International Association
for Cryptologic Research

The School of Computing and Information Technology (SCIT) is one of six Schools within the Faculty of Engineering and Information Sciences at the University of Wollongong. The SCIT aims to be a world class Research School, and this position is expected to contribute towards this aim. The Senior Lecturer/Lecturer, Cryptography will provide development, teaching and research within the Bachelor of Computer Science (majoring Cybersecurity and Digital Systems Security). The candidate is expected to be research active in the area of cryptography and other relevant topics, and be equipped with sufficient experience for teaching undergraduate and postgraduate studies. The successful candidate will have a national reputation in cryptography and/or cyber security research, innovative teaching experience, an established research profile and a demonstrable commitment to positive change. The candidate should demonstrate research excellence and potential to become an effective teacher in the area of Computer Science and Information Technology. As women are underrepresented in this area, women are strongly encouraged for these positions. You will be prompted to respond to a selection criteria questionnaire as part of the application process.

Closing date for applications:

Contact: Prof Willy Susilo

More information: https://www.seek.com.au/job/57956072

As a FHE Researcher, you will:

• Conduct research on state-of-the-art FHE schemes.
• Conduct Research on new Verifiable Computation (VC) schemes applied to FHE
• Design and implementation of new FHE and VC schemes.

Skills required for the job

• Knowledge of fully homomorphic encryption
• Deep understanding of lattice-based cryptography
• Knowledge on Verifiable Computation schemes is advisable
• Experience in C desired, C++, Rust or Go relevant as well
• Familiarity with hardware languages is a plus
• Solid engineering practices and processes, such as development and testing methodology and documentation
• Quick learner, geared towards implementation
• Eager to develop new skills and willing to take ownership of projects

Qualifications:

Ph.D. degree in Cryptography, Applied Cryptography, Cybersecurity, Mathematics, Computer Science or Engineering

Closing date for applications:

Contact: Dr. Najwa Aaraj, naaraj@alumni.princeton.edu

As a MPC Researcher, you will:

• Conduct research on state-of-the-art secure Multi Party Computation.
• Work on MPC building blocks such as,
  • Secret Sharing schemes
  • FHE
  • Garbled Circuits
• Design and implementation of building blocks to utilize privacy-preserving cryptographic techniques to cloud computing and machine learning applications.

Skills required for the job

• Knowledge on secure Multi Party Computation.
• Knowledge in some of the following is valuable:
  • Secret Sharing schemes
  • Garbled Circuits
  • FHE schemes
  • Zero-Knowledge proofs
• Experience in C desired, C++, Rust and Python relevant as well.
• Solid engineering practices and processes, such as development and testing methodology and documentation.
• Quick learner, geared towards implementation. Eager to develop new skills and willing to take ownership of projects.
• Knowledge on machine learning would be valuable.

Qualifications:

Ph.D. degree in Cryptography, Applied Cryptography, Cybersecurity, Mathematics or Computer Science or Engineering

Closing date for applications:

Contact: Dr. Najwa Aaraj, naaraj@alumni.princeton.edu

As a Post-Quantum Protocol expert, you will

• Work on security protocols based on post-quantum primitives such as Public Key Encryption, Key Encapsulation Mechanism, Key Exchange, and Digital Signatures schemes
• Analyze existing and propose new protocol designs, with special focus on post-quantum IPSec, VPNs, SSL, TLS, etc.
• Focus on protocols for lightweight environment
• Test and benchmark optimized and secure implementations of different protocols and study the impact on real life applications
• Investigate security properties and performance-security trade-offs
• Conduct research on new and/or state-of-the-art attacks
• Design and implementation of hybrid (post quantum – classical) solutions

Skills required for the job

• Knowledge on cryptography and cybersecurity, in particular a solid background in network security, especially protocol design and evaluation
• Excellent with C, C++, Python, (JAVA and Rust will be valuable as well)
• Hard and organized worker, quick learner, geared towards implementation. Eager to develop new skills and willing to take ownership of projects

