International Association
for Cryptologic Research

Recent advances in Vector Oblivious Linear Evaluation (VOLE) protocols have enabled constant-round, fast, and scalable (designated-verifier) zero-knowledge proofs, significantly reducing prover computational cost. Existing protocols, such as QuickSilver [CCS’21] and LPZKv2 [CCS’22], achieve efficiency with prover costs of 4 multiplications in the extension field per AND gate for Boolean circuits, with one multiplication requiring a O(κ log κ)-bit operation where κ = 128 is the security parameter and 3-4 field multiplications per multiplication gate for arithmetic circuits over a large field. We introduce JesseQ, a suite of two VOLE-based protocols: JQv1 and JQv2, which advance state of the art. JQv1 requires only 2 scalar multiplications in an extension field per AND gate for Boolean circuits, with one scalar needing a O(κ)- bit operation, and 2 field multiplications per multiplication gate for arithmetic circuits over a large field. In terms of communication costs, JQv1 needs just 1 field element per gate. JQv2 further reduces communication costs by half at the cost of doubling the prover’s computation. Experiments show that, compared to the current state of the art, both JQv1 and JQv2 achieve at least 3.9× improvement for Boolean circuits. For large field circuits, JQv1 has a similar performance, while JQv2 offers a 1.3× improvement. Additionally, both JQv1 and JQv2 maintain the same communication cost as the current state of the art. Notably, on the cheapest AWS instances, JQv1 can prove 9.2 trillion AND gates (or 5.8 trillion multiplication gates over a 61-bit field) for just one US dollar. JesseQ excels in applications like inner products, matrix multiplication, and lattice problems, delivering 40%- 200% performance improvements compared to QuickSilver. Additionally, JesseQ integrates seamlessly with the sublinear Batchman framework [CCS’23], enabling further efficiency gains for batched disjunctive statements.

Systems such as file backup services often use content-defined chunking (CDC) algorithms, especially those based on rolling hash techniques, to split files into chunks in a way that allows for data deduplication. These chunking algorithms often depend on per-user parameters in an attempt to avoid leaking information about the data being stored. We present attacks to extract these chunking parameters and discuss protocol-agnostic attacks and loss of security once the parameters are breached (including when these parameters are not setup at all, which is often available as an option). Our parameter-extraction attacks themselves are protocol-specific but their ideas are generalizable to many potential CDC schemes.

Distinguishing Goppa codes or alternant codes from generic linear codes [FGO+11] has been shown to be a first step before being able to attack McEliece cryptosystem based on those codes [BMT24]. Whereas the distinguisher of [FGO+11] is only able to distinguish Goppa codes or alternant codes of rate very close to 1, in [CMT23a] a much more powerful (and more general) distinguisher was proposed. It is based on computing the Hilbert series $\{\mathrm{HF}(d),~d\in \mathbb{N}\}$ of a Pfaffian modeling. The distinguisher of [FGO+11] can be interpreted as computing $\mathrm{HF}(1)$. Computing $\mathrm{HF}(2)$ still gives a polynomial time distinguisher for alternant or Goppa codes and is apparently able to distinguish Goppa or alternant codes in a much broader regime of rates as the one of [FGO+11]. However, the scope of this distinguisher was unclear. We give here a formula for $\mathrm{HF}(2)$ corresponding to generic alternant codes when the field size $q$ satisfies $q \geq r$, where r is the degree of the alternant code. We also show that this expression for$\mathrm{HF}(2)$ provides a lower bound in general. The value of $\mathrm{HF}(2)$ corresponding to random linear codes is known and this yields a precise description of the new regime of rates that can be distinguished by this new method. This shows that the new distinguisher improves significantly upon the one given in [FGO+11].

This article presents an extension of the work performed by Liu, Baek and Susilo on extended withdrawable signatures to lattice-based constructions. We introduce a general construction, and provide security proofs for this proposal. As instantiations, we provide concrete construction for extended withdrawable signature schemes based on Dilithium and HAETAE.

We show that the anonymous authentication and key establishment scheme [IEEE TDSC, 20(4), 3535-3545, 2023] fails to keep user anonymity, not as claimed. We also suggest a method to fix it.

