International Association for Cryptologic Research

Job Posting: Senior Engineer in Cryptography and Embedded Security IN Groupe At IN Groupe, you contribute to a safer world by working with an international community. Our pioneering technologies meet the highest standards, and we continue to adapt quickly to stay ahead in an ever-changing world. As a Senior Engineer in Cryptography and Embedded Security, within the R&D team, you will be a key point of reference for security-related aspects. You will design high-security cryptographic algorithms for embedded systems. You will analyse and evaluate the security of these implementations against physical and software attacks to ensure a high level of protection for our embedded solutions. You will work on state-of-the-art technologies and the latest generations of cryptographic primitives. Key skills : Experience with physical attacks, such as: – Side-channel attacks (power, EM, timing) – Fault injection attacks (laser, EM) – Knowledge of defensive countermeasures at software and/or hardware level – Excellent analytical and synthesis skills, high responsiveness Preferred Skills : Experience with smart cards or similar technologies (e.g., Hardware Security Modules – HSM) – Background in vulnerability research, reverse engineering, or binary analysis – Knowledge of basic communication standards such as ISO7816, ISO14443 – Knowledge of post-quantum cryptography (PQC) and cryptographic protocols Closing date for applications: Contact: Alexandre Gonzalvez (alexandre.gonzalvez(at)ingroupe.com) More information: https://www.linkedin.com/jobs/view/4359537260/

Job Posting: Postdoc Positions in Security and Cryptography University of Vienna, Austria With E-STEEM – empowering women in STEM and Economics, the University of Vienna awards at least 20 four-year and full-time (40h/week) postdoctoral positions to outstanding female scientists in natural sciences, life sciences, and economics. At the Faculty of Computer Science, the research group “Security and Privacy”, led by Prof. Edgar Weippl, offers an excellent environment to deepen your research in applied IT/software/AI security. The research group “Theory and Applications of Algorithms” offers the opportunity to explore foundational questions in cryptography under the supervision of Ass.-Prof. Karen Azari. Applications must contain all required documents and be done exclusively through the linked job portal of University of Vienna. University of Vienna is located centrally and public transport is extraordinarily good. Vienna is internationally very well connected by train, plane and bus. There are several security and cryptography research groups in and around Vienna with whom we have regular exchange. Closing date for applications: Contact: for a postdoc in Applied Security: Edgar Weippl (edgar.weippl(at)univie.ac.at) for a postdoc in Foundations of Cryptography: Karen Azari (karen.azari(at)univie.ac.at) More information: https://careers.univie.ac.at/en/postdoc/e-steem

Job Posting: Postdoctoral Research Fellow in Quantum Computing – Cryptography – Number Theory The Cyprus Institute Post-Doctoral Research Fellow in Quantum Computing, Cryptography and Number Theory at the Computation-based Science and Technology Research Centre (CaSToRC), The Cyprus Institute — ERA Chair QUEST. The Cyprus Institute (CyI) invites applications for a post-doctoral research fellow within the EU-funded ERA Chair project QUEST: Quantum Computing for Excellence in Science and Technology, based at CaSToRC in Cyprus. This position offers a unique opportunity to conduct original research at the forefront of quantum computing and quantum-era cryptography. The successful candidate will work on emerging problems at the interface of number theory, cryptography, and quantum computation, contributing to the development of new concepts, methods, and paradigms. The role is well suited to candidates seeking interdisciplinarity and early involvement in a fast-growing research area, within an internationally connected and collaborative environment. Qualifications PhD in Mathematics, Computer Science, Physics, Quantum Information, or a closely related field. Strong research potential and independence; experience with quantum programming or cryptography is an advantage. Appointment Full-time (18-month contract, renewable subject to performance and funding). How to apply Via the Cyprus Institute online recruitment portal. Closing date for applications: Contact: Contact: Dr Eleni Agathocleous, Assistant Professor, CaSToRC, The Cyprus Institute https://www.cyi.ac.cy/index.php/castorc/about-the-center/castorc-our-people/itemlist/user/1523-eleni-agathocleous.html More information: https://onlinerecruitment.exelsyslive.com/?c=6e7274a2-8eba-4bea-905b-06f790eeb566&v=2026/0384

