## IACR News

Here you can see all recent updates to the IACR webpage. These updates are also available:

#### 20 July 2024

###### Universität der Bundeswehr Munich, Germany

Job Posting**Distributed cryptography**: DKG, decentralised credentials with privacy properties**Advanced encryption**: algorithmic techniques for FHE and SNARKs, updatable encryption**Secure computation**: MPC techniques and protocol design, PSI**PQC techniques**for any of the aforementioned areas

They will work closely with members of the

**Privacy and Applied Cryptography (PACY) lab**, led by Prof. Mark Manulis, and the

**Quantum-Safe and Advanced Cryptography (QuSAC) lab**, led by Prof. Daniel Slamanig. Candidates will benefit from our modern infrastructure and availability of funds to support own research. Also, Munich is amongst best places to live in Germany.

Positions are available for immediate start but no later than 01.01.2025 with ~58k to 74k EUR p.a. depending on qualifications and experience. Initial contracts are for 1.5 - 2 years. (Due to the nature of funding restrictions on the eligibility may apply.)

Requirements:

- Master's degree (or equivalent) or PhD in Mathematics, Cryptography, or Computer Science with excellent grades
- Solid knowledge and demonstrable experience in respective research area
- Post-doc candidates must have a strong track record (ideally with publications at IACR conferences and/or the top 4 security conferences) and good academic writing and presentation skills
- Experience with cryptographic implementations (desirable)
- Proficiency in English (essential) and German (desirable but not essential)

**Closing date for applications:**

**Contact:** Prof. Dr. Mark Manulis

mark [.] manulis [@] unibw [.] de

Applications will be processed continuously until the positions are filled.

**More information:** https://www.unibw.de/pacy-en/vacancies

###### Darmstadt University of Applied Sciences

Job PostingThe research group Applied Cyber Security Darmstadt (ACSD) at Darmstadt University of Applied Sciences (h_da) is currently seeking Ph.D. students for various exciting research opportunities. We are looking for motivated individuals interested in Automotive Security, Smart Energy Network Security, Offensive Security, Post-Quantum Cryptography (PQC), and Cryptographic Protocol Design. Our group is engaged in several ongoing and upcoming projects funded by prominent agencies such as the DFG (German Research Foundation), BMBF (Federal Ministry of Education and Research), and the state of Hesse. Among the positions are two PhD positions for a BMBF-funded project commencing in September, focused on cryptoagility and the integration of PQC in modern vehicles. This project addresses critical challenges in future-proofing automotive security against emerging quantum threats. If you are passionate about cutting-edge cyber security research and wish to contribute to the advancement of secure automotive technologies, we encourage you to apply.

**Your profile:**

- Master’s degree with very good grades in IT security, computer science, or a similar field
- Extensive knowledge in IT security and applied cryptography
- Proficient programming skills in Python, C/C++
- Knowledge in cryptographic protocols, post-quantum cryptography, automotive technologies, offensive security, or energy networks is beneficial (depending on the project)
- Experience and interest to engage in teaching
- Very good English skills, German skills are beneficial
- Motivated, reliable, creative, and able to work independently

**Closing date for applications:**

**Contact:**

- Christoph Krauß
- Alexander Wiesmaier

**More information:** https://acsd.h-da.de

#### 19 July 2024

###### Takumi Shinozaki, Keisuke Tanaka, Masayuki Tezuka, Yusuke Yoshida

ePrint ReportDodis, Halevi, and Wichs introduced a stronger variant called FuncCPA$^+$. They showed FuncCPA$^+$ implies FuncCPA and conjectured that FuncCPA$^+$ is strictly stronger than FuncCPA. They left an open problem to clarify the relationship between these variants.

Contrary to their conjecture, we show that FuncCPA is equivalent to FuncCPA$^+$. We show it by two proofs with a trade-off between the number of queries and the number of function inputs. Furthermore, we show these parameters determine the security levels of FuncCPA and FuncCPA$^+$.

###### Alexander Burton, Samir Jordan Menon, David J. Wu

ePrint Report###### Thomas den Hollander, Daniel Slamanig

ePrint ReportAs we will show in this paper, unfortunately, Orion in its current revision is still unsound (with and without the zero-knowledge property) and we will demonstrate practical attacks on it. We then show how to repair Orion without additional assumptions, which requies non-trivial fixes when aiming to preserve the linear time prover complexity. The proposed fixes lead to an even improved efficiency, i.e., smaller proof size and verifier time, over the claimed efficiency of the initial version of Orion. Moreover, we provide the first rigorous security proofs and explicitly consider multi-point openings and non-interactivity. While revisiting Orion we make some additional contributions which might be of independent interest, most notable an improved code randomization technique that retains the minimum relative distance.

