cryptography phd thesis

• Help & Terms of Use

Cryptography and Information Security

• Faculty of Engineering
• School of Computer Science
• Website http://www.bris.ac.uk/engineering/research/cryptography/

Student theses

• Title (descending)

Search results

A multi-domain approach for security compliance, insider threat modelling and risk management.

Supervisor: Tryfonas, T. (Supervisor)

Student thesis : Doctoral Thesis › Doctor of Philosophy (PhD)

Analysis of Implementations and Side-Channel Security of Frodo on Embedded Devices

Supervisor: Oswald, M. E. (Supervisor) & Stam, M. (Supervisor)

A Study of Inference-Based Attacks with Neural Network Classifiers

Supervisor: Page, D. (Supervisor) & Oswald, E. (Supervisor)

A systems approach to asset management for the Clifton Suspension Bridge Trust

Supervisor: Tryfonas, T. (Supervisor) & Taylor, C. (Supervisor)

Student thesis : Doctoral Thesis › Engineering Doctorate (EngD)

Breaking boundaries for adoption of accessible high fidelity haptic feedback technologies

Supervisor: Roudaut, A. (Supervisor) & Warinschi, B. (Supervisor)

Cryptographic Access Control: Security Models, Relations and Construction

Supervisor: Warinschi, B. (Supervisor)

Engineering a platform for local peer-to-peer electricity trading

Supervisor: Chitchyan, R. (Supervisor), Delalonde, C. (External person) (Supervisor), Byrne, A. (External person) (Supervisor), Ferguson, D. (External person) (Supervisor) & Warinschi, B. (Supervisor)

Enhancing Current Software Safety Assurance Practice to Increase System Mission Effectiveness

Supervisor: May, J. (Supervisor), Tryfonas, T. (Supervisor) & Hadley, M. J. (External person) (Supervisor)

Game theory applied to cybersecurity threat mitigation - Analysis of Threshold FlipThem

Supervisor: Leslie, D. (Supervisor) & Smart, N. (Supervisor)

Handling organisational complexity with a framework of accessible founding principles

Supervisor: Oikonomou, G. (Supervisor) & Tryfonas, T. (Supervisor)

Hydrological Applications of Multi-source Soil Moisture Products

Supervisor: Han, D. (Supervisor) & Tryfonas, T. (Supervisor)

Modelling and Simulation Applications on Cyber-Physical Systems’ Security and Resilience

Supervisor: Tryfonas, T. (Supervisor) & Oikonomou, G. (Supervisor)

On the Theory and Design of Post-Quantum Authenticated Key-Exchange, Encryption and Signatures

Supervisor: Smart, N. P. (Supervisor) & Warinschi, B. (Supervisor)

Security and Resilience of Multi-Bitrate, Low-Power Lossy IoT Networks

Supervisor: Oikonomou, G. (Supervisor), Piechocki, R. J. (Supervisor) & Fafoutis, X. (Supervisor)

Side Channel Attacks on IoT Applications

Supervisor: Oswald, M. E. (Supervisor) & Tryfonas, T. (Supervisor)

Software Defined Networking for the Industrial Internet of Things

Supervisor: Nejabati, R. (Supervisor) & Oikonomou, G. (Supervisor)

Technology innovation for improving bridge management

Supervisor: Vardanega, P. J. (Supervisor) & Tryfonas, T. (Supervisor)

Towards Dynamic, SDN-assisted Interface Bonding for Heterogeneous 802.11 Devices

Supervisor: Doufexi, A. (Supervisor) & Oikonomou, G. (Supervisor)

Usable Abstractions for Secure Programming: A Mental Model Approach

Supervisor: Rashid, A. (Supervisor) & Warinschi, B. (Supervisor)

• < Previous

Home > Theses and Dissertations > Dissertations > All Dissertations > 2635

All Dissertations

Homomorphic encryption and cryptanalysis of lattice cryptography.

Benjamin M. Case , Clemson University Follow

Date of Award

Document type.

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Mathematical Sciences

Committee Member

Shuhong Gao

Colin Gallagher

Kevin James

Felice Manganiello

The vast amount of personal data being collected and analyzed through internet connected devices is vulnerable to theft and misuse. Modern cryptography presents several powerful techniques that can help to solve the puzzle of how to harness data for use while at the same time protecting it---one such technique is homomorphic encryption that allows computations to be done on data while it is still encrypted. The question of security for homomorphic encryption relates to the broader field of lattice cryptography. Lattice cryptography is one of the main areas of cryptography that promises to be secure even against quantum computing.

In this dissertation, we will touch on several aspects of homomorphic encryption and its security based on lattice cryptography. Our main contributions are:

1. proving some heuristics that are used in major results in the literature for controlling the error size in bootstrapping for fully homomorphic encryption,

2. presenting a new fully homomorphic encryption scheme that supports k-bit arbitrary operations and achieves an asymptotic ciphertext expansion of one,

3. thoroughly studying certain attacks against the Ring Learning with Errors problem,

4. precisely characterizing the performance of an algorithm for solving the Approximate Common Divisor problem.

Recommended Citation

Case, Benjamin M., "Homomorphic Encryption and Cryptanalysis of Lattice Cryptography" (2020). All Dissertations . 2635. https://tigerprints.clemson.edu/all_dissertations/2635

Since May 27, 2020

To view the content in your browser, please download Adobe Reader or, alternately, you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.

Advanced Search

• Notify me via email or RSS
• All Collections
• Expert Gallery
• Theses & Dissertations
• Selected Works Gallery
• Student Works
• Conferences
• Open Access Fund Collection
• Historic Collections

Useful Links

• Author Resources
• Author Rights
• Scholarly Publishing Information
• Graduate School

Home | About | FAQ | My Account | Accessibility Statement

Privacy Copyright

• Show simple item record
• Show full item record
• Export item record

Files in This Item:

Page view(s) 20

Download(s) 20.

Google Scholar TM

Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.

• Dissertations & Theses
• Collections

Home > Dissertations > 242

Yale Graduate School of Arts and Sciences Dissertations

Hardware Architectures for Post-Quantum Cryptography

Wen Wang , Yale University Graduate School of Arts and Sciences Follow

Date of Award

Spring 2021

Document Type

Dissertation

Degree Name

Doctor of Philosophy (PhD)

Electrical Engineering (ENAS)

First Advisor

Szefer, Jakub

The rapid development of quantum computers poses severe threats to many commonly-used cryptographic algorithms that are embedded in different hardware devices to ensure the security and privacy of data and communication. Seeking for new solutions that are potentially resistant against attacks from quantum computers, a new research field called Post-Quantum Cryptography (PQC) has emerged, that is, cryptosystems deployed in classical computers conjectured to be secure against attacks utilizing large-scale quantum computers. In order to secure data during storage or communication, and many other applications in the future, this dissertation focuses on the design, implementation, and evaluation of efficient PQC schemes in hardware. Four PQC algorithms, each from a different family, are studied in this dissertation. The first hardware architecture presented in this dissertation is focused on the code-based scheme Classic McEliece. The research presented in this dissertation is the first that builds the hardware architecture for the Classic McEliece cryptosystem. This research successfully demonstrated that complex code-based PQC algorithm can be run efficiently on hardware. Furthermore, this dissertation shows that implementation of this scheme on hardware can be easily tuned to different configurations by implementing support for flexible choices of security parameters as well as configurable hardware performance parameters. The successful prototype of the Classic McEliece scheme on hardware increased confidence in this scheme, and helped Classic McEliece to get recognized as one of seven finalists in the third round of the NIST PQC standardization process. While Classic McEliece serves as a ready-to-use candidate for many high-end applications, PQC solutions are also needed for low-end embedded devices. Embedded devices play an important role in our daily life. Despite their typically constrained resources, these devices require strong security measures to protect them against cyber attacks. Towards securing this type of devices, the second research presented in this dissertation focuses on the hash-based digital signature scheme XMSS. This research is the first that explores and presents practical hardware based XMSS solution for low-end embedded devices. In the design of XMSS hardware, a heterogenous software-hardware co-design approach was adopted, which combined the flexibility of the soft core with the acceleration from the hard core. The practicability and efficiency of the XMSS software-hardware co-design is further demonstrated by providing a hardware prototype on an open-source RISC-V based System-on-a-Chip (SoC) platform. The third research direction covered in this dissertation focuses on lattice-based cryptography, which represents one of the most promising and popular alternatives to today's widely adopted public key solutions. Prior research has presented hardware designs targeting the computing blocks that are necessary for the implementation of lattice-based systems. However, a recurrent issue in most existing designs is that these hardware designs are not fully scalable or parameterized, hence limited to specific cryptographic primitives and security parameter sets. The research presented in this dissertation is the first that develops hardware accelerators that are designed to be fully parameterized to support different lattice-based schemes and parameters. Further, these accelerators are utilized to realize the first software-harware co-design of provably-secure instances of qTESLA, which is a lattice-based digital signature scheme. This dissertation demonstrates that even demanding, provably-secure schemes can be realized efficiently with proper use of software-hardware co-design. The final research presented in this dissertation is focused on the isogeny-based scheme SIKE, which recently made it to the final round of the PQC standardization process. This research shows that hardware accelerators can be designed to offload compute-intensive elliptic curve and isogeny computations to hardware in a versatile fashion. These hardware accelerators are designed to be fully parameterized to support different security parameter sets of SIKE as well as flexible hardware configurations targeting different user applications. This research is the first that presents versatile hardware accelerators for SIKE that can be mapped efficiently to both FPGA and ASIC platforms. Based on these accelerators, an efficient software-hardwareco-design is constructed for speeding up SIKE. In the end, this dissertation demonstrates that, despite being embedded with expensive arithmetic, the isogeny-based SIKE scheme can be run efficiently by exploiting specialized hardware. These four research directions combined demonstrate the practicability of building efficient hardware architectures for complex PQC algorithms. The exploration of efficient PQC solutions for different hardware platforms will eventually help migrate high-end servers and low-end embedded devices towards the post-quantum era.