Job Posting: Research Internship in cryptography IMDEA Software Institute, Madrid The IMDEA Software Institute invites applications for a research internship in cryptography. The successful applicant will join the cryptography research team and contribute to the design and implementation of advanced cryptographic protocols, with an emphasis on practical and experimental aspects. Who should apply? Required qualifications: BSc or MSc in Computer Science, Mathematics or a closely related field (completed or currently enrolled). Programming experience in C and Python (links to contributed projects, e.g., open-source repositories, are welcome in your CV). Familiarity with cryptography (e.g., through university-level coursework or equivalent experience). Foundations in algorithms and mathematics. Desirable Qualifications: Ability to read and understand cryptography research papers. Prior experience implementing mathematical algorithms or cryptographic protocols (in particular zero-knowledge proofs and fully homomorphic encryption). Knowledge of computer architecture and microarchitecture (in particular, how they affect software performance), and software optimization techniques. For more information, please check the announcement. Closing date for applications: Contact: Dario Fiore More information: https://software.imdea.org/careers/2026-01-intern-verifhe/

Job Posting: Software Engineer (Cryptography) IMDEA Software Institute, Madrid, Spain The IMDEA Software Institute invites applications for a Software Engineer to join its cryptography research team. The successful candidate will work closely with researchers on the design of novel software libraries and on the implementation of cutting-edge cryptographic protocols, in particular involving homomorphic encryption and zero-knowledge proofs. This position is well suited for candidates with strong software engineering skills who are excited about contributing to state-of-the art cryptographic systems and helping shape the next generation of cryptographic software. Requirements BSc, MSc or PhD in Computer Science, Mathematics, or a closely related field Solid software engineering background, including API design, writing unit tests, and software documentation. Experience with C and Python languages (links to contributed projects, e.g., open-source repositories, are welcome in your CV) Foundations in algorithms and mathematics Foundational knowledge of computer architecture and microarchitecture (in particular, how they affect software performance) Basic knowledge of software optimization techniques (low-level programming with Intrinsics, compiler optimization options, and software profiling). Previous experience with it is highly desirable but not required. Desirable Qualifications Prior experience implementing cryptographic primitives or protocols Ability to read and understand cryptography research papers Interest in bridging theoretical cryptography and practical implementations Experience with packaging and deploying Python projects. For more information, please check the announcement. Closing date for applications: Contact: Dario Fiore More information: https://software.imdea.org/careers/2026-01-programmer-verifhe/

Job Posting: Cryptography Engineer Fortanix Fortanix is a leader in data-centric cybersecurity for hybrid multicloud environments, delivering advanced cryptography, encryption, and confidential AI solutions. As data breaches increase and traditional perimeter-based security falls short, Fortanix helps organizations discover, assess, and remediate data exposure risks—protecting sensitive data wherever it lives. Our unified platform supports Zero Trust strategies and prepares enterprises for the post-quantum era. Recognized with multiple Cybersecurity Excellence and Innovation Awards and trusted by partners such as NVIDIA, Microsoft, Intel, ServiceNow, and Snowflake, Fortanix brings together cryptography experts and industry leaders in a collaborative, high-integrity culture. We’re proud to be recognized as a Great Place to Work and are building the future of data security. Role Overview Fortanix is seeking a Cryptography Software Engineer based in Eindhoven, Netherlands, with 3+ years of experience building cryptographic systems. You’ll work on production-grade cryptography in Rust, C/C++, and/or Golang, contributing to secure, high-performance platforms used globally. What You’ll Do Design, implement, and maintain cryptographic software and APIs Integrate new cryptographic algorithms and analyze existing designs Research state-of-the-art attacks and implement side-channel mitigations Participate in code reviews and technical design discussions Deploy, monitor, and optimize software performance Document and share knowledge on cryptographic techniques What You’ll Bring 3+ years of backend engineering experience with cryptography exposure Proficiency in Rust, C/C++, and/or Golang Experience working in Linux environments Master’s degree in Cryptography or a related field (or equivalent experience) EU residency with a valid work permit Nice to Have Experience with security domains such as key management or PKI Familiarity with Git, containers, orchestration tools, and NoSQL databases Closing date for applications: Contact: Shannon Mrosko Sr. Talent Acquisition Partner shannon.mrosko@fortanix.com More information: https://apply.workable.com/fortanix/j/A122E95976/

