I'm looking for a PhD student to work with me on formal verification for cryptographic protocols.
This is a 4-year position at VU Amsterdam, co-supervised with Kristina Sojakova. Send me an email if you want to know more!
Consider attending our CASA summer school on cryptography and distributed computing from June 22.-25. in Bochum! Registration is open until March 12.
casa.rub.de/en/events/ca...
I am very excited that our work on secure cloud storage is now online. A big shoutout also to my co-author @jonasjanneck.bsky.social who will present the results at Eurocrypt’26!
Compared to a previous version, we improved the security bounds and have a meaningful result for strong unforgebaility 💪
We also give a security analysis of the FFO Sampler used in Falcon completing the analysis of the scheme.
We updated our work on the first concrete security proof of the Falcon signature scheme 🦅
ia.cr/2024/1769
This is joint work with Pierre-Alain, Phillip, Hubert, and @kiltz.bsky.social and will appear at Eurocrypt’26 🎉
The schemes are further highly practical by being as compact as the naive concatenation of two signatures.
One construction, which can be used to combine EdDSA and ML-DSA, achieves even smaller signatures than the sum of the both component schemes 🎉
The designs allow for a simple migration without messing with the PQ component meaning:
- FIPS compliance for NIST standardized schemes ✅
- no new PQ implementation needed 💻
- no patent issues 🧑⚖️
The Bird of Prey combiners are the first achieving this requirement together with strong unforgeability!
Happy to announce that Bird of Prey is accepted at EC’26 🛸✍️🎉
eprint.iacr.org/2025/1844
The paper presents three signature combiners for PQC migration preserving strong unforgeability. They capture all broadly used classical schemes and can be used with *any* PQ signature in a black-box way!
I am co-organising (with @drl3c7er.bsky.social and Lucjan Hanzlik) a workshop on Privacy-Enhancing Cryptography in Rome on May 10 as an affiliated event to IACR Eurocrypt. Submit your best PEC-work (3-page extended abstract) for presentation by February 25th: privcryptworkshop.github.io
Planning your trip to Eurocrypt or looking for an excuse to still go? The reviewers did not appreciate your too involved or too elegant proofs?
Consider submitting a talk to ProTeCS (protecs-workshop.gitlab.io), an affiliated event of EC, where we celebrate proofs as independent objects of study!
Are you looking for a signature combiner for PQC migration?
We already have combiners/hybrids for unforgeability. But do we have combiners that also preserve strong unforgeability and all BUFF properties? Now we do:
Abstract. An Authenticated Key Encapsulation Mechanism (AKEM) combines public-key encryption and digital signatures to provide confidentiality and authenticity. AKEMs build the core of Hybrid Public Key Encryption (RFC 9180) and serve as a useful abstraction for messaging applications like the Messaging Layer Security (MLS) protocol (RFC 9420) and Signal’s X3DH protocol. To date, most existing AKEM constructions either rely on classical (non post-quantum) assumptions or on unoptimized black-box approaches leading to suboptimal efficiency. In this work, we choose a different abstraction level to combine KEMs and identification schemes more efficiently by leveraging randomness reuse. We construct a generic scheme and identify the necessary security requirements on the underlying KEM and identification scheme when reusing parts of their randomness. This allows for a concrete instantiation from isogenies based on the POKÉ KEM (EUROCRYPT’25) and the SQIsignHD identification scheme (EUROCRYPT’24). To be used in our black-box construction, the identification scheme requires the more advanced security property of response non-malleability. Hence, we further show that a slight modification of SQIsignHD satisfies this notion, which might be of independent interest. Putting everything together, our final scheme yields the most compact AKEM from PQ assumptions with public keys of 366 bytes and ciphertexts of 216 bytes while fulfilling the strongest confidentiality and authenticity notions.
Image showing part 2 of abstract.
Snake Mackerel: An Isogeny-Based AKEM Leveraging Randomness Reuse (Jonas Janneck, Jonas Meers, Massimo Ostuzzi, Doreen Riepel) ia.cr/2025/1474
The preliminary program for the Cryptographic Applications Workshop (CAW) at Eurocrypt'25 is out.
#CAW focuses on the construction and analysis of cryptography built for practice.
This thread gives a quick overview; the full program and abstracts are here: caw.cryptanalysis.fun#program
The 3rd edition of WISC – Women in Security and Cryptography Workshop will take place in Bochum from June 16 to 18. Already confirmed are talks by Lejla Batina, Zinaida Benenson, Shafi Goldwasser, Martina Lindorfer, and Doreen Riepel. Registration is open now! casa.rub.de/en/events/wi...