Dates are inconsistent

Dates are inconsistent

2000 results sorted by ID

Possible spell-corrected query: secure order
2025/179 (PDF) Last updated: 2025-02-06
Higher-Order Deterministic Masking with Application to Ascon
Vahid Jahandideh, Bart Mennink, Lejla Batina
Implementation

Side-channel attacks (SCAs) pose a significant threat to the implementations of lightweight ciphers, particularly in resource-constrained environments where masking—the primary countermeasure—is constrained by tight resource limitations. This makes it crucial to reduce the resource and randomness requirements of masking schemes. In this work, we investigate an approach to minimize the randomness complexity of masking algorithms. Specifically, we explore the theoretical foundations...

2025/171 (PDF) Last updated: 2025-02-07
A light white-box masking scheme using Dummy Shuffled Secure Multiplication
Alex Charlès, Aleksei Udovenko
Implementation

In white-box cryptography, early encoding-based countermeasures have been broken by the DCA attack, leading to the utilization of masking schemes against a surge of automated attacks. The recent filtering attack from CHES 2024 broke the last viable masking scheme from CHES 2021 resisting both computational and algebraic attacks, raising the need for new countermeasures. In this work, we perform the first formal study of the combinations of existing countermeasures and demonstrate that...

2025/129 (PDF) Last updated: 2025-01-27
DewTwo: a transparent PCS with quasi-linear prover, logarithmic verifier and 4.5KB proofs from falsifiable assumptions
Benedikt Bünz, Tushar Mopuri, Alireza Shirzad, Sriram Sridhar
Cryptographic protocols

We construct the first polynomial commitment scheme (PCS) that has a transparent setup, quasi-linear prover time, $\log N$ verifier time, and $\log \log N$ proof size, for multilinear polynomials of size $N$. Concretely, we have the smallest proof size amongst transparent PCS, with proof size less than $4.5$KB for $N\leq 2^{30}$. We prove that our scheme is secure entirely under falsifiable assumptions about groups of unknown order. The scheme significantly improves on the prior work of Dew...

2025/128 (PDF) Last updated: 2025-02-14
Asynchronous YOSO a la Paillier
Ivan Bjerre Damgård, Simon Holmgaard Kamp, Julian Loss, Jesper Buus Nielsen
Cryptographic protocols

We present the first complete adaptively secure asynchronous MPC protocol for the YOSO (You Speak Only Once) setting. In contrast to many previous MPC constructions in the YOSO model, we provide a full stack implementation that does MPC, role assignment and total order broadcast. Therefore, our construction is also the first to provide adaptively secure asynchronous total order broadcast and MPC that is sub-quadratic in the number of parties and does not require threshold fully homomorphic...

2025/122 (PDF) Last updated: 2025-01-26
Qelect: Lattice-based Single Secret Leader Election Made Practical
Yunhao Wang, Fan Zhang
Cryptographic protocols

In a single secret leader election (SSLE) protocol, all parties collectively and obliviously elect one leader. No one else should learn its identity unless it reveals itself as the leader. The problem is first formalized by Boneh \textit{et al.} (AFT'20), which proposes an efficient construction based on the Decision Diffie-Hellman (DDH) assumption. Considering the potential risk of quantum computers, several follow-ups focus on designing a post-quantum secure SSLE protocol based on pure...

2025/078 (PDF) Last updated: 2025-01-17
Triple Ratchet: A Bandwidth Efficient Hybrid-Secure Signal Protocol
Yevgeniy Dodis, Daniel Jost, Shuichi Katsumata, Thomas Prest, Rolfe Schmidt
Cryptographic protocols

Secure Messaging apps have seen growing adoption, and are used by billions of people daily. However, due to imminent threat of a "Harvest Now, Decrypt Later" attack, secure messaging providers must react know in order to make their protocols $\textit{hybrid-secure}$: at least as secure as before, but now also post-quantum (PQ) secure. Since many of these apps are internally based on the famous Signal's Double-Ratchet (DR) protocol, making Signal hybrid-secure is of great importance. In...

2025/022 (PDF) Last updated: 2025-01-06
Leveled Functional Bootstrapping via External Product Tree
Zhihao Li, Xuan Shen, Xianhui Lu, Ruida Wang, Yuan Zhao, Zhiwei Wang, Benqiang Wei
Public-key cryptography

Multi-input and large-precision lookup table (LUT) evaluation pose significant challenges in Fully Homomorphic Encryption (FHE). Currently, two modes are employed to address this issue. One is tree-based functional bootstrapping (TFBS), which uses multiple blind rotations to construct a tree for LUT evaluation. The second is circuit bootstrapping, which decomposes all inputs into bits and utilizes a CMux tree for LUT evaluation. In this work, we propose a novel mode that is leveled...

2025/017 (PDF) Last updated: 2025-02-10
New Quantum Cryptanalysis of Binary Elliptic Curves (Extended Version)
Kyungbae Jang, Vikas Srivastava, Anubhab Baksi, Santanu Sarkar, Hwajeong Seo
Public-key cryptography

This paper improves upon the quantum circuits required for the Shor's attack on binary elliptic curves. We present two types of quantum point addition, taking both qubit count and circuit depth into consideration. In summary, we propose an in-place point addition that improves upon the work of Banegas et al. from CHES'21, reducing the qubit count – depth product by more than $73\%$ – $81\%$ depending on the variant. Furthermore, we develop an out-of-place point addition by using...

2024/2087 (PDF) Last updated: 2025-01-13
Post-Quantum Privacy for Traceable Receipt-Free Encryption
Paola de Perthuis, Thomas Peters
Public-key cryptography

Traceable Receipt-free Encryption (TREnc) has recently been introduced as a verifiable public-key encryption primitive endowed with a unique security model. In a nutshell, TREnc allows randomizing ciphertexts in transit in order to remove any subliminal information up to a public trace that ensures the non-malleability of the underlying plaintext. A remarkable property of TREnc is the indistinguishability of the randomization of chosen ciphertexts against traceable chosen-ciphertext attacks...

2024/2083 (PDF) Last updated: 2024-12-27
Fully Hybrid TLSv1.3 in WolfSSL on Cortex-M4
Mila Anastasova, Reza Azarderakhsh, Mehran Mozaffari Kermani
Cryptographic protocols

To provide safe communication across an unprotected medium such as the internet, network protocols are being established. These protocols employ public key techniques to perform key exchange and authentication. Transport Layer Security (TLS) is a widely used network protocol that enables secure communication between a server and a client. TLS is employed in billions of transactions per second. Contemporary protocols depend on traditional methods that utilize the computational complexity of...

2024/2058 (PDF) Last updated: 2024-12-20
Learning with Errors from Nonassociative Algebras
Andrew Mendelsohn, Cong Ling
Public-key cryptography

We construct a provably-secure structured variant of Learning with Errors (LWE) using nonassociative cyclic division algebras, assuming the hardness of worst-case structured lattice problems, for which we are able to give a full search-to-decision reduction, improving upon the construction of Grover et al. named `Cyclic Learning with Errors' (CLWE). We are thus able to create structured LWE over cyclic algebras without any restriction on the size of secret spaces, which was required for CLWE...

2024/2044 (PDF) Last updated: 2024-12-18
Cryptographic Commitments on Anonymizable Data
Xavier Bultel, Céline Chevalier, Charlène Jojon, Diandian Liu, Benjamin Nguyen
Cryptographic protocols

Local Differential Privacy (LDP) mechanisms consist of (locally) adding controlled noise to data in order to protect the privacy of their owner. In this paper, we introduce a new cryptographic primitive called LDP commitment. Usually, a commitment ensures that the committed value cannot be modified before it is revealed. In the case of an LDP commitment, however, the value is revealed after being perturbed by an LDP mechanism. Opening an LDP commitment therefore requires a proof that the...