Recommended Citation

Wang, Wen, "Hardware Architectures for Post-Quantum Cryptography" (2021). Yale Graduate School of Arts and Sciences Dissertations . 242. https://elischolar.library.yale.edu/gsas_dissertations/242

Since November 11, 2021

Advanced Search

• Notify me via email or RSS
• Disciplines
• Researcher Profiles
• Author Help

Copyright, Publishing and Open Access

• Terms & Conditions
• Open Access at Yale
• Yale University Library
• Yale Law School Repository

Home | About | FAQ | My Account | Accessibility Statement

Privacy Copyright

Craig Gentry's PhD Thesis

The PhD thesis is a complete write-up of my fully homomorphic encryption system. A preliminary version of these results appeared at STOC 2009:

Craig Gentry, Fully homomorphic encryption using ideal lattices, Symposium on the Theory of Computing (STOC), 2009, pp. 169-178.

Download the thesis :    [ PDF ]    BIBTEX ] -->

@phdthesis{homenc, author = {Craig Gentry}, title = {A fully homomorphic encryption scheme}, school = {Stanford University}, year = 2009, note = {\url{crypto.stanford.edu/craig}} }

A high level description of the construction also appeared in the Communications of the ACM :   [ PDF ]

Supported by the NSF, a Stanford Graduate Fellowship, and an IBM PhD fellowship.

UC San Diego

Towards practical lattice-based cryptography

• Lyubashevsky, Vadim

Lattice-based cryptography began with the seminal work of Ajtai (Ajtai '96) who showed that it is possible to build families of cryptographic functions in which breaking a randomly chosen element of the family is as hard as solving worst-case instances of lattice problems. This work generated great interest and resulted in constructions of many other cryptographic protocols with security based on worst-case lattice problems. An additional advantage of lattice-based primitives is that, unlike their counterparts based on factoring and discrete log, they are conjectured to be secure in the advent of quantum computing. The main disadvantage of lattice-based constructions is that they generally involve operations on, and storage of, large n x n matrices. This resulted in the schemes being rather inefficient and unsuitable for practical use. To cope with this inherent inefficiency, Micciancio proposed to build lattice-based primitives based on the worst-case hardness of lattices that have some additional structure. In (Micciancio '02), he showed how to build one-way functions, computable in almost linear time, with security based on worst-case problems on such lattices. While interesting from a theoretical perspective, one-way functions are not very useful in practice. Our goal in this thesis is to present constructions of practical and efficient cryptographic protocols whose security is based on worst-case hardness of lattice problems. We first show how to build collision- resistant hash functions whose security is based on the hardness of lattice problems in all lattices with a special structure. The special structure that the lattices possess is that they are ideals of certain polynomial rings. The hash functions that we build have almost linear running time, and in practice turn out to be essentially as efficient as ad-hoc constructions that have no provable security. We also give constructions of provably-secure identification and signature schemes whose asymptotic running times are almost linear (up to poly-logarithmic factors), and so these schemes are much more efficient than comparable primitives with security based on factoring and discrete log. Thus our work implies that by considering ideal lattices, it is possible to have the best of both worlds: security based on worst-case problems and optimal efficiency

Enter the password to open this PDF file:

• Bibliography
• More Referencing guides Blog Automated transliteration Relevant bibliographies by topics
• Automated transliteration
• Relevant bibliographies by topics
• Referencing guides

Quantum Physics

Title: the structure of bipartite quantum states - insights from group theory and cryptography.

Abstract: This thesis presents a study of the structure of bipartite quantum states. In the first part, the representation theory of the unitary and symmetric groups is used to analyse the spectra of quantum states. In particular, it is shown how to derive a one-to-one relation between the spectra of a bipartite quantum state and its reduced states, and the Kronecker coefficients of the symmetric group. In the second part, the focus lies on the entanglement of bipartite quantum states. Drawing on an analogy between entanglement distillation and secret-key agreement in classical cryptography, a new entanglement measure, `squashed entanglement', is introduced.

Submission history

Access paper:.

• Other Formats

References & Citations

• INSPIRE HEP
• Google Scholar
• Semantic Scholar

1 blog link

Bibtex formatted citation.

Bibliographic and Citation Tools

Code, data and media associated with this article, recommenders and search tools.

• Institution

arXivLabs: experimental projects with community collaborators

arXivLabs is a framework that allows collaborators to develop and share new arXiv features directly on our website.

Both individuals and organizations that work with arXivLabs have embraced and accepted our values of openness, community, excellence, and user data privacy. arXiv is committed to these values and only works with partners that adhere to them.

Have an idea for a project that will add value for arXiv's community? Learn more about arXivLabs .

• Press Enter to activate screen reader mode.

Applied Cryptography Group

Master's theses, available projects.

Students interested in a thesis with the group are kindly requested to send their transcript of records, along with a CV highlighting any relevant experience in cryptography, and either a preferred topic from the proposals below or a description of their interests within cryptography, to the contact noted under Student Projects .

Note:  Students looking to start their thesis in a given semester are encouraged to reach out to us before the end of the previous semester (especially if starting in spring).

Last updated: 13.08.2024

Censorship circumvention tools enable clients to access endpoints in a network despite the presence of a censor. Censors use a variety of techniques to identify content they wish to block, including filtering traffic patterns that are characteristic of proxy or circumvention protocols and actively probing potential proxy servers. In response, circumvention practitioners have developed fully encrypted protocols (FEPs), intended to have traffic that appears indistinguishable from random [FJ23]. Beyond censorship circumvention, FEPs are also broadly useful for protecting a greater amount of information leakage about which protocols a user might be employing [SP22]. A FEP is typically composed of a key exchange protocol to establish shared secret keys, and then a secure channel protocol to encrypt application data; both must avoid revealing to observers that an obfuscated protocol is in use. We call the key exchange protocol used in such a FEP an obfuscated key exchange [GSV24]. Current key exchange protocols in FEPs are all based on classical cryptography, and consequently are not quantum-safe. Motivated by the transition to quantum-safe cryptography, there has been a recent push towards developing hybrid key exchange protocols [SFG23,BB18,XW24]. In such protocols, a combination of classical and quantum-safe constructions are used such that security is guaranteed even if all but one of the components is broken. In this project, we will construct a hybrid obfuscated key exchange protocol and prove its security. In particular, we would like to develop a key exchange protocol in the style of that of obfs4 [OB4] that uses a combination of traditional (Diffie-Hellman-based) and post-quantum key exchange algorithms. The project involves constructing such a protocol and proving its security (in addition to some properties that are relevant to the censorship circumvention setting).

