Where and How

The internship will be in English at IRIF, Team Algorithmes et complexité.

Areas of interest: Theoretical Computer Science, Cryptography, Computer Security, Software Engineering

How to Apply: Drop me an e-mail with your CV and a few words about you. I need the following information:

• Your window of availability (roughly);
• Current position and affiliation;
• Which classes have you enjoyed the most, and your grades;
• Years of experience in computer security and/or computer science;
• Years of experience in programming and in which programming language;
• Your awards/achievements;
• Your CV.

Topics

Development of a post-quantum whistleblowing platform

Securedrop is an open-source whistleblower submission system widely used by major media organizations.

Unfortunately, most of Securedrop’s cryptography relies on pre-quantum cryptography. This high-risk project is centered around studying the current security from a quantum-adversarial perspective, attempt to develop an efficient replacement or hybrid scheme, and potentially implementing it.

More technically, Securedrop is a low-volume messaging system where it is provided sender and recipient anonymity: the server has no idea who is talking to how and what they are saying to each other. (This is much stronger than e.g. end-to-end encryption like in Signal where the server must know who to send the message to!) The internship will involve studying some post-quantum key-encapsulation schemes standardized by NIST, and then venture into modifying the scheme for having the desired properties for Securedrop’s engineers.

Zero-knowldge proof standardization

Cryptographic proofs are a fundamental tool in complexity theory and cryptography. They enable an untrusted prover to convince a verifier that a specific computation was performed correctly. Extensions of this concept allow the prover to operate in zero knowledge, meaning the proof reveals no additional information to the verifier beyond the statement’s truthfulness. As such, they are pivotal in modern applications that require scalability and privacy.

Proofs are widely used today: Signal and Apple iMessage use them for providing anonymity in group chats, Google for removing third-party cookies, and a plethora of blockchain companies for providing confidential transactions and fact transaction verification.

One of the major obstacles to the widespread adoption of zero-knowledge proofs is that it’s hard for cryptography engineers to derive secure protocols from the abstractions used in papers. We can work together on some of the following steps:

• studying and summarizing the current literature on the subject,
• specifying an IETF-style document that can be used for starting a specification,
• providing a reference implementation in Rust and Python.

for these two key areas:

• Σ-protocols, a class of zero-knowledge proofs that are mature and ready for standardization.
• The Fiat-Shamir transform (work-in-progress implementation), a technique to convert interactiveprotocols into non-interactive ones.