Zero-knowledge range arguments are a fundamental cryptographic primitive that allows a prover to convince a verifier of the knowledge of a secret value lying within a predefined range. They have been utilized in diverse applications, such as confidential transactions, proofs of solvency and anonymous credentials. Range arguments with a transparent setup dispense with any trusted setup to eliminate security backdoor and enhance transparency. They are increasingly deployed in diverse decentralized applications on blockchains. One of the major concerns of practical deployment of range arguments on blockchains is the incurred gas cost and high computational overhead associated with blockchain miners. Hence, it is crucial to optimize the verification efficiency in range arguments to alleviate the deployment cost on blockchains and other decentralized platforms. In this paper, we present VeRange with several new zero-knowledge range arguments in the discrete logarithm setting, requiring only $c \sqrt{N/\log N}$ group exponentiations for verification, where $N$ is the number of bits to represent a range and $c$ is a small constant, making them concretely efficient for blockchain deployment with a very low gas cost. Furthermore, VeRange is aggregable, allowing a prover to simultaneously prove $T$ range arguments in a single argument, requiring only $O(\sqrt{TN/\log (TN)}) + T$ group exponentiations for verification. We deployed {\tt VeRange} on Ethereum and measured the empirical gas cost, achieving the fastest verification runtime and the lowest gas cost among the discrete-logarithm-based range arguments in practice.

Blockchain technology and smart contracts have revolutionized digital transactions by enabling trustless and decentralized exchanges of value. However, the inherent transparency and immutability of blockchains pose significant privacy challenges. On-chain data, while pseudonymous, is publicly visible and permanently recorded, potentially leading to the inadvertent disclosure of sensitive information. This issue is particularly pronounced in smart contract applications, where contract details are accessible to all network participants, risking the exposure of identities and transactional details.

To address these privacy concerns, there is a pressing need for privacy-preserving mechanisms in smart contracts. To showcase this need even further, in our paper we bring forward advanced use-cases in economics which only smart contracts equipped with privacy mechanisms can realize, and show how fully-homomorphic encryption (FHE) as a privacy enhancing technology (PET) in smart contracts, operating on a public blockchain, can make possible the implementation of these use-cases. Furthermore, we perform a comprehensive systematization of FHE-based approaches in smart contracts, examining their potential to maintain the confidentiality of sensitive information while retaining the benefits of smart contracts, such as automation, decentralization, and security. After we evaluate these existing FHE solutions in the context of the use-cases we consider, we identify open problems, and suggest future research directions to enhance privacy in blockchain smart contracts.

Event date: 16 December to 19 December 2025

Event date: 2 December to 5 December 2025

Event date: 14 September 2025

Event date: 10 October to 12 October 2025
Submission deadline: 31 May 2025
Notification: 15 July 2025

What the role involves:

As an Applied Cryptography Researcher, you must be a cryptographer with a strong understanding of practical aspects of using cryptography in real world settings. You have the exciting challenge of working on bleeding-edge research and technology, always with a focus on the market's needs. You will work side by side with architects and engineers implementing novel cryptographic primitives that you may have also designed yourself. The scope is everything from Post-Quantum prototypes to hand-optimisation of existing primitives to completely new systems. To support you on this challenge, we have cryptography researchers, software architects, product managers, project managers, formal methods specialists and QA test engineers, with whom you will have high bandwidth communications.

Extract requirements from product and engineering regarding cryptographic primitives.

Lead and contribute to novel cryptographic research meeting such requirements.

Support prototyping of cryptographic systems.

Translate research into engineering specifications & implementations.

Meticulously review cryptographic protocols and proposed primitives.

Write research papers for submission to top cryptologic conferences and journals.

Contribute to peer-reviewed publications.
Who you are:

PhD in Computer Science/Engineering or Applied Mathematics. A minimum of 4-5 years development experience in the field Expert knowledge of applied cryptography & best practices Expert knowledge of ZK protocols, such as PlonK and IPA commitment scheme Expert knowledge of elliptic curve cryptography Expert knowledge of post quantum security techniques Familiarity with blockchain cryptography and constructions Practical experience with implementation of cryptographic primitives Expert in terms of cryptographic design Good understanding of implementation and engineering constraints. Security sensibility related to cryptographic implementation Excellent theoretical cryptography and mathematical knowledge

Closing date for applications:

Contact: Marios Nicolaides

More information: https://apply.workable.com/io-global/j/DE859C73F4/

Funded PhD position for Fall 2025 on Cryptographic Engineering and Hardware Security.

This is an urgent call for interested applicants. A funded Ph.D. student position is available for Fall 2025 to work on different aspects of Cryptographic Engineering in the new Bellini College of Artificial Intelligence, Cybersecurity, and Computing with Dr. Mehran Mozaffari Kermani. We are looking for motivated, talented, and hardworking applicants who have background and are interested in working on different aspects of Cryptographic Engineering with emphasis on hardware/software implementation, and side-channel attacks.