Job Posting: RESEARCHER IN ADVERSARIAL MACHINE LEARNING IN CYBERSECURITY Luxembourg Institute of Science and Technology (LIST), Luxembourg As a key member of the project, you will be responsible for a range of critical tasks that will shape the project’s success: (1) Adversarial attack development: you will design and implement problem-space adversarial attacks against LLM-based vulnerability detection systems. (2) Robustness evaluation framework: you will develop comprehensive assessment methodologies to quantify the weaknesses and limitations of LLMs in software vulnerability detection. (3) Explainable detection pipeline: you will investigate and document the mechanisms through which LLMs identify software vulnerabilities, creating an interpretable detection framework that provides insights into model decision-making processes. (4) Human-in-the-loop system design: you will develop innovative approaches for integrating human expertise with LLM capabilities, including alignment techniques for human-to-LLM reasoning transfer and interactive training methodologies to enhance detection robustness. (5) Leader board development and validation: you will design and implement a dynamic evaluation platform that tracks and ranks state-of-the-art LLMs for vulnerability detection, conducting rigorous testing to ensure accurate assessment of model robustness against adversarial attacks. Closing date for applications: Contact: Qiang Tang (qiang.tang@list.lu) More information: https://app.skeeled.com/offer/c/691c3d2e6442c61b9ca4dd22?lang=en&show_description=true

Job Posting: Ph.D. Student Position in IoT Security University of Oldenburg, Germany The Safety-Security-Interaction Group at the Computer Science Department of the University of Oldenburg invites applications for a Ph.D. position in IoT Security in the context of medical applications (full-time). Excellent command of the English language is required; German language skills are not required. Application deadline: 8 March 2026 Complete job announcement and application procedure: https://uol.de/job936en Closing date for applications: Contact: Prof. Dr. Andreas Peter (andreas.peter@uol.de) More information: https://uol.de/job936en

Job Posting: Cryptography Engineer Cryspen We are looking for a Cryptography Engineer to join our team. This role offers an opportunity to contribute significantly to our mission and to shape the future of cryptographic software. In this role you will focus on building high-assurance, high-performance implementations to begin with. Later you may also help design and evaluate new cryptographic constructions and protocols. Tasks Implement new cryptographic primitives and protocols for Cryspen products Maintain Cryspen’s cryptographic software Integration of Cryspen products Requirements Proficient in cryptography or math Comfortable working in a distributed team Professional software development experience with Rust or C/C++ Closing date for applications: Contact: Franziskus Kiefer More information: https://join.com/companies/cryspen/15569089-cryptography-engineer

Job Posting: Multiple tenure-track positions University of Warsaw, Poland The Faculty of Mathematics, Informatics and Mechanics of the University of Warsaw (MIM UW) invites applications for the positions of Assistant Professor in Computer Science, starting on 1st October 2026 or 1st February 2027. MIM UW is one of the leading Computer Science faculties in Europe. It is known for talented students (e.g., two wins and multiple top tens in the ACM International Collegiate Programming Contest) and strong research teams, especially in algorithms, logic and automata, algorithmic economy, and computational biology. There is also a growing number of successful smaller groups in diverse areas including cryptography, databases and knowledge representation, distributed systems, and machine learning. Seven ERC grants in Computer Science are running at MIM UW at the moment. In the current call, 7 positions are offered (follow the links for more details): Samuel Eilenberg Assistant Professor (2 positions; reduced teaching and increased salary); Assistant Professor (3 positions; research and teaching); Assistant Professor in Systems, Programming Languages or Machine Learning (1 position; research and teaching; increased salary); Assistant Professor (1 position; teaching only). Deadline for applications: 20th February 2026. Closing date for applications: Contact: Filip Murlak (f.murlak@uw.edu.pl) or Oskar Skibski (o.skibski@uw.edu.pl). More information: https://jobs.uw.edu.pl/en-gb/offer/WMIM_2026/field/ADIUNKT/

ePrint Report: The Verification Theater: When Formal Methods Create False Assurance in Cryptographic Libraries Nadim Kobeissi Formal verification of cryptographic implementations is frequently presented as providing “the highest level of assurance” against implementation defects. We examine this claim through a case study of Cryspen’s libcrux and hpke-rs, two cryptographic libraries that are marketed as formally verified and high-assurance. We examine five vulnerabilities across these libraries. The first, a platform-dependent cryptographic output failure in SHA-3 intrinsics discovered by an independent researcher in November 2025, set the stage for our own audit, which identified four additional defects: a missing mandatory validation for X25519 Diffie-Hellman outputs, a nonce reuse vulnerability via integer overflow, ECDSA signature malleability due to absent low-S normalization, and an Ed25519 key generation defect that reduces seed entropy. We analyze why each defect fell outside the scope of the formal verification methodology employed, identify a structural pattern we term the verification boundary problem, and argue that the gap between marketing claims of verification completeness and the engineering reality of partial verification constitutes a systemic risk for adopters of formally verified cryptographic software. Our findings suggest that formal verification, while valuable for the specific properties it targets, must be complemented by traditional engineering practices and communicated with precision about its actual scope, lest it become a form of security theater.

