International Association
for Cryptologic Research

In many fields, the need to securely collect and aggregate data from distributed systems is growing. However, designs that rely solely on encrypted data transmission make it difficult to trace malicious users. To address this challenge, we have enhanced the secure aggregation (SA) protocol proposed by Bell et al. (CCS 2020) by introducing verification features that ensure compliance with user inputs and encryption processes while preserving data privacy. We present LZKSA, a quantum-safe secure aggregation system with input verification. LZKSA employs seven zero-knowledge proof (ZKP) protocols based on the Ring Learning with Errors problem, specifically designed for secure aggregation. These protocols verify whether users have correctly used SA keys and their $L_{\infty}$, $L_2$ norms and cosine similarity of data, meet specified constraints, to exclude malicious users from current and future aggregation processes. The specialized ZKPs we propose significantly enhance proof efficiency. In practical federated learning scenarios, our experimental evaluations demonstrate that the proof generation time for $L_{\infty}$ and $L_2$ constraints is reduced to about $10^{-3}$ of that required by the current state-of-the-art method, RoFL (S\&P 2023), and ACORN (USENIX 2023). For example, the proof generation/verification time of RoFL, ACORN and LZKSA for $L_{\infty}$ is 94s/29.9s, 78.7s/33.9s, and 0.02s/0.0062s for CIFAR10, respectively.

One-Time Pad (OTP), introduced by Shannon, is well-known as an unconditionally secure encryption algorithm and has become the cornerstone of modern cryptography. However, the unconditional security of OTP applies solely to confidentiality and does not extend to integrity. Hash functions such as SHA2, SHA3 or SM3 applies only to integrity but not to confidentiality and also can not obtain unconditional security. Encryption and digital signatures based on asymmetric cryptography can provide confidentiality, integrity and authentication, but they can only achieve computational security. Leveraging the fundamental principles of quantum mechanics，Quantum key distribution（QKD）can achieve unconditional security in theory. However, due to limitations in eavesdropping detection, the use of classical channels and imperfections in quantum devices, it cannot reach unconditional security in practical applications. In this paper, based on polynomial rings and the theory of probability, we propose an unconditionally secure encryption algorithm with unified confidentiality and integrity. The main calculation of the encryption algorithm is Cyclic Redundancy Check(CRC). Theoretical analysis proves that the encryption algorithm not only meets the unconditional security of confidentiality, but also guarantees the unconditional security of integrity, especially suitable for high-security communications such as finance, military, government and other fields.

Event date: 11 August 2025

Event date: 12 August to 13 August 2025

COSIC is looking for a motivated researcher who fit into the following profile: PhD candidate to work on Hardware implementations secured against physical attacks.

Job Description : The position is funded by Flemish Research Funds (FWO). The PhD candidate will work in collaboration with the research group of Prof. Amir Moradi from University of Darmstadt. The research program is defined in a joint research project jointly funded by FWO (Belgium) and DFG (Germany). The title of the project is MatSec – Maturing Physical Security Models in Realistic Scenarios. The PIs of the project in COSIC are Dr. Svetla Nikova and Prof. Vincent Rijmen.

Security models for side-channel analysis and combined attacks for HW implementations exist, but they often make unrealistic assumptions or are inaccurate in modeling physical effects. This results in countermeasures that are either overdesigned, unnecessarily increasing the costs, or still vulnerable to attacks when deployed. The main objective of this project is to provide security models that accurately abstract attacks against cryptographically secured physical devices and that allow for the creation of efficient countermeasures on hardware guaranteeing security in practice.

We are looking for people to work on the following topics: (1) Realistic side-channel models capturing the circuit’s real behavior and achieving a balance between security and efficiency and providing improved countermeasures. (2) Security models and randomness generation: to develop procedures for constructing masked HW/SW implementations with low randomness requirements (3) Combined security models extending known fault/combined adversaries.

Specific Skills Required: For the PhD position: The candidates should hold a master’s degree in Engineering, Mathematics or Computer Science with very good grades, very good knowledge and experience with programing with C/C++ and Verilog/VHDL. Preferably to have passed courses in Cryptography and/or Computer Security.

Closing date for applications:

Contact: Dr. Svetla Nikova

More information: https://www.esat.kuleuven.be/cosic/wp-content/uploads/2025/06/PhD-position_FWO-DFG.pdf

The Department of Combinatorics and Optimization at the University of Waterloo invites applications from qualified candidates for a 2-year position as a Cryptographic Research Architect on the Open Quantum Safe project (https://openquantumsafe.org/).