Qualifications

• Ph.D. degree in Cryptography, Applied Cryptography, Cybersecurity, Mathematics or Computer Science or Engineering

Closing date for applications:

Contact: Najwa Aaraj, naaraj@alumni.Princeton.edu

As a Post-Quantum Cryptography expert, you will

• Work on all aspects of post-quantum primitives such as Public Key Encryption, Key Encapsulation Mechanism, Key Exchange, and Digital Signatures schemes
• Analyze existing designs
• Propose new designs
• Work on optimized and secure implementations in software and/or hardware platforms
• Investigate security properties and performance-security trade-offs
• Study the impact on lightweight environment
• Conduct research on new and/or state-of-the-art attacks
• Participate to the review and evaluation of post-quantum schemes that are under NIST scrutiny for standardization
• Design and implementation of hybrid (post-quantum – classical) solutions
• Contribute to the development of cryptographic libraries and security frameworks

Skills required for the job

• Knowledge on cryptography and cybersecurity, in particular at least one among
• Solid mathematical background on either lattices, codes, or multivariate systems
• Solid programming skills either in software or hardware
• Solid background in network security, especially protocol design and evaluation
• Excellent with C, C++, Python, (JAVA and Rust will be valuable as well)
• Hard and organized worker, quick learner, geared towards implementation. Eager to develop new skills and willing to take ownership of projects

Qualifications

• Ph.D. degree in Cryptography, Applied Cryptography, Cybersecurity, Mathematics or Computer Science or Engineering

Closing date for applications:

Contact: Najwa Aaraj, naaraj@alumni.princeton.edu

Event date: 16 December to 18 December 2022

Event date: 11 December to 13 December 2022
Submission deadline: 1 September 2022
Notification: 1 November 2022

Event date: 8 December to 9 December 2022
Submission deadline: 23 October 2022
Notification: 1 November 2022

Event date: 24 April to 27 April 2023
Submission deadline: 18 October 2022
Notification: 10 January 2023

Event date: 23 November to 25 November 2022
Submission deadline: 15 August 2022
Notification: 15 September 2022

We present an efficient key recovery attack on the Supersingular Isogeny Diffie-Hellman protocol (SIDH), based on a "glue-and-split" theorem due to Kani. Our attack exploits the existence of a small non-scalar endomorphism on the starting curve, and it also relies on the auxiliary torsion point information that Alice and Bob share during the protocol. Our Magma implementation breaks the instantiation SIKEp434, which aims at security level 1 of the Post-Quantum Cryptography standardization process currently ran by NIST, in about one hour on a single core. This is a preliminary version of a longer article in preparation.

Central Bank Digital Currencies (CBDCs) aspire to offer a digital replacement for physical cash and as such need to tackle two fundamental requirements that are in conflict. On the one hand, it is desired they are $\textit{private}$ so that a financial ``panopticon'' is avoided, while on the other, they should be $\textit{regulation friendly}$ in the sense of facilitating any threshold-limiting, tracing, and counterparty auditing functionality that is necessary to comply with regulations such as Know Your Customer (KYC), Anti Money Laundering (AML) and Combating Financing of Terrorism (CFT) as well as financial stability considerations. In this work, we put forth a new model for CBDCs and an efficient construction that, for the first time, fully addresses these issues simultaneously. Moreover, recognizing the importance of avoiding a $\textit{single point of failure}$, our construction is distributed so that all its properties can withstand a suitably bounded minority of participating entities getting corrupted by an adversary. Achieving all the above properties efficiently is technically involved; among others, our construction uses suitable cryptographic tools to thwart man-in-the-middle attacks, it showcases a novel traceability mechanism with significant performance gains compared to previously known techniques and, perhaps surprisingly, shows how to obviate Byzantine agreement or broadcast from the optimistic execution path of a payment, something that results in an essentially optimal communication pattern and communication overhead when the sender and receiver are honest. Going beyond ``simple'' payments, we also discuss how our scheme can facilitate one-off large transfers complying with Know Your Transaction (KYT) disclosure requirements. Our CBDC concept is expressed and realized in the Universal Composition (UC) framework providing in this way a modular and secure way to embed it within a larger financial ecosystem.