2024/2042 (PDF) Last updated: 2024-12-18
A Note on Isogeny Group Action-Based Pseudorandom Functions
Yi-Fu Lai
Attacks and cryptanalysis

In PKC'24, de Saint Guilhem and Pedersen give a pseudorandom function basing on a relaxed group action assumption in the semi-honest setting. Basing on the assumption, they build an oblivious pseudorandom function (OPRF). Later, a recent paper by Levin and Pedersen uses the same function to build a verifiable random function (VRF), using the same assumption. We give a structural attack on this problem by reducing it to a few group action inverse problems (GAIP/DLog) over small subgroups....

2024/1983 (PDF) Last updated: 2025-01-11
UTRA: Universe Token Reusability Attack and Verifiable Delegatable Order-Revealing Encryption
Jaehwan Park, Hyeonbum Lee, Junbeom Hur, Jae Hong Seo, Doowon Kim
Public-key cryptography

As dataset sizes grow, users increasingly rely on encrypted data and secure range queries on cloud servers, raising privacy concerns about potential data leakage. Order-revealing encryption (ORE) enables efficient operations on numerical datasets, and Delegatable ORE (DORE) extends this functionality to multi-client environments, but it faces risks of token forgery. Secure DORE (SEDORE) and Efficient DORE (EDORE) address some vulnerabilities, with EDORE improving speed and storage...

2024/1977 (PDF) Last updated: 2025-01-29
Bounded CCA2 Secure Proxy Re-encryption Based on Kyber
Shingo Sato, Junji Shikata
Public-key cryptography

Proxy re-encryption (PRE) allows a semi-honest party (called a proxy) to convert ciphertexts under a public key into ciphertexts under another public key. Due to this functionality, there are various applications such as encrypted email forwarding, key escrow, and secure distributed file systems. On the other hand, post-quantum cryptography (PQC) is one of the most important research areas. However, there is no post-quantum PRE scheme with security against adaptive chosen ciphertext attacks...

2024/1966 (PDF) Last updated: 2024-12-04
Efficient Succinct Zero-Knowledge Arguments in the CL Framework
Agathe Beaugrand, Guilhem Castagnos, Fabien Laguillaumie
Cryptographic protocols

The CL cryptosystem, introduced by Castagnos and Laguillaumie in 2015, is a linearly homomorphic encryption scheme that has seen numerous developments and applications in recent years, particularly in the field of secure multiparty computation. Designing efficient zero-knowledge proofs for the CL framework is critical, especially for achieving adaptive security for such multiparty protocols. This is a challenging task due to the particularities of class groups of quadratic fields used to...

2024/1965 (PDF) Last updated: 2025-01-23
Onion Franking: Abuse Reports for Mix-Based Private Messaging
Matthew Gregoire, Margaret Pierce, Saba Eskandarian
Applications

The fast-paced development and deployment of private messaging applications demands mechanisms to protect against the concomitant potential for abuse. While widely used end-to-end encrypted (E2EE) messaging systems have deployed mechanisms for users to verifiably report abusive messages without compromising the privacy of unreported messages, abuse reporting schemes for systems that additionally protect message metadata are still in their infancy. Existing solutions either focus on a...

2024/1920 (PDF) Last updated: 2025-01-20
An Extended Hierarchy of Security Notions for Threshold Signature Schemes and Automated Analysis of Protocols That Use Them
Cas Cremers, Aleksi Peltonen, Mang Zhao
Public-key cryptography

Despite decades of work on threshold signature schemes, there is still limited agreement on their desired properties and threat models. In this work we significantly extend and repair previous work to give a unified syntax for threshold signature schemes and a new hierarchy of security notions for them. Moreover, our new hierarchy allows us to develop an automated analysis approach for protocols that use threshold signatures, which can discover attacks on protocols that exploit the details...

2024/1903 (PDF) Last updated: 2024-12-15
Trustworthy Approaches to RSA: Efficient Exploitation Strategies Based on Common Modulus
Mahdi Mahdavi, Navid Abapour, Zahra Ahmadian
Public-key cryptography

With the increasing integration of crowd computing, new vulnerabilities emerge in widely used cryptographic systems like the RSA cryptosystem, whose security is based on the factoring problem. It is strongly advised to avoid using the same modulus to produce two pairs of public-private keys, as the cryptosystem would be rendered vulnerable to common modulus attacks. Such attacks can take two forms: one that aims to factorize the common modulus based on one key pair and the other that aims to...

2024/1881 (PDF) Last updated: 2024-11-19
THOR: Secure Transformer Inference with Homomorphic Encryption
Jungho Moon, Dongwoo Yoo, Xiaoqian Jiang, Miran Kim
Cryptographic protocols

As language models are increasingly deployed in cloud environments, privacy concerns have become a significant issue. To address this, we design THOR, a secure inference framework for transformer models on encrypted data. Specifically, we first propose new fast matrix multiplication algorithms based on diagonal-major order encoding and extend them to parallel matrix computation through the compact ciphertext packing technique. Second, we design efficient protocols for secure computations of...

2024/1875 (PDF) Last updated: 2024-11-16
mUOV: Masking the Unbalanced Oil and Vinegar Digital Sigital Signature Scheme at First- and Higher-Order
Suparna Kundu, Quinten Norga, Uttam Kumar Ojha, Anindya Ganguly, Angshuman Karmakar, Ingrid Verbauwhede
Implementation

The National Institute for Standards and Technology (NIST) initiated a standardization procedure for additional digital signatures and recently announced round-2 candidates for the PQ additional digital signature schemes. The multivariate digital signature scheme Unbalanced Oil and Vinegar (UOV) is one of the oldest post-quantum schemes and has been selected by NIST for Round 2. Although UOV is mathematically secure, several side-channel attacks (SCA) have been shown on the UOV or UOV-based...

2024/1871 (PDF) Last updated: 2024-11-15
Field-Agnostic SNARKs from Expand-Accumulate Codes
Alexander R. Block, Zhiyong Fang, Jonathan Katz, Justin Thaler, Hendrik Waldner, Yupeng Zhang
Cryptographic protocols

Efficient realizations of succinct non-interactive arguments of knowledge (SNARKs) have gained popularity due to their practical applications in various domains. Among existing schemes, those based on error-correcting codes are of particular interest because of their good concrete efficiency, transparent setup, and plausible post-quantum security. However, many existing code-based SNARKs suffer from the disadvantage that they only work over specific finite fields. In this work, we...

2024/1836 (PDF) Last updated: 2024-11-08
Symmetric Encryption on a Quantum Computer
David Garvin, Oleksiy Kondratyev, Alexander Lipton, Marco Paini
Secret-key cryptography

Classical symmetric encryption algorithms use $N$ bits of a shared secret key to transmit $N$ bits of a message over a one-way channel in an information theoretically secure manner. This paper proposes a hybrid quantum-classical symmetric cryptosystem that uses a quantum computer to generate the secret key. The algorithm leverages quantum circuits to encrypt a message using a one-time pad-type technique whilst requiring a shorter classical key. We show that for an $N$-qubit...

2024/1832 (PDF) Last updated: 2024-11-07
How to Delete Without a Trace: Certified Deniability in a Quantum World
Alper Çakan, Vipul Goyal, Justin Raizes
Foundations

Is it possible to comprehensively destroy a piece of quantum information, so that nothing is left behind except the memory of that one had it at some point? For example, various works, most recently Morimae, Poremba, and Yamakawa (TQC '24), show how to construct a signature scheme with certified deletion where a user who deletes a signature on $m$ cannot later produce a signature for $m$. However, in all of the existing schemes, even after deletion the user is still able keep irrefutable...

2024/1830 (PDF) Last updated: 2024-11-07
A Tight Analysis of GHOST Consistency
Peter Gaži, Zahra Motaqy, Alexander Russell
Cryptographic protocols

The GHOST protocol has been proposed as an improvement to the Nakamoto consensus mechanism that underlies Bitcoin. In contrast to the Nakamoto fork-choice rule, the GHOST rule justifies selection of a chain with weights computed over subtrees rather than individual paths. This mechanism has been adopted by a variety of consensus protocols, and is a part of the currently deployed protocol supporting Ethereum. We establish an exact characterization of the security region of the GHOST...

