Eran Tromer's research group studies a variety of research problems in information security and cryptography. We have open positions in several projects, on a variety of topics.
NOTE: Eran Tromer is presently at Columbia University in New York, and on leave from Tel Aviv University. He thus accepts new new students at Tel Aviv University only in exceptional circumstances. He is advising new students at Columbia University.
Here are some of the things you could do in the group:
Proving correct execution of programs running on untrusted platforms, using zero-knowledge SNARK proofs and other advanced cryptographic tools. We address open problems in the constructions, implementation (e.g., in our libsnark open-source library), and applications.
Analyze physical side-channel leakage from computers and embedded devices, from several possible angles:
See the LEISec web page for examples of our recent projects.
We design and analyze improved blockchain protocols, focusing on privacy and scalability. For example, we work on improving the functionality and performance of our Zerocash protocol (underlying the Zcash cryptocurrency). We are also study how public policy and regulation can be integrated with blockchains, while preserving users' privacy.
We also have a project on implementing a secure Bitcoin wallet using a novel hybrid software/hardware approach.
Explore novel cryptographic constructions based on nonconventional physical and biological phenomena, to achieve functionality that cannot be achieved in the purely digital domain.
Design and implement new security mechanisms in federated, multisensor systems, such as mobile devices, smart-home deployments, hybrid local/cloud computing and sensor networks. We devise novel permissions systems that let users express (and enforce) their preferences at a higher level than raw resource permissions: for example, reasoning about information flow control, and about the human users' intentions in the context where the operations happen.
To see other recent projects, see Publications.
Research in this area typically requires very high programming proficiency, general computer problem-solving, and working in quirky environments such as Unix shell and LaTeX (or at least the willingness and dedication to spend nights learning these as you go). Other background, such as mathematics and electronics, depends on the project.
You also need excellent communication skills and good English language skills, in order to read papers and documentation, write up your results, and communicate with colleagues. Incidentally, your application email (see below) is a good opportunity to demonstrate these skills, by clearly addressing all pertinent points.
The center of our empirical research is the *Laboratory for Experimental Information Security, located in Tel Aviv University's Schreiber building, hosts experimental research on side channels and computer platforms. The *Check Point Institute for Information Security lab, in the adjacent Shenkar Physics building, hosts theory and programming research. We also make extensive use of videoconference links with international collaborators. Work hours are very flexible. Working from home may be possible, depending on circumstances, but usually you will be expected to spend a large portion of your time physically at the lab.
Parts of the lab functionality are also available at other locations and remotely, in particular at Columbia University.
Theoretical and software-development activities are flexible in location.
Especially for long-term positions, there is occasional international travel to our collaborators or to conferences abroad (fully funded by the lab).
Here is a brief explanation of the different kinds of open positions in the group:
NOTE: The following uses the terminology of Tel Aviv University. As noted above, at this time new students are considered mainly at Columbia University. The formal position at Columbia are somewhat different than described below, but broadly analogous.
Graduate students are registered for Ph.D. or M.Sc. studies at Tel Aviv University, and are advised in their thesis research. The thesis should advance the state of the art, and demonstrate the student's skills, originality and mastery of a subject area. Graduate students are paid a monthly scholarship (which varies with seniority). Graduate students (especially Ph.D.) are often involved in multiple projects, and typically also serve as teaching assistants in courses.
Full-time dedication to research is highly recommended. Dedicating less than 3 full days per week to research is rarely fruitful, and will be considered only in exceptional cases: it requires excellent existing skills sufficient to make rapid progress on a well-defined project, and it requires the ability to temporarily suspend other obligations (e.g., take leaves) if research schedule or the deadlines so demand.
Research assistants and engineers are paid a salary based on working hours. There are no formal academic degree requirements, but we expect people in this position to have existing proficiency in the relevant skills. The work may be independently innovative, or may be a technical part of a larger project.
Student projects count toward completion the degree requirements, and are unpaid. It is common to continue such research as a graduate student or research assistant. Projects take three forms:
Postdoctoral fellows are full-time positions for researchers who hold a Ph.D. degree. Postdoctoral fellows are often involved in multiple projects, pursue independent research interests, and lead other lab personnel.
Salaries/scholarships in our group are very competitive on the academic scale. Members of the group typically get dedicated office/lab space and a laptop computer.
Volunteers sometimes participate in our research, when circumstances do not let them enter the aforementioned positions.
To inquire about joining, email Eran Tromer. Our goal is then to understand which project best suits you, in terms of your skills, background and availability. To help us figure this out, explain the following in your email:
Which projects sound interesting, and why? Do you have independent ideas for security/cryptography projects, or have found bugs in our papers, or are you particularly excited about some problem?
What relevant background do you have, via academic education, prior work/projects, informal experience, training courses, and so forth?
What type of position are you interested in, and how much time can you dedicate? What are your long-term plans? (See "position types" above with regard to our expectations.)
Please attach a CV, grade transcript, and links or documents about exciting things you've done.