## In this issue
1. [2024/750] Speeding Up Multi-Scalar Multiplications for ...
2. [2024/1587] Fully Homomorphic Encryption for Cyclotomic Prime ...
3. [2024/1974] Efficient and Practical Multi-party Private Set ...
4. [2024/1975] Quadratic Modelings of Syndrome Decoding
5. [2024/1976] HI-CKKS: Is High-Throughput Neglected? Reimagining ...
6. [2024/1977] Bounded CCA Secure Proxy Re-encryption Based on Kyber
7. [2024/1978] µLAM: A LLM-Powered Assistant for Real-Time Micro- ...
8. [2024/1979] On the Security of LWE-based KEMs under Various ...
9. [2024/1980] Sonikku: Gotta Speed, Keed! A Family of Fast and ...
10. [2024/1981] Shutter Network: Private Transactions from ...
11. [2024/1982] New Results in Quantum Analysis of LED: Featuring ...
12. [2024/1983] UTRA: Universe Token Reusability Attack and ...
13. [2024/1984] Low Communication Threshold Fully Homomorphic ...
14. [2024/1985] Endomorphisms for Faster Cryptography on Elliptic ...
15. [2024/1986] Improved Quantum Analysis of ARIA
16. [2024/1987] Side-Channel Attack on ARADI
17. [2024/1988] Garbled Circuits with 1 Bit per Gate
18. [2024/1989] Revisiting OKVS-based OPRF and PSI: Cryptanalysis ...
19. [2024/1990] How To Scale Multi-Party Computation
20. [2024/1991] CHLOE: Loop Transformation over Fully Homomorphic ...
21. [2024/1992] Improved Quantum Linear Attacks and Application to CAST
22. [2024/1993] BOIL: Proof-Carrying Data from Accumulation of ...
23. [2024/1994] Token-Based Key Exchange - Non-Interactive Key ...
24. [2024/1995] BitVM: Quasi-Turing Complete Computation on Bitcoin
25. [2024/1996] A Framework for Generating S-Box Circuits with ...
26. [2024/1997] On format preserving encryption with nonce
27. [2024/1998] Impossible Differential Automation: Model ...
28. [2024/1999] Multivariate Encryptions with LL’ perturbations - ...
29. [2024/2000] Evasive LWE Assumptions: Definitions, Classes, and ...
30. [2024/2001] Xiezhi: Toward Succinct Proofs of Solvency
31. [2024/2002] Improving Differential-Neural Distinguisher For ...
32. [2024/2003] Exploring the Optimal Differential Characteristics ...
33. [2024/2004] Regev's attack on hyperelliptic cryptosystems
34. [2024/2005] Post-Quantum Secure Channel Protocols for eSIMs
35. [2024/2006] Data Decryption and Analysis of Note-Taking ...
36. [2024/2007] A Combinatorial Attack on Ternary Sparse Learning ...
37. [2024/2008] PrivCirNet: Efficient Private Inference via Block ...
38. [2024/2009] The Mis/Dis-information Problem is Hard to Solve
39. [2024/2010] Anonymous credentials from ECDSA
40. [2024/2011] Honest-Majority Threshold ECDSA with Batch ...
41. [2024/2012] GraSS: Graph-based Similarity Search on Encrypted Query
42. [2024/2013] Crescent: Stronger Privacy for Existing Credentials
43. [2024/2014] On the Traceability of Group Signatures: ...
44. [2024/2015] Universal SNARGs for NP from Proofs of Correctness
45. [2024/2016] The Existence of Quantum One-Way Functions
46. [2024/2017] Byzantine Consensus in Wireless Networks
47. [2024/2018] On the BUFF Security of ECDSA with Key Recovery
48. [2024/2019] Key-Insulated and Privacy-Preserving Signature ...
49. [2024/2020] Ring Ring! Who's There? A Privacy Preserving Mobile ...
50. [2024/2021] PrivQuant: Communication-Efficient Private ...
51. [2024/2022] The Revisited Hidden Weight Bit Function
52. [2024/2023] An Abstract Multi-Forking Lemma
53. [2024/2024] Hash-Prune-Invert: Improved Differentially Private ...
54. [2024/2025] Mira: Efficient Folding for Pairing-based Arguments
55. [2024/2026] Orbweaver: Succinct Linear Functional Commitments ...
56. [2024/2027] Impact Tracing: Identifying the Culprit of ...
57. [2024/2028] Qubit Optimized Quantum Implementation of SLIM
58. [2024/2029] NLAT: the NonLinear Distribution Table of Vectorial ...
59. [2024/2030] Security Analysis of ASCON Cipher under Persistent ...