Please send email me your updated CV (including list of publications, language test marks, and references), transcripts for B.Sc. and M.Sc., and a statement of interest to: mehran2 (at) usf.edu as soon as possible.

Research Webpage: https://cse.usf.edu/~mehran2/

Closing date for applications:

Contact: Mehran Mozaffari Kermani

Dear all, The Communication Systems and Networks research group at Mid Sweden University invites applications for a Postdoctoral Researcher position in the field of Wireless Security and Trustworthy AI, within the framework of the newly launched TRUST project, conducted in collaboration with the University of Vaasa, Finland. The successful candidate will contribute to advanced research in at least two of the following areas: • Cryptographic protocol design and analysis, including vulnerability mitigation • Security testing and experimentation using Software-Defined Radio (SDR) platforms • AI-based intrusion detection systems and Explainable Artificial Intelligence (XAI) • Blockchain-enabled secure data exchange in wireless communication systems Minimum Qualifications: • A PhD degree in Electrical Engineering, Computer Science, or a closely related field • Demonstrated expertise in at least two of the listed research areas • A strong publication record relevant to the position Location: Sundsvall, Sweden

Closing date for applications:

Contact: Mikael Gidlund https://www.miun.se/en/personnel/g/mikaelgidlund/

More information: https://www.miun.se/en/work-at-the-university/career/jobs/vacancy/postdoctoral-researcher-in-wireless--network-security-and-trustworthy-ai/#gsc.tab=0

CISPA is a world-leading research center that focuses on Information Security and Artificial Intelligence at large. To expand and further strengthen our center, we are looking for Tenure-Track Faculty in all areas related to Information Security and Artificial Intelligence (f/m/d)

All applicants are expected to grow a research team that pursues an internationally visible research agenda. To aid you in achieving this, CISPA provides institutional base funding for three full-time researcher positions and a generous budget for expenditures. Upon successful tenure evaluation, you will hold a position that is equivalent to an endowed full professorship at a top research university.

In view of the current geopolitical landscape and in order to further strengthen research in information security and trustworthy AI in Germany and Europe, we have decided to invite a further round of applications of renowned candidates with an outstanding track record in Information Security, Artificial Intelligence, or related areas, including Cybersecurity and Privacy, Machine Learning and Data Science, Efficient Algorithms and Foundations of Theoretical Computer Science, Software Engineering, Program Analysis and Formal Methods.

The application deadline is April 8, 2025 23:59 AoE with interviews starting in mid April 2025.

CISPA values diversity and is committed to equality. We provide special dual-career support. We explicitly encourage female and diverse researchers to apply.

Closing date for applications:

Contact: career@cispa.de

More information: https://jobs.cispa.saarland/de_DE/jobs/detail/tenure-track-faculty-in-all-areas-related-to-information-security-and-artificial-intelligence-f-m-d-extended-call-269

In the Research Unit of Privacy Enhancing Technologies at TU Wien is offering a position as university assistant post-doc (all genders) limited to expected 6 years for 40 hours/week. Expected start: April 2025. Research will address the development of privacy-enhancing technologies, including but not limited to the design of cryptographic algorithms and protocols, distributed protocols, cryptocurrencies, and information-theoretic approaches such as differential privacy. Topics of interest include (but are not limited to): Privacy preserving cryptocurrencies Efficient proof systems such as (non-interactive) zero-knowledge, SNARKs, etc. Cryptographic protocols Functional encryption Fully homomorphic encryption Information-theoretic approaches such as differential privacy

Tasks: Deep interest in scientific problems and the motivation for independent and goal-oriented research Independent teaching or participation in teaching and supervision of students Participation in organizational and administrative tasks of the research division and the faculty

Your profile: - Completion of an excellent doctorate in Computer Science or a closely related field
-Strong background in cryptography, privacy-preserving mechanisms, or data security
- In-depth knowledge and experience in at least one subject area: secure computation, differential privacy, anonymous communication systems, privacy-preserving machine learning, cryptocurrencies, cryptographic protocols, identity management, homomorphic encryption, or zero-knowledge proofs
An outstanding publication record in top security, privacy, and applied cryptography conferences and journals, such as e.g., ACM CCS, Crypto, Eurocrypt, Usenix Security, NDSS, EEE S&P, PETS Experience in teaching and supervising students, with enthusiasm for advancing knowledge in the field of privacy-enhancing technologies Excellent organizational and analytical skills, combined with a structured and detail-oriented approach to work Team player with strong problem-solving abilities, creative thinking, and a passion for tackling real-world privacy challenges