References:

[FJ23] Ellis Fenske and Aaron Johnson. "Security Notions for Fully Encrypted Protocols." Free and Open Communications on the Internet (2023). Issue 1, pages 24-29. [SP22] B. Schwartz and C. Patton. "The Pseudorandom Extension for cTLS." IETF Internet Draft external page https://www.ietf.org/archive/id/draft-cpbs-pseudorandom-ctls-01.html call_made . (2022). [GSV24] Felix Günther, Douglas Stebila, and Shannon Veitch. "Obfuscated Key Exchange." [SFG23] Douglas Stebila, Scott Fluhrer, and Shay Gueron. "Hybrid key exchange in TLS 1.3." IETF draft (2022). external page https://www.ietf.org/archive/id/draft-ietf-tls-hybrid-design-05.html call_made [BB19] Nina Bindel, Jacqueline Brendel, Marc Fischlin, Brian Goncalves, Douglas Stebila, "Hybrid Key Encapsulation Mechanisms and Authenticated Key Exchange", In 10th International Workshop on Post-Quantum Cryptography (PQCrypto 2019), pp. 206-226 (2019). [XW24] Manuel Barbosa, Deirdre Connolly, João Diogo Duarte, Aaron Kaiser, Peter Schwabe, Karolin Varner, and Bas Westerbaan. X-Wing: The Hybrid KEM You’ve Been Looking For. IACR Communications in Cryptology, Vol. 1, No. 1, 22 pages. [OB4] The Tor Project. obfs4 (The Obsfourscator) spec. external page https://gitlab.torproject.org/tpo/anti-censorship/pluggable-transports/lyrebird/-/blob/HEAD/doc/obfs4-spec.txt call_made

Bitwarden [Bit] is an open source password manager and authenticator application. They claim to use strong end-to-end encryption (E2EE) as well as "zero knowledge encryption" to protect users passwords, while supporting features like secure password sharing between users. Recently, Bitwarden also launched a new product called "secrets manager" [BitSM] which is aimed at organizations and developers that need to handle cryptographic secrets. Just like the password manager, secrets manager is open source, E2EE and uses "zero knowledge encryption". Additionally, the selling point of secrets manager is access management, which allows for integration in businesses and organizations. Last but not least, Bitwarden also offers enterprise support for passkeys, through a product they call "passwordless.dev" [BitPWL]. Passkeys [Pass] are the credentials (also called FIDO credentials) of WebAuthn, a web standard for authentication published by the W3C as part of the FIDO2 Project. The idea of passkeys is to use public-key cryptography to enable passwordless authentication, upgrading the security from password-based multi-factor authentication (specified in the predecessor project FIDO U2F) to completely address the many issues that stem from the use of passwords as the root of security for cryptography. Bitwarden also support passkeys as a means of authentication to the password manager, and in their security whitepaper [BitWhite] they write: "In addition to the master password, users can choose to unlock their vaults with a passkey. This process leverages a leading-edge standard and extension for WebAuthn called the pseudo-random function or PRF, which sources key material from an authenticator. With PRF, derived keys are used in the encryption and decryption of data stored in Bitwarden Password Manager vault and Bitwarden Secrets Manager, maintaining end-to-end, zero knowledge encryption." In this project, we will do a deep-dive into the cryptography of Bitwarden. In particular, we will try to find out what "zero knowledge encryption" really means, and unravel the mystery of the public-key PRF used for their passkeys implementation. The project can then take a multitude of different directions. Perhaps it turns out that the cryptography of Bitwarden does not live up to their strong claims. If so, we will try to cryptanalyze their system and find attacks in the vein of [Mega]. But hopefully, the question marks from the documentation are simple misunderstandings, and their crypto is actually good. If so, this project will take a more theoretical turn. We will try to view the password manager through the lens of E2EE cloud storage, and see if we can capture Bitwarden in the framework of [C:BDGHP24]. This will entail reading the codebase and creating a pseudocode model of the system, which we can cast in the syntax of [C:BDGHP24]. If this works out, this model can form the basis for a proof of security of the Bitwarden password manager. However, it might also turn out that the functionality offered by Bitwarden differs enough from that of cloud storage that the framework is not a good fit. If so, we will look at these distinguishing features and how they can be formalized and potentially incorporated into the cloud storage framework.

[Bit] external page https://bitwarden.com/ call_made [BitSM] external page https://bitwarden.com/products/secrets-manager/ call_made [BitPWL] external page https://bitwarden.com/products/passwordless/ call_made [Pass] external page https://fidoalliance.org/passkeys/ call_made [BitWhite] external page https://bitwarden.com/help/bitwarden-security-white-paper/ call_made [Mega] external page https://mega-awry.io/ call_made "MEGA: Malleable Encryption Goes Awry". Matilda Backendal, Miro Haller, Kenneth G. Paterson. S&P 2023. [C:BDGHP24] "A Formal Treatment of End-to-End Encrypted Cloud Storage". Matilda Backendal, Hannah Davis, Felix Günther, Miro Haller and Kenneth G. Paterson. To appear in CRYPTO 2024.

In 1979, Shamir [Sha79] introduced the concept of “secret sharing”, a method allowing a user to divide data into n pieces and reconstruct it if a threshold of k < n pieces is available. This concept has proved to be greatly useful, finding applications in secret management systems (e.g. HashiCorp’s vault), cryptocurrency wallets (e.g. in the form of threshold cryptosystems) and more. The protocol only involves sampling a random polynomial and evaluating n points on that polynomial, making it a deceptively simple primitive. However, many potential implementation mistakes appear in real-world software products [Tra21] due to mathematical subtleties in the protocol. As more applications incorporate secret sharing, it becomes crucial to examine whether these implementations are secure and understand the impact of any discovered vulnerabilities. The objective of this thesis is to investigate the extent to which these vulnerabilities exist in the wild. This investigation will initially involve a large number of open-source repositories, which will be analysed with a combination of manual analysis, black-box testing, or analysis engines such as CodeQL [Git21]. The investigation can then focus on a few selected products for which these vulnerabilities would have a high impact.

[Git21] Inc. Github. Codeql, 2021 ( external page https://codeql.github.com/ call_made ) [Sha79] Adi Shamir. How to Share a Secret. Commun. ACM, 22(11):612–613, 1979. ( external page https://dl.acm.org/doi/10.1145/359168.359176 call_made ) [Tra21] Trail of Bits. Disclosing Shamir’s Secret Sharing vulnerabilities and announcing ZKDocs, 2021. ( external page https://blog.trailofbits.com/2021/12/21/disclosing-shamirs-secret-sharing-vulnerabilities-and-announcing-zkdocs/ call_made )

Single Sign On (SSO) allows users to log in into multiple services or software systems using a single authentication provider. A widely known and deployed SSO standard is the relatively modern OpenID [1], but the SSO space contains a wide range of competing implementations, different products, and legacy systems, resulting in high complexity. In this project, we take a look at OpenID itself, but also Kerberos [2] and Kerberos-based systems such as Active Directory [3], OAuth and OpenID Connect [4], and potentially other targets. We formalize the security goals that these schemes try to achieve, and check that they can withstand cryptanalytic scrutiny.

[1] external page https://openid.net/developers/specs/ call_made [2] external page https://web.mit.edu/kerberos/ call_made [3] external page https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/get-started/virtual-dc/active-directory-domain-services-overview call_made [4] external page https://oauth.net/articles/authentication/ call_made

Ongoing Projects

(We recommend students currently doing a project in our group to use this Download LaTeX template vertical_align_bottom for writing their thesis.)

(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Laura Hetz)