2024/1826 (PDF) Last updated: 2024-11-07
Cloning Games, Black Holes and Cryptography
Alexander Poremba, Seyoon Ragavan, Vinod Vaikuntanathan
Foundations

The no-cloning principle has played a foundational role in quantum information and cryptography. Following a long-standing tradition of studying quantum mechanical phenomena through the lens of interactive games, Broadbent and Lord (TQC 2020) formalized cloning games in order to quantitatively capture no-cloning in the context of unclonable encryption schemes. The conceptual contribution of this paper is the new, natural, notion of Haar cloning games together with two applications. In the...

2024/1818 (PDF) Last updated: 2025-02-05
SoK: On the Physical Security of UOV-based Signature Schemes
Thomas Aulbach, Fabio Campos, Juliane Krämer
Attacks and cryptanalysis

Multivariate cryptography currently centres mostly around UOV-based signature schemes: All multivariate round 2 candidates in the selection process for additional digital signatures by NIST are either UOV itself or close variations of it: MAYO, QR-UOV, SNOVA, and UOV. Also schemes which have been in the focus of the multivariate research community, but are broken by now - like Rainbow and LUOV - are based on UOV. Both UOV and the schemes based on it have been frequently analyzed regarding...

2024/1817 (PDF) Last updated: 2024-11-12
Improved ML-DSA Hardware Implementation With First Order Masking Countermeasure
Kamal Raj, Prasanna Ravi, Tee Kiah Chia, Anupam Chattopadhyay
Implementation

We present the protected hardware implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). ML-DSA is an extension of Dilithium 3.1, which is the winner of the Post Quantum Cryptography (PQC) competition in the digital signature category. The proposed design is based on the existing high-performance Dilithium 3.1 design. We implemented existing Dilithium masking gadgets in hardware, which were only implemented in software. The masking gadgets are integrated with the...

2024/1794 (PDF) Last updated: 2025-01-05
How Much Public Randomness Do Modern Consensus Protocols Need?
Joseph Bonneau, Benedikt Bünz, Miranda Christ, Yuval Efron
Cryptographic protocols

Modern blockchain-based consensus protocols aim for efficiency (i.e., low communication and round complexity) while maintaining security against adaptive adversaries. These goals are usually achieved using a public randomness beacon to select roles for each participant. We examine to what extent this randomness is necessary. Specifically, we provide tight bounds on the amount of entropy a Byzantine Agreement protocol must consume from a beacon in order to enjoy efficiency and adaptive...

2024/1786 (PDF) Last updated: 2024-11-01
Black-Box Timed Commitments from Time-Lock Puzzles
Hamza Abusalah, Gennaro Avitabile
Cryptographic protocols

A Timed Commitment (TC) with time parameter $t$ is hiding for time at most $t$, that is, commitments can be force-opened by any third party within time $t$. In addition to various cryptographic assumptions, the security of all known TC schemes relies on the sequentiality assumption of repeated squarings in hidden-order groups. The repeated squaring assumption is therefore a security bottleneck. In this work, we give a black-box construction of TCs from any time-lock puzzle (TLP) by...

2024/1777 (PDF) Last updated: 2025-01-23
Masking Gaussian Elimination at Arbitrary Order, with Application to Multivariate- and Code-Based PQC
Quinten Norga, Suparna Kundu, Uttam Kumar Ojha, Anindya Ganguly, Angshuman Karmakar, Ingrid Verbauwhede
Implementation

Digital signature schemes based on multivariate- and code-based hard problems are promising alternatives for lattice-based signature schemes, due to their small signature size. Gaussian Elimination (GE) is a critical operation in the signing procedure of these schemes. In this paper, we provide a masking scheme for GE with back substitution to defend against first- and higher-order attacks. To the best of our knowledge, this work is the first to analyze and propose masking techniques for...

2024/1770 (PDF) Last updated: 2024-10-30
Improved Attacks for SNOVA by Exploiting Stability under a Group Action
Daniel Cabarcas, Peigen Li, Javier Verbel, Ricardo Villanueva-Polanco
Attacks and cryptanalysis

SNOVA is a post-quantum digital signature scheme based on multivariate polynomials. It is a first-round candidate in an ongoing NIST standardization process for post-quantum signatures, where it stands out for its efficiency and compactness. Since its initial submission, there have been several improvements to its security analysis, both on key recovery and forgery attacks. All these works reduce to solving a structured system of quadratic polynomials, which we refer to as SNOVA...

2024/1764 (PDF) Last updated: 2024-10-29
Fully Homomorphic Encryption with Efficient Public Verification
Mi-Ying (Miryam) Huang, Baiyu Li, Xinyu Mao, Jiapeng Zhang
Public-key cryptography

We present an efficient Publicly Verifiable Fully Homomorphic Encryption scheme that, along with being able to evaluate arbitrary boolean circuits over ciphertexts, also generates a succinct proof of correct homomorphic computation. Our scheme is based on FHEW proposed by Ducas and Micciancio (Eurocrypt'15), and we incorporate the GINX homomorphic accumulator (Eurocrypt'16) for improved bootstrapping efficiency. In order to generate the proof efficiently, we generalize the widely used Rank-1...

2024/1744 (PDF) Last updated: 2024-10-29
PEARL-SCALLOP: Parameter Extension Applicable in Real-Life SCALLOP
Bill Allombert, Jean-François Biasse, Jonathan Komada Eriksen, Péter Kutas, Chris Leonardi, Aurel Page, Renate Scheidler, Márton Tot Bagi
Public-key cryptography

A crucial ingredient for many cryptographic primitives such as key exchange protocols and advanced signature schemes is a commutative group action where the structure of the underlying group can be computed efficiently. SCALLOP provides such a group action, based on oriented supersingular elliptic curves. We present PEARL-SCALLOP, a variant of SCALLOP that changes several parameter and design choices, thereby improving on both efficiency and security and enabling feasible parameter...

2024/1737 (PDF) Last updated: 2024-10-29
Embedded Curves and Embedded Families for SNARK-Friendly Curves
Aurore Guillevic, Simon Masson
Public-key cryptography

Based on the CM method for primality testing (ECPP) by Atkin and Morain published in 1993, we present two algorithms: one to generate embedded elliptic curves of SNARK-friendly curves, with a variable discriminant D; and another to generate families (parameterized by polynomials) with a fixed discriminant D. When D = 3 mod 4, it is possible to obtain a prime-order curve, and form a cycle. We apply our technique first to generate more embedded curves like Bandersnatch with BLS12-381 and we...

2024/1728 (PDF) Last updated: 2024-10-22
On Key Substitution Attacks against Aggregate Signatures and Multi-Signatures
Yuuki Fujita, Yusuke Sakai, Kyosuke Yamashita, Goichiro Hanaoka
Foundations

When we use signature schemes in practice, we sometimes should consider security beyond unforgeability. This paper considers security against key substitution attacks of multi-signer signatures (i.e., aggregate signatures and multi-signatures). Intuitively, this security property ensures that a malicious party cannot claim the ownership of a signature that is created by an honest signer. We investigate security against key substitution attacks of a wide range of aggregate signature...

2024/1718 (PDF) Last updated: 2024-10-21
Drifting Towards Better Error Probabilities in Fully Homomorphic Encryption Schemes
Olivier Bernard, Marc Joye, Nigel P. Smart, Michael Walter
Implementation

There are two security notions for FHE schemes the traditional notion of IND-CPA, and a more stringent notion of IND-CPA$^D$. The notions are equivalent if the FHE schemes are perfectly correct, however for schemes with negligible failure probability the FHE parameters needed to obtain IND-CPA$^D$ security can be much larger than those needed to obtain IND-CPA security. This paper uses the notion of ciphertext drift in order to understand the practical difference between IND-CPA and...