ePrint Report: On the Use of Atkin and Weber Modular Polynomials in Isogeny Proofs of Knowledge Thomas den Hollander, Marzio Mula, Daniel Slamanig, Sebastian A. Spindler Zero-knowledge proofs of knowledge of isogenies constitute a key building block in the design of isogeny-based signature schemes and have numerous other practical applications. A recent line of work investigated such proofs based on generic proof systems, e.g., zk-SNARKs, along with a suitable arithmetization and in particular rank-1 constraint systems (R1CS). Cong, Lai and Levin (ACNS’23) considered proving the knowledge of an isogeny of degree $2^k$ between supersingular elliptic curves via modular polynomial relations. Recently, den Hollander et al. (CRYPTO’25) have shown that the use of canonical modular polynomials instead of the classical ones allows to improve on the number of constraints for the same types of isogenies, and further allows to extend this approach to isogenies of higher (though limited) degrees. Another recent work by Levin and Pedersen (ASIACRYPT’25) showed that switching from modular polynomials to radical isogeny formulas also leads to significant improvements (at least for the case of the prime $\ell=2$). A natural question that remained open is whether sticking with the modular polynomial-based approach, but switching to other candidates of modular polynomials, and in particular Atkin and Weber polynomials, is possible and gives improvements and flexibility. In this paper we show that the use of the Atkin modular polynomials enables the use of degrees not covered by existing works and improves the number of constraints for $\ell > 2$ by up to $27\%$, while the Weber polynomials allow up to $39\%$ sparser constraint systems than the current state of the art. As in our prior work on canonical modular polynomials, the adaption of well-known results to the Atkin and Weber modular polynomials also requires some technical work, especially when going to positive characteristic. To this end we expand and optimize our previous resultant-based methodology, resulting in much simpler proofs for our multiplicity theorems.

ePrint Report: A Unified Hardware Architecture for Stateful and Stateless Hash-Based Key/Signature Generations Yechu Zhang, Yuxuan Chu, Yaodong Wei, Yueqin Dai, Qiu Shen, Jing Tian Hash-based signature (HBS) schemes, including LMS, XMSS, and SPHINCS+, have become crucial components of post-quantum cryptography. LMS and XMSS are stateful schemes, while SPHINCS+ is stateless, which can be applied in different scenarios. A variety of hash operations in these schemes lead to complex input/output patterns for the hash cores. In this paper, we present an efficient and configurable hardware architecture that supports key generation and signing for all three schemes. Their complex procedural flows are abstracted into 11 shared and parameterized tasks under a unified control module, avoiding controller state blow-up. Driven by hierarchical counters, this approach maximizes resource reuse and preserves scalability, occupying only 17\% of the total LUTs. Moreover, the design employs two hash cores with unroll-2 scheduling, which are experimentally validated to strike a favorable balance between area and time. We further introduce an asymmetric dual-path hash input logic (HIL) for each of them: a dedicated parallel lane for the high-frequency One-Time Signature (OTS) task and a flexible padding-shifter for all other tasks. This eliminates wide multiplexers and achieves a superior area-time balance. On Artix-7 FPGA, our unified design occupies 24.2k LUTs/13.7k FFs/16.5 BRAMs. Compared to state-of-the-art single-scheme designs, our architecture achieves up to $4.12\times/10.92\times$ lower Area-Time Product (ATP) for LMS/XMSS signing and $2.47\times/6.61\times$ lower ATP for key generation. More importantly, we provide a flexible, efficient, and scalable hardware foundation for the diverse practical deployments of HBS.

