International Association
for Cryptologic Research

We build two-server private information retrieval (PIR) that achieves information-theoretic security and strong double-efficiency guarantees. On a database of $n > 10^6$ bits, the servers store a preprocessed data structure of size $1.5 \sqrt{\log_2 n} \cdot n$ bits and then answer each PIR query by probing $12 \cdot n^{0.82}$ bits in this data structure. To our knowledge, this is the first information-theoretic PIR with any constant number of servers that has quasilinear server storage $n^{1+o(1)}$ and polynomially sublinear server time $n^{1-\Omega(1)}$.

Our work builds on the PIR-with-preprocessing protocol of Beimel, Ishai, and Malkin (CRYPTO 2000). The insight driving our improvement is a compact data structure for evaluating a multivariate polynomial and its derivatives. Our data structure and PIR protocol leverage the fact that Hasse derivatives can be efficiently computed on-the-fly by taking finite differences between the polynomial's evaluations. We further extend our techniques to improve the state-of-the-art in PIR with three or more servers, building on recent work by Ghoshal, Li, Ma, Dai, and Shi (TCC 2025).

On a 55 GB database with 64-byte records, our two-server PIR encodes the database into a 1 TB data structure – which is 1,600,000$\times$ smaller than that of prior two-server PIR-with-preprocessing schemes, while maintaining the same communication and time per query. To answer a PIR query, the servers probe 102 MB from this data structure, requiring 550$\times$ fewer memory accesses than linear-time PIR. The main limitation of our protocol is its large communication complexity, which we show how to shrink to $n^{0.31} \cdot \mathsf{poly}(\lambda)$ using compact linearly homomorphic encryption.

Event date: to
Submission deadline: 30 June 2026

The USF Center for Cryptographic Research is recruiting multiple postdoctoral fellows to work on Applied Algebra with an emphasis on Cryptography, Coding Theory, and Quantum Computing. The successful candidates will be hosted by the USF Department of Mathematics & Statistics on our Tampa campus.

Our program is supported by an NSF Research Training Group (RTG) grant. More information about our RTG program is available at: http://usf-crypto.org/rtg-overview/.

Minimum qualifications include a Ph.D. from an accredited institution in mathematics, computer science, or a related field. ABD candidates are acceptable, but the degree must be conferred before the intended start date. Must meet university criteria for appointment to the rank of Postdoctoral Fellow. Preference will be given to candidates with an established record of publications in Applied Algebra; in particular, Cryptography, Coding Theory, or Quantum Computing.

The start date is negotiable, but must be before August 7, 2026. Position will remain open until filled.

Applications must be submitted online at http://jobs.usf.edu. Required documentation, submitted as a SINGLE document, includes a Cover Letter, CV, and a Statement of Research. In addition, candidates should have at least three letters of recommendation submitted through MathJobs.org. The Mathjobs links for the positions are below:

• Position 1 (Cryptography): https://www.mathjobs.org/jobs/list/27368
• Position 2 (Coding Theory): https://www.mathjobs.org/jobs/list/27367
• Position 3 (Quantum Computing): https://www.mathjobs.org/jobs/list/27370
• Position 4 (Open): https://www.mathjobs.org/jobs/list/27371

Positions 1 to 3 are for 3 years, and applicants must be U.S. citizens or permanent residents (Green Card). Position 4 is for 2 years, but carries no residency restriction.

Review of applications will begin on December 1, 2025.

Closing date for applications:

Contact: Jean-François Biasse

Open positions at all ranks (tenure track, associate and full professor) at our Department of Computer Science, Aarhus University! All topics welcome, including in particular: Quantum Information Processing, Quantum Cryptography, System/Network Security. Deadline Jan 5th 2026

Closing date for applications:

Contact: Claudio Orlandi

More information: https://international.au.dk/about/profile/vacant-positions/job/aarhus-university-is-hiring-assistant-associate-and-full-professors-for-the-department-of-computer-science

UCLouvain seeks to recruit a full-time faculty member in the fields of cybersecurity and software security.

The application deadline is on November 12, 2025, and details are available from the link in the title!

Closing date for applications:

Contact: Olivier Pereira -- olivier.pereira@uclouvain.be

More information: https://jobs.uclouvain.be/PersonnelAcademique/job/An-academic-in-Cybersecrurity-and-Software-Security/1244992801/

IOG, is a technology company focused on Blockchain research and development. We are renowned for our scientific approach to blockchain development, emphasizing peer-reviewed research and formal methods to ensure security, scalability, and sustainability. Our projects include decentralized finance (DeFi), governance, and identity management, aiming to advance the capabilities and adoption of blockchain technology globally.

