International Association
for Cryptologic Research

The Post-Quantum Cryptography Migration Interdisciplinary Lab (PQC-X) at XJTLU has multiple openings for faculty positions. We are seeking excellent researchers in design, analysis, implementation and/or application aspects of the following areas, and will offer internationally competitive salary packages for successful candidates.

Topics of Interests

• Post-Quantum Cryptography

• Multi-Party Computation

• Zero-Knowledge Proofs

• Fully Homomorphic Encryption

Faculty Positions

Multiple faculty positions are open at all ranks: Professor, Associate Professor, and Assistant Professor. The positions are on three-year contract which is renewable and will be converted to long-term contract when renewed again after six-year service. Positions will remain open until filled.

What we offer:

• Opportunities to work in an excellent research environment and collaborate with global leaders in post-quantum cryptography, and with top financial institutions and industry partners.

• Internationally competitive salary and benefits such as housing allowance, travel allowance, education allowance, relocation support etc.

• Adequate research funds, and university’s supports to apply for national, provincial and municipal talent programs.

Requirements:

• Ph.D. in Computer Science, Mathematics, Cryptography, or closely related areas.

• Proven track record of research excellence in post-quantum cryptography or a closely related area.

• Demonstrated excellence in teaching and supervision of undergraduate/graduate students/post-docs.

How to Apply

Submit your application via: https://career15.sapsf.cn/sfcareer/jobreqcareer?jobId=4087&company=xjtlu.

Including,

• Cover letter

• Curriculum Vitae (CV)

• Three academic reference letters (two for research and one for teaching)

For Inquiries, you can contact HR: Ye.Lan@xjtlu.edu.cn.

Closing date for applications:

Contact: Mingwei.Sun@xjtlu.edu.cn

More information: https://career15.sapsf.cn/sfcareer/jobreqcareer?jobId=4087&company=xjtlu

The Post-Quantum Cryptography Migration Interdisciplinary Lab (PQC-X) is a newly founded lab at XJTLU, led by Prof. Jintai DING*, a globally recognized leader in Post-quantum Cryptography. With the initial CNY22 million funding by the University, PQC-X aims to establish a world-class research lab with focus on conducting world-leading research in post-quantum cryptography, advancing key technologies in post-quantum migration and facilitating their industry transfer, and fostering the development of high-level talents in this field. PQC-X is expanding to a team of 9 faculty, 9 postdoctoral researchers, and 12 doctoral students.

PQC-X maintains an internationally collaborative research environment and strong partnerships with leading scholars and top institutions worldwide, including:

• Prof. Johannes Buchmann (Fellow of the German Academy of Sciences)

• Prof. Tsuyoshi Takagi (University of Tokyo)

• Financial institutions, e.g., the Jiangsu Province Financial Society, China Construction Bank, and the Financial Research Institute of the People’s Bank of China

*About Prof. Jintai Ding

Prof. Jintai Ding is a globally recognized leader in post-quantum cryptography and currently the Dean of School of Mathematics and Physics at Xi’an Jiaotong-Liverpool University (XJTLU). He was one of the principal designers of ML-KEM (FIPS 203), the only quantum-resistant key establishment standard selected by the US National Institute of Standards and Technology (NIST). He is also the inventor and patent holder of the first quantum key exchange, which was among the two patents licensed to NIST for ML-KEM.

Prior to joining XJTLU, Prof. Ding was Full Professor in Tsinghua University; and the Distinguished Taft Professor in the University of Cincinnati for more than 20 years. Prof. Ding received his PhD from Yale University.

How to Apply

Submit your application via the Univiersity Website.

Including,

• Cover letter

• Curriculum Vitae (CV)

• Three academic reference letters (two for research and one for teaching)

For Inquiries, you can contact HR: Ye.Lan@xjtlu.edu.cn

Closing date for applications:

Contact: Mingwei.sun@xjtlu.edu.cn

More information: https://career15.sapsf.cn/sfcareer/jobreqcareer?jobId=4200&company=xjtlu

The Young Investigator Group “COSYS - Control Systems and Cyber Security Lab” at the Chair of IT Security at the Brandenburg University of Technology Cottbus-Senftenberg has an open PhD position in the following areas:

• AI-based Network Attack Detection and Simulation.
• AI-enabled Penetration Testing.
• Privacy-Enhancing Technologies in Cyber-Physical Systems.