Closing date for applications:

Contact: Univ. Prof. Dr. Dominique Schroeder

More information: https://jobs.tuwien.ac.at/Job/247325

The integration of AI agents with Web3 ecosystems harnesses their complementary potential for autonomy and openness, yet also introduces underexplored security risks, as these agents dynamically interact with financial protocols and immutable smart contracts. This paper investigates the vulnerabilities of AI agents within blockchain-based financial ecosystems when exposed to adversarial threats in real-world scenarios. We introduce the concept of context manipulation -- a comprehensive attack vector that exploits unprotected context surfaces, including input channels, memory modules, and external data feeds. Through empirical analysis of ElizaOS, a decentralized AI agent framework for automated Web3 operations, we demonstrate how adversaries can manipulate context by injecting malicious instructions into prompts or historical interaction records, leading to unintended asset transfers and protocol violations which could be financially devastating. Our findings indicate that prompt-based defenses are insufficient, as malicious inputs can corrupt an agent's stored context, creating cascading vulnerabilities across interactions and platforms. This research highlights the urgent need to develop AI agents that are both secure and fiduciarily responsible.

We introduce deniable secret sharing (DSS), which, analogously to deniable encryption, enables shareholders to produce fake shares that are consistent with a target “fake message”, regardless of the original secret. In contrast to deniable encryption, in a DSS scheme an adversary sees multiple shares, some of which might be real, and some fake. This makes DSS a more difficult task, especially in situations where the fake shares need to be generated by individual shareholders, without coordination with other shareholders.

We define several desirable properties for DSS, and show both positive and negative results for each. The strongest property is fake hiding, which is a natural analogy of deniability for encryption: given a complete set of shares, an adversary cannot determine whether any shares are fake. We show a construction based on Shamir secret sharing that achieves fake hiding as long as (1) the fakers are qualified (number $t$ or more), and (2) the set of real shares which the adversary sees is unqualified. Next we show a construction based on indistinguishability obfuscation that relaxes condition (1) and achieves fake hiding even when the fakers are unqualified (as long as they comprise more than half of the shareholders). We also extend the first construction to provide the weaker property of faker anonymity for all thresholds. (Faker anonymity requires that given some real shares and some fake shares, an adversary should not be able to tell which are fake, even if it can tell that some fake shares are present.) All of these constructions require the fakers to coordinate in order to produce fake shares.

On the negative side, we first show that fake hiding is unachievable when the fakers are a minority, even if the fakers coordinate. Further, if the fakers do not coordinate, then even faker anonymity is unachievable as soon as $t < n$ (namely the reconstruction threshold is smaller than the number of parties).

In this paper, we present a ring referral scheme, by which a user can publicly prove her knowledge of a valid signature for a private message that is signed by one of an ad hoc set of authorized issuers, without revealing the signing issuer. Ring referral is a natural extension to traditional ring signature by allowing a prover to obtain a signature from a third-party signer. Our scheme is useful for diverse applications, such as certificate-hiding decentralized identity, privacy-enhancing federated authentication, anonymous endorsement and privacy -preserving referral marketing. In contrast with prior issuer-hiding credential schemes, our ring referral scheme supports more distinguishing features, such as (1) public verifiability over an ad hoc ring, (2) strong user anonymity against collusion among the issuers and verifier to track a user, (3) transparent setup, (4) message hiding, (5) efficient multi-message logarithmic verifiability, (6) threshold scheme for requiring multiple co-signing issuers. Finally, we implemented our ring referral scheme with extensive empirical evaluation

Since the introduction of TLS 1.3, which includes X25519 and X448 as key exchange algorithms, one could expect that high efficient implementations for these two algorithms become important as the need for power efficient and secure IoT devices increases. Assembly optimised X25519 implementations for low end processors such as Cortex-M4 have existed for some time but there has only been scarce progress on optimised X448 implementations for low end ARM processors such as Cortex-M4 and Cortex-M33. This work attempts to fill this gap by demonstrating how to design a constant time X448 implementation that runs in 2 273 479 cycles on Cortex-M4 and 2 170 710 cycles on Cortex-M33 with DSP. An X25519 implementation is also presented that runs in 441 116 cycles on Cortex-M4 and 411 061 cycles on Cortex-M33 with DSP.