What’s the Matter? An In-Depth Security Analysis of the Matter Protocol
The Matter protocol has emerged as a leading standard for secure IoT interoperability, backed by major vendors such as Apple, Google, Amazon, Samsung, and others. With millions of Matter-certified...
View ArticleFault Injection Evaluation with Statistical Analysis - How to Deal with...
A critical aspect of securing cryptographic hardware is their resistance to FI attacks, which involve the successful injection of faults into the system in operation. Specifically, a hardware design...
View ArticleAlphaFL: Secure Aggregation with Malicious$^2$ Security for Federated...
Federated learning (FL) proposes to train a global machine learning model across distributed datasets. However, the aggregation protocol as the core component in FL is vulnerable to well-studied...
View ArticleA note on the security of the BitVM3 garbling scheme
We provide minimal counterexamples for the security of the BitVM3 garbling scheme: our attack allows the evaluator to forge input and output wires. Then we use the same idea to exhibit an attack on the...
View ArticlePlasmaFold: An Efficient and Scalable Layer 2 with Client-Side Proving
Despite the growing popularity of blockchains, their scalability remains a significant challenge. Layer-2s (L2s) aim to address this by introducing an operator to process transactions off-chain and...
View ArticleEvaluating Larger Lookup Tables using CKKS
The Cheon--Kim--Kim--Song (CKKS) scheme is a fully homomorphic encryption scheme that traditionally supports only the evaluation of smooth functions. Recent works have enabled the evaluation of...
View ArticleFHERMA Cookbook: FHE Components for Privacy-Preserving Applications
Fully Homomorphic Encryption (FHE) enables computation over encrypted data and is considered a fundamental tool for privacy-preserving systems. Despite significant theoretical progress, its practical...
View ArticleBumpy RYDE: A New Hybrid Technique for Generic Rank-Metric Decoders
The seminal work of [Bardet et al., 2020] has shown the potential of algebraic modelings to solve the Rank Syndrome Decoding Problem (R-SDP). For most parameter ranges, their algorithm first needs to...
View ArticleCascader: A Recurrence-Based Key Exchange Protocol
Cascader, a novel key-exchange protocol based on an iterative multiplicative recurrence over a finite field, is introduced. In contrast to standard methods, e.g., traditional Diffie–Hellman and ECC, it...
View ArticleBarely Doubly-Efficient SimplePIR
A Private Information Retrieval (PIR) scheme allows a client to retrieve data from a database hosted on a remote server without revealing which location is being accessed. In Doubly-Efficient PIR...
View ArticleRethinking Learning-based Symmetric Cryptanalysis: a Theoretical Perspective
In this paper, we revisit the standard approach to constructing neural distinguishers in symmetric cryptanalysis and introduce a game-like model, the Coin-Tossing model, to generalize this methodology....
View ArticleThe Post-Quantum Security of Bitcoin's Taproot as a Commitment Scheme
As of November 2021, Bitcoin supports “Taproot” spending policies whose on-chain format is a single elliptic curve point. A transaction spending the funds associated with a Taproot policy can be...
View ArticleEfficient High-Order Masking of FrodoKEM’s CDT-Based Gaussian Sampler
FrodoKEM is a conservative lattice-based KEM based on the Learning With Errors problem. While it was not selected for NIST standardization, it remains a strong candidate for high-security applications...
View ArticleSoK: Deep Learning-based Side-channel Analysis Trends and Challenges
Deep learning-based side-channel analysis (DLSCA) represents a powerful paradigm for running side-channel attacks. DLSCA in a state-of-the-art can break multiple targets with only a single attack...
View ArticleA Comprehensive Survey of Privacy-Preserving Decision Trees Based on...
Decision trees are extensively employed in artificial intelligence and machine learning due to their interpretability, efficiency, and robustness-qualities that are particularly valued in sensitive...
View ArticleBatch subgroup membership testing on pairing-friendly curves
A major challenge in elliptic curve cryptosystems consists in mitigating efficiently the small-subgroup attack. This paper explores batch subgroup membership testing (SMT) on pairing-friendly curves,...
View ArticleCan FrodoKEM Run in a Millisecond? FPGA Says Yes!
FrodoKEM is a post-quantum key encapsulation mechanism based on plain Learning With Errors (LWE). In contrast to module-lattice-based schemes, it relies on an unstructured variant of the LWE problem,...