The available position is funded as 100% TV-L E13 tariff in Germany and initially limited until 31.07.2026, with possibility for extension. Candidates must hold a Master’s degree or equivalent in Computer Science or related disciplines, or be close to completing it. If you are interested, please send your CV, transcript of records from your Master studies, and an electronic version of your Master's thesis (if possible), as a single pdf file. Applications will be reviewed until the position is filled.

Closing date for applications:

Contact: Ivan Pryvalov (ivan.pryvalov@b-tu.de)

Collaborative zkSNARKs, proposed by Ozdemir and Boneh in 2022, allow a prover to delegate the generation of zkSNARK proofs to multiple servers, without compromising the confidentiality of the secret witness. They enable the use of zkSNARK techniques on computational limited devices in critical applications such as blockchains. However, the running time of each server is at least as slow as computing the proof on a single server. Garg et al. attempted to improve the efficiency in their scheme named zkSaaS using packed secret sharing, but the scheme still requires a powerful central server with linear computation, communication and memory usage.

In this paper, we propose a new collaborative zkSNARK scheme with $O(\frac{C}{n}\log\frac{C}{n})$ prover time and $O(1)$ proof size with $n$ servers for a circuit of size $C$. An adversary compromising less than $\frac{n}{4}$ servers cannot learn any information about the witness. The core of our technique lies in a new zkSNARK scheme for the Plonkish constraint system that is friendly to packed secret sharing. We utilize bivariate polynomials to avoid a large Fast Fourier Transform on the entire witness, which was the major bottleneck in prior work. We also construct permutation constraints based on logarithmic derivatives and univariate sumcheck to avoid the computation of prefix products. Finally, we build a bivariate polynomial commitment scheme that can be computed directly on packed secret shares. Experimental results show that for a circuit of size $2^{20}$, with 128 servers, our scheme can accelerate the proof generation by 36.2$\times$ compared to running the zkSNARK on a single server. The prover time of our system is 25.9$\times$ faster than the prior work of zkSaaS. The proof size of our scheme is only 960 Bytes.

The final exponentiation is a crucial step in pairing computations, ensuring cor- rectness and uniqueness of results in pairing-based cryptographic protocols. In this work, we propose an efficient method for computing the hard part of the final exponentiation on BW10-511, BW14-351 and BLS12 curves at 128 bits security level. Our approach reduces the computation cost by optimizing the exponenti- ation sequence and minimizing the number of required multiplications through an improved addition chain strategy. The computation cost of our method for the final exponentiation on these curves is about 25.6%, 33.2% and 10% faster than the previously fastest result on BW10-511, BW14-351 and BLS12 curves respectively. The correctness of our formulas has been verified by a Magma code.

Strong asymmetric password-authenticated key exchange (saPAKE) is the gold standard for password-based authentication. When authenticating using saPAKE, the client holds a cleartext password, and the server holds only a "digest" of the password. The two parties obtain a shared session key if and only if the client password matches the password encoded in the digest. In this work we initiate the study of strong asymmetric fuzzy PAKE (safPAKE), which allows the client and server to obtain a shared session key if the client's password is "close enough" to the password encoded in the digest, according to some policy. safPAKE can be used to tolerate incidental password typos in the PAKE setting, which is becoming a standard industry practice outside the PAKE setting. Our safPAKE functionality supports any "typo policy", and our protocol is practical when there are a small number of permissible mistypings of a password.

Protection of biometric templates is a critical and urgent area of focus. \textbf{IronMask} demonstrates superior recognition performance while protecting facial templates against existing known attacks. In high-level, IronMask can be conceptualized as a fuzzy commitment scheme building on the hypersphere directly. We devise an attack on IronMask targeting on the security notion of renewability. Our attack, termed as \textbf{Probabilistic Linear Regression Attack}, utilizes the linearity of underlying used error correcting code. This attack is the first algorithm to successfully recover the original template when getting multiple protected templates in acceptable time and requirement of storage. We implement experiments on \textbf{IronMask} applied to protect \textbf{ArcFace} that well verify the validity of our attacks. Furthermore, we carry out experiments in noisy environments and confirm that our attacks are still applicable. Finally, we discuss two strategies to mitigate this type of attacks.