2024/1716 (PDF) Last updated: 2024-10-20
Rate-1 Statistical Non-Interactive Zero-Knowledge
Pedro Branco, Nico Döttling, Akshayaram Srinivasan
Cryptographic protocols

We give the first construction of a rate-1 statistical non-interactive zero-knowledge argument of knowledge. For the $\mathsf{circuitSAT}$ language, our construction achieves a proof length of $|w| + |w|^\epsilon \cdot \mathsf{poly}(\lambda)$ where $w$ denotes the witness, $\lambda$ is the security parameter, $\epsilon$ is a small constant less than 1, and $\mathsf{poly}(\cdot)$ is a fixed polynomial that is independent of the instance or the witness size. The soundness of our construction...

2024/1712 (PDF) Last updated: 2024-11-01
Low-Communication Updatable PSI from Asymmetric PSI and PSU
Guowei Ling, Peng Tang, Weidong Qiu
Cryptographic protocols

Private Set Intersection (PSI) allows two mutually untrusted parties to compute the intersection of their private sets without revealing additional information. In general, PSI operates in a static setting, where the computation is performed only once on the input sets of both parties. Badrinarayanan et al. (\textit{PoPETs} 2022) initiated the study of Updatable PSI (UPSI), which extends this capability to dynamically updating sets, enabling both parties to securely compute the intersection...

2024/1709 (PDF) Last updated: 2024-12-02
Do Not Disturb a Sleeping Falcon: Floating-Point Error Sensitivity of the Falcon Sampler and Its Consequences
Xiuhan Lin, Mehdi Tibouchi, Yang Yu, Shiduo Zhang
Public-key cryptography

Falcon is one of the three postquantum signature schemes already selected by NIST for standardization. It is the most compact among them, and offers excellent efficiency and security. However, it is based on a complex algorithm for lattice discrete Gaussian sampling which presents a number of implementation challenges. In particular, it relies on (possibly emulated) floating-point arithmetic, which is often regarded as a cause for concern, and has been leveraged in, e.g., side-channel...

2024/1680 (PDF) Last updated: 2024-10-16
Sunfish: Reading Ledgers with Sparse Nodes
Giulia Scaffino, Karl Wüst, Deepak Maram, Alberto Sonnino, Lefteris Kokoris-Kogias
Cryptographic protocols

The increased throughput offered by modern blockchains, such as Sui, Aptos, and Solana, enables processing thousands of transactions per second, but it also introduces higher costs for decentralized application (dApp) developers who need to track and verify changes in the state of their application. This is true because dApp developers run full nodes, which download and re-execute every transaction to track the global state of the chain. However, this becomes prohibitively expensive for...

2024/1676 (PDF) Last updated: 2024-10-15
The Sting Framework: Proving the Existence of Superclass Adversaries
Mahimna Kelkar, Yunqi Li, Nerla Jean-Louis, Carolina Ortega Pérez, Kushal Babel, Andrew Miller, Ari Juels

We introduce superclass accountability, a new notion of accountability for security protocols. Classical notions of accountability typically aim to identify specific adversarial players whose violation of adversarial assumptions has caused a security failure. Superclass accountability describes a different goal: to prove the existence of adversaries capable of violating security assumptions. We develop a protocol design approach for realizing superclass accountability called the sting...

2024/1660 (PDF) Last updated: 2024-10-14
A Note on the Hint in the Dilithium Digital Signature Scheme
Amit Berman, Ariel Doubchak, Noam Livne
Cryptographic protocols

In the Dilithium digital signature scheme, there is an inherent tradeoff between the length of the public key, and the length of the signature. The coefficients of the main part of the public-key, the vector $\mathbf{t}$, are compressed (in a lossy manner), or "quantized", during the key-generation procedure, in order to save on the public-key size. That is, the coefficients are divided by some fixed denominator, and only the quotients are published. However, this results in some "skew"...

2024/1651 (PDF) Last updated: 2024-12-11
One-Shot Native Proofs of Non-Native Operations in Incrementally Verifiable Computations
Tohru Kohrita, Patrick Towa, Zachary J. Williamson
Cryptographic protocols

Proving non-native operations is still a bottleneck in existing incrementally verifiable computations. Prior attempts to solve this issue either simply improve the efficiency of proofs of non-native operations or require folding instances in each curve of a cycle. This paper shows how to avoid altogether in-circuit proofs of non-native operations in the incremental steps, and only record them in some auxiliary proof information. These operations are proved natively at the end of the...

2024/1633 (PDF) Last updated: 2024-10-11
Efficient Boolean-to-Arithmetic Mask Conversion in Hardware
Aein Rezaei Shahmirzadi, Michael Hutter
Implementation

Masking schemes are key in thwarting side-channel attacks due to their robust theoretical foundation. Transitioning from Boolean to arithmetic (B2A) masking is a necessary step in various cryptography schemes, including hash functions, ARX-based ciphers, and lattice-based cryptography. While there exists a significant body of research focusing on B2A software implementations, studies pertaining to hardware implementations are quite limited, with the majority dedicated solely to creating...

2024/1625 (PDF) Last updated: 2024-10-11
On the Tight Security of the Double Ratchet
Daniel Collins, Doreen Riepel, Si An Oliver Tran
Cryptographic protocols

The Signal Protocol is a two-party secure messaging protocol used in applications such as Signal, WhatsApp, Google Messages and Facebook Messenger and is used by billions daily. It consists of two core components, one of which is the Double Ratchet protocol that has been the subject of a line of work that aims to understand and formalise exactly what security it provides. Existing models capture strong guarantees including resilience to state exposure in both forward security (protecting...

2024/1617 (PDF) Last updated: 2024-10-10
Algebraic Equipage for Learning with Errors in Cyclic Division Algebras
Cong Ling, Andrew Mendelsohn
Public-key cryptography

In Noncommutative Ring Learning With Errors From Cyclic Algebras, a variant of Learning with Errors from cyclic division algebras, dubbed ‘Cyclic LWE', was developed, and security reductions similar to those known for the ring and module case were given, as well as a Regev-style encryption scheme. In this work, we make a number of improvements to that work: namely, we describe methods to increase the number of cryptographically useful division algebras, demonstrate the hardness of CLWE from...

2024/1610 (PDF) Last updated: 2024-10-09
Secret Sharing with Snitching
Stefan Dziembowski, Sebastian Faust, Tomasz Lizurej, Marcin Mielniczuk
Foundations

We address the problem of detecting and punishing shareholder collusion in secret-sharing schemes. We do it in the recently proposed cryptographic model called individual cryptography (Dziembowski, Faust, and Lizurej, Crypto 2023), which assumes that there exist tasks that can be efficiently computed by a single machine but distributing this computation across multiple (mutually distrustful devices) is infeasible. Within this model, we introduce a novel primitive called secret sharing...

2024/1585 (PDF) Last updated: 2024-10-07
Quantum Money from Class Group Actions on Elliptic Curves
Hart Montgomery, Shahed Sharif
Public-key cryptography

We construct a quantum money/quantum lightning scheme from class group actions on elliptic curves over $F_{p}$. Our scheme, which is based on the invariant money construction of Liu-Montgomery-Zhandry (Eurocrypt '23), is simple to describe. We believe it to be the most instantiable and well-defined quantum money construction known so far. The security of our quantum lightning construction is exactly equivalent to the (conjectured) hardness of constructing two uniform superpositions over...

2024/1574 (PDF) Last updated: 2025-01-21
Scalable Two-Round $n$-out-of-$n$ and Multi-Signatures from Lattices in the Quantum Random Oracle Model
Qiqi Lai, Feng-Hao Liu, Yang Lu, Haiyang Xue, Yong Yu
Public-key cryptography

In this paper, we construct the first asymptotically efficient two-round $n$-out-of-$n$ and multi-signature schemes from lattices in the quantum random oracle model (QROM), using the Fiat-Shamir with Aborts (FSwA) paradigm. Our protocols can be viewed as the QROM~variants of the two-round protocols by Damgård et al. (JoC 2022). A notable feature of our protocol, compared to other counterparts in the classical random oracle model, is that each party performs an independent abort and still...