View ArticleTwo-Server Sublinear PIR with Symmetric Privacy and Statistical Security
The field of private information retrieval (PIR) has made significant strides with a recent focus on protocols that offer sublinear online time, ensuring efficient access to public databases without...
View ArticleBlink: A Family of Low-latency Tweakable Block Ciphers
We introduce a concrete instance of the LRW+ paradigm: the Three-Hash Framework (THF), a mode for constructing tweakable block ciphers that employs three hash functions to process tweak inputs. Through...
View ArticleCostSphere: A Cost Model-Driven Privacy-Preserving Machine Learning Framework...
Privacy-preserving machine learning (PPML) is critical for protecting sensitive data in domains like healthcare, finance, and recommendation systems. Fully Homomorphic Encryption (FHE) and Secure...
View ArticleScalable Information Theoretic Evaluation of the Rank Statistics in...
Evaluating the security of a device against side-channel attacks is a difficult task. One prominent strategy for this purpose is to characterize the distribution of the rank of the correct key among...
View ArticleFunBic-CCA: Function Secret Sharing for Biclusterings Applied to Cheng and...
High-throughput technologies (e.g., the microarray) have fostered the rapid growth of gene expression data collection. These biomedical datasets, increasingly distributed among research institutes and...
View ArticleLifeline: Optimal Byzantine Agreement Under Minimal Synchrony
The synchrony model allows Byzantine Agreement (BA) protocols to be deterministic, tolerate minority faults, and achieve the asymptotically optimal $O(n)$ rounds, and $O(n^2)$ bits of communication...
View ArticleBridging Usability and Performance: A Tensor Compiler for Autovectorizing...
Homomorphic encryption (HE) offers strong privacy guarantees by enabling computation over encrypted data. However, the performance of tensor operations in HE is highly sensitive to how the plaintext...
View ArticlePicking up the Fallen Mask: Breaking and Fixing the RS-Mask Countermeasure
Physical attacks pose a major challenge to the secure implementation of cryptographic algorithms. Although significant progress has been made in countering passive attacks such as side-channel analysis...
View ArticleThreshold Receipt-Free Voting with Server-Side Vote Validation
Proving the validity of ballots is a central element of verifiable elections. Such proofs can however create challenges when one desires to make a protocol receipt-free. We explore the challenges...
View ArticleGeneration of Fast Finite Field Arithmetic for Cortex-M4 with ECDH and...
Finite field arithmetic is central to several cryptographic algorithms on embedded devices like the ARM Cortex-M4, particularly for elliptic curve and isogeny-based cryptography. However, rapid...
View ArticlePairing-Based Batch Arguments for NP with a Linear-Size CRS
Non-interactive batch arguments (BARGs) for NP allow a prover to prove $\ell$ NP statements with a proof whose size scales sublinearly with $\ell$. In this work, we construct a pairing-based BARG where...
View ArticleFPGA-Friendly Compact andEfficient AES-like 8x8 S-Box
One of the main layers in the Advanced Encryption Standard (AES) is the substitution layer, where an $8 \times 8$ S-Box is used $16$ times. The substitution layer provides confusion and makes the...
View ArticleNew Techniques for Analyzing Differentials with Application to AES
Differential cryptanalysis is one of the most powerful attacks on modern block ciphers. After many year of research, we have very good techniques for showing that the probability that an input...
View ArticleRandomized Agreement, Verifiable Secret Sharing and Multi-Party Computation...
Granular Synchrony (Giridharan et al. DISC 2024) is a new network model that unifies the classic timing models of synchrony and asynchrony. The network is viewed as a graph consisting of a mixture of...
View ArticlePrivate Set Intersection and other Set Operations in the Third Party Setting
We present a collection of protocols to perform privacy-preserving set operations in the third-party private set intersection (PSI) setting. This includes several protocols for multi-party third party...
View ArticleCryptanalysis of a multivariate CCZ scheme
We consider the multivariate scheme $\texttt{Pesto}$, which was introduced by Calderini, Caminata, and Villa. In this scheme, the public polynomials are obtained by applying a CCZ transformation to a...
View ArticleExploring Core Monomial Prediction Further: Weak-Key Superpoly Recovery for...