ePrint Report: A Visit to KAZ Attack: Finding a Minor Flaw and a Simplified Lattice Construction Yongbo Hu, Chen Zhang, Guomiao Zhou Inspired by a recent paper from Shanghai Jiao Tong University and China Telecom Quantum Information Technology Group [1]—which demonstrated a full break of the KAZ algorithm family submitted to Malaysia’s MySEAL 2.0 standardization—we focus specifically on its signature component. Within the same core theoretical framework, we have observed a subtle inaccuracy in the formula given in the original work. While this does not prevent the final private-key recovery via lattice reduction, it leads to incorrect derivation of the intermediate sensitive signature data e₁ and e₂. Building on this observation, we propose a refined lattice construction that successfully reproduces the original attack while eliminating the need for an additional step: computing the greatest common divisor (GCD) between the signature component S₂ and the modulus ϕ(N). This new construction is equally capable of recovering the private key using two signatures.

ePrint Report: Shared and leakage free MAYO Paco Azevedo-Oliveira, Jordan Beraud, Pierre Varjabedian Threshold signatures allow multiple parties to sign a common message by collaborating. More specifically, in a $(t,n)$-threshold signature scheme, at least $t$ out of $n$ parties must collaborate to sign a message. Although pre-quantum threshold signature algorithms have been extensively studied, the state of the art in the creation of post-quantum threshold algorithms remains sparse. Most studies focus on signature algorithms based on structured lattice problems. In particular, few papers have studied the creation of a threshold algorithm based on UOV, despite the simplicity of the scheme. This paper proposes various algorithms for a set of parties to solve a shared linear system $Ax= y$ in finite fields of low characteristic. The first two algorithms securely calculate the determinant of a shared matrix. The first uses recent theoretical results on Newton’s polynomials while the second adapts an algorithm by Samuelson and Berkowitz. From these algorithms, we can deduce two algorithms to solve the corresponding linear system. The last algorithm revisits an existing state-of-the-art algorithm by adding noise to the revealed matrix rank. We show that the resulting leakage will be hard to exploit. These two algorithms enable new threshold instantiations of UOV and UOV-based schemes, in particular MAYO.

ePrint Report: Three-Round (Robust) Threshold ECDSA from Threshold CL Encryption Bowen Jiang, Guofeng Tang, Haiyang Xue Threshold ECDSA has become a crucial security component in blockchain and decentralized systems, as it mitigates the risk of a single point of failure. Following the multiplicative-to-additive approach, the state-of-the-art threshold ECDSA (Doerner et al. in S&P24) requires only three rounds but has \( O(n) \) outgoing communication complexity. Based on threshold CL encryption, Wong et al. (in NDSS24) proposed the first scheme with constant outgoing communication; however, their scheme requires at least four rounds. We bridge this gap by introducing a three-round threshold ECDSA scheme with constant outgoing communication based on threshold CL encryption. Additionally, we enhance our basic scheme with robustness while maintaining the number of communication rounds, albeit at the cost of non-constant outgoing communication. Our implementation demonstrates that the basic scheme achieves optimal runtime and communication costs, while the robust variant reduces the communication rounds required by Wong et al.’s scheme, incurring only a small additional cost in small-scale settings.

ePrint Report: On the Active Security of the PEARL-SCALLOP Group Action Tako Boris Fouotsa, Marc Houben, Gioella Lorenzon, Ryan Rueger, Parsa Tasbihgou We present an active attack against the PEARL-SCALLOP group action. Modelling Alice as an oracle that outputs the action by a secret ideal class on suitably chosen oriented elliptic curves, we show how to recover the secret using a handful of oracle calls (four for the parameter set targeting a security level equivalent to CSIDH-1024), by reducing to the computation of moderately-sized group action discrete logarithms. The key ingredient to the attack is to employ curves with non-primitive orientations inherent to the PEARL-SCALLOP construction. We provide methods for public-key validation — that is, for deciding whether a given orientation is primitive — and discuss their practicality.