In the light of NIST’s announced reopening of the call for digital signature proposals in 2023 due to lacking diversity, there is a strong need for constructions based on other established hardness assumptions. In this work we construct a new post-quantum secure digital signature scheme based on the $MinRank$ problem, a problem with a long history of applications in cryptanalysis that led to a strong belief in its hardness. Initially following a design by Courtois (Asiacrypt '01) based on the Fiat--Shamir transform, we make use of several recent developments in the design of sigma protocols to reduce signature size and improve efficiency. This includes the recently introduced $sigma \; protocol \; with \; helper$ paradigm (Eurocrypt '19) and combinations with $cut$-$and$-$choose$ techniques (CCS '18). Moreover, we introduce several improvements to the core of the scheme to further reduce its signature size.

One of the most popular ways to turn a keyless hash function into a keyed one is the HMAC algorithm. This approach is too expensive in some cases due to double hashing. Excessive overhead can sometimes be avoided by using certain features of the hash function itself. The paper presents a simple and safe way to create a keyed cryptoalgorithm (conventionally called "Streebog-K") from hash function Streebog $\mathsf{H}(M)$. Let $K$ be a secret key, then $\mathsf{KH}(K,M)=\mathsf{H}(K||M)$ is a secure pseudorandom function (PRF) and, therefore, a good message authentification code (MAC). The proof is obtained by reduction of the security of the presented construction to the resistance of the underlying compression function to the related key attacks (PRF-RKA). The security bounds of Streebog-K are essentially the same as those of HMAC-Streebog, but the computing speed doubles when short messages are used.

Secret sharing is an essential tool for many distributed applications, including distributed key generation and multiparty computation. For many practical applications, we would like to tolerate network churn, meaning participants can dynamically enter and leave the pool of protocol participants as they please. Such protocols, called Dynamic-committee Proactive Secret Sharing (DPSS) have recently been studied; however, existing DPSS protocols do not gracefully handle faults: the presence of even one unexpectedly slow node can often slow down the whole protocol by a factor of $O(n)$.

In this work, we explore optimally fault-tolerant asynchronous DPSS that is not slowed down by crash faults and even handles byzantine faults while maintaining the same performance. We first introduce the first high-threshold DPSS, which offers favorable characteristics relative to prior non-synchronous works in the presence of faults while simultaneously supporting higher privacy thresholds. We then batch-amortize this scheme along with a parallel non-high-threshold scheme which achieves optimal bandwidth characteristics. We implement our schemes and demonstrate that they can compete with prior work in best-case performance while outperforming it in non-optimal settings.

This opportunity is for a Lecturer, Cybersecurity (tenure track), to provide development, coordination of subjects and research within the Bachelor of Computer Science (majoring in Cybersecurity), and the ability to provide an innovative teaching experience in Computer Science at both undergraduate and postgraduate levels. The position requires the successful candidate be research active and have a national reputation in Web Security and/or Cyber Security, and have high quality research skills in Cybersecurity and other relevant topics. The incumbent will have a PhD in the area of cybersecurity blockchain, cryptocurrency or a related area, and have a demonstrated ability to mentor and supervise high degree research students. Please apply online through the website and address the selection criteria accordingly.

Closing date for applications:

Contact: Prof Willy Susilo

More information: https://ejgl.fa.ap1.oraclecloud.com/hcmUI/CandidateExperience/en/sites/CX_1/job/2695/?utm_medium=jobshare

Our research team is looking for a talented R&D Engineer who can implement cryptographic primitives and protocols. The candidate will have an opportunity in interacting with the brightest Cryptography researchers and work with highly talented engineers in building a robust blockchain platform from scratch. The candidate will get to apply the cryptography ideas and concepts in challenging real-world settings.