Bitcoin DeFi is about unlocking real utility for the world’s most trusted digital asset without ever compromising user control. For developers and innovators, this means finding a way to use Bitcoin in decentralized finance without forcing holders to hand their BTC to a third party. Until now, most attempts at Bitcoin DeFi have relied on “wrapped” tokens that essentially represent a promise – you send your BTC away and trust someone else to issue a proxy token on another chain. In all these custodial models, users effectively give up custody of their bitcoin to an intermediary in exchange for a tokenized representation. This status quo runs counter to Bitcoin’s core ethos of self-sovereignty and security.

What the role involves:

As an experienced Cryptographic Engineer, you will contribute to the design, implementation, and integration of secure cryptographic protocols and primitives across diverse projects. This role sits at the intersection of applied research and engineering, turning advanced cryptographic designs into robust, production-ready systems. You will work closely with researchers, protocol designers, software architects, and QA teams to ensure cryptographic correctness, performance, and maintainability, with a strong emphasis on high-assurance coding and practical deployment.

Design and implement cryptographic constructions, such as digital signatures, zero-knowledge proofs, verifiable random functions (VRFs), commitment schemes, and accumulators.

Develop and maintain cryptographic libraries, primarily using Rust and Haskell with attention to safety, clarity, performance, and auditability.

Translate academic research & formal specifications into reliable code.

Closing date for applications:

Contact:

Marios Nicolaides

More information: https://apply.workable.com/io-global/j/1308F174CD/

We are looking for a 2-years postdoc on Neuro-Symbolic learning in secure multi-party computation. The Villum Experiment research project “Neuro-Symbolic Federated Learning with Secure Multi-Party Computation” aims to explore the feasibility of training neural networks with logical constraints using secure MPC. The project addresses critical domains such as finance and healthcare, where data privacy is paramount and traditional data sharing is not an option. The research will focus on: Investigating differentiable logics (DLs) such as DL2, fuzzy logics, and logics of the Lawvere quantale, to evaluate their tractability and numerical stability under MPC frameworks, with formal correctness guarantees. Developing novel multi-valued logics tailored for MPC if existing ones prove inadequate. Implementing and benchmarking neuro-symbolic models trained under secure MPC protocols. The postdoc will: Conduct theoretical and empirical research on DLs and MPC. Develop prototype implementations using existing MPC frameworks or custom solutions. Collaborate across disciplines including cryptography, machine learning, logic, formal methods. Contribute to publications in top-tier venues and help shape a new research frontier. We seek a candidate with: A PhD in Computer Science, Mathematics, Data Science, or a related field. Strong background in at least some of the following: machine learning, logic, cryptography and secure multi-party computation, formal verification. Experience with federated learning, differentiable programming, or symbolic AI is a plus. Proficiency with various programming languages such as Python, C++/Rust, functional languages. Experience with interactive theorem provers such as Rocq, Lean or Isabelle is a plus. Ability to work independently and collaboratively in an interdisciplinary environment.

Closing date for applications:

Contact: Alessandro Bruni

More information: https://candidate.hr-manager.net/ApplicationInit.aspx?cid=119&ProjectId=181828&DepartmentId=3439&M

• Field of specification: Advanced research area related to quantum/digital security such as quantum security, post-quantum cryptography/system and security practice in general.
• Start of employment: April 1st, 2026 or any early possible date afterwards
• Deadline for application: November 7th, 2025

Further information: https://www.se.kanazawa-u.ac.jp/wp-content/uploads/2025/10/20251107_ec_en.pdf

Closing date for applications:

Contact: Masahiro Mambo

More information: https://www.se.kanazawa-u.ac.jp/wp-content/uploads/2025/10/20251107_ec_en.pdf

Event date: 17 August to 20 August 2026

Event date: 18 May to 21 May 2026

Event date: 8 June to 12 June 2026
Submission deadline: 15 January 2026
Notification: 26 March 2026

We review k-anonymity in authentication schemes, group signatures and ring signatures. While existing constructions achieve unlinkability, they typically necessitate maintaining state or relying on computationally expensive tracing algorithms. We propose a stateless variant that is efficiently traceable, albeit necessarily fully linkable. To the best of our knowledge, our variant, which we call k-Anonymous Group Signatures (k-AGS), is the first scheme to combine both statelessness and efficient traceability.