Threshold encryption enables a sender to encrypt a message towards $n$ recipients, such that any sufficiently large subset can decrypt the message, whereas any subset of too small size cannot. Silent threshold encryption additionally requires that all recipients can generate their public keys independently of each other, without engaging in an interactive distributed key generation protocol.

In this work, we present a simple blueprint for constructing such silent threshold encryption schemes, which remain secure as long as the number of corruptions is at most $t \leq (1/2 - \epsilon) \cdot n$, where $\epsilon > 0$ is an arbitrary constant. Our construction allows for ciphertexts and recipient public keys, whose sizes are independent of $n$. We evaluate the concrete efficiency of our construction and show that it is highly efficient. As an exemplary data point, when $t < n/3$, encrypting $1$ MB results in a ciphertext of size $1.067$ MB.

On the technical side, we introduce a new model of corruptions, which we call one-shot adaptive corruptions, which conceptually lie between static and fully adaptive corruptions. We believe that the notion itself and our associated proof techniques may be of independent interest.

In comparison to prior works, we have smaller recipient public keys, do not require strong assumptions, such as indistinguishability obfuscation, or idealizing models, such as the generic group model, we allow for instantiating our blueprint to obtain plausible post-quantum security, and we prove security under a stronger security notion.

Optimizing Boolean circuits presents a considerable challenge, especially when aiming to construct circuits amenable to Fully Homomorphic Encryption (FHE) schemes. FHE enables arbitrary computations on encrypted data but incorporates a computationally intensive operation called bootstrapping, necessary for reducing noise in ciphertexts to facilitate computations on circuits of arbitrary depth. This operation can consume a substantial amount of time, depending on the size of the circuits. To address this issue, we propose a technique for efficiently synthesizing circuits specific to FHE by utilizing multi-input homogeneous and composite Boolean gates. Following this we develop an automated framework for designing efficient circuits compatible with FHE schemes. In this work, we use Torus-FHE (TFHE) (JoC 2019), a widely used FHE scheme for Boolean circuits due to its fast bootstrapping operation per bit. Existing techniques typically employ either multi-input homogeneous gates or, multi-bit Look-Up tables during circuit synthesis, which often limits their ability to produce highly optimized circuits for FHE. Our approach addresses this limitation by proposing viable multi-input composite gates alongwith the homogeneous gates during circuit synthesis. Additionally, we propose an efficient and lightweight circuit synthesis approach based on graph optimization. Our approach identifies convex sub-graphs in a Directed Acyclic Graph (DAG) representing the input circuit and replaces them with a more compact structure. This results in a reduction of the number of nodes in the DAG and so as the number of Boolean gates in the input circuit. Our proposed framework provides the most efficient Boolean circuits for TFHE till date, achieving up to a 20% improvement in homomorphic evaluation time compared to the state-of-the-art general compiler optimization techniques for TFHE, and it also demonstrates a 4-6× improvement over prior work on FHEW-like schemes.

The Learning with Rounding (LWR) problem, introduced as a deterministic variant of Learning with Errors (LWE), has become a promising foundation for post-quantum cryptography. This Systematization of Knowledge (SoK) paper presents a comprehensive survey of the theoretical foundations, algorithmic developments, and practical implementations of LWR-based cryptographic schemes. We introduce LWR within the broader landscape of lattice-based cryptography and post-quantum security, highlighting its advantages such as reduced randomness, improved efficiency, and enhanced side-channel resistance. We explore the evolution of security reductions from LWR to LWE, including recent advances that support practical parameter regimes and address challenges in both bounded and unbounded sample settings. This paper systematically reviews existing LWR-based schemes --- including Saber, Lizard, Florete, Espada, Sable, and SMAUG --- analyzing their design choices, parameter sets, and performance trade-offs. Furthermore, we examine the impact of LWR on side-channel resistance, failure probabilities, and masking efficiency, demonstrating its suitability for secure and efficient implementations. By consolidating the research spanning theory and practice, this SoK aims to guide future cryptographic design and standardization efforts leveraging LWR.