The cube attack is one of the most powerful attacks on stream ciphers, with recovering the superpoly as its key step. The core monomial prediction is the state-of-the-art technique for superpoly...
View ArticleConstant-Cycle Hardware Private Circuits
The efficient implementation of Boolean masking with minimal overhead in terms of latency has become a critical topic due to the increasing demand for physically secure yet high-performance...
View ArticleTechnical Note: LeanSig for Post-Quantum Ethereum
In this note, we present a new instantiation of the hash-based multi-signature framework introduced by Drake, Khovratovich, Kudinov, and Wagner (CiC Vol 2 Issue 1, eprint 2025/055) for Ethereum’s...
View ArticlePolicy-Based Redactable Set Signatures
A redactable set signature scheme is a signature scheme that allows a redactor, without possessing the signing key, to convert a signature on set $S$ to a signature on set $S'$ if $S' \subset S$. This...
View ArticleOn the use of ECDSA with hierarchical public key delegation in identity-based...
In 2009, Galindo and Garcia proposed the usage of concatenated Schnorr signatures for the hierarchical delegation of public keys, creating a quite efficient identity-based signature scheme (IBS)....
View ArticleA Compact Post-quantum Strong Designated Verifier Signature Scheme from...
Digital signatures are essential cryptographic tools that provide authentication and integrity in digital communications. However, privacy-sensitive applications—such as e-voting and digital...
View ArticleRepresentations of Elementary Vectors in VOLE-in-the-head-based Schemes
This paper presents a family of representations of elementary vectors, which covers existing representations as special cases. We make use of the family of representations to reduce signature size of...
View Article$\textsf{Electrum}$: UC Fail-Stop Server-Supported Signatures
Migration to quantum-safe cryptography represents a significant technological shift, addressing the vulnerabilities of traditional cryptographic primitives, such as KEMs and digital signatures. Yet, a...
View ArticleRevisiting the IPA-sumcheck connection
Inner Product Arguments (IPA) [BCC+16,BBB+17] are a family of proof systems with $O(\log n)$ sized proofs, $O(n)$ time verifiers, and transparent setup. Bootle, Chiesa and Sotiraki [BCS21] observed...
View ArticleLimits on the Power of Constrained PRFs and Identity-based Cryptography
Constrained PRFs are PRFs that allow the generation of constrained keys, which can be used to evaluate the PRF on a subset of the inputs. The PRF is still pseudorandom for an adversary how obtains...
View ArticleBreaking the Twinkle Authenticated Encryption Scheme and Analyzing Its...
This paper studies the Twinkle family of low-latency symmetric key schemes designed by Wang et al. (CiC 2024). In particular, it presents cryptanalysis of both the mode and the underlying primitive....
View ArticleZelda: Efficient Multi-server Preprocessing PIR with Unconditional Security
Private Information Retreival (PIR) schemes without preprocessing are known to incur linear server computation per client query. Several recent works have shown that by relying on a one-time...
View ArticleSMOOTHIE: (Multi-)Scalar Multiplication Optimizations On TFHE
The (Multi-)Scalar multiplication is a crucial operation during FHE-related AI applications, and its performance has a significant impact on the overall efficiency of these applications. In this paper...
View ArticlePractical Attack on All Parameters of the HPPC Signature Scheme
HPPC is a multivariate signature scheme submitted to the NIST PQC standardization process in response to the recent call for additional signature schemes. We show that, despite some non-standard...
View ArticleSimultaneous Diophantine Approximation for Compact Discrete Gaussian Sampling
Discrete Gaussian Sampling (DGS) over the integers—also known as integer Gaussian sampling— is used to generate integer values that statistically follow the discrete Gaussian distribution and plays a...
View ArticleA Hybrid Asymmetric Password-Authenticated Key Exchange in the Random Oracle...
Symmetric encryption allows us to establish a secure channel based on a shared, strong key. However, users cannot remember or cannot store such keys securely. Password-Authenticated Key Exchange (PAKE)...
View ArticleSide-Channel Sensitivity Analysis on HQC: Towards a Fully Masked Implementation
Hamming Quasi-Cyclic (HQC) has recently been officially selected for standardization by NIST as a post-quantum KEM alternative to ML-KEM. This milestone raises new requirements, in particular the need...
View Article