ePrint Report: Hardness of hinted ISIS from the space-time hardness of lattice problems Martin R. Albrecht, Russell W. F. Lai, Eamonn W. Postlethwaite We initiate the study of basing the hardness of hinted ISIS problems (i.e. with trapdoor information, or ‘hints’) on the previously conjectured space-time hardness of lattice problems without hints. We present two main results. 1. If there exists an efficient algorithm for hinted ISIS that outputs solutions a constant factor longer than the hints, then there exists a single-exponential time and polynomial memory zero-centred spherical Gaussian sampler solving hinted SIS with norm a constant factor shorter than the hints. 2. Assume the existence of a chain of algorithms for hinted ISIS each taking as input Gaussian hints whose norms decrease by a constant factor at each step in the chain, then there exists a single-exponential time and polynomial memory algorithm for SIS with norm a quasilinear factor from optimal. The existence of such hinted ISIS solvers implies single-exponential time and polynomial memory algorithms for worst-case lattice problems, contradicting a conjecture by Lombardi and Vaikuntanathan (CRYPTO’20) and all known algorithms. This suggests that hinted ISIS is hard. Apart from advancing our understanding of hinted lattice problems, an immediate consequence is that signing the same message twice in GPV-style [Gentry–Peikert–Vaikuntanathan, STOC’08] schemes (without salting or derandomisation) likely does not compromise unforgeability. Also, cryptanalytic attempts on the One-More-ISIS problem [Agrawal–Kirshanova–Stehlé-Yadav, CCS’22] likely will need to overcome the conjectured space-time hardness of lattices.

ePrint Report: Benchmarking Secure Multiparty Computation Frameworks for Real-World Workloads in Diverse Network Settings Christopher Harth-Kitzerow, Jonas Schiller, Nina Schwanke, Thomas Prantl, Georg Carle Secure Multiparty Computation (MPC) enables distributed parties to jointly evaluate functions on their combined datasets while preserving individual data confidentiality. Although MPC protocols and frameworks have achieved significant performance improvements in recent years, particularly for complex workloads like secure neural network inference, systematic standardization and benchmarking of these frameworks remain underexplored. This work comprehensively analyzes over 50 MPC applications to identify the core algorithmic structure most common in real-world MPC applications. From this analysis, we derive six reference use cases and implement these across four state-of-the-art MPC frameworks: HPMPC, MPyC, MP-SPDZ, and MOTION. We develop an open-source benchmarking framework that evaluates these implementations under varying network conditions, including bandwidth constraints, latency, packet loss, and input sizes. Our work presents the first systematic cross-framework evaluation of MPC performance based on real-world use cases across diverse network conditions and MPC security models. Thus, our comprehensive analysis yields novel insights into practical MPC performance and provides evidence-based recommendations for framework selection across different operational contexts.

ePrint Report: Succinct Non-interactive Arguments of Proximity Liyan Chen, Zhengzhong Jin, Daniel Wichs We study succinct non-interactive arguments of proximity (SNAP), which allow a prover to convince a verifier that a statement is true through a short message. Moreover, the verifier reads only a sublinear number of bits of the statement, and soundness is required to hold against polynomial-time adversaries when the statement is $\epsilon$-far from any true statements. SNAPs can be seen as the natural analog of property testing in the context of succinct non-interactive arguments (SNARGs). We obtain both positive and negative results for SNAPs. – Adaptive SNAPs for P and NP: For any $\epsilon \in (0, 1)$, we construct the first adaptively sound SNAPs for P with $\epsilon$-proximity based on standard assumptions: LWE or subexponential DDH or DLIN over bilinear maps. Our proof size, verifier’s query complexity, and verification time are $n^{1/2 + o(1)}\cdot \mathsf{poly}(\lambda)$, where $n$ is the length of the statement and $\lambda$ is the security parameter. By additionally assuming sub-exponentially secure indistinguishability obfuscation, we upgrade this result to SNAPs for NP with essentially the same parameters. Previously, we only had non-adaptively sound SNAPs for P in the designated verifier setting with $O(n^{1-\delta})$ proof size, query complexity, and verification time for some constant $\delta > 0$. – Lower Bound: We show that our parameters in the adaptive soundness setting are nearly optimal, up to an $n^{o(1)} \cdot \mathsf{poly}(\lambda)$ factor: in any adaptive SNAP for P, the product of proof size and verifier query complexity must be $\Omega(n)$. Our lower bound is unconditional. – Fully Succinct Non-adaptive SNAPs for NP: For any constant $\epsilon \in (0, 1)$, we construct the first non-adaptively sound SNAPs for NP with $\epsilon$-proximity, based on learning with errors and indistinguishability obfuscation. The proof size, verifier’s query complexity, and verification time in our constructions are fixed polynomials in the security parameter. We also show that restricting such SNAPs to just P would already imply non-adaptively sound SNARGs for NP. Central to our SNAP constructions is a new notion of commitment of proximity, which enables sublinear-time verification of the commitment. To derive our unconditional lower bound, we adopt and generalize theorems from oracle-presampling techniques in the random oracle literature. Both techniques may be of independent interest.