2024/1566 (PDF) Last updated: 2025-02-14
Dynamic zk-SNARKs
Weijie Wang, Charalampos Papamanthou, Shravan Srinivasan, Dimitrios Papadopoulos
Cryptographic protocols

In this work, we put forth the notion of dynamic zk-SNARKs. A dynamic zk-SNARK is a zk-SNARK that has an additional update algorithm. The update algorithm takes as input a valid source statement-witness pair $(x,w)\in R$ along with a verifying proof $\pi$, and a valid target statement-witness pair $(x',w')\in R$. It outputs a verifying proof $\pi'$ for $(x',w')$ in sublinear time (for $(x,w)$ and $(x',w')$ with small Hamming distance) potentially with the help of a data structure. To the...

2024/1559 (PDF) Last updated: 2024-10-04
Mind the Composition of Toffoli Gates: Structural Algebraic Distinguishers of ARADI
Emanuele Bellini, Mohamed Rachidi, Raghvendra Rohit, Sharwan K. Tiwari
Secret-key cryptography

This paper reveals a critical flaw in the design of ARADI, a recently proposed low-latency block cipher by NSA researchers -- Patricia Greene, Mark Motley, and Bryan Weeks. The weakness exploits the specific composition of Toffoli gates in the round function of ARADI's nonlinear layer, and it allows the extension of a given algebraic distinguisher to one extra round without any change in the data complexity. More precisely, we show that the cube-sum values, though depending on the secret key...

2024/1551 (PDF) Last updated: 2024-10-03
SNARKs for Virtual Machines are Non-Malleable
Matteo Campanelli, Antonio Faonio, Luigi Russo

Cryptographic proof systems have a plethora of applications: from building other cryptographic tools (e.g., malicious security for MPC protocols) to concrete settings such as private transactions or rollups. In several settings it is important for proof systems to be non-malleable: an adversary should not to be able to modify a proof they have observed into another for a statement for which they do not know the witness. Proof systems that have been deployed in practice should arguably...

2024/1550 (PDF) Last updated: 2025-01-17
MAYO Key Recovery by Fixing Vinegar Seeds
Sönke Jendral, Elena Dubrova
Attacks and cryptanalysis

As the industry prepares for the transition to post-quantum secure public key cryptographic algorithms, vulnerability analysis of their implementations is gaining importance. A theoretically secure cryptographic algorithm should also be able to withstand the challenges of physical attacks in real-world environments. MAYO is a candidate in the ongoing first round of the NIST post-quantum standardization process for selecting additional digital signature schemes. This paper demonstrates three...

2024/1546 (PDF) Last updated: 2024-10-03
Bit t-SNI Secure Multiplication Gadget for Inner Product Masking
John Gaspoz, Siemen Dhooghe
Implementation

Masking is a sound countermeasure to protect against differential power analysis. Since the work by Balasch et al. in ASIACRYPT 2012, inner product masking has been explored as an alternative to the well known Boolean masking. In CARDIS 2017, Poussier et al. showed that inner product masking achieves higher-order security versus Boolean masking, for the same shared size, in the bit-probing model. Wang et al. in TCHES 2020 verified the inner product masking's security order amplification in...

2024/1535 (PDF) Last updated: 2024-10-01
Relaxed Lattice-Based Programmable Hash Functions: New Efficient Adaptively Secure IBEs
Xingye Lu, Jingjing Fan, Man Ho AU
Public-key cryptography

In this paper, we introduce the notion of relaxed lattice-based programmable hash function (RPHF), which is a novel variant of lattice-based programmable hash functions (PHFs). Lattice-based PHFs, together with preimage trapdoor functions (TDFs), have been widely utilized (implicitly or explicitly) in the construction of adaptively secure identity-based encryption (IBE) schemes. The preimage length and the output length of the underlying PHF and TDF together determine the user secret key and...

2024/1523 (PDF) Last updated: 2024-09-27
Functional Adaptor Signatures: Beyond All-or-Nothing Blockchain-based Payments
Nikhil Vanjani, Pratik Soni, Sri AravindaKrishnan Thyagarajan
Cryptographic protocols

In scenarios where a seller holds sensitive data $x$, like employee / patient records or ecological data, and a buyer seeks to obtain an evaluation of specific function $f$ on this data, solutions in trustless digital environments like blockchain-based Web3 systems typically fall into two categories: (1) Smart contract-powered solutions and (2) cryptographic solutions leveraging tools such as adaptor signatures. The former approach offers atomic transactions where the buyer learns the...

2024/1521 (PDF) Last updated: 2024-09-27
The SMAesH dataset
Gaëtan Cassiers, Charles Momin
Implementation

Datasets of side-channel leakage measurements are widely used in research to develop and benchmarking side-channel attack and evaluation methodologies. Compared to using custom and/or one-off datasets, widely-used and publicly available datasets improve research reproducibility and comparability. Further, performing high-quality measurements requires specific equipment and skills, while also taking a significant amount of time. Therefore, using publicly available datasets lowers the barriers...

2024/1518 (PDF) Last updated: 2024-09-26
Witness Semantic Security
Paul Lou, Nathan Manohar, Amit Sahai
Foundations

To date, the strongest notions of security achievable for two-round publicly-verifiable cryptographic proofs for $\mathsf{NP}$ are witness indistinguishability (Dwork-Naor 2000, Groth-Ostrovsky-Sahai 2006), witness hiding (Bitansky-Khurana-Paneth 2019, Kuykendall-Zhandry 2020), and super-polynomial simulation (Pass 2003, Khurana-Sahai 2017). On the other hand, zero-knowledge and even weak zero-knowledge (Dwork-Naor-Reingold-Stockmeyer 1999) are impossible in the two-round publicly-verifiable...

2024/1511 (PDF) Last updated: 2024-09-26
Some Classes of Cubic Monomial Boolean Functions with Good Second-Order Nonlinearity
RUCHI TELANG GODE
Secret-key cryptography

It is well known that estimating a sharp lower bound on the second-order nonlinearity of a general class of cubic Booleanfunction is a difficult task. In this paper for a given integer $n \geq 4$, some values of $s$ and $t$ are determined for which cubic monomial Boolean functions of the form $h_{\mu}(x)=Tr( \mu x^{2^s+2^t+1})$ $(n>s>t \geq 1)$ possess good lower bounds on their second-order nonlinearity. The obtained functions are worth considering for securing symmetric...

2024/1481 (PDF) Last updated: 2024-09-23
Tighter Adaptive IBEs and VRFs: Revisiting Waters' Artificial Abort
Goichiro Hanaoka, Shuichi Katsumata, Kei Kimura, Kaoru Takemure, Shota Yamada
Public-key cryptography

One of the most popular techniques to prove adaptive security of identity-based encryptions (IBE) and verifiable random functions (VRF) is the partitioning technique. Currently, there are only two methods to relate the adversary's advantage and runtime $(\epsilon, {\sf T})$ to those of the reduction's ($\epsilon_{\sf proof}, {\sf T}_{\sf proof}$) using this technique: One originates to Waters (Eurocrypt 2005) who introduced the famous artificial abort step to prove his IBE, achieving...

2024/1479 (PDF) Last updated: 2024-09-21
Honest Majority GOD MPC with $O(\mathsf{depth}(C))$ Rounds and Low Online Communication
Amit Agarwal, Alexander Bienstock, Ivan Damgård, Daniel Escudero
Foundations

In the context of secure multiparty computation (MPC) protocols with guaranteed output delivery (GOD) for the honest majority setting, the state-of-the-art in terms of communication is the work of (Goyal et al. CRYPTO'20), which communicates O(n|C|) field elements, where |C| is the size of the circuit being computed and n is the number of parties. Their round complexity, as usual in secret-sharing based MPC, is proportional to O(depth(C)), but only in the optimistic case where there is no...