This position is available immediately in Professor Stebila’s research group. You will be working with a world-wide team of researchers and developers from academia and industry on the Open Quantum Safe project. You will have the opportunity to push the boundaries of applied post-quantum cryptography and contribute to various open-source projects. You will help integrate new post-quantum cryptographic algorithms into the liboqs open-source library, and design and implement techniques for evaluating and benchmarking these cryptographic algorithms in a variety of contexts.

The field of post-quantum cryptography is rapidly evolving, and you will need to track ongoing changes to algorithms due to peer review and advances by researchers via the the NIST Post-Quantum Cryptography project forum. In addition to algorithm research, tasks cover all aspects of the software development lifecycle and include design, programming cryptographic algorithms, integrating other cryptographic implementations into the liboqs framework, integrating liboqs into 3rd party open-source projects, testing, benchmarking and documentation. You may be asked to take an ownership role in coordinating the development of various sub-component of the Open Quantum Safe project.

The appointment will be a full-time position for 2 years. The salary range is $80,000–$115,000/year and commensurate with experience.

Canadians, Canadian Permanent Residents, and those who are legally entitled to work in Canada will be given priority consideration for this position.

For more information on the position and how to apply, please see https://openquantumsafe.org/team/open-positions

Closing date for applications:

Contact: Douglas Stebila (dstebila@uwaterloo.ca)

More information: https://openquantumsafe.org/team/open-positions

Context Our team develops pre-silicon analysis tools to: 1) identify exploitable vulnerabilities at the software level based on these interactions between a software and a microarchitecture, or 2) formally prove the security, for a given attacker model, of a system embedding hardware/software countermeasures against fault injections. These tools implement a methodology that has shown to be successful to find microarchitectural vulnerabilities and/or prove the robustness, for a given fault model, of various RISC-V based processors [1]. For instance, we have formally proven the security of OpenTitan's processor to single bit-flip injections [2].

[1] S. Tollec et al. μArchiIFI: Formal Modeling and Verification Strategies for Microarchitectural Fault Injections. FMCAD 2023

[2] S. Tollec et al.. Fault-Resistant Partitioning of Secure CPUs for System Co-Verification against Faults. TCHES 2024

Objectives

Your main missions will be:

- To design and extend our pre-silicon methodology and associated tools to support different secured processors. In particular, leverage the specificities of the countermeasures embedded by such secured processors to speedup analysis techniques, but also integrate in our methodology and tools post-synthesis netlist level analyses of hardware architectures.

- To participate to a project-scale experimental evaluation aiming to fill the gap between pre-silicon tools and post-silicon security evaluations.

Location Saclay (Paris area) or Grenoble.

Requirements PhD or a Masters’s Degree in Electronics or Computer Science. Excellent interpersonal and communication skills, and a solid background in any of the following fields is expected: computer architecture, programming languages, formal methods, cyber-security. Knowledge or French (spoken or written) is not required but may be helpful on a day-to-day basis.

Application Please send the following documents: CV, cover letter (in French or English), transcrpit of records

Closing date for applications:

Contact: Mathieu Jan (mathieu.jan@cea.fr) and Damien Couroussé (damien.courousse@cea.fr). Reviewing of applications will continue until the position is filled.

Unpaid, part-time fellowship (3–6 months), with potential to evolve into a fully-funded, startup-style venture We invite applied cryptographers to join a part-time, unpaid pilot fellowship focused on zero-knowledge proofs, MPC, and secure data pipelines for biosecurity. No prior biosecurity experience is required—just strong crypto skills and curiosity. You’ll work collaboratively with fellow cryptographers, developers, and biosecurity experts to develop tangible, economically sustainable prototypes, with the goal of launching a funded venture by program’s end. This role is designed to run alongside your current commitments—no need to pause full-time work.

Fellow Responsibilities
- Design zk‑SNARK/STARK or MPC circuits to verify epidemiological data integrity and outbreak modeling
- Prototype privacy-preserving alert systems for decentralized biosurveillance
- Collaborate with peer cryptographers and cross-disciplinary fellows on open-source proof-of-concept systems
- Co-author deliverables: circuit specs, threat models, implementation evaluations

Qualifications:
- Master’s or PhD in cryptography, computer science, mathematics, or related field
- Strong programming and mathematical background
- Experience with zk frameworks (e.g., Circom, snarkjs, arkworks) or MPC is a plus
- No prior biosecurity/domain expertise required—we’ll provide domain support
-Available to work part-time alongside existing commitments