Oblivious Message Retrieval (OMR) aims to solve the problem of anonymous message delivery. In this problem, senders write messages to receivers and post them to a public database, called bulletin board. Receivers want to retrieve their pertinent messages privately and efficiently. Metadata and access patterns of these messages thus need to be protected, as these might leak information about client relations. Naively, a receiver could download the entire board to check locally which messages are intended for them. This approach would reveal no information about their pertinent message to the server holding the bulletin board. This level of privacy comes at a significant overhead in communication and computational cost, which is linear in the size of the bulletin board. Protocols based on differential privacy or Private Information Retrieval (PIR) can reduce these costs, but require additional coordination between clients, causing additional overhead [CGBM15, BLMG21]. Protocols for OMR aim to solve this problem by outsourcing the detection of pertinent messages to one or multiple servers. These detection servers should reduce the receivers’ overhead in detecting pertinent messages while staying oblivious to these messages. First works [BLMG21, MSS+22, JLM23] considered only the detection step of this problem and required an additional (private) retrieval step in addition to their proposed solution. Recent work [LT22, WLYL23, JMK24, LSTW24, LTW24b, LTW24a] aims to provide efficient solutions for oblivious detection and retrieval combined, and with different properties such as DoS-resistance and group communication. While recent work has made significant progress, the practicality of OMR schemes is still limited, and privacy guarantees might not be sufficient in practice [SPB22]. This project aims to provide an extensive overview and comparison of the existing literature on OMR in the context of real-world use cases and related notions in cryptography, potentially improving upon the proposed schemes. First, we survey the related work and identify requirements, limitations and properties of existing schemes. These are then evaluated based on the requirements of use cases for OMR, including anonymous messaging [SG24, Tea], analytics, and payment systems [Pen]. The identified open problems and gaps are then addressed to provide a better understanding of the requirements in practice and potentially improve the current state-of-the-art. References: [BLMG21] Gabrielle Beck, Julia Len, Ian Miers, and Matthew Green. Fuzzy message detection. In CCS, pages 1507–1528. ACM, 2021. [CGBM15] Henry Corrigan-Gibbs, Dan Boneh, and David Mazières. Riposte: An Anonymous Messaging System Handling Millions of Users. In 2015 IEEE Symposium on Security and Privacy, pages 321–338. [JLM23] Sashidhar Jakkamsetti, Zeyu Liu, and Varun Madathil. Scalable private signaling. IACR Cryptol. ePrint Arch., page 572, 2023. [JMK24] Yanxue Jia, Varun Madathil, and Aniket Kate. Homerun: High-efficiency oblivious message retrieval, unrestricted. IACR Cryptol. ePrint Arch., page 188, 2024. [LSTW24] Zeyu Liu, Katerina Sotiraki, Eran Tromer, and Yunhao Wang. Dos-resistant oblivious mes- sage retrieval from snake-eye resistant PKE. IACR Cryptol. ePrint Arch., page 510, 2024. [LT22] Zeyu Liu and Eran Tromer. Oblivious message retrieval. In CRYPTO (1), volume 13507 of Lecture Notes in Computer Science, pages 753–783. Springer, 2022. [LTW24a] Zeyu Liu, Eran Tromer, and Yunhao Wang. Group oblivious message retrieval. IEEE S&P, page 534, 2024. [LTW24b] Zeyu Liu, Eran Tromer, and Yunhao Wang. Perfomr: Oblivious message retrieval with reduced communication and computation. In USENIX Security Symposium. USENIX As- sociation, 2024. [MSS+22] Varun Madathil, Alessandra Scafuro, István András Seres, Omer Shlomovits, and Denis Varlakov. Private signaling. In USENIX Security Symposium, pages 3309–3326. USENIX Association, 2022. [Pen] Penumbra. Fuzzy Message Detection - The Penumbra Protocol. external page https://protocol.penumbra.zone/main/crypto/fmd.html call_made . [SG24] Sajin Sasy and Ian Goldberg. Sok: Metadata-protecting communication systems. Proc. Priv. Enhancing Technol., 2024(1):509–524, 2024. [SPB22] István András Seres, Balázs Pejó, and Péter Burcsi. The effect of false positives: Why fuzzy message detection leads to fuzzy privacy guarantees? In Financial Cryptography, volume 13411 of Lecture Notes in Computer Science, pages 123–148. Springer, 2022. [Tea] Open Privacy Cwtch Team. Cwtch: Decentralized, Surveillance Resistant Infrastructure. external page https://cwtch.im/ call_made . [WLYL23] Zhiwei Wang, Feng Liu, Siu-Ming Yiu, and Longwen Lan. Online/offline and history indexing identity-based fuzzy message detection. IEEE Trans. Inf. Forensics Secur., 18:5553– 5566, 2023.

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Matilda Backendal, Matteo Scarlata)

End-to-end encryption (E2EE) is now the norm for Internet browsing (via TLS) and increasingly also for messaging (with apps such as WhatsApp and Signal being end-to-end encrypted by default). Somewhat surprisingly, services that offer outsourced data storage, such as cloud storage and collaborative file editing platforms, still lag behind. One of the explanations might be the complexity that arises due to the persistence of data, which makes it difficult to use ephemeral key material to achieve strong security guarantees such as forward secrecy (FS) and post-compromise security (PCS). Another is the lack of a formal security models for even basic E2E security of outsourced data storage supporting functionality such as file sharing between users. In particular, the number of potential end-points arising from file sharing increases the complexity of E2EE cloud storage compared to single client settings. This complexity also exists in messaging, as showcased by the fact that protocols for secure two-party messaging (such as e.g. the Signal protocol) have been around for quite some time, but a protocol for E2EE group chats was only very recently standardized [rfc9420]. The newly standardized group messaging protocol is called "messaging layer security" (MLS). One of the main motivations for MLS was to make E2E security for messaging in groups of size n more efficient than through the naïve construction of n^2 two-party channels, while still retaining the same high-security guarantees—including forward secrecy and post-compromise security—that we expect from modern secure messaging protocols. In this project, we will explore the possibilities for more advanced security guarantees for file sharing systems in the E2EE setting. In particular, we will aim to tackle the conflict between the required functionality (including persistent data access, and flexible group and access management) and strong security guarantees such as FS and PCS. Our initial attempt at a solution, which we call the "secure shared folder" (SSF) scheme, combines the recent advancements of group messaging from the MLS standard with a form of key ratcheting known as key regression [NDSS:FuKamKoh06]. The aim of this project is to test the practicality of the SSF scheme by implementing a proof of concept file sharing system based on this cryptographic design.

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Matteo Scarlata, Matilda Backendal)

With more and more data stored online or distributed across multiple devices, an increasing number of security-sensitive applications face the challenge of combining availability with user-friendly key management. The traditional solution is passwords, for both authentication and key derivation. Passwords often have low entropy, come from a small and predictable "dictionary'' and may be highly correlated. Consequently, the usage of password-only authentication to web services is being phased out. Instead, users are offered a two step verification process, where they need to provide a second "factor'' in addition to their password, providing a second layer of protection against attacks in the case of weak passwords. This is known as Two-Factor Authentication (2FA), or more generally, Multi-Factor Authentication (MFA). In contrast, passwords are still commonly used as the sole authentication method to derive keys for encryption using Password-Based Key Derivation Functions (PBKDFs). Examples of this include full disk encryption, client-side encryption of backups and cloud storage, password managers and cryptocurrency wallets. In this project, we harden password-based key derivation exploiting the user's possession of multiple devices, in a similar fashion to MFA. We take inspiration from the tradition of "PRF services", such as Pythia (Everspaugh, Chatterjee, Scott, Juels, Ristenpart 2015), but port them to the setting where the PRF service is operated by the users themselves, and can be lost or fall into adversarial hands. We design a cryptographic notion to capture the security of key derivation in this setting. We then aim to show that our system achieves the proposed security notion, while other state-of-the-art systems are actually too weak and fail to deliver on their security claims.

(Supervisor: Prof. Kenny Paterson, Joint Supervisors: Shannon Veitch, Dr. Lenka Mareková)

VPNs provide increased privacy to users, and are therefore commonly used to circumvent censorship. In response, certain censoring bodies have begun using more advanced traffic analysis to block VPN access. There are two main strategies for VPN blocking: blocking by address (IP addresses of a VPN service), and blocking by behaviour (identifiable characteristics of the VPN traffic). VPN fingerprinting is the process of identifying a particular VPN protocol based on its protocol features. As is common in the cat-and-mouse game of defences and attacks, circumvention developers have created new protocols intended to protect against such fingerprinting. Several VPN protocols have implemented advanced protocols for the sake of circumventing this style of fingerprinting. This project aims to determine the efficacy of these circumvention techniques, by evaluating two advanced deployments of VPN protocols for censorship circumvention: Outline VPN [Out20,RM23] and LEAP VPN [Lea22]. Both Outline and LEAP offer client and server-side tools to enable individuals as well as organisations to act as service providers. These tools utilise and build on a number of existing technologies, from OpenVPN and Shadowsocks to Tor and Snowflake, which have previously been studied only in isolation [FWW20]. The project involves providing accurate and holistic abstractions of the systems and protocols and then applying a combination of fingerprinting [XKHE23, XRJ22], cryptanalysis, and machine learning techniques to determine if the protocols have identifiable features. We focus on exploring the capabilities of VPN fingerprinting for the sake of developing stronger censorship-resistant protocols in the future. References: [XKHE23] external page https://www.usenix.org/conference/usenixsecurity24/presentation/xue call_made [XRJ22] external page https://www.usenix.org/conference/usenixsecurity22/presentation/xue-diwen call_made [Lea22] external page https://leap.se/ call_made [Out20] external page https://getoutline.org/ call_made [RM23] external page https://www.technologyreview.com/2023/09/13/1079381/google-jigsaw-outline-vpn-internet-censorship/ call_made [FWW20] external page https://www.ndss-symposium.org/ndss-paper/detecting-probe-resistant-proxies/ call_made