2024/1473 (PDF) Last updated: 2024-09-20
A Note on Low-Communication Secure Multiparty Computation via Circuit Depth-Reduction
Pierre Charbit, Geoffroy Couteau, Pierre Meyer, Reza Naserasr
Cryptographic protocols

We consider the graph-theoretic problem of removing (few) nodes from a directed acyclic graph in order to reduce its depth. While this problem is intractable in the general case, we provide a variety of algorithms in the case where the graph is that of a circuit of fan-in (at most) two, and explore applications of these algorithms to secure multiparty computation with low communication. Over the past few years, a paradigm for low-communication secure multiparty computation has found success...

2024/1459 (PDF) Last updated: 2025-01-23
Verifiable Oblivious Pseudorandom Functions from Lattices: Practical-ish and Thresholdisable
Martin R. Albrecht, Kamil Doruk Gur
Cryptographic protocols

We revisit the lattice-based verifiable oblivious PRF construction from PKC'21 and remove or mitigate its central three sources of inefficiency. First, applying Rényi divergence arguments, we eliminate one superpolynomial factor from the ciphertext modulus \(q\), allowing us to reduce the overall bandwidth consumed by RLWE samples by about a factor of four. This necessitates us introducing intermediate unpredictability notions to argue PRF security of the final output in the Random Oracle...

2024/1452 (PDF) Last updated: 2024-09-17
On the Complexity of Cryptographic Groups and Generic Group Models
Cong Zhang, Keyu Ji, Taiyu Wang, Bingsheng Zhang, Hong-Sheng Zhou, Xin Wang, Kui Ren
Foundations

Ever since the seminal work of Diffie and Hellman, cryptographic (cyclic) groups have served as a fundamental building block for constructing cryptographic schemes and protocols. The security of these constructions can often be based on the hardness of (cyclic) group-based computational assumptions. Then, the generic group model (GGM) has been studied as an idealized model (Shoup, EuroCrypt 1997), which justifies the hardness of many (cyclic) group-based assumptions and shows the limits of...

2024/1436 (PDF) Last updated: 2024-09-13
Eva: Efficient IVC-Based Authentication of Lossy-Encoded Videos
Chengru Zhang, Xiao Yang, David Oswald, Mark Ryan, Philipp Jovanovic
Applications

With the increasing spread of fake videos for misinformation, proving the provenance of an edited video (without revealing the original one) becomes critical. To this end, we introduce Eva, the first cryptographic protocol for authenticating lossy-encoded videos. Compared to previous cryptographic methods for image authentication, Eva supports significantly larger amounts of data that undergo complex transformations during encoding. We achieve this by decomposing repetitive and manageable...

2024/1433 (PDF) Last updated: 2024-09-13
$Shortcut$: Making MPC-based Collaborative Analytics Efficient on Dynamic Databases
Peizhao Zhou, Xiaojie Guo, Pinzhi Chen, Tong Li, Siyi Lv, Zheli Liu
Applications

Secure Multi-party Computation (MPC) provides a promising solution for privacy-preserving multi-source data analytics. However, existing MPC-based collaborative analytics systems (MCASs) have unsatisfying performance for scenarios with dynamic databases. Naively running an MCAS on a dynamic database would lead to significant redundant costs and raise performance concerns, due to the substantial duplicate contents between the pre-updating and post-updating databases. In this paper, we...

2024/1432 (PDF) Last updated: 2024-09-13
On Multi-user Security of Lattice-based Signature under Adaptive Corruptions and Key Leakages
Masayuki Fukumitsu, Shingo Hasegawa
Public-key cryptography

We consider the multi-user security under the adaptive corruptions and key leakages ($\rm{MU^{c\&l}}$ security) for lattice-based signatures. Although there exists an $\rm{MU^{c\&l}}$ secure signature based on a number-theoretic assumption, or a leakage-resilient lattice-based signature in the single-user setting, $\rm{MU^{c\&l}}$ secure lattice-based signature is not known. We examine the existing lattice-based signature schemes from the viewpoint of $\rm{MU^{c\&l}}$ security, and find...

2024/1380 (PDF) Last updated: 2024-09-03
EUCLEAK
Thomas Roche
Attacks and cryptanalysis

Secure elements are small microcontrollers whose main purpose is to generate/store secrets and then execute cryptographic operations. They undergo the highest level of security evaluations that exists (Common Criteria) and are often considered inviolable, even in the worst-case attack scenarios. Hence, complex secure systems build their security upon them. FIDO hardware tokens are strong authentication factors to sign in to applications (any web service supporting FIDO); they often embed...

2024/1371 (PDF) Last updated: 2024-12-01
PIGEON: A Framework for Private Inference of Neural Networks
Christopher Harth-Kitzerow, Yongqin Wang, Rachit Rajat, Georg Carle, Murali Annavaram
Cryptographic protocols

Privacy-Preserving Machine Learning (PPML) is one of the most relevant use cases for Secure Multiparty Computation (MPC). While private training of large neural networks such as VGG-16 or ResNet-50 on state-of-the-art datasets such as ImageNet is still out of reach due to the performance overhead of MPC, GPU-based MPC frameworks are starting to achieve practical runtimes for private inference. However, we show that, in contrast to plaintext machine learning, the usage of GPU acceleration for...

2024/1360 (PDF) Last updated: 2024-09-25
CPA-secure KEMs are also sufficient for Post-Quantum TLS 1.3
Biming Zhou, Haodong Jiang, Yunlei Zhao
Cryptographic protocols

In the post-quantum migration of TLS 1.3, an ephemeral Diffie-Hellman must be replaced with a post-quantum key encapsulation mechanism (KEM). At EUROCRYPT 2022, Huguenin-Dumittan and Vaudenay [EC:HugVau22] demonstrated that KEMs with standard CPA security are sufficient for the security of the TLS1.3 handshake. However, their result is only proven in the random oracle model (ROM), and as the authors comment, their reduction is very much non-tight and not sufficient to guarantee security in...

2024/1356 (PDF) Last updated: 2024-08-29
Leakage-Resilience of Circuit Garbling
Ruiyang Li, Yiteng Sun, Chun Guo, Francois-Xavier Standaert, Weijia Wang, Xiao Wang
Secret-key cryptography

Due to the ubiquitous requirements and performance leap in the past decade, it has become feasible to execute garbling and secure computations in settings sensitive to side-channel attacks, including smartphones, IoTs and dedicated hardwares, and the possibilities have been demonstrated by recent works. To maintain security in the presence of a moderate amount of leaked information about internal secrets, we investigate {\it leakage-resilient garbling}. We augment the classical privacy,...

2024/1348 (PDF) Last updated: 2024-08-28
Zero-Knowledge Validation for an Offline Electronic Document Wallet using Bulletproofs
Michael Brand, Benoît Poletti
Applications

We describe designs for an electronic wallet, meant for the housing of official government documents, which solves the problem of displaying document data to untrusted parties (e.g., in order to allow users to prove that they are above the drinking age). The wallet attains this goal by employing Zero-Knowledge Proof technologies, ascertaining that nothing beyond the intended information is ever shared. In order to be practically applicable, the wallet has to meet many additional...

2024/1323 (PDF) Last updated: 2024-08-29
SoK: Instruction Set Extensions for Cryptographers
Hao Cheng, Johann Großschädl, Ben Marshall, Daniel Page, Markku-Juhani O. Saarinen
Implementation

Framed within the general context of cyber-security, standard cryptographic constructions often represent an enabling technology for associated solutions. Alongside or in combination with their design, therefore, the implementation of such constructions is an important challenge: beyond delivering artefacts that are usable in practice, implementation can impact many quality metrics (such as efficiency and security) which determine fitness-for-purpose. A rich design space of implementation...

2024/1321 (PDF) Last updated: 2024-08-23
ECC’s Achilles’ Heel: Unveiling Weak Keys in Standardized Curves
Enrico Talotti, Matteo Paier, Marino Miculan
Public-key cryptography

The strength of Elliptic curve cryptography (ECC) relies on curve choice. This work analyzes weak keys in standardized curves, i.e., private keys within small subgroups of the auxiliary group $\mathbb{Z}^*_p$. We quantify weak key prevalence across standardized curves, revealing a potential vulnerability due to numerous small divisors in auxiliary group orders. To address this, we leverage the implicit "baby-steps giant-steps algorithm", which transforms the complex elliptic curve discrete...