Program Structure & Benefits:
- Unpaid and part-time: built to fit around ongoing work or study
- Goal-driven: produce a self-sustaining prototype or venture by program end
- Collaborative environment: work alongside other cryptographers with mentorship from senior crypto and domain experts
- Opportunity to transition into a funded startup or project launch post-fellowship

Application Instructions:
Send us an email with a brief overview of your background and skills

Closing date for applications:

Contact: bharat@causality.network

More information: https://musematrix.xyz/

Secure Computation Technologies, such as Multiparty Computation, allow the purposeful processing of private data (distilling value from such data), without compromising the privacy of this data. Today’s interconnected world, smart applications, and global business, necessitating the use of collaborative analytics, require the collection and processing of private information. In this PhD trajectory you will be exploring ways and developing protocols and primitives that enhance the security, functionality, and efficiency of secure computation technologies (e.g., multiparty computation – MPC), when designed for particular application scenarios, such as private machine learning use-cases.

In this 4-year PhD trajectory, you are expected to:

Conduct original and novel research in the field of Secure Computation Technologies;

Design novel protocols for privacy-preserving (machine learning) applications;

Publish and present scientific articles at international journals and conferences;

Engage in collaborations in academia and industry;

Assist in relevant teaching activities.

The position is fully funded for 4 years.

Closing date for applications:

Contact: Eleftheria Makri

More information: https://www.universiteitleiden.nl/en/vacancies/2025/q2/15751-phd-candidate-secure-computation-technologies-and-applications-to-machine-learning

This paper presents the first generic compiler that transforms any permissioned consensus protocol into a proof-of-stake permissionless consensus protocol. For each of the following properties, if the initial permissioned protocol satisfies that property in the partially synchronous setting, the consequent proof-of-stake protocol also satisfies that property in the partially synchronous and quasi-permissionless setting (with the same fault-tolerance): consistency; liveness; optimistic responsiveness; every composable log-specific property; and message complexity of a given order. Moreover, our transformation ensures that the output protocol satisfies accountability (identifying culprits in the event of a consistency violation), whether or not the original permissioned protocol satisfied it.

This paper introduces ZK-NR, a modular cryptographic protocol designed to ensure privacy-preserving non-repudiation in the co-production of digital public services. By integrating Merkle commitments, zero-knowledge proofs (STARKs), threshold BLS signatures, and post-quantum Dilithium authentication, ZK-NR enables the creation of secure, verifiable, and auditable evidence across decentralized infrastructures. Unlike traditional digital signatures or blockchain-based logs, ZK-NR provides formally verifiable attestations without disclosing sensitive content, making it suitable for public finance, e-government, and regulated digital ecosystems. The protocol is modeled in Tamarin and implemented as a proof-of-concept using open cryptographic tools. This contribution offers a reproducible foundation for future infrastructures requiring long-term trust, data minimization, and legal admissibility, particularly in contexts where citizens and institutions share responsibility for digital evidence. ZK-NR addresses the tension between confidentiality and accountability, providing an interoperable and future-ready layer for trustworthy public service delivery. This preliminary work focuses on architectural composition and implementation feasibility. It does not include formal security proofs.

Multivariate public key cryptosystems represent a promising family of post-quantum cryptographic schemes. Extensive research has demonstrated that multivariate polynomials are particularly well-suited for constructing digital signature schemes. Notably, the Unbalanced Oil and Vinegar (UOV) signature scheme and its variants have emerged as leading candidates in NIST's recent call for additional digital signature proposals. Security analysis against UOV variants are typically categorized into key-recovery attacks and forgery attacks, with the XL algorithm serving as one of the most significant methods for mounting key-recovery attacks. Recently, Lars Ran introduced a new attack against UOV variants that could be seen as an XL attack using exterior algebra; nevertheless, this new attacking algorithm is applicable only when the underlying (finite) field of the UOV variant is of characteristic $2$. In this work, we address this limitation by proposing a unified framework. Specifically, we first propose the notion of reduced symmetric algebra over any field, whose strength can be gleaned from the fact that it is essentially symmetric algebra when the characteristic $p$ of the underlying field is $0$ and is exterior algebra when $p=2$. Based upon the reduced symmetric algebra, we then propose a new XL attack against all UOV variants. Our XL attack is equivalent to Lars Ran's one for those UOV variants whose underlying fields are of characteristic $p=2$; more importantly, our XL attack can also be applied to analyze those UOV variants with odd characteristic, such as QR-UOV submitted to NIST's PQC Standardization Project. It should be noted that in regard to those 12 QR-UOV recommended instances, our XL attack does not outperform existing key-recovery counterparts; nevertheless, it is the optimal key-recovery attack for some specific UOV instances with odd characteristic.