## 2024/750
* Title: Speeding Up Multi-Scalar Multiplications for Pairing-Based zkSNARKs
* Authors: Xinxin Fan, Veronika Kuchta, Francesco Sica, Lei Xu
* [Permalink](
https://eprint.iacr.org/2024/750)
* [Download](
https://eprint.iacr.org/2024/750.pdf)
### Abstract
Multi-scalar multiplication (MSM) is one of the core components of many zero-knowledge proof systems, and a primary performance bottleneck for proof generation in these schemes. One major strategy to accelerate MSM is utilizing precomputation. Several
algorithms (e.g., Pippenger and BGMW) and their variants have been proposed in this direction. In this paper, we revisit the recent precomputation-based MSM calculation method proposed by Luo, Fu and Gong at CHES 2023 and generalize their approach. In
particular, we presented a general construction of optimal buckets. This improvement leads to significant performance improvements, which are verified by both theoretical analysis and experiments.
## 2024/1587
* Title: Fully Homomorphic Encryption for Cyclotomic Prime Moduli
* Authors: Robin Geelen, Frederik Vercauteren
* [Permalink](
https://eprint.iacr.org/2024/1587)
* [Download](
https://eprint.iacr.org/2024/1587.pdf)
### Abstract
This paper presents a Generalized BFV (GBFV) fully homomorphic encryption scheme that encrypts plaintext spaces of the form $\mathbb{Z}[x]/(\Phi_m(x), t(x))$ with $\Phi_m(x)$ the $m$-th cyclotomic polynomial and $t(x)$ an arbitrary polynomial. GBFV
encompasses both BFV where $t(x) = p$ is a constant, and the CLPX scheme (CT-RSA 2018) where $m = 2^k$ and $t(x) = x-b$ is a linear polynomial. The latter can encrypt a single huge integer modulo $\Phi_m(b)$, has much lower noise growth than BFV (linear
in $m$ instead of exponential), but cannot be bootstrapped.
We show that by a clever choice of $m$ and higher degree polynomial $t(x)$, our scheme combines the SIMD capabilities of BFV with the low noise growth of CLPX, whilst still being efficiently bootstrappable. Moreover, we present parameter families that
natively accommodate packed plaintext spaces defined by a large cyclotomic prime, such as the Fermat prime $\Phi_2(2^{16}) = 2^{16} + 1$ and the Goldilocks prime $\Phi_6(2^{32}) = 2^{64} - 2^{32} + 1$. These primes are often used in homomorphic
encryption applications and zero-knowledge proof systems.
Due to the lower noise growth, e.g. for the Goldilocks prime, GBFV can evaluate circuits whose multiplicative depth is more than $5$ times larger than native BFV. As a result, we can evaluate either larger circuits or work with much smaller ring
dimensions. In particular, we can natively bootstrap GBFV at 128-bit security for a large prime, already at ring dimension $2^{14}$, which was impossible before. We implemented the GBFV scheme on top of the SEAL library and achieve a latency of only $2$
seconds to bootstrap a ciphertext encrypting up to $8192$ elements modulo $2^{16}+1$.
## 2024/1974
* Title: Efficient and Practical Multi-party Private Set Intersection Cardinality Protocol
* Authors: Shengzhe Meng, Xiaodong Wang, Zijie Lu, Bei Liang
* [Permalink](
https://eprint.iacr.org/2024/1974)
* [Download](
https://eprint.iacr.org/2024/1974.pdf)
### Abstract
We present an efficient and simple multi-party private set intersection cardinality (PSI-CA) protocol that allows several parties to learn the intersection size of their private sets without revealing any other information. Our protocol is highly
efficient because it only utilizes the Oblivious Key-Value Store and zero-sharing techniques, without incorporating components such as OPPRF (Oblivious Programmable Pseudorandom Function) which is the main building block of multi-party PSI-CA protocol by
Gao et al. (PoPETs 2024). Our protocol exhibits better communication and computational overhead than the state-of-the-art.
To compute the intersection between 16 parties with a set size of $2^{20}$ each, our PSI-CA protocol only takes 5.84 seconds and 326.6 MiB of total communication, which yields a reduction in communication by a factor of up to 2.4× compared to the state-
of-the-art multi-party PSI-CA protocol of Gao et al. (PoPETs 2024).
We prove that our protocol is secure in the presence of a semi-honest adversary who may passively corrupt any $(t-2)$-out-of-$t$ parties once two specific participants are non-colluding.
## 2024/1975
* Title: Quadratic Modelings of Syndrome Decoding
* Authors: Alessio Caminata, Ryann Cartor, Alessio Meneghetti, Rocco Mora, Alex Pellegrini
* [Permalink](
https://eprint.iacr.org/2024/1975)
* [Download](
https://eprint.iacr.org/2024/1975.pdf)
### Abstract
This paper presents enhanced reductions of the bounded-weight and exact-weight Syndrome Decoding Problem (SDP) to a system of quadratic equations. Over $\mathbb{F}_2$, we improve on a previous work and study the degree of regularity of the modeling of
the exact weight SDP. Additionally, we introduce a novel technique that transforms SDP instances over $\mathbb{F}_q$ into systems of polynomial equations and thoroughly investigate the dimension of their varieties. Experimental results are provided to
evaluate the complexity of solving SDP instances using our models through Gröbner bases techniques.