Building upon our k-AGS framework, we design k-Anonymous Set Pre-Constrained Group Signatures (k-ASPCGS) which is a threshold extension of the Set Pre-Constrained Group Signatures (SPCGS) introduced by Bartusek et al. (EUROCRYPT 2023).

We show that our notions arise naturally in the context of lawful surveillance, particularly for end-to-end secure messaging platforms, where controlled traceability is essential. Beyond this setting, they may also help mitigate the impact of strict moderation policies in large-scale distributed asynchronous platforms (e.g. Facebook, whistleblowing portals) as well as in spam control, where false positives remain a persistent challenge.

We present a simple and efficient Byzantine Agreement protocol in the mixed fault model where up to $t$ parties can be Byzantine, up to $s$ parties can be send-omission, and up to $r$ parties can be receive-omission such that $2t+s+r

We examine the relationship between correctness definitions for Fully Homomorphic Encryption (FHE) and the associated security definitions. We show that reactive notions of correctness imply INDCPA-D and sINDCPA-D security. But that to obtain both INDCPA-D and sINDCPA-D security we need to use a randomized version of the evaluation procedure. Such randomized evaluation procedures cause problems in real life deployments of FHE solutions, so we then go on to show how one can de-randomize the evaluation procedure and still obtain sINDCPA-D security in the random oracle model for the specific FHE scheme of TFHE.

Guo, Li, and Qin proposed a lightweight certificateless encryption (CLE) scheme designed for IoT environments (\textit{Discover Computing}, 2025). This paper demonstrates that the proposed scheme does not achieve CCA security, contrary to the authors' claim. Specifically, we identify two critical points. First, since the ciphertext retains a multiplicative ElGamal structure, it can always be re-randomized using arbitrary randomness. Second, based on this property, an adversary can transform a challenge ciphertext into another valid ciphertext of the same plaintext, and then query the decryption oracle with the transformed ciphertext to recover the challenge plaintext. This attack exploits a definitional gap in the CCA game, where only direct decryption queries on the challenge ciphertext are prohibited. In this work, we formalize the attack procedure and verify its validity based on implementation.

The Hamming Quasi-Cyclic (HQC) scheme has recently been standardized as a post-quantum key encapsulation mechanism (KEM), emphasizing the importance of efficient and secure hardware realizations on embedded platforms. However, HQC relies heavily on sparse–dense polynomial multiplications, where conventional shift-and-add architectures remain both performance- and security-critical. In FPGA implementations, these multiplications dominate execution time—occupying 59.5%, 56.1%, and 58.3% of the total latency for KeyGen, Encap, and Decap, respectively—and are further vulnerable to correlation power analysis (CPA) due to deterministic, index-driven memory access patterns. As countermeasures, parallelization improves performance at the cost of additional area. Dummy insertion with random shuffling mitigates leakage but incurs extra cycle overhead.

To address this, we propose a co-designed dummy-inserted parallel shift-and-add multiplier for HQC. The design integrates dummy insertion and two-index parallelism in a complementary manner, achieving reduced cycles with area efficiency while providing intrinsic resistance to CPA. Implemented on a Xilinx Artix-7 FPGA, the proposed architecture achieves up to a 1.25× speedup over the baseline sequential multiplier while maintaining near–state-of-the-art area–time efficiency—incurring only a 1.16× AT overhead to simultaneously deliver accelerated performance and CPA resistance. Test Vector Leakage Assessment (TVLA) measurements and theoretical analysis confirm that the parallel architecture effectively suppresses power-based side-channel leakage and provides inherent resistance against CPA—reducing significant leakage points from 4.29% to 0.09%. This work demonstrates that performance and side-channel resistance can be jointly optimized through synergistic hardware–algorithm co-design, offering a practical and scalable HQC accelerator for post-quantum embedded systems.

We construct a pseudorandom correlation function (PCF) for oblivious linear evaluation (OLE) from sparse LPN over any finite field. The programmability property of our PCF implies a PCF for any multiparty degree-two correlation, e.g., Beaver triples. Our PCF is the first PCF for degree-two correlations from a well-established cryptographic assumption, apart from (inefficient) generic PCFs based on homomorphic secret sharing or fully homomorphic encryption. Our PCF outperforms the previously fastest PCF for Beaver triples (Boyle et al., Crypto 2022) by 3.2-28x.