The Learning Parity with Noise (LPN) problem has become a cornerstone for building lightweight, post-quantum secure encryption schemes. Despite its widespread adoption, LPN-based constructions suffer from a fundamental efficiency limitation: the essential noise term that provides security simultaneously requires error correction coding, leading to bandwidth overhead. We introduce a variant of LPN termed Learning Parity with Quantization (LPQ). While maintaining the ``learning from noisy equations'' framework, LPQ generates Bernoulli-like noise from code-aided quantization and enables simultaneous security and compression. Formally, the $\text{LPQ}_{N,n,\mathcal{C}}$ problem challenges adversaries to distinguish the triplet $(\mathbf{A}, Q_{\mathcal{C}}(\mathbf{A}\mathbf{s} \oplus \mathbf{u}), \mathbf{u})$ from uniform, where $Q_{\mathcal{C}}$ is a vector quantization function based on an $(N,K)$ code $\mathcal{C}$, and $\mathbf{u}$ serves as a public dither. We establish the hardness of LPQ through a tight reduction from the LPN problem, maintaining equivalent security guarantees. We demonstrate LPQ’s practical efficacy through a full rate (i.e., rate-1) symmetric key encryption scheme, where LPQ combined with an extendable output function (XOF) achieves optimal ciphertext efficiency ($|\text{ct}| = |\text{pt}|$).

In the last years, Deep Learning algorithms have been browsed and applied to Side-Channel Analysis in order to enhance attack’s performances. In some cases, the proposals came without an indepth analysis allowing to understand the tool, its applicability scenarios, its limitations and the advantages it brings with respect to classical statistical tools. As an example, a study presented at CHES 2021 proposed a corrective iterative framework to perform an unsupervised attack which achieves a 100% key bits recovery. In this paper we analyze the iterative framework and the datasets it was applied onto. The analysis suggests a much easier and interpretable way to both implement such an iterative framework and perform the attack using more conventional solutions, without affecting the attack’s performances.

The benefits of using Deep Learning techniques to enhance side-channel attacks performances have been demonstrated over recent years. Most of the work carried out since then focuses on discriminative models. However, one of their major limitations is the lack of theoretical results. Indeed, this lack of theoretical results, especially concerning the choice of neural network architecture to consider or the loss to prioritize to build an optimal model, can be problematic for both attackers and evaluators. Recently, Zaid et al. addressed this problem by proposing a generative model that bridges conventional profiled attacks and deep learning techniques, thus providing a model that is both explicable and interpretable. Nevertheless the proposed model has several limitations. Indeed, the architecture is too complex, higher-order attacks cannot be mounted and desynchronization is not handled by this model. In this paper, we address the first limitation namely the architecture complexity, as without a simpler model, the other limitations cannot be treated properly. To do so, we propose a new generative model that relies on solid theoretical results. This model is based on conditional variational autoencoder and converges towards the optimal statistical model i.e. it performs an optimal attack. By building on and extending the state-of-the-art theoretical works on dimensionality reduction, we integrate into this neural network an optimal dimensionality reduction i.e. a dimensionality reduction that is achieved without any loss of information. This results in a gain of $\mathcal{O}(D)$, with $D$ the dimension of traces, compared to Zaid et al. neural network in terms of architecture complexity, while at the same time enhancing the explainability and interpretability. In addition, we propose a new attack strategy based on our neural network, which reduces the attack complexity of generative models from $\mathcal{O}(N)$ to $\mathcal{O}(1)$, with $N$ the number of generated traces. We validate all our theoretical results experimentally using extensive simulations and various publicly available datasets covering symmetric, asymmetric pre and post-quantum cryptography implementations.

This note gives an explanation for a phenomenon which appeared in the cryptanalysis of the Elisabeth-4 stream cipher, a stream cipher optimized for Torus Fully Homomorphic Encryption (TFHE). This primitive was broken in 2023 by a linearization attack. The authors of this attack made an observation on the rank of the linear system they generated, which was lower than expected. They have provided a partial explanation for it using some properties of the negacyclic lookup tables (NLUT), one of the potential building block of the ciphers optimized for TFHE. NLUTs are defined as functions over integers modulo 2^n such that for all x, L(x + 2^(n−1) ) = −L(x). Their explanation of the rank defect of the linear system relies on the observation that the least significant bit of L(x) does not depend on the most significant bit of x, which prevents some monomials from appearing in the algebraic normal form (ANF) of the system. In this note, we prove a stronger property of the ANF of NLUTs and use it to give full proof of their observation on the rank of the system.