## 2024/1976
* Title: HI-CKKS: Is High-Throughput Neglected? Reimagining CKKS Efficiency with Parallelism
* Authors: Fuyuan Chen, Jiankuo Dong, Xiaoyu Hu, Zhenjiang Dong, Wangchen Dai, Jingqiang Lin, Fu Xiao
* [Permalink](
https://eprint.iacr.org/2024/1976)
* [Download](
https://eprint.iacr.org/2024/1976.pdf)
### Abstract
The proliferation of data outsourcing and cloud services has heightened privacy vulnerabilities. CKKS, among the most prominent homomorphic encryption schemes, allows computations on encrypted data, serving as a critical privacy safeguard. However,
performance remains a central bottleneck, hindering widespread adoption. Existing optimization efforts often prioritize latency reduction over throughput performance. This paper presents HI-CKKS, a throughput-oriented High-performance Implementation of
CKKS homomorphic encryption, addressing these challenges. Our HI-CKKS introduces a batch-supporting asynchronous execution scheme, effectively mitigating frequent data interactions and high waiting delays between hosts and servers in service-oriented
scenarios. We analyze the fundamental (I)NTT primitive, which is critical in CKKS, and develop a hierarchical, hybrid high-throughput implementation. This includes efficient arithmetic module instruction set implementations, unified kernel fusion, and
hybrid memory optimization strategies that significantly improve memory access efficiency and the performance of (I)NTT operations. Additionally, we propose a multi-dimensional parallel homomorphic multiplication scheme aimed at maximizing throughput and
enhancing the performance of (I)NTT and homomorphic multiplication. In conclusion, our implementation is deployed on the RTX 4090, where we conduct a thorough throughput performance evaluation of HI-CKKS, enabling us to pinpoint the most effective
parallel parameter settings. Compared to the CPU implementation, our system achieves throughput increases of $175.08\times$, $191.27\times$, and $679.57\times$ for NTT, INTT, and HMult, respectively. And our throughput performance still demonstrates a
significant improvement, ranging from $1.54\times$ to $693.17\times$ compared to the latest GPU-based works.
## 2024/1977
* Title: Bounded CCA Secure Proxy Re-encryption Based on Kyber
* Authors: Shingo Sato, Junji Shikata
* [Permalink](
https://eprint.iacr.org/2024/1977)
* [Download](
https://eprint.iacr.org/2024/1977.pdf)
### Abstract
Proxy re-encryption (PRE) allows semi-honest party (called proxy) to convert a ciphertext under a public key into a ciphertext under another public key. Due to this functionality, there are various applications such as encrypted email forwarding, key
escrow, and securing distributed file systems. Meanwhile, post-quantum cryptography (PQC) is one of the most important research areas because development of quantum computers has been advanced recently. In particular, there are many researches on public
key encryption (PKE) algorithms selected/submitted in the NIST (National Institute of Standards and Technology) PQC standardization. However, there is no post-quantum PRE scheme secure against adaptive chosen ciphertext attacks (denoted by CCA security)
while many (post-quantum) PRE schemes have been proposed so far. In this paper, we propose a bounded CCA secure PRE scheme based on CRYSTALS-Kyber which is a selected algorithm in the NIST PQC competition. To this end, we present generic constructions of
bounded CCA secure PRE. Our generic constructions start from PRE secure against chosen plaintext attacks (denoted by CPA security). In order to instantiate our generic constructions, we present a CPA secure PRE scheme based on CRYSTALS-Kyber.
## 2024/1978
* Title: µLAM: A LLM-Powered Assistant for Real-Time Micro-architectural Attack Detection and Mitigation
* Authors: Upasana Mandal, Shubhi Shukla, Ayushi Rastogi, Sarani Bhattacharya, Debdeep Mukhopadhyay
* [Permalink](
https://eprint.iacr.org/2024/1978)
* [Download](
https://eprint.iacr.org/2024/1978.pdf)
### Abstract
The rise of microarchitectural attacks has necessitated robust detection and mitigation strategies to secure computing systems. Traditional tools, such as static and dynamic code analyzers and attack detectors, often fall short due to their reliance on
predefined patterns and heuristics that lack the flexibility to adapt to new or evolving attack vectors. In this paper, we introduce for the first time a microarchitecture security assistant, built on OpenAI's GPT-3.5, which we refer to as µLAM. This
assistant surpasses conventional tools by not only identifying vulnerable code segments but also providing context-aware mitigations, tailored to specific system specifications and existing security measures. Additionally, µLAM leverages real-time data
from dynamic Hardware Performance Counters (HPCs) and system specifications to detect ongoing attacks, offering a level of adaptability and responsiveness that static and dynamic analyzers cannot match.