###### Benoît Cogliati, Jordan Ethan, Ashwin Jha, Mridul Nandi, Abishanka Saha

ePrint Report###### Henri Devillez, Olivier Pereira, Thomas Peters

ePrint ReportWhile being a very promising primitive, the few existing TREnc mechanisms either require a secret coin CRS or are fairly demanding in time and space requirements. Their security proofs also come with a linear security degradation in the number of challenge ciphertexts.

We address these limitations and offer two efficient public coin TREnc mechanisms tailored for the two common tallying approaches in elections: homomorphic and mixnet-based. The TCCA security of our mechanisms also enjoys an almost-tight reduction to SXDH, based on a new randomizable technique of independent interest in the random oracle model.

A Rust implementation of our TREnc mechanisms demonstrates that we can verifiably encrypt 64 bits in less than a second, and full group elements in around 30 ms., which is sufficient for most real-world applications. While comparing with other solutions, we show that our approaches lead to the most efficient non-interactive receipt-free voting system to date.

###### Alexander R. Block, Pratyush Ranjan Tiwari

ePrint ReportIn this work, we complement the result of Block et al. by providing a thorough concrete security analysis of non-interactive FRI under various parameter settings from protocols deploying (or soon to be deploying) FRI today. We find that these parameters nearly achieve their desired security targets (being at most 1-bit less secure than their targets) for non-interactive FRI with respect to a certain security conjecture about the FRI Protocol. However, in all but one set of parameters, we find that the provable security of non-interactive FRI under these parameters is severely lacking, being anywhere between 21- and 63-bits less secure than the conjectured security. The conjectured security of FRI assumes that known attacks are optimal, the security of these systems would be severely compromised should a better attack be discovered. In light of this, we present parameter guidelines for achieving 100-bits of provable security for non-interactive FRI along with a methodology for tuning these parameters to suit the needs of protocol designers.

###### Behzad Abdolmaleki, Hannes Blümel, Giacomo Fenzi, Homa Khajeh, Stefan Köpsell, Maryam Zarezadeh

ePrint Report###### Johannes Ottenhues, Alexander Koch

ePrint Report###### Zhengjun Cao, Lihua Liu

ePrint Report###### Jan Kristian Haugland, Tron Omland

ePrint Report###### Tymoteusz Chojecki, Grahame Erskine, James Tuite, Vasyl Ustimenko

ePrint Report###### Vlasis Koutsos, Xiangan Tian, Dimitrios Papadopoulos, Dimitris Chatzopoulos

ePrint Report###### Aggelos Kiayias, Elias Koutsoupias, Philip Lazos, Giorgos Panagiotakos

ePrint ReportReconciling these three properties is seemingly paradoxical given that the dominant approach to transaction processing is based on first-price auctions (e.g., as in Bitcoin) or dynamic adjustment of the minimum admissible fee (e.g. as in Ethereum EIP-1559) something that breaks fee predictability. At the same time, in fixed fee mechanisms (e.g., as in Cardano), fees are trivially predictable but are subject to relatively inexpensive bribing or denial of service attacks where transactions may be delayed indefinitely by a well funded attacker, hence breaking delay predictability.

In this work, we set out to address this problem by putting forward blockchain space tokenization (BST), namely a new capability of a blockchain system to tokenize its capacity for transactions and allocate it to interested users who are willing to pay ahead of time for the ability to post transactions regularly for a period of time. We analyze our system in the face of worst-case transaction-processing attacks by introducing a security game played between the mempool mechanism and an adversary. Leveraging this framework, we prove that BST offers predictable and asymptotically optimal delays, predictable fees, and is incentive compatible, thus answering the question posed in the affirmative.

###### Chen Li, Fangguo Zhang

ePrint ReportTo address these issues, we first define "strong designated-verifier" considering the case where the adversary has access to the secret verification state, then propose a construction of strong designated-verifier zk-SNARKs. The construction inspired by designated verifier signatures based on two-party ring signatures does not use encryption and can be applied on any public-verifiable zk-SNARKs to yield a designated-verifiable variant. We introduce our construction under the circuit satisfiability problem and implement it in Circom, then test it on different zk-SNARKs, showing the validity of our construction.

###### Reo Eriguchi

ePrint Report###### Aydin Abadi, Vishnu Asutosh Dasu, Sumanta Sarkar

ePrint Report###### Maria Corte-Real Santos, Jonathan Komada Eriksen, Michael Meyer, Francisco Rodríguez-Henríquez

ePrint ReportWe present two new methods that combine previous techniques for finding suitable primes: sieve-and-boost and XGCD-and-boost. We use these methods to find primes for the NIST submission of SQIsign. Furthermore, we show that our methods are flexible and can be adapted to find suitable parameters for other isogeny-based schemes such as AprèsSQI or POKE. For all three schemes, the parameters we present offer the best performance among all parameters proposed in the literature.