(Supervisor: Prof. Kenny Paterson, Joint Supervisor: Kien Tuong Truong) Cloud storage providers such as Dropbox, Google Drive and Microsoft OneDrive allow users to offload their digital storage requirements to a remote server, managed by the provider. This is convenient and can create cost savings for both individuals and organizations. All of these providers consider security against attacks from outsider threats. However, few providers address security when the server itself is compromised, and some of those that do have been shown to have devastating cryptographic vulnerabilities, as evidenced by the attacks on Mega [BHP23] and Nextcloud [CPAB23]. Even if there were existing solutions that provably provided confidentiality and integrity of files, metadata is still often leaked. As an example, some providers leak file names. As another example, the server is always aware of the access patterns of the users. All these leakages can combine to create attacks which can compromise the privacy of users. A significant problem is that, even though a multitude of end-to-end encrypted (E2EE) cloud storage solutions exist on the market, there is a lack of foundational work on the cryptographic design for such systems. In order to guide such work, we look at the current ecosystem of E2EE cloud storage solutions, analyzing their protocols, and discussing their requirements. A new cloud storage solution that promises to protect the security and privacy of users is PrivateStorage [Aut] by Least Authority [lea]. Much like MEGA and Nextcloud, they claim to provide end-to-end encryption. However, they also implement unique features like accountless authorization, which they implement with a bespoke variation of Privacy Pass [Dav18]. This mechanism allows users to access the service without the need for a traditional account, decoupling service usage from identifiable information (e.g. payment information), and thus enhancing user privacy. This should ensure protection against surveillance, invasive data analysis and profiling, even if the adversary is a nation-state actor. PrivateStorage’s model offers a promising solution that could set new standards for the industry. However, new designs and the new cryptographic and privacy related protocols always raise concerns about potential vulnerabilities. This thesis seeks to analyze the protocol in order to find possible issues or, if none are found, to prove (a selection of) the claims given by PrivateStorage. References: [Aut] Least Authority. Privatestorage. external page https://private.storage/ call_made . Accessed on 2024-02-11. [Aut21] Least Authority. Zkaps whitepaper. 2021. [BHP23] Matilda Backendal, Miro Haller, and Kenneth G. Paterson. Mega: Malleable encryption goes awry. In 2023 IEEE Symposium on Security and Privacy (SP), pages 146–163, 2023. [CPAB23] Daniele Coppola, Kenneth G. Paterson, Martin Albrecht, and Matilda Backendal. Breaking cryptography in the wild: Nextcloud. 2023. [Dav18] Alexander Davidson. Privacy pass: Bypassing internet challenges anonymously. Proceedings on Privacy Enhancing Technologies, 2018(3):164–180, 2018. [lea] Least authority, privacy matters. external page https://leastauthority.com/ call_made . Accessed on 2024-02-11

Completed Projects

Yuanming Song. Refined Techniques for Compression Side-Channel Attacks [ Download pdf (PDF, 910 KB) vertical_align_bottom ] . Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Lenka Mareková.

Jonas Hofmann. Breaking Cryptography in the Wild: Cloud Storage . Supervisor: Prof. Kenny Paterson, Co-supervisor: Kien Tuong Truong.

Noah Schmid. Breaking Cryptography in the Wild: Rocket.Chat.  Supervisor: Prof. Kenny Paterson, Co-supervisor: Jan Gilcher.

Aurel Feer. Privacy Preserving String Search using Homomorphic Encryption [ Download pdf (PDF, 1.1 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Zichen Gui.

Léa Micheloud. Securing Cloud Storage with OpenPGP: An Analysis of Proton Drive [ Download pdf (PDF, 2.1 MB) vertical_align_bottom ] . Supervisor: Prof. Kenny Paterson, Co-supervisors: Matilda Backendal, Daniel Huigens (Proton AG, Zurich).

Daniel Pöllmann.   Differential Obliviousness and its Limitations . Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Tianxin Tang.

Andreas Tsouloupas.   Breaking Cryptography in the Wild: Double-Ratchet Mutations [ Download pdf (PDF, 966 KB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Matteo Scarlata, Kien Tuong Truong.

Thore Göbel.   Security Analysis of Proton Key Transparency  [ Download pdf (PDF, 1 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Daniel Huigens (Proton AG, Zurich), Felix Linker.

Sina Schaeffler.  Algorithms for Quaternion Algebras in SQIsign [ Download pdf (PDF, 664 KB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Luca De Feo (IBM Research, Zurich).

Lucas Dodgson.  Post-Quantum building blocks for secure computation - the Legendre OPRF [ Download pdf (PDF, 862 KB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).

Mirco Stäuble.  Mitigating Impersonation Attacks on Single Sign-On with Secure Hardware [ Download pdf (PDF, 2.1 MB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Julia Hesse, Sebastian Faller (IBM Research, Zurich).

Younis Khalil. Implementing a Forward-Secure Cloud Storage System [ Download pdf (PDF, 5.6 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Matilda Backendal.

Andrei Herasimau. Formal Verification of the "Crypto Refresh" Update to the OpenPGP Standard [ Download pdf (PDF, 695 KB) vertical_align_bottom ] . Supervisor: Prof. Kenny Paterson, Co-supervisor: Daniel Huigens (Proton Mail).

Benjamin Fischer. Privacy-Preserving Federated Learning for Cyber Threat Intelligence Sharing [ Download pdf (PDF, 3.3 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Juan R. Troncoso-​Pastoriza (Tune Insight SA).

Pascal Schärli.  Security Assessment of the Sharekey Collaboration App [ Download pdf (PDF, 2.9 MB) vertical_align_bottom ] . Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Bernhard Tellenbach (Armasuisse).

Lena Csomor. Bridging the Gap between Privacy Incidents and PETs [ Download pdf (PDF, 1.3 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand, Shannon Veitch.

Ran Liao. Linear-​Time Zero-​Knowledge Arguments in Practice . Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Jonathan Bootle (IBM Research, Zurich). Christian Knabenhans.   Practical Integrity Protection for Private Computations [ Download pdf (PDF, 873 KB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Anwar Hithnawi, Alexander Viand.

Ella Kummer.  Counting filters in adversarial settings [ Download pdf (PDF, 943 KB) vertical_align_bottom ] . Supervisor. Prof. Kenny Paterson, Co-supervisors: Dr. Anupama Unnikrishnan, Mia Filić.

Massimiliano Taverna.  Breaking Cryptography in the Wild: Web3 [ Download pdf (PDF, 1.4 MB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson.

Giacomo Fenzi.  Klondike: Finding Gold in SIKE [ Download pdf (PDF, 7.6 MB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Fernando Virdia.

Kien Tuong Truong.  Breaking Cryptography in the Wild: Threema  [ Download pdf (PDF, 824 KB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisor: Matteo Scarlata.

Jonas Meier.  Diophantine Satisfiability Arguments for Private Blockchains [ Download pdf (PDF, 2.1 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Patrick Towa.

Marc Ilunga.  Analysis of the EDHOC Lightweight Authenticated Key Exchange Protocol [ Download pdf (PDF, 1.2 MB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.

Robertas Maleckas.  Cryptography in the Wild: Analyzing Jitsi Meet [ Download pdf (PDF, 996 KB) vertical_align_bottom ] .  Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.

Miro Haller. Cloud Storage Systems: From Bad Practice to Practical Attacks  [ Download pdf vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Matilda Backendal.

Lorenzo Laneve . Quantum Random Walks [ Download pdf vertical_align_bottom ]. Joint supervisor: Prof. Kenny Paterson.

Florian Moser . Swiss Internet Voting [ Download pdf vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson.

Moritz Winger . Automated Hybrid Parameter Selection & Circuit Analysis for FHE [ Download pdf vertical_align_bottom ]. Joint supervisor: Prof. Kenny Paterson, Co-supervisor: Alexander Viand.

Tijana Klimovic . Modular Design of the Messaging Layer Security (MLS) Protocol [ Download pdf (PDF, 1.3 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Igors Stepanovs.

Radwa Abdelbar . Post-Quantum KEM-based TLS with Pre-Shared Keys [ Download pdf (PDF, 972 KB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Felix Günther, Dr. Patrick Towa.

Raphael Eikenberg . Breaking Bridgefy, Again [ Download pdf vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Prof. Martin Albrecht.

Andreas Pfefferle . Security Analysis of the Swiss Post’s E-Voting Implementation . Supervisor: Prof. Kenny Paterson.

Mihael Liskij . Survey of TLS 1.3 0-RTT Usage [ Download pdf (PDF, 803 KB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.

Nicolas Klose . Characterizing Notions for Secure Cryptographic Channels [ Download pdf (PDF, 1.4 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Felix Günther.

Alexandre Poirrier . Continuous Authentication in Secure Messaging [ Download pdf vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisors: Dr. Benjamin Dowling, Dr. Felix Günther.

Luca Di Bartolomeo . ArmWrestling: efficient binary rewriting for ARM [ Download pdf (PDF, 661 KB) vertical_align_bottom ]. Joint Supervisor: Prof. Kenny Paterson.