Required

- Masters in Computer Science with specialisation in Cryptography from a reputed university or Bachelors with extensive crypto experience - Software Development experience - Proficiency in programming languages especially in Rust

Desired

- Working experience with Elliptic curve cryptography / bilinear pairings / ZK proofs

For more information, please visit our website: https://supraoracles.com/

Closing date for applications:

Contact: Phu Le - Executive Assistant

More information: https://supraoracles.com/careers/4598948004/

Our chair performs research and teaching in the area of IT Security with a strong focus on Network Security and Online Privacy. Our goal is to advance the state of the art in research and to educate qualified computer scientists in the area of IT Security who are able to meet the challenges of the growing demand on securing IT Systems and provide data protection in various areas of our life and society. More information can be found at https://www.b-tu.de/en/fg-it-sicherheit.

Tasks:

• Active research in the area of intrusion detection systems (IDS) for critical infrastructures, secure cyber-physical systems, and artificial intelligence / machine learning for traffic analysis
• Implementation and evaluation of new algorithms and methods
• Cooperation and knowledge transfer with industrial partners
• Publication of scientific results
• Assistance with teaching

The employment takes place with the goal of doctoral graduation (obtaining a PhD degree).

Requirements:

• Master’s degree (or equivalent) in Computer Science or related disciplines
• Strong interest in IT security and/or networking and distributed systems
• Knowledge of at least one programming language (C++, Java, etc.) and one scripting language (Perl, Python, etc.) or strong willingness to quickly learn new programming languages
• Linux/Unix skills
• Knowledge of data mining, machine learning, statistics and result visualization concepts is of advantage
• Excellent working knowledge of English; German is of advantage
• Excellent communication skills

Applications containing the following documents:

• A detailed Curriculum Vitae
• Transcript of records from your Master studies
• An electronic version of your Master thesis, if possible should be sent in a single PDF file as soon as possible, but not later than 15.08.2022 at itsec-jobs.informatik@lists.b-tu.de

Closing date for applications:

Contact: Prof. Dr.-Ing. Andriy Panchenko
itsec-jobs.informatik@lists.b-tu.de

More information: https://www.b-tu.de/en/fg-it-sicherheit

iTrust is a Cyber Security Research Center in SUTD and a National Satellite of Excellence in Singapore for securing critical infrastructure. iTrust hosts the world-class cyber-physical system (CPS) testbeds for water treatment (SWaT), water distribution (WADI) and power grid (EPIC). iTrust will build a new maritime shipboard OT testbed (MariOT), to be used for research, education, training, live-fire exercise, and technology validation.

We are looking for postdocs / research fellows with expertise on cybersecurity in general and CPS security in particular. The candidates should have track record of strong R&D capability, with publications at leading security conferences. The candidates familiar with shipboard OT systems will be considered with the priority. Candidate working in the current position less than one year will not be considered (unless due to the end of contract). Fresh PhD graduates are welcome.

We are also looking for research assistants who should be 1) familiar with scripting languages like Python; 2) with knowledge on threat modelling and vulnerability assessment - to conduct vulnerability scan of the systems and analyse the threats; 3) familiar with tools like Wireshark, Metasploit, Ettercap, Nmap - to monitor network traffic, launch MITM attacks, scan for ports; 4) with hands on experience of Linux OS to execute commands and run scripts.

Only short-listed candidates will be contacted for interview. Successful candidates will be offered internationally competitive remuneration.

Interested candidates please send your CV to Prof. Jianying Zhou (http://jianying.space/).

Closing date for applications:

Contact: Prof. Jianying Zhou. Email: jianying_zhou@sutd.edu.sg

More information: http://jianying.space/

Related-key attacks against block ciphers are often considered unrealistic. In practice, as far as possible, the existence of a known "relation" between the secret encryption keys is avoided. Despite this, related keys arise directly in some widely used keyed hash functions. This is especially true for HMAC-Streebog, where known constants and manipulated parameters are added to the secret key. The relation is determined by addition modulo $2$ and $2^{n}$. The security of HMAC reduces to the properties of the underlying compression function. Therefore, as an initial analysis we propose key-recovery methods for 10 and 11 rounds (out of 12) of Streebog compression function in the related-key setting. The result shows that Streebog successfully resists attacks even in the model with such powerful adversaries.