2024/1309 (PDF) Last updated: 2024-08-21
R-STELLAR: A Resilient Synthesizable Signature Attenuation SCA Protection on AES-256 with built-in Attack-on-Countermeasure Detection
Archisman Ghosh, Dong-Hyun Seo, Debayan Das, Santosh Ghosh, Shreyas Sen
Applications

Side-channel attacks (SCAs) remain a significant threat to the security of cryptographic systems in modern embedded devices. Even mathematically secure cryptographic algorithms, when implemented in hardware, inadvertently leak information through physical side-channel signatures such as power consumption, electromagnetic (EM) radiation, light emissions, and acoustic emanations. Exploiting these side channels significantly reduces the attacker’s search space. In recent years, physical...

2024/1308 (PDF) Last updated: 2024-08-23
LAMA: Leakage-Abuse Attacks Against Microsoft Always Encrypted
Ryan Seah, Daren Khu, Alexander Hoover, Ruth Ng
Attacks and cryptanalysis

Always Encrypted (AE) is a Microsoft SQL Server feature that allows clients to encrypt sensitive data inside client applications and ensures that the sensitive data is hidden from untrusted servers and database administrators. AE offers two column-encryption options: deterministic encryption (DET) and randomized encryption (RND). In this paper, we explore the security implications of using AE with both DET and RND encryption modes by running Leakage Abuse Attacks (LAAs) against the system....

2024/1291 (PDF) Last updated: 2025-02-04
Raccoon: A Masking-Friendly Signature Proven in the Probing Model
Rafaël del Pino, Shuichi Katsumata, Thomas Prest, Mélissa Rossi
Public-key cryptography

This paper presents Raccoon, a lattice-based signature scheme submitted to the NIST 2022 call for additional post-quantum signatures. Raccoon has the specificity of always being masked. Concretely, all sensitive intermediate values are shared into 𝑑 parts. The main design rationale of Raccoon is to be easy to mask at high orders, and this dictated most of its design choices, such as the introduction of new algorithmic techniques for sampling small errors. As a result, Raccoon achieves a...

2024/1256 (PDF) Last updated: 2024-08-08
Concrete Analysis of Schnorr-type Signatures with Aborts
Theo Fanuela Prabowo, Chik How Tan
Attacks and cryptanalysis

Lyubashevsky’s signature can be viewed as a lattice-based adapation of the Schnorr signature, with the core difference being the use of aborts during signature generation process. Since the proposal of Lyubashevsky’s signature, a number of other variants of Schnorr-type signatures with aborts have been proposed, both in lattice-based and code-based setting. In this paper, we examine the security of Schnorr-type signature schemes with aborts. We give a detailed analysis of when the expected...

2024/1255 (PDF) Last updated: 2024-09-05
Compass: Encrypted Semantic Search with High Accuracy
Jinhao Zhu, Liana Patel, Matei Zaharia, Raluca Ada Popa
Applications

We introduce Compass, a semantic search system over encrypted data that offers high accuracy, comparable to state-of-the-art plaintext search algorithms while protecting data, queries and search results from a fully compromised server. Additionally, Compass enables privacy-preserving RAG where both the RAG database and the query are protected. Compass contributes a novel way to traverse the Hierarchical Navigable Small Worlds (HNSW) graph, a top-performing nearest neighbor search index, over...

2024/1241 (PDF) Last updated: 2024-08-06
PROF: Protected Order Flow in a Profit-Seeking World
Kushal Babel, Nerla Jean-Louis, Yan Ji, Ujval Misra, Mahimna Kelkar, Kosala Yapa Mudiyanselage, Andrew Miller, Ari Juels
Applications

Users of decentralized finance (DeFi) applications face significant risks from adversarial actions that manipulate the order of transactions to extract value from users. Such actions---an adversarial form of what is called maximal-extractable value (MEV)---impact both individual outcomes and the stability of the DeFi ecosystem. MEV exploitation, moreover, is being institutionalized through an architectural paradigm known Proposer-Builder Separation (PBS). This work introduces a system...

2024/1232 (PDF) Last updated: 2024-08-02
Efficient and Privacy-Preserving Collective Remote Attestation for NFV
Ghada Arfaoui, Thibaut Jacques, Cristina Onete
Cryptographic protocols

The virtualization of network functions is a promising technology, which can enable mobile network operators to provide more flexibility and better resilience for their infrastructure and services. Yet, virtualization comes with challenges, as 5G operators will require a means of verifying the state of the virtualized network components (e.g. Virtualized Network Functions (VNFs) or managing hypervisors) in order to fulfill security and privacy commitments. One such means is the use of...

2024/1223 (PDF) Last updated: 2024-10-03
A short-list of pairing-friendly curves resistant to the Special TNFS algorithm at the 192-bit security level
Diego F. Aranha, Georgios Fotiadis, Aurore Guillevic
Implementation

For more than two decades, pairings have been a fundamental tool for designing elegant cryptosystems, varying from digital signature schemes to more complex privacy-preserving constructions. However, the advancement of quantum computing threatens to undermine public-key cryptography. Concretely, it is widely accepted that a future large-scale quantum computer would be capable to break any public-key cryptosystem used today, rendering today's public-key cryptography obsolete and mandating the...

2024/1217 Last updated: 2025-01-24
A Compact and Parallel Swap-Based Shuffler based on butterfly Network and its complexity against Side Channel Analysis
Jong-Yeon Park, Wonil Lee, Bo Gyeong Kang, Il-jong Song, Jaekeun Oh, Kouichi Sakurai
Foundations

A prominent countermeasure against side channel attacks, the hiding countermeasure, typically involves shuffling operations using a permutation algorithm. Especially in the era of Post-Quantum Cryptography, the importance of the hiding coun- termeasure is emphasized due to computational characteristics like those of lattice and code-based cryptography. In this context, swiftly and securely generating permutations has a critical impact on an algorithm’s security and efficiency. The widely...

2024/1202 (PDF) Last updated: 2024-10-14
Prover - Toward More Efficient Formal Verification of Masking in Probing Model
Feng Zhou, Hua Chen, Limin Fan
Implementation

In recent years, formal verification has emerged as a crucial method for assessing security against Side-Channel attacks of masked implementations, owing to its remarkable versatility and high degree of automation. However, formal verification still faces technical bottlenecks in balancing accuracy and efficiency, thereby limiting its scalability. Former tools like maskVerif and CocoAlma are very efficient but they face accuracy issues when verifying schemes that utilize properties of...

2024/1200 (PDF) Last updated: 2024-07-25
Depth-Aware Arithmetization of Common Primitives in Prime Fields
Jelle Vos, Mauro Conti, Zekeriya Erkin
Foundations

A common misconception is that the computational abilities of circuits composed of additions and multiplications are restricted to simple formulas only. Such arithmetic circuits over finite fields are actually capable of computing any function, including equality checks, comparisons, and other highly non-linear operations. While all those functions are computable, the challenge lies in computing them efficiently. We refer to this search problem as arithmetization. Arithmetization is a key...

2024/1196 (PDF) Last updated: 2024-09-16
Client-Aided Privacy-Preserving Machine Learning
Peihan Miao, Xinyi Shi, Chao Wu, Ruofan Xu
Cryptographic protocols

Privacy-preserving machine learning (PPML) enables multiple distrusting parties to jointly train ML models on their private data without revealing any information beyond the final trained models. In this work, we study the client-aided two-server setting where two non-colluding servers jointly train an ML model on the data held by a large number of clients. By involving the clients in the training process, we develop efficient protocols for training algorithms including linear regression,...

2024/1181 (PDF) Last updated: 2024-10-22
AQQUA: Augmenting Quisquis with Auditability
George Papadoulis, Danai Balla, Panagiotis Grontas, Aris Pagourtzis
Applications

We propose AQQUA: a digital payment system that combines auditability and privacy. AQQUA extends Quisquis by adding two authorities; one for registration and one for auditing. These authorities do not intervene in the everyday transaction processing; as a consequence, the decentralized nature of the cryptocurrency is not disturbed. Our construction is account-based. An account consists of an updatable public key which functions as a cryptographically unlinkable pseudonym, and of commitments...

