Manulis (mark.manulis AT unibw.de).

More information: https://www.unibw.de/pacy-en/vacancies

This work investigates persistent fault analysis on ASCON cipher that has been recently standardized by NIST USA for lightweight cryptography applications. In persistent fault, the fault once injected through RowHammer injection techniques, exists in the system during the entire encryption phase. In this work, we propose a model to mount persistent fault analysis (PFA) on ASCON cipher. In the finalization round of the ASCON cipher, we identify that the fault-injected S-Box operation in the permutation round, $p^{12}$, is vulnerable to leaking infor- mation about the secret key. The model can exist in two variants, a single instance of fault-injected S-Box out of 64 parallel S-Box invocations, and the same faulty S-Box iterated 64 times. The attack model demonstrates that any Spongent construction operating with authenticated encryption with associated data (AEAD) mode is vulnerable to persistent faults. In this work, we demonstrate the scenario of a single fault wherein the fault, once injected is persistent until the device is powered off. Using the pro- posed method, we successfully retrieve the 128-bit key in ASCON. Our experiments show that the minimum number and the maximum num- ber of queries required are 63 plaintexts and 451 plaintexts, respectively. Moreover, we observe that the number of queries required to mount the attack depends on fault location in the S-box LUT as observed from the plots reporting the minimum number of queries and average number of queries for 100 key values.

This paper studies an extension of the Linear Approximation Table (LAT) of vectorial Boolean mappings (also known as Substitution boxes) used in Linear Cryptanalysis (LC). This extended table is called NonLinear Approximation Table (NLAT).

The advent of quantum computing has profound implications for current technologies, offering advancements in optimization while posing significant threats to cryptographic algorithms. Public-key cryptosystems relying on prime factorization or discrete logarithms are particularly vulnerable, whereas block ciphers (BCs) remain secure through increased key lengths. In this study, we introduce a novel quantum implementation of SLIM, a lightweight block cipher optimized for 32-bit plaintext and an 80-bit key, based on a Feistel structure. This implementation distinguishes itself from other BC quantum implementations in its class (64–128-bit) by utilizing a minimal number of qubits while maintaining robust cryptographic strength and efficiency. By employing an innovative design that minimizes qubit usage, this work highlights SLIM’s potential as a resource-efficient and secure candidate for quantum-resistant encryption protocols.

Encrypted messaging systems obstruct content moderation, although they provide end-to-end security. As a result, misinformation proliferates in these systems, thereby exacerbating online hate and harassment. The paradigm of ``Reporting-then-Tracing" shows great potential in mitigating the spread of misinformation. For instance, message traceback (CCS'19) traces all the dissemination paths of a message, while source tracing (CCS'21) traces its originator. However, message traceback lacks privacy preservation for non-influential users (e.g., users who only receive the message once), while source tracing maintains privacy but only provides limited traceability.

In this paper, we initiate the study of impact tracing. Intuitively, impact tracing traces influential spreaders central to disseminating misinformation while providing privacy protection for non-influential users. We introduce noises to hide non-influential users and demonstrate that these noises do not hinder the identification of influential spreaders. Then, we formally prove our scheme's security and show it achieves differential privacy protection for non-influential users. Additionally, we define three metrics to evaluate its traceability, correctness, and privacy using real-world datasets. The experimental results show that our scheme identifies the most influential spreaders with accuracy from 82% to 99% as the amount of noise varies. Meanwhile, our scheme requires only a 6-byte platform storage overhead for each message while maintaining a low messaging latency (< 0.25ms).

We present Orbweaver, a plausibly post-quantum functional commitment for linear relations that achieves quasilinear prover time together with $O(\log n)$ proof size and polylogarithmic verifier time. Orbweaver enables evaluation of linear functions on committed vectors over cyclotomic rings and the integers. It is extractable, preprocessing, non-interactive, structure-preserving, and supports compact public proof aggregation. The security of our scheme is based on the $k$-$R$-ISIS assumption (and its knowledge counterpart), whereby we require a trusted setup to generate a universal structured reference string. We use Orbweaver to construct succinct univariate and multilinear polynomial commitments.

Concretely, our scheme has smaller proofs than most other succinct post-quantum arguments for large statements. For binary vectors of length $2^{30}$ we achieve $302$KiB linear map evaluation proofs with evaluation binding, and $1$MiB proofs when extractability is required; for $32$-bit integers these sizes are $494$KiB and $1.6$MiB, respectively.