Matteo Scarlata . Post-Compromise Security and TLS 1.3 Session Resumption [ Download pdf (PDF, 1.5 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Benjamin Dowling.

Anselme Goetschmann . Design and Analysis of Graph Encryption Schemes [ Download pdf (PDF, 2.9 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson, Co-supervisor: Dr. Sikhar Patranabis.

Lara Bruseghini . Analysis of the OpenPGP Specifications and Usage . Joint Supervisor: Prof. Kenny Paterson.

Semira Einsele . Average Case Error Estimates of the Strong Lucas Probable Prime Test [ Download pdf (PDF, 893 KB) vertical_align_bottom ]. Joint Supervisor: Prof. Kenny Paterson.

Jan Gilcher . Constant-Time Implementation of NTS-KEM [ Download pdf (PDF, 3.2 MB) vertical_align_bottom ]. Supervisor: Prof. Kenny Paterson. 

What a lovely hat

Is it made out of tin foil .

International Association for Cryptologic Research

Open positions in cryptology.

Submit a job IACR provides a listing of open positions with a focus on cryptology. To advertise a job opportunity, please use the button to the right.

Submissions should include the organization, title, description, a URL for further information, contact information, and a closing date (which may be "continuous"). The job will be posted for six months or until the closing date. Submissions in other formats than text will not be posted. There can be no attachments.

This is intended to be a free service from an IACR member to the IACR membership. The content of the job posting is the responsibility of the person requesting the posting and not the IACR. Commercial enterprises who want to advertise their openings should identify at least one of their employees who is a member of IACR.

Ph.D. Student (Fully-funded as Research Assistant)

University of passau, faculty of computer sciece and mathematics (passau, germany).

The Secure Intelligent Systems (SecInt) research group at the University of Passau conducts research and teaching on various aspects of hardware security and physical attacks resistance.

Starting October 1, 2024, to support research and teaching within the framework of the project A Unified Hardware Design for the USA and German Post-Quantum Standards funded by the German Research Foundation (DFG) and the US National Science Foundation (NSF), the Assistant Professorship for Secure Intelligent Systems (Professor Dr.-Ing. Elif Bilge Kavun) is seeking to fill the position of a Research Assistant (m/f/d) with 100 percent of regular working hours for an initial limited period of one year. Remuneration will be in accordance with pay group 13 of the TV-L. There is the possibility of an extension of the employment in this project up to a total of three years, if the personal and pay scale requirements are met.

You must have completed (or be close to completing) a university master’s degree in Computer Science, Computer Engineering, Electrical Engineering, or closely related research disciplines with outstanding grades. Top candidates should demonstrate knowledge & expertise in most (or at least two) of the following areas:

• Cryptography
• Post-quantum cryptography
• Hardware (ASIC/FPGA) design (with HDL)
• Cryptographic hardware design
• Side-channel attacks and countermeasures

Fluency in English is required, and knowledge of German is preferred.

Please send your application by e-mail with relevant documents (i.e., CV and degree & work certificates, and if you have any, academic publications and references) only in PDF format as one file (email subject: Application-Secure_Intelligent_Systems Surname) to elif.kavun[AT]uni-passau.de by August 25, 2024.

We refer to our data protection information, available at https://www.uni-passau.de/en/university/current-vacancies/.

Assistant professor in Digital Security: Hardware for cryptography

Radboud university, assistant professor (cyber security), technological and higher education institute of hong kong, assistant professor (lecturer) in cyber security, lancaster university leipzig.

Lancaster University invites applications for one post of Assistant Professor (Lecturer) in Computer Science to join at its exciting new campus in Leipzig, Germany. Located in one of Germany’s most vibrant, livable, and attractive cities, the Leipzig campus offers the same high academic quality and fully rounded student experience as in the UK, with a strong strategic vision of excellence in teaching, research, and engagement.

The position is to support the upcoming MSc programme in Cyber Security, and to complement the department’s current research strengths. You are expected to have solid research foundations and a strong commitment in teaching Cyber Security topics such as Cybercrime, Information System Risk Management, or Information System Security Management.

You should have a completed PhD degree and demonstrated capabilities in teaching, research, and engagement in the areas of Cyber Security. You should be able to deliver excellent teaching at graduate and undergraduate level, pursue your own independent research, and develop publications in high quality academic journals or conferences. You are expected to have a suitable research track record of targeting high quality journals or a record of equivalent high-quality research outputs.

Colleagues joining LU Leipzig’s computer science department will benefit from a very active research team, but will also have access to the research environment at the School of Computing and Communications in the UK. We offer a collegial and multidisciplinary environment with enormous potential for collaboration and work on challenging real-world problems especially.

German language skills are not a prerequisite for the role, though we are seeking applicants with an interest in making a long-term commitment to Lancaster University in Leipzig.

• the Academic Dean: Prof Constantin Blome ([email protected])
• the Head of Department: Dr Fabio Papacchini ([email protected])

PhD student

Eindhoven university of technology, coding & crypto group, the netherlands, tenure track professor of security & privacy (m/f/d), graz university of technology, austria.

• AI Safety and Security
• Formal Methods for Security
• System Security
• Digital Identities
• Usable Security

Two post-doc positions in quantum and post-quantum security

University of luxembourg, faculty positions at qusoft, qusoft amsterdam, post-doc position, design and deployment of quantum-secure protocols, sorbonne university.

The post-doc will conduct research at the intersection of theoretical cryptography and practical experiments on a quantum optical testbed to demonstrate a practical quantum advantage in terms of security and/or efficiency for advanced quantum cryptographic protocols.

The post-doc will be jointly supervised by Alex B. Grilo (CNRS, Sorbonne University), Eleni Diamanti (CNRS, Sorbonne University), and Ludovic Perret (EPITA & Sorbonne University). The ideal candidate will hold a PhD in quantum cryptography or cryptography with a strong motivation to work at the intersection of these two domains. Programming skills are a plus.

The position is for 12 months, renewable for up to 24 months, with a flexible start date. It is offered in the framework of the QSNP project, a European Quantum Flagship project aiming to develop quantum cryptography technology.

The PolSys team has strong expertise in post-quantum-cryptography whilst the QI team is an interdisciplinary research group covering computer science, theoretical physics and experimental quantum optics. We are based in LIP6, Sorbonne Université, in central Paris, and are founding members of interdisciplinary centers the Quantum Information Centre Sorbonne and the Paris Centre for Quantum Technologies. We strive to promote equality, diversity, inclusion and tolerance.

Applicants should send their CV, and a cover letter and arrange for at least two references to be sent to the contact person given below. The deadline for applications is 30/09/2024.

Cryptographic Engineer - ZK

Input-output global.

As a Cryptographic Engineer in Applied Cryptography, you will play a vital role in developing and implementing cryptographic solutions. You'll work alongside a team of talented individuals, contributing to various projects ranging from prototyping new cryptographic products to optimizing existing ones. You will collaborate closely with software architects, product managers, and other team members to successfully deliver high-quality cryptographic solutions that meet market demands.

You will need to have a strong foundation in engineering principles and a keen interest in cryptography. This role offers an exciting opportunity to work on cutting-edge technologies while continuously learning and growing in applied cryptography.

As a Cryptographic Engineer, you'll play a pivotal role in implementing Zero-Knowledge (ZK) circuits tailored for integration within the Midnight chain. Your focus will involve leveraging recursive proof technologies, particularly those based on Halo2, to create proofs regarding the Midnight state. These proofs are designed to interface with other ecosystems, such as Cardano, providing a secure and efficient means to interact and exchange information across platforms. Your duties will include:

• Working with teams across time zones
• Working independently on software development tasks
• Being proactive and requiring minimal supervision or mentoring to complete tasks
• Contribute to the development and delivery of cryptographic products
• Assist in prototyping new cryptographic solutions
• Implement cryptographic primitives according to established specifications
• Collaborate with team members to review cryptographic protocols and proposed primitives
• Document code and APIs clearly and comprehensively
• Adhere to software engineering best practices during the development process

Student Position: Crypto Library Software Development (f/m/d)

Nxp semiconductors austria gmbh & co kg, phd scholarship in computer security and data privacy, rovira i virgili university, tarragona, spain.

