IACR News
If you have a news item you wish to distribute, they should be sent to the communications secretary. See also the events database for conference announcements.
Here you can see all recent updates to the IACR webpage. These updates are also available:
17 September 2025
Andreas Wiemers
Xiaojie Guo, Hanlin Liu, Zhicong Huang, Hongrui Cui, Wenhao Zhang, Cheng Hong, Xiao Wang, Kang Yang, Yu Yu
1. We propose an efficient protocol that replaces the relaxed distributed comparison function in the best pseudorandom correlation function (PCF) for sVOLE (CRYPTO'22), which has the same streaming features for any polynomial number of tuples. With this protocol, our sPCG is doubly efficient in memory and the computation per sVOLE. Moreover, we augment the black-box distributed setup to malicious security and yield 4x communication improvement. Our sPCG can be extended to a more efficient sVOLE PCF with the same improvements in memory and computation, and a 2x faster malicious non-black-box distributed setup.
2. We present a practical attack on the Learning Parity with Noise (LPN) assumption for expand-accumulate codes with regular noise, revealing that some previous parameters provide around 14~22 bits of security over binary noises, far below the target 128 bits. To address this, we introduce a low-Hamming-weight noise distribution to withstand the attack. We then derive some updated LPN parameters with the new noise distribution, restoring 128-bit security and reducing the noise-related computation and communication.
3. We provide an implementation of our sPCG for the special case of correlated oblivious transfer (COT). In addition to the improvements over the best PCF, our sPCG can have a comparable end-to-end performance to Ferret (CCS'20) and the PCG from expand-convolute codes (CRYPTO'23), two state-of-the-art PCGs, with the advantage of being able to produce 10 million COTs on-the-fly and reducing the memory from 337 MB and 624 MB to 20 MB, respectively.
Zonglun Li, Wangze Ni, Shuhao Zheng, Junliang Luo, Weijie Sun, Lei Chen, Xue Liu, Tianhang Zheng, Zhan Qin, Kui Ren
Bowen Zhang, Hao Cheng, Johann Großschädl, Peter Y. A. Ryan
Eli Baum, Sam Buxbaum, Nitin Mathai, Muhammad Faisal, Vasiliki Kalavri, Mayank Varia, John Liagouris
We evaluate ORQ in LAN and WAN deployments on a diverse set of workloads, including complex queries with multiple joins and custom aggregations. When compared to state-of-the-art solutions, ORQ significantly reduces MPC execution times and can process one order of magnitude larger datasets. For our most challenging workload, the full TPC-H benchmark, we report results entirely under MPC with Scale Factor 10—a scale that had previously been achieved only with information leakage or the use of trusted third parties.
Suvradip Chakraborty, Sebastian Faller, Dennis Hofheinz, Kristina Hostáková
Zeyu Liu, Katerina Sotiraki, Eran Tromer, Yunhao Wang
In this work, we first show concrete attacks on existing lattice-based mmPKE schemes: Using maliciously-crafted recipient public keys, these attacks completely break semantic security and key privacy, and are inherently undetectable. We then introduce the first lattice-based mmKEM scheme that maintains full privacy even in the presence of maliciously-generated public keys. Concretely, the ciphertext size of our mmKEM for 100 recipients is $>10\times$ smaller than naively using Crystals-Kyber. We also show how to extend our mmKEM to mmPKE, achieving a scheme that outperforms all prior lattice-based mmPKE schemes in terms of both security and efficiency. We additionally show a similar efficiency gain when applied to batched random oblivious transfer, and to group oblivious message retrieval.
Our scheme is proven secure under a new Module-LWE variant assumption, Oracle Module-LWE, which can be of its own independent interest. We reduce standard MLWE to this new assumption for some parameter regimes, which also gives intuition on why this assumption holds for the parameter we are interested in (along with additional cryptanalysis).
Furthermore, we show an asymptotically efficient compiler that removes the assumption made in prior works that recipients know their position in the list of intended recipients for every ciphertext.
Yanqi Gu, Stanislaw Jarecki, Phillip Nazarian, Apurva Rai
Zesheng Li, Dongliang Cai, Yimeng Tian, Yihang Du, Xinxuan Zhang, Yi Deng
In this paper, we propose a novel distributed SNARK system constructed by compiling distributed PIOP with additively homomorphic polynomial commitment, rather than distributed polynomial commitment. The core technical component is distributed SumFold, which folds multiple sum-check instances into one. After the folding process, only one prover is required to perform polynomial commitment openings. It facilitates compilation with SamaritanPCS, which is a recently proposed additively homomorphic multilinear polynomial commitment scheme. The resulting SNARK system is specifically optimized for data-parallel circuits. Compared to prior HyperPlonk-based distributed proof systems (e.g., Hyperpianist and Cirrus), our construction achieves improvements in both proof size and prover time. We implement our protocol and conduct a comprehensive comparison with HyperPianist with 8 machines. Our system achieves shorter proof and 4.1~4.9× speedup in prover time, while maintaining comparable verification efficiency.