A multi-designated verifier signature (MDVS) is a digital signature that empowers a signer to designate specific verifiers capable of verifying signatures. Notably, designated verifiers are allowed to not only verify signatures but also simulate “fake” signatures indistinguishable from real ones produced by the original signer. Since this property is useful for realizing off-the-record (i.e., deniable) communication in group settings, MDVS is attracting attention in secure messaging. Recently, Damgård et al. (TCC’20) and Chakraborty et al. (EUROCRYPT’23) have introduced new MDVS schemes, allowing a subset of designated verifiers to simulate signatures in contrast to the conventional one, which requires all designated verifiers for signature simulation. They also define a stronger notion of security for them. This work delves into this new MDVS and offers a comprehensive formalization. We identify all possible security levels of MDVS schemes in subset simulations and prove that some of them are not feasible. Furthermore, we demonstrate that MDVS schemes meeting the security notion defined by Chakraborty et al. imply IND-CCA secure public-key encryption schemes. Beyond formalization, we present new constructions of MDVS schemes in subset simulation. Notably, we introduce a new construction of strongly secure MDVS schemes based on ring signatures and public-key encryption, accompanied by a generic conversion for achieving consistency through non-interactive zero-knowledge arguments. Finally, we evaluate the efficiency of our MDVS schemes in classical and post-quantum settings, showing their practicality.

FHE-based private information retrieval (PIR) is widely used to maintain the secrecy of the client queries in a client-server architecture. There are several ways to implement FHE-based PIR. Most of these approaches results in server computation overhead. Attempts for reducing the server computation overhead results in 1) fetching incorrect results, 2) leakage of queries, 3) large number of homomorphic operations (which is a time consuming process), and 4) downloading the entire dataset in the client side. In this work, we design a three server based approach where the first server discuss the nature of dataset, second server stores the computation results performed over first server, and third server stores the dataset in accordance to the proposed novel technique, that is, restricted bin packing algorithm (RBA). The proposed three server based approach optimise the aforementioned limitations. Later we implement the designed protocol using Tenseal library. Our protocol provides to retrieve the data by providing security to the client's query.

Side-channel attacks are increasingly recognized as a significant threat to hardware roots of trust. As a result, cryptographic module designers must ensure that their modules are resilient to such attacks before deployment. However, efficient evaluation of side-channel vulnerabilities in cryptographic implementations remains challenging. This paper introduces an open-source framework integrating FPGA designs, power measurement tools, and high-performance side-channel analysis libraries to streamline the evaluation process. The framework provides design templates for two widely used FPGA boards in the side-channel analysis community, enabling Shell-Role architecture, a modern FPGA design pattern. This shell abstraction allows designers to focus on developing cryptographic modules while utilizing standardized software tools for hardware control and power trace acquisition. Additionally, the framework includes acceleration plugins for ChipWhisperer, the leading open-source side-channel analysis platform, to enhance the performance of correlation power analysis (CPA) attacks. These plugins exploit modern many-core processors and Graphics Processing Units (GPUs) to speed up analysis significantly. To showcase the capabilities of the proposed framework, we conducted multiple case studies and highlighted significant findings that advance side-channel research. Furthermore, we compare our CPA plugins with existing tools and show that our plugins achieve up to 8.60x speedup over the state-of-the-art CPA tools.

Indistinguishability obfuscation (iO) turns a program unintelligible without altering its functionality and is a powerful cryptographic primitive that captures the power of most known primitives. Recent breakthroughs have successfully constructed iO from well-founded computational assumptions, yet these constructions are unfortunately insecure against quantum adversaries. In the search of post-quantum secure iO, a line of research investigates constructions from fully homomorphic encryption (FHE) and tailored decryption hint release mechanisms. Proposals in this line mainly differ in their designs of decryption hints, yet all known attempts either cannot be proven from a self-contained computational assumption, or are based on novel lattice assumptions which are subsequently cryptanalysed.

In this work, we propose a new plausibly post-quantum secure construction of iO by designing a new mechanism for releasing decryption hints. Unlike prior attempts, our decryption hints follow a public Gaussian distribution subject to decryption correctness constraints and are therefore in a sense as random as they could be. To generate such hints efficiently, we develop a general-purpose tool called primal lattice trapdoors, which allow sampling trapdoored matrices whose Learning with Errors (LWE) secret can be equivocated. We prove the security of our primal lattice trapdoors construction from the NTRU assumption. The security of the iO construction is then argued, along with other standard lattice assumptions, via a new Equivocal LWE assumption, for which we provide evidence for plausibility and identify potential targets for further cryptanalysis.