• A 4-year PhD scholarship to work in an exciting international environment located at the sunny and mediterranean city of Tarragona, Spain.
• Generous travel funds for participation in conferences, summer schools, and research stays.
• An automatic switch to a postdoctoral contract once the candidate defends the PhD thesis.
• A First Class Honours degree (or equivalent) or Master degree (with research component) in computer science or mathematics
• Strong academic performance, programming and mathematical skills
• A proven interest in computer security and/or related topics
• Excellent written and oral English skills
• Commitment, team worker, self-motivated and a critical mind
• Curriculum Vitae
• A short description of your Master work or Honours thesis (max 1 page)
• Transcript of grades from all university-level courses taken
• Contact information for 3 referees

Fully-funded Ph.D. Position: Distributed Trustworthy Deep Learning for Medical Systems

University of south florida, the department of computer science and engineering, tampa, fl, usa..

• A BS degree in ECE/CS with a high GPA
• Excellent programming skills (e.g., C, C++), familiarity with Linux
• MS degree in ECE/CS/Math is a big plus. Publications will be regarded as a plus but not required.
• Please send your CV, transcripts, TOEFL/IELTS scores (required), publications (optional), and GRE (highly preferred).

Lead Cryptographer

System developer, cima.science, research fellow (postdoctoral research fellow), university of wollongong, australia, researchers in cryptography (post- or pre-doc), universität der bundeswehr munich, germany.

• Distributed cryptography : DKG, decentralised credentials with privacy properties
• Advanced encryption : algorithmic techniques for FHE and SNARKs, updatable encryption
• Secure computation : MPC techniques and protocol design, PSI
• PQC techniques for any of the aforementioned areas
• Master's degree (or equivalent) or PhD in Mathematics, Cryptography, or Computer Science with excellent grades
• Solid knowledge and demonstrable experience in respective research area
• Post-doc candidates must have a strong track record (ideally with publications at IACR conferences and/or the top 4 security conferences) and good academic writing and presentation skills
• Experience with cryptographic implementations (desirable)
• Proficiency in English (essential) and German (desirable but not essential)

Ph.D. students

Darmstadt university of applied sciences.

The research group Applied Cyber Security Darmstadt (ACSD) at Darmstadt University of Applied Sciences (h_da) is currently seeking Ph.D. students for various exciting research opportunities. We are looking for motivated individuals interested in Automotive Security, Smart Energy Network Security, Offensive Security, Post-Quantum Cryptography (PQC), and Cryptographic Protocol Design. Our group is engaged in several ongoing and upcoming projects funded by prominent agencies such as the DFG (German Research Foundation), BMBF (Federal Ministry of Education and Research), and the state of Hesse. Among the positions are two PhD positions for a BMBF-funded project commencing in September, focused on cryptoagility and the integration of PQC in modern vehicles. This project addresses critical challenges in future-proofing automotive security against emerging quantum threats. If you are passionate about cutting-edge cyber security research and wish to contribute to the advancement of secure automotive technologies, we encourage you to apply.

• Master’s degree with very good grades in IT security, computer science, or a similar field
• Extensive knowledge in IT security and applied cryptography
• Proficient programming skills in Python, C/C++
• Knowledge in cryptographic protocols, post-quantum cryptography, automotive technologies, offensive security, or energy networks is beneficial (depending on the project)
• Experience and interest to engage in teaching
• Very good English skills, German skills are beneficial
• Motivated, reliable, creative, and able to work independently
• Christoph Krauß
• Alexander Wiesmaier

PhD Student Cryptographic Protocols

Ph.d. student, university of amsterdam, two ph.d. student positions, univeristiy of sydney, school of computer science, sydney, australia.

• security and fairness in multi-party computation
• distributed payment protocols
• privacy-preserving blockchains and cryptocurrencies
• Security and game-theoretic aspects in blockchains
• An UG or Master’s degree in CS, Mathematics, Electrical Engineering, or a related field, with one year of research experience (For eg., research-based thesis).
• Strong background in theoretical computer science, number theory, probability.
• Proficiency in English, both written and spoken
• Good communication and teamwork skills.
• Excellent programming skills and experience with cryptographic libraries is a plus.
• Competitive salary and benefits package.
• Work in a dynamic and international research environment.
• Support for international collaborations and travel.

The University of Sydney is one of the world's leading universities, known for its outstanding research and teaching excellence ( ranked 18 in the world - QS rankings 2025 ). Our vibrant campus is located in the heart of Sydney (one of the top livable cities of the world), offering an exceptional environment for both academic and personal growth and the perfect work-life balance. The School of Computer Science is among the top ranked in the world ( ranked 22 in the world for CS - US news and world report 2024-25 ) constantly expanding year-on-year with strong faculty and students.

• a detailed CV, including list of publications (if any)
• Transcript, degree certificate
• Contact of two references

Technical University of Denmark, Copenhagen, Denmark

• post-quantum cryptographic primitives such as signatures or OPRFs
• threshold cryptographic techniques such as secret sharing and multiparty computation
• cryptographic foundations of post-quantum cryptography such as lattices, MPC-in-the-head, FHE and similar tools

Postdoc in the Applied and Provable Security group

Eindhoven university of technology (tu/e), netherlands.

We are looking for a person to extend our team as postdoc in the Horizon Europe Next Generation Internet pilot NGI TALER. Your task will be to carry out foundational research in the context of the payment system GNU Taler. More precisely, you will be tasked with proving the security of post-quantum replacements for the cryptography used to secure GNU Taler. The position is initially 1 year with funding for a 1-year extension available.

GNU Taler is a privacy-preserving payment system. Customers can stay anonymous, but merchants cannot hide their income through payments with GNU Taler. This helps to avoid tax evasion and money laundering while providing users with a privacy-preserving way of electronic payment. As part of a Next Generation Internet pilot, the cryptography used in GNU Taler will be future-proofed by developing post-quantum secure variants of the involved protocols. Your task will be to prove these new protocols secure against quantum adversaries, closely collaborating with the team that develops the protocols.

If you have a PhD in cryptography or a related area, please apply online via the TU/e website.

Senior Cryptographer

We’re creating a general-purpose private smart contract layer for Ethereum, affectionately dubbed ‘Aztec 3’.

We utilise bleeding-edge cryptography in our tech stack to realise private transactions on a public blockchain network, particularly in the realm of zero-knowledge cryptography.

As a result we possess a world-class R&D team that has co-authored the Plonk, Plookup and Zeromorph protocols. Plonk in particular is rapidly becoming an industry standard ZK-SNARK technology.

We are looking for experienced cryptographers to expand our R&D team and allow us to further enhance the state-of-the-art when it comes to generating proofs of private computation.

Cryptography Researcher

=nilfoundation, phd position in cybersecurity, university of south-eastern norway; kongsberg, norway.

We are seeking a highly motivated candidate for a PhD in Cybersecurity. This project aims to advance the field of healthcare cybersecurity through innovative and scalable solutions. The candidate will focus on the security and privacy of healthcare systems, including but not limited to developing decentralized, secure, and privacy-preserving methods for sharing health data.

Starting date: The position is available from January 1, 2025. An earlier commencement might be possible.

Application deadline: October 7, 2024.

• Fully funded position for three years
• No teaching obligations
• Stimulating research environment
• Competitive salary and benefits, starting salary from NOK 532,200

More information is available at bit.ly/phd25

Associate Research Fellow (Postdoctoral Fellow)

Senior web service java software engineer for trust provisioning (m/f/d), postdoc in cryptography, aalto university, finland.

We are looking for postdocs interested in working with us (Chris Brzuska and Russell W. F. Lai) on topics including but not limited to:

• Lattice-based cryptography, with special focus on the design, application, and analysis of non-standard lattice assumptions
• Succinct and/or zero-knowledge proof and argument systems
• Advanced (e.g. homomorphic, attribute-based, functional, laconic) encryption and (e.g. ring, group, threshold, blind) signature schemes
• Fine-grained cryptography (e.g. against bounded-space-time adversaries)
• Lower bounds and impossibility results

For questions about the topics, feel free to drop us an email to discuss.

For more details about the position, and for the instructions of how to apply, please refer to https://www.hiit.fi/ict-community-postdoctoral-researcher-positions/.

• For the position: Chris Brzuska, Russell W. F. Lai
• For the recruiting system: HIIT coordinator (see link above)

University of Edinburgh

Post-doc in cryptography with applications to fintech and privacy.

• Applied or symmetric cryptography
• Blockchain cryptography, cryptoeconomics
• Anonymity and privacy on the Internet
• Conduct, publish and present research results at conferences
• Collaborate with the two Ph.D. students of the project
• Attract funding in cooperation with academic and industrial partners

Engineering Consulting Position

Postdoc in {lattice-based, class-group-based, threshold} cryptography, lirmm, montpellier, france, postdoc position in cryptography: social foundations of cryptography, king's college london.