2024/1179 (PDF) Last updated: 2024-07-22
Inner Product Ring LWE Problem, Reduction, New Trapdoor Algorithm for Inner Product Ring LWE Problem and Ring SIS Problem
Zhuang Shan, Leyou Zhang, Qing Wu, Qiqi Lai
Foundations

Lattice cryptography is currently a major research focus in public-key encryption, renowned for its ability to resist quantum attacks. The introduction of ideal lattices (ring lattices) has elevated the theoretical framework of lattice cryptography. Ideal lattice cryptography, compared to classical lattice cryptography, achieves more acceptable operational efficiency through fast Fourier transforms. However, to date, issues of impracticality or insecurity persist in ideal lattice problems....

2024/1171 (PDF) Last updated: 2024-07-19
Tight Time-Space Tradeoffs for the Decisional Diffie-Hellman Problem
Akshima, Tyler Besselman, Siyao Guo, Zhiye Xie, Yuping Ye
Foundations

In the (preprocessing) Decisional Diffie-Hellman (DDH) problem, we are given a cyclic group $G$ with a generator $g$ and a prime order $N$, and we want to prepare some advice of size $S$, such that we can efficiently distinguish $(g^{x},g^{y},g^{xy})$ from $(g^{x},g^{y},g^{z})$ in time $T$ for uniformly and independently chosen $x,y,z$ from $\mathbb{Z}_N$. This is a central cryptographic problem whose computational hardness underpins many widely deployed schemes, such as the Diffie–Hellman...

2024/1164 (PDF) Last updated: 2025-02-14
A Crack in the Firmament: Restoring Soundness of the Orion Proof System and More
Thomas den Hollander, Daniel Slamanig
Cryptographic protocols

Orion (Xie et al. CRYPTO'22) is a recent plausibly post-quantum zero-knowledge argument system with a linear time prover. It improves over Brakedown (Golovnev et al. ePrint'21 and CRYPTO'23) by reducing the proof size and verifier complexity to be polylogarithmic and additionally adds the zero-knowledge property. The argument system is demonstrated to be concretely efficient with a prover time being the fastest among all existing succinct proof systems and a proof size that is an order of...

2024/1162 (PDF) Last updated: 2024-07-17
Practical Traceable Receipt-Free Encryption
Henri Devillez, Olivier Pereira, Thomas Peters
Public-key cryptography

Traceable Receipt-free Encryption (TREnc) is a verifiable public-key encryption primitive introduced at Asiacrypt 2022. A TREnc allows randomizing ciphertexts in transit in order to remove any subliminal information up to a public trace that ensures the non-malleability of the underlying plaintext. A remarkable property of TREnc is the indistinguishability of the randomization of chosen ciphertexts against traceable chosen-ciphertext attacks (TCCA). This property can support applications...

2024/1159 (PDF) Last updated: 2024-07-17
LaPSuS – A Lattice-Based Private Stream Aggregation Scheme under Scrutiny
Johannes Ottenhues, Alexander Koch
Attacks and cryptanalysis

Private Stream Aggregation (PSA) allows clients to send encryptions of their private values to an aggregator that is then able to learn the sum of these values but nothing else. It has since found many applications in practice, e.g. for smart metering or federated learning. In 2018, Becker et al. proposed the first lattice-based PSA scheme LaPS (NDSS 2018), with putative post-quantum security, which has subsequently been patented. In this paper, we describe two attacks on LaPS that break the...

2024/1149 (PDF) Last updated: 2024-11-06
Improved High-Order Masked Generation of Masking Vector and Rejection Sampling in Dilithium
Jean-Sébastien Coron, François Gérard, Tancrède Lepoint, Matthias Trannoy, Rina Zeitoun
Implementation

In this work, we introduce enhanced high-order masking techniques tailored for Dilithium, the post-quantum signature scheme recently standardized by NIST. We improve the masked generation of the masking vector $\vec{y}$, based on a fast Boolean-to-arithmetic conversion modulo $q$. We also describe an optimized gadget for the high-order masked rejection sampling, with a complexity independent from the size of the modulus $q$. We prove the security of our gadgets in the classical ISW...

2024/1118 (PDF) Last updated: 2024-07-19
Shared-Custodial Password-Authenticated Deterministic Wallets
Poulami Das, Andreas Erwig, Sebastian Faust
Cryptographic protocols

Cryptographic wallets are an essential tool in Blockchain networks to ensure the secure storage and maintenance of an user's cryptographic keys. Broadly, wallets can be divided into three categories, namely custodial, non-custodial, and shared-custodial wallets. The first two are centralized solutions, i.e., the wallet is operated by a single entity, which inherently introduces a single point of failure. Shared-custodial wallets, on the other hand, are maintained by two independent parties,...

2024/1109 (PDF) Last updated: 2024-07-23
QuickPool: Privacy-Preserving Ride-Sharing Service
Banashri Karmakar, Shyam Murthy, Arpita Patra, Protik Paul
Applications

Online ride-sharing services (RSS) have become very popular owing to increased awareness of environmental concerns and as a response to increased traffic congestion. To request a ride, users submit their locations and route information for ride matching to a service provider (SP), leading to possible privacy concerns caused by leakage of users' location data. We propose QuickPool, an efficient SP-aided RSS solution that can obliviously match multiple riders and drivers simultaneously,...

2024/1092 (PDF) Last updated: 2024-07-04
Fusion Channel Attack with POI Learning Encoder
Xinyao Li, Xiwen Ren, Ling Ning, Changhai Ou
Attacks and cryptanalysis

In order to challenge the security of cryptographic systems, Side-Channel Attacks exploit data leaks such as power consumption and electromagnetic emissions. Classic Side-Channel Attacks, which mainly focus on mono-channel data, fail to utilize the joint information of multi-channel data. However, previous studies of multi-channel attacks have often been limited in how they process and adapt to dynamic data. Furthermore, the different data types from various channels make it difficult to use...

2024/1077 (PDF) Last updated: 2024-07-09
Securely Training Decision Trees Efficiently
Divyanshu Bhardwaj, Sandhya Saravanan, Nishanth Chandran, Divya Gupta
Cryptographic protocols

Decision trees are an important class of supervised learning algorithms. When multiple entities contribute data to train a decision tree (e.g. for fraud detection in the financial sector), data privacy concerns necessitate the use of a privacy-enhancing technology such as secure multi-party computation (MPC) in order to secure the underlying training data. Prior state-of-the-art (Hamada et al.) construct an MPC protocol for decision tree training with a communication of $\mathcal{O}(hmN\log...

2024/1048 (PDF) Last updated: 2024-07-01
Distributional Secure Merge
Gayathri Garimella, Srinivasan Raghuramam, Peter Rindal
Cryptographic protocols

Secure merge refers to the problem of merging two sorted lists. The problem appears in different settings where each list is held by one of two parties, or the lists are themselves shared among two or more parties. The output of a secure merge protocol is secret shared. Each variant of the problem offers many useful applications. The difficulty in designing secure merge protocols vis-a-vis insecure merge protocols (which work in linear time with a single pass over the lists) has to do...

2024/1032 (PDF) Last updated: 2024-06-26
Threshold OPRF from Threshold Additive HE
Animesh Singh, Sikhar Patranabis, Debdeep Mukhopadhyay
Cryptographic protocols

An oblivious pseudorandom function (OPRF) is a two-party protocol in which a party holds an input and the other party holds the PRF key, such that the party having the input only learns the PRF output and the party having the key would not learn the input. Now, in a threshold oblivious pseudorandom function (TOPRF) protocol, a PRF key K is initially shared among T servers. A client can obtain a PRF value by interacting with t(≤ T) servers but is unable to compute the same with up to (t − 1)...

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.