12 September 2025
ExeQuantum, Docklands, Melbourne (Remote-friendly for the right candidate)
ExeQuantum is a Melbourne-based company pioneering post-quantum cryptography (PQC) and sovereign-grade secure systems. We are working with critical industries and governments to deliver solutions that are sovereign, transparent, agile, and compliant. Our projects range from PQC-as-a-Service APIs to secure integrations in finance, healthcare, and national infrastructure.
We are looking for a Software Engineer to join our engineering team. This role reports directly to the CTO and will involve building prototypes into production-ready solutions across cryptography, email security, and payment infrastructure. This is not a generic coding role. You will be working on systems where discipline, confidentiality, and creativity matter as much as technical skill.
Responsibilities- Design, develop, and maintain secure software components (Python, Node.js, C/C++/Rust depending on project scope).
- Integrate PQC algorithms (ML-KEM, ML-DSA, HQC, FN-DSA, etc.) into real-world applications.
- Contribute to internal tools, SDKs, APIs, and add-ins (e.g., Outlook, payment gateways).
- Collaborate with the CTO on system design and architecture.
- Follow strict security and confidentiality practices.
- Participate in code reviews, testing, and documentation to ensure auditability and compliance.
- Open-mindedness and willingness to study cutting-edge technologies. Demonstrated ability to think outside the box and avoid “impossible” as a default answer.
- 3+ years of professional software development experience (startup or high-assurance sector preferred).
- Strong skills in at least one of: Python, Node.js/TypeScript, C/C++/Rust.
- Familiarity with cryptographic libraries, secure coding practices, or networking protocols is a plus.
- Comfort working with prototypes, debugging, and delivering solutions in ambiguous/problem-solving contexts.
- High standard of confidentiality and discipline in handling IP, code, and client data.
Closing date for applications:
Contact: Send your CV, links of your code repositories (GitHub, GitLab, etc.), and a short note about why you want to work on PQC and secure systems with ExeQuantum to raymond@exequantum.com.
More information: https://www.linkedin.com/hiring/jobs/4298309236/detail/
Monash University, Melbourne, Australia
- a highly competitive salary on par with lecturer (assistant professor) salaries in Australia,
- opportunities to collaborate with leading academic and industry experts in the related areas,
- opportunities to participate in international grant-funded projects,
- collaborative and friendly research environment,
- an opportunity to live/study in one of the most liveable and safest cities in the world.
Requirements. significant research experience in Lattice-Based Cryptography and/or Privacy-Enhancing Technologies is required. A strong mathematical background is highly desired. Some knowledge/experience in coding (for example, Python, C/C++, SageMath) is a plus. Candidates must have completed (or be about to complete within the next 8 months) a PhD degree in a relevant field.
How to apply. please first refer to mfesgin.github.io/supervision/ for more information about our team. Then, please fill out the following form (also clickable from the advertisement title): https://docs.google.com/forms/d/e/1FAIpQLSeU6O65yJQW3rrcAi4dzatBYPyWU7Y5otLPReHFPuQf8dtggw/viewform
Closing date for applications:
Contact: Muhammed Esgin
More information: https://docs.google.com/forms/d/e/1FAIpQLSeU6O65yJQW3rrcAi4dzatBYPyWU7Y5otLPReHFPuQf8dtggw/viewform
Yuhao Zheng, Jianming Lin, Chang-an Zhao
Maxence Jauberty, Pierrick Méaux
Ariel Futoransky, Ramses Fernandez, Emilio Garcia, Gabriel Larotonda, Sergio Demian Lerner
Won Kim, Jeonghwan Lee, Hyeonhak Kim, Changmin Lee
In this work, we audit every routine in the SQIsign Round-2 specification that manipulates quaternion elements and prove a uniform worst-case bound on coefficient growth. Complementing the theoretical bounds, we repeat the key generation and signing process of Round-2 SQIsign reference code implemented with GMP library, record peak operand sizes, and derive experimental bounds. Based on this bound, we choose a fixed-size precision representation and implement SQIsign in C without dynamic allocation such as GMP library.
Jian Guo, Shichang Wang, Tianyu Zhang
Behzad Abdolmaleki, Ruben Baecker, Paul Gerhart, Mike Graf, Mojtaba Khalili, Daniel Rausch, Dominique Schröder
Mingshu Cong, Sherman S. M. Chow, Siu Ming Yiu, Tsz Hon Yuen
Complexity-wise, for a matrix expression with $M$ atomic operations on $n \times n$ matrices, the prover runs in $O(M n^2)$ time while proof size and verification time are $O(\log(M n))$, outperforming known VML systems. Honed for this framework, we formalize relations directly in matrices or vectors---a more intuitive form for VML than traditional polynomials. Our LiteBullet proof, an inner-product proof based on folding and its connection to sumcheck (Crypto '21), yields a polynomial-free alternative. With these ingredients, we reconcile heterogeneity, zero-knowledge, succinctness, and architecture privacy in a single VML system.