The candidate will work alongside Prof. Martin Albrecht, Dr. Benjamin Dowling, Dr. Rikke Bjerg Jensen (Royal Holloway University of London) and Dr. Andrea Medrado (Exeter) on establishing social foundations of cryptography in protest settings. In particular, the candidate will work with a multi-disciplinary team of cryptographers (Dowling, Albrecht) and ethnographers (Jensen, Medrado) to understand the security needs of participants in protests, to formalise these needs as cryptographic security notions and to design or analyse cryptographic solutions with respect to these notions.

This position is part of the EPSRC-funded project “Social Foundations of Cryptography” and more information is available at https://social-foundations-of-cryptography.gitlab.io/.

In brief, ethnography is a social science method involving prolonged fieldwork, i.e. staying with the group under study, to observe not only what they say but also what their social reality and practice is. In this project, we are putting cryptography at the mercy of ethnographic findings, allowing them to shape what we model.

PhD Studentship in Privacy-Enhancing Technologies (Cryptography and Federated Learning)

Newcastle university.

• The studentship covers fees at the UK rate . International applicants are welcome to apply but will be required to cover the difference between UK and International fees.
• Candidate must have a strong background in math and computer programming (e.g., C++, Python, or Java).
• You must have, or expect to gain, a minimum 2:1 Honours degree or international equivalent in computer science, cybersecurity, mathematics, or software engineering.

Assistant Professor in Verification of Cryptographic Implementations

Eindhoven university of technology.

• A team player,
• holding a PhD in an area related to cryptography or formal methods,
• experienced in doing high quality research, demonstrated, for example, by publications in top tier venues on cryptography, security, or formal methods,
• that is also interested in teaching students about their research.
• A fun team, open for collaborations,
• supporting you in applying for personal grants, and growing into the role of a professor,
• with a large network for collaborations in academia and industry,
• providing funding for a first PhD student and travel, and
• employment conditions of a Dutch university (including two additional salaries per year and 40+ vacation days).

University of Birmingham, Birmingham, United Kingdom

The primary research theme for the call is in the foundations and cryptanalysis of post-quantum cryptosystems. The exact projects could be tailored to match the candidate's background and interests.

Senior Cryptographer Engineer

Phd student in security of ai hardware, university at albany, suny, department of electrical and computer engineering; albany, new york, postdoctoral researcher, sapienza university of rome, italy, multiple academic teaching positions, xiamen university malaysia, sepang, malaysia.

Xiamen University Malaysia is now seeking highly motivated, committed and qualified individuals for academic teaching positions in computer science and cyber security.

Candidates in computer science and cyber security are welcome to apply. The ideal candidate is expected to be able to support general computing subjects, as well as cyber security specialization subjects. Applicants must possess a PhD degree in a related discipline.

• Digital Forensics and Investigation
• Network Traffic Monitoring and Analysis
• Advanced Network Attack and Defence Technology
• Malware Analysis
• Cryptanalysis
• Blockchain Technology

HOW TO APPLY Applicants are invited to submit a digital application packet to: [email protected] and [email protected]

• Your detailed and current CV with publication (*Asterisk to indicate corresponding author, include Indexing & Quartile);
• Cover letter;
• List of courses from the above that the candidate can support;
• Evidence of academic qualifications (Bachelor, Master & PhD Certificate; Bachelor, Master & PhD Transcripts and Professional Certificates);
• 3-5 Full-Text publications (if applicable);
• Teaching evaluation (if applicable);
• Two academic references (at least one of them is the applicant’s current/most recent employer).

Faculty of engineering, Bar-Ilan University, Israel

Phd student, university of new brunswick, computer science; fredericton, canada, applied cyptographer, fully-funded phd position in lattice-based privacy enhancing technologies, monash university; melbourne, australia.

• highly competitive scholarships to cover tuition fees, health insurance and living expenses (as stipend),
• opportunities to collaborate with leading academic and industry experts in the related areas,
• opportunities to participate in international grant-funded projects,
• collaborative and friendly research environment,
• an opportunity to live/study in one of the most liveable and safest cities in the world.

Requirements. A strong mathematical and cryptography background is required. Some knowledge/experience in coding (for example, Python, C/C++, SageMath) is a plus. Candidates must have completed (or be about to complete within the next 8 months) a significant research component either as part of their undergraduate (honours) degree or masters degree. They should have excellent English verbal and written communication skills.

How to apply. please first refer to mfesgin.github.io/supervision/ for more information. Then, please fill out the following form (also clickable from the advertisement title): https://docs.google.com/forms/d/e/1FAIpQLScOvp0w397TQMTjTa6T7TKqri703Z-c3en0aS654w6nl4_EFg/viewform

Embedded Crypto Software Developer (m/f/d)

Nxp semiconductors gratkorn/austria, hamburg/germany, eindhoven/netherlands & toulouse/france.

• You will develop crypto algorithms (incl. Post Quantum Crypto) based on specifications, being involved from the coding/programming, test, code review, release stages.
• You will align with our innovation team, architectural team, hardware teams and support teams to develop the algorithms which contribute to a complete security subsystem in all of NXP's business lines.
• Bachelor + 3-5 years of relevant experience Or​ You are a graduate with a Master or PhD Degree in Computer Science, Electronics Engineering, Mathematics, Information Technology, Cryptography
• You have a passion for technology, you bring ideas to the table and you are proud of your results.
• We offer you the opportunity to learn and build on your technical knowledge and experience in some of the following areas: algorithm development including post quantum cryptography (DES, AES, RSA, ECC, SHA and many more)
• embedded software development in C and Assembly
• work with ARM Cortex M and RISC V platforms
• Work on hardware and software countermeasures against side channel (SCA) and fault attacks, (FA).

PhD Internship

Nokia bell labs; antwerp, belgium.

• You are currently doing a PhD or PostDoc
• Some familiarity with one of the areas: FHE, MPC or ZKP
• Both applied and theoretical researchers are welcome
• Fully funded internship with benefits (based on Belgian income standards)
• Internship any time from now until the end of 2024
• Possibility to visit local university crypto groups (e.g. COSIC KU Leuven)
• A wonderful desk with a view of the Zoo of Antwerp (elephants and bisons visible)
• Having access to the best beers and chocolates in the world

PhD student (fully funded)

Monash university, melbourne, australia.

At the Department of Software Systems and Cybersecurity (SSC) at Monash, we have several openings for PhD positions. The topics of interest are post-quantum cryptography (based on lattices and/or hash), their applications, and their secure and efficient software and hardware implementations.

• We provide highly competitive scholarships opportunities to collaborate with leading academic and industry experts in the above-mentioned areas.
• There will be opportunities to participate in (inter)nationally funded projects.
• We have a highly collaborative and friendly research environment.
• You will have an opportunity to live/study in one of the most liveable and safest cities in the world.

The positions will be filled as soon as suitable candidates are found.

• Some mathematical and cryptography backgrounds.
• Some knowledge/experience in coding (for example, Python, C/C++, and/or SageMath) is a plus.
• Must have completed (or be about to complete within the next 6 months) a significant research component either as part of their undergraduate (honours) degree or masters degree.
• Should have excellent verbal and written communication skills in English.

Postdoctoral Researchers in Post-Quantum Cryptography

Institute of software chinese academy of sciences, phd position in cryptography and privacy engineering, technical university of darmstadt, germany.

The Cryptography and Privacy Engineering Group (ENCRYPTO) @CS Department @Technical University of Darmstadt offers a fully funded position as Doctoral Researcher (Research Assistant/PhD Student) in Cryptography and Privacy Engineering to be filled as soon as possible and initially for 3 years with the possibility of extension.

You'll work in the collaborative research center CROSSING funded by the German Research Foundation (DFG). In our project E4 Compiler for Privacy-Preserving Protocols, we build compilers to automatically generate optimized MPC protocols for privacy-preserving applications. See https://encrypto.de/CROSSING for details. As PhD@ENCRYPTO, you primarily focus on your research aiming to publish&present the results at top venues.

We demonstrate that privacy is efficiently protectable in real-world applications via cryptographic protocols. Our open and international working environment facilitates excellent research in a sociable team. TU Darmstadt is a top research university for IT security, cryptography and CS in Europe. Darmstadt is a very international, livable and well-connected city in the Rhine-Main area around Frankfurt.

• Completed Master's degree (or equivalent) at a top university with excellent grades in IT security, computer science, or a similar area.
• Extensive knowledge in applied cryptography/IT security and very good software development skills. Knowledge in cryptographic protocols (ideally MPC) is a plus.
• Experience and interest to engage in teaching.
• Self-motivated, reliable, creative, can work independently, and striving to do excellent research.
• Our working language is English: Able to discuss/write/present scientific results in English. German is beneficial but not required.