We build on the recent pseudorandom correlation generator (PCG) by Miao et al. (Asiacrypt 2025) and extend it to a PCF using a recursive approach similar to Braun et al. (Asiacrypt 2025). Moreover, we extend these techniques to support authenticated degree-two correlations in the important two-party case.

Verifiable Secret Sharing (VSS) schemes are fundamental building blocks in distributed cryptography. While most existing works focus on threshold structures, many real-world applications require more general access structures, where participants have different levels of power and only certain subsets are authorized to reconstruct the secret. Existing computational VSS schemes for general access structures typically rely on Discrete Logarithm (DL)-based homomorphic commitments, which limits their applicability, particularly in scenarios requiring Post-Quantum (PQ) security. In this work, we present a generalized version of $\mathrm{\Pi}$, a unified framework introduced at PKC 2025 for constructing computational VSS schemes without relying on homomorphic commitments. Our framework supports arbitrary monotone $\mathcal{Q}_2$ access structures, encompassing replicated and threshold secret sharing (e.g., Shamir's scheme), while preserving the efficiency and modularity of $\mathrm{\Pi}$. Notably, it requires only a random oracle and any commitment scheme satisfying hiding and binding, making it compatible with a wide range of instantiations, including PQ-secure commitments. In particular, our hash-based instantiation yields the first symmetric-key-based VSS scheme for general access structures. Compared to prior general-access VSS schemes based on homomorphic commitments (e.g., variants of Pedersen scheme from FC 2003), our DL-based constructions eliminate the need for homomorphic commitments and achieve asymptotic improvements in verification and reconstruction costs. We believe that this extension enhances the versatility of the original $\mathrm{\Pi}$ framework and paves the way for its deployment in a broader range of practical distributed systems.

To mitigate trust concerns in the setup phase of pairing-based zk-SNARKs, the primary solution has been the sampling of the Structured Reference String (SRS) using an MPC protocol. In 2017, Bowe, Gabizon, and Miers introduced the Powers of Tau MPC protocol for sampling a universal SRS, which has since become the main SRS generation protocol for numerous practical projects. The protocol's designers showed that for a circuit with $2^{21}$ multiplication gates, verifying the universal SRS for Groth16 zk-SNARK could take $55$ minutes for a single update. However, they clarified that "the verification is not run by individual users; it is done by the coordinator and anyone who wishes to verify the transcript of the protocol after completion". This note demonstrates the importance of verifying the final SRS by either $\textit{each}$ individual end-user or $\textit{all}$ ceremony participants to mitigate potential attacks. We discuss simple attack scenarios that highlight vulnerabilities if $\textit{each}$ end-user or $\textit{all}$ participants fail to verify the final SRS. Additionally, by leveraging batching and aggregating techniques, we introduce an efficient verification algorithm for the (original) Powers of Tau protocol, substantially reducing SRS verification time and making it practical even for large-scale ceremonies. In the case of rejection, a more efficient recursive verification approach aids in identifying malicious parties more effectively. This note aims to enhance procedural understanding of SRS generation ceremonies through the Powers of Tau protocol and improve the reliability of current ceremonies against potential threats.

The MPC-in-the-Head paradigm is a promising approach for constructing post-quantum signature schemes. Its significance is underscored by NIST's selection of six signatures based on this paradigm and its variants, TC-in-the-Head and VOLE-in-the-Head, among the fourteen round-2 candidates in its additional post-quantum cryptography standardization process.

Recent works by Aguilar-Melchor et al. (ASIACRYPT 2023), Hülsing et al. (CRYPTO 2024), and Baum et al. (CRYPTO 2025) have established EUF-CMA security for these signatures in the Quantum Random Oracle Model (QROM). However, their proofs do not account for crucial optimization techniques such as rejection sampling and grinding, rendering them inapplicable to practical schemes like the NIST round-2 candidates Mirath and RYDE.

This paper addresses this gap by analyzing the QROM security of MPC-in-the-Head signatures that incorporate these optimizations, with a focus on Mirath and RYDE. We make two main contributions:

1) We provide a new (strong) EUF-CMA security proof that accommodates rejection sampling and grinding. We also present a new EUF-NMA security proof compatible with these optimizations, by extending the techniques of Don et al. (CRYPTO 2022) and Aguilar-Melchor et al. (ASIACRYPT 2023).

2) We also point out a gap in the EUF-CMA security proof of the MPC-in-the-Head signature schemes using correlated-tree techniques, MQOM, SBC (Huth and Joux, CRYPTO 2024), and rBN++ (Kim, Lee, and Son, EUROCRYPT 2025).