The current Domain Name System (DNS) infrastructure faces critical vulnerabilities including poisoning attacks, censorship mechanisms, and centralized points of failure that compromise internet freedom and security. Recent incidents such as DNS poisoning attacks on ISP customers highlight the urgent need for resilient alternatives. This paper presents a novel blockchain-based Decentralized Domain Name System (DDNS). We designed a specialized Proof-of-Work blockchain to maximize support for DNS-related protocols and achieve node decentralization. The system integrates our blockchain with IPFS for distributed storage, implements cryptographic primitives for end-to-end trust signatures, and achieves Never Trust, Always Verify zero-trust verification. Our implementation achieves 15-second domain record propagation times, supports 20 standard DNS record types, and provides perpetual free .ddns domains. The system has been deployed across distributed infrastructure in San Jose, Los Angeles, and Orange County, demonstrating practical scalability and resistance to traditional DNS manipulation techniques. Performance evaluation shows the system can handle up to Max Theor. TPS 1,111.1 tx/s (minimal transactions) and Max Theor. TPS 266.7 tx/s (regular transactions) for domain operations while maintaining sub-second query resolution through intelligent caching mechanisms.

The fundamental incompatibility between confidentiality, reliability, and le gal opposability, formalized as the CRO trilemma, imposes an entropic bound Γ_CRO on cryptographic security in contextual adversarial settings. This pa per introduces Q2CSI (Quantum Composable Contextual Security Infras tructure), a layered framework resolving this trilemma through dialectical separation. Q2CSI decomposes security guarantees into three isolated yet composable layers: Iron (reliability: temporal/logging integrity), Gold (con f identiality: semantic entropy preservation), and Clay (opposability: insti tutional interpretability). By embedding entropic constraints into an ex tended Universal Composability (UC) model, Q2CSI achieves Γ_CRO < 0.4, surpassing monolithic designs, while maintaining post-quantum resilience. The architecture is abstractly instantiated with minimal primitives (IND CCA2 encryption, EUF-CMA signatures) and validated via a symbolic UC framework. Proofs demonstrate strict dialectical isolation, bounded contex tual leakage, and compatibility with quantum adversaries. Q2CSI establishes a foundation for legally verifiable post-quantum protocols, with applications in zero-knowledge attestations and regulatory-compliant signatures.

Deep learning-based side-channel analysis (DLSCA) has demonstrated remarkable performance over the past few years. Even with limited preprocessing and feature engineering, DLSCA is capable of breaking protected targets, sometimes requiring only a single attack trace. In the DLSCA context, the commonly investigated countermeasures are Boolean masking and desynchronization. While the exact mechanisms of how DLSCA breaks masking are less understood, the core idea behind handling desynchronization is simple. Convolutional neural networks (CNNs) are shift invariant, allowing them to overcome desynchronization. However, considering the importance and practicality of desynchronization countermeasures, we know remarkably little about the limits of CNNs or how to enhance their capabilities when dealing with desynchronization.

In this work, we begin with the theoretical foundations of shift and temporal scale equivariance. Afterward, we build a neural network model allowing such equivariance and test it against several commonly considered targets. Our results demonstrate that equivariant CNNs are robust, easy to design, and achieve excellent attack performance. More precisely, we showcase how such a simple model can even outperform recent transformer-based neural networks. Finally, we demonstrate the practical relevance of scale equivariance by showing how an equivariant CNN can learn leakage from a device operating at one clock frequency and generalize to a device with a different clock frequency, a result not previously demonstrated in DLSCA.

We study additive positive accumulators, which maintain a short digest of a growing set such that each value in the set can prove membership via a generated witness. Due to compactness of the digest, previously added values may require updated witnesses as the set grows.

In this paper, we establish a trade-off between the bit-length of the accumulator value and the number of witness updates, using techniques generalized from [MQR22]. Specifically, we show that if the accumulator value has bit-length poly(log n), where n is the number of accumulated values, then some values must incur Ω(log n/ log log n) witness updates, which matches the upper bound in [MQ23]. This improves upon the recent ω(1) lower bound of [BCCK25]. Our techniques and results also apply to Registration-based Encryption[GHMR18].