Pairing-based arguments offer remarkably small proofs and space-efficient provers, but aggregating such proofs remains costly. Groth16 SNARKs and KZG polynomial commitments are prominent examples of this class of arguments. These arguments are widely deployed in decentralized systems, with millions of proofs generated per day. Recent folding schemes have greatly reduced the cost of proving incremental computations, such as batch proof verification. However, existing constructions require encoding pairing operations in generic constraint systems, leading to high prover overhead. In this work, we introduce Mira, a folding scheme that directly supports pairing-based arguments. We construct this folding scheme by generalizing the framework in Protostar to support a broader class of special-sound protocols. We demonstrate the versatility and efficiency of this framework through two key applications: Groth16 proof aggregation and verifiable ML inference. Mira achieves 5.8x faster prover time and 9.7x lower memory usage than the state-of-the-art proof aggregation system while maintaining a constant-size proof. To improve the efficiency of verifiable ML inference, we provide a new lincheck protocol with a verifier degree that is independent of the matrix order. We show that Mira scales effectively to larger models, overcoming the memory bottlenecks of current schemes.

Differentially private (DP) heavy-hitter detection is an important primitive for data analysis. Given a threshold $t$ and a dataset of $n$ items from a domain of size $d$, such detection algorithms ignore items occurring fewer than $t$ times while identifying items occurring more than $t+\Delta$ times; we call $\Delta$ the error margin. In the central model where a curator holds the entire dataset, $(\varepsilon,\delta)$-DP algorithms can achieve error margin $\Theta(\frac 1 \varepsilon \log \frac 1 \delta)$, which is optimal when $d \gg 1/\delta$. Several works, e.g., Poplar (S&P 2021), have proposed protocols in which two or more non-colluding servers jointly compute the heavy hitters from inputs held by $n$ clients. Unfortunately, existing protocols suffer from an undesirable dependence on $\log d$ in terms of both server efficiency (computation, communication, and round complexity) and accuracy (i.e., error margin), making them unsuitable for large domains (e.g., when items are kB-long strings, $\log d \approx 10^4$). We present hash-prune-invert (HPI), a technique for compiling any heavy-hitter protocol with the $\log d$ dependencies mentioned above into a new protocol with improvements across the board: computation, communication, and round complexity depend (roughly) on $\log n$ rather than $\log d$, and the error margin is independent of $d$. Our transformation preserves privacy against an active adversary corrupting at most one of the servers and any number of clients. We apply HPI to an improved version of Poplar, also introduced in this work, that improves Poplar's error margin by roughly a factor of $\sqrt{n}$ (regardless of $d$). Our experiments confirm that the resulting protocol improves efficiency and accuracy for large $d$.

In this work we state and prove an abstract version of the multi-forking lemma of Pointcheval and Stern from EUROCRYPT'96. Earlier, Bellare and Neven had given an abstract version of forking lemma for two-collisions (CCS'06). While the original purpose of the forking lemma was to prove security of signature schemes in the random oracle methodology, the abstract forking lemma can be used to obtain security proofs for multi-signatures, group signatures, and compilation of interactive protocols under the Fiat-Shamir random-oracle methodology.

The Hidden Weight Bit Function (HWBF) has drawn considerable attention for its simplicity and cryptographic potential. Despite its ease of implementation and favorable algebraic properties, its low nonlinearity limits its direct application in modern cryptographic designs. In this work, we revisit the HWBF and propose a new weightwise quadratic variant obtained by combining the HWBF with a bent function. This construction offers improved cryptographic properties while remaining computationally efficient. We analyze the balancedness, nonlinearity, and other criteria of this function, presenting theoretical bounds and experimental results to highlight its advantages over existing functions in similar use cases. The different techniques we introduce to study the nonlinearity of this function also enable us to bound the nonlinearity of a broad family of weightwise quadratic functions, both theoretically and practically. We believe these methods are of independent interest.

Private deep neural network (DNN) inference based on secure two-party computation (2PC) enables secure privacy protection for both the server and the client. However, existing secure 2PC frameworks suffer from a high inference latency due to enormous communication. As the communication of both linear and non-linear DNN layers reduces with the bit widths of weight and activation, in this paper, we propose PrivQuant, a framework that jointly optimizes the 2PC-based quantized inference protocols and the network quantization algorithm, enabling communication-efficient private inference. PrivQuant proposes DNN architecture-aware optimizations for the 2PC protocols for communication-intensive quantized operators and conducts graph-level operator fusion for communication reduction. Moreover, PrivQuant also develops a communication-aware mixed precision quantization algorithm to improve the inference efficiency while maintaining high accuracy. The network/protocol co-optimization enables PrivQuant to outperform prior-art 2PC frameworks. With extensive experiments, we demonstrate PrivQuant reduces communication by $11\times, 2.5\times \mathrm{and}~ 2.8\times$, which results in $8.7\times, 1.8\times ~ \mathrm{and}~ 2.4\times$ latency reduction compared with SiRNN, COINN, and CoPriv, respectively.