Searchable symmetric encryption allows clients to outsource their databases to a semi-trusted cloud server while enabling private searches. The Oblivious Cross-Tag (OXT) protocol is a fundamental approach to conjunctive keyword search, ensuring that search performance scales with the least frequent keyword while introducing keyword pair result pattern (KPRP) and intersection result pattern (IP) leakages. However, recent studies show that the KPRP leakage in OXT can be exploited, allowing the cloud server to infer information about the client database. Several works have aimed to mitigate this issue, with Doris being the first non-interactive OXT-based scheme to hide KPRP and IP leakages. However, this comes at the cost of increased storage overhead. In this work, we propose a Doris-based conjunctive SSE scheme with improved storage efficiency. We replace the XOR filter in Doris with our XEBFF filter, which formalizes XOR filters and Binary Fuse Filters. Additionally, we introduce a frequency estimation approach using Count-Min Sketch to efficiently determine the least frequent keyword, which all previous OXT-based schemes overlook. Our scheme reduces storage overhead by 8% compared to Doris while maintaining search performance. With our s-term selection protocol, we ensure that search operations typically scale with the least frequent keyword.

The Lattice Isomorphism Problem (LIP) is a relatively recent cryptographic assumption whose precise hardness remains not fully understood. Certain weak instances have been identified through hull attacks on $p$-ary lattices constructed via Construction A using linear codes with trivial hulls. In this work, we generalize the notion of the hull by introducing ideal-based hulls for Hermitian lattices. We propose a new hull attack targeting lattices derived from Generalized Construction A over number fields, under specific structural conditions. Furthermore, we show that modular lattices offer intrinsic resistance to hull attacks: the hull introduces only a limited variation in the lattice gap, bounded by a factor depending on the root discriminant of the number field. In particular, for modular $\mathbb{Z}$-lattices, the hull gap coincides exactly with the original lattice gap. As a concrete example, we show that the family of Barnes-Wall lattices, which are alternatively unimodular and 2-modular over $\mathbb{Z}$, are resistant to hull attacks.

We demonstrate that the LLRing linkable ring signature scheme of Hui and Chau (ESORICS 2024) has a unlinkability vulnerability, meaning an adversary can create more unlinkable signatures than the number of secret keys they own, contradicting its security guarantees.

We also find that a similar attack applies to the Threshold Ring Referral scheme of Ta, Hui, and Chau (Security and Privacy 2025). We show how to restore linkability by constructing modifications to the Bulletproofs and Dory protocols.

In this work, we explore the possibility of unconditionally secure universally composable (UC) commitments, a very relevant cryptographic primitive in the context of secure multi-party computation. To this end, we assume the existence of Physically Uncloneable Functions (PUFs), a hardware security assumption that has been proven useful for securely achieving diverse tasks. In prior work [ASIACRYPT 2013, LNCS, vol. 8270, pp. 100–119] it was shown that a protocol for unconditional UC-secure commitments can be constructed even when the PUFs are malicious. Here, we report an attack to this protocol, as well as a few more issues that we identified in its construction. To address them, first we revise some of the previous PUF properties, and introduce new properties and tools that allow us to rigorously develop and present the security proofs. Second, we propose two different ways for making the commitment scheme secure against the attack we found. The first involves considering a new model where the creator of a PUF is notified whenever the PUF is queried and the second involves restricting adversaries to only being able to create stateless malicious PUFs. Finally, we analyze the efficiency of our schemes and show that our constructions are advantageous in this respect compared to the original proposal.

The syndrome decoding problem is one of the NP-complete problems lying at the foundation of code-based cryptography. The variant thereof where the distance between vectors is measured with respect to the Lee metric, rather than the more commonly used Hamming metric, has been analyzed recently in several works due to its potential relevance for building more efficient code-based cryptosystems. The purpose of this article is to present a zero-knowledge proof of knowledge for this variant of the problem.

This paper introduces Gluon W, a novel stablecoin protocol inspired by nuclear physics and named after the particle responsible for the stability of matter in the universe. The key idea in Gluon W is to split (as in nuclear fission) an existing volatile asset into its stable and unstable components. These components can be merged back (as in nuclear fusion) into the original asset or transmuted into each other (as in nuclear beta decays). Various stability theorems are proven and their proofs are formally verified using the interactive proof assistant Rocq.