For fine-tuning µLAM, we utilize a comprehensive dataset that includes system configurations, mitigations already in place for different generations of systems, dynamic HPC values, and both vulnerable and non-vulnerable source codes. This rich dataset
enables µLAM to harness its advanced LLM natural language processing capabilities to understand and interpret complex code patterns and system behaviors, learning continuously from new data to improve its predictive accuracy and respond effectively in
real time to both known and novel threats, making it an indispensable tool against microarchitectural threats. In this paper, we demonstrate the capabilities of µLAM by fine-tuning and testing it on code utilizing well-known cryptographic libraries such
as OpenSSL, Libgcrypt, and NaCl, thereby illustrating its effectiveness in securing critical and complex software environments.
## 2024/1979
* Title: On the Security of LWE-based KEMs under Various Distributions: A Case Study of Kyber
* Authors: Mingyao Shao, Yuejun Liu, Yongbin Zhou, Yan Shao
* [Permalink](
https://eprint.iacr.org/2024/1979)
* [Download](
https://eprint.iacr.org/2024/1979.pdf)
### Abstract
Evaluating the security of LWE-based KEMs involves two crucial metrics: the hardness of the underlying LWE problem and resistance to decryption failure attacks, both significantly influenced by the secret key and error distributions. To mitigate the
complexity and timing vulnerabilities of Gaussian sampling, modern LWE-based schemes often adopt either the uniform or centered binomial distribution (CBD).
This work focuses on Kyber to evaluate its security under both distributions. Compared with the CBD, the uniform distribution over the same range enhances the LWE hardness but also increases the decryption failure probability, amplifying the risk of
decryption failure attacks. We introduce a majority-voting-based key recovery method, and carry out a practical decryption failure attack on Kyber512 in this scenario with a complexity of $2^{37}$.
Building on this analysis, we propose uKyber, a variant of Kyber that employs the uniform distribution and parameter adjustments under the asymmetric module-LWE assumption. Compared with Kyber, uKyber maintains comparable hardness and decryption failure
probability while reducing ciphertext sizes. Furthermore, we propose a multi-value sampling technique to enhance the efficiency of rejection sampling under the uniform distribution. These properties make uKyber a practical and efficient alternative to
Kyber for a wide range of cryptographic applications.
## 2024/1980
* Title: Sonikku: Gotta Speed, Keed! A Family of Fast and Secure MACs
* Authors: Amit Singh Bhati, Elena Andreeva, Simon Müller, Damian Vizar
* [Permalink](
https://eprint.iacr.org/2024/1980)
* [Download](
https://eprint.iacr.org/2024/1980.pdf)
### Abstract
A message authentication code (MAC) is a symmetric-key cryptographic function used to authenticate a message by assigning it a tag. This tag is a short string that is difficult to reproduce without knowing the key. The tag ensures both the authenticity
and integrity of the message, enabling the detection of any modifications.
A significant number of existing message authentication codes (MACs) are based on block ciphers (BCs) and tweakable block ciphers (TBCs). These MACs offer various trade-offs in properties, such as data processing rate per primitive call, use of single or
multiple keys, security levels, pre- or post-processing, parallelizability, state size, and optimization for short/long queries.
In this work, we propose the $\mathsf{Sonikku}$ family of expanding primitive based MACs, consisting of three instances: $\mathsf{BabySonic}$, $\mathsf{DarkSonic}$, and $\mathsf{SuperSonic}$. The $\mathsf{Sonikku}$ MACs are -- 1) faster than the state-of-
the-art TBC-based MACs; 2) secure beyond the birthday bound in the input block size; 3) smaller in state size compared to state-of-the-art MACs; and 4) optimized with diverse trade-offs such as pre/post-processing-free execution, parallelization, small
footprint, and suitability for both short and long queries. These attributes make them favorable for common applications as well as ``IoT'' and embedded devices where processing power is limited.
On a Cortex-M4 32-bit microcontroller, $\mathsf{BabySonic}$ with $\mathsf{ForkSkinny}$ achieves a speed-up of at least 2.11x (up to 4.36x) compared to state-of-the-art ZMAC with $\mathsf{SKINNY}$ for 128-bit block sizes and queries of 95B or smaller. $\
mathsf{DarkSonic}$ and $\mathsf{SuperSonic}$ with $\mathsf{ForkSkinny}$ achieve a speed-up of at least 1.93x for small queries of 95B or smaller and 1.48x for large queries up to 64KB, respectively, against ZMAC with $\mathsf{SKINNY}$ for both 64- and
128-bit block sizes.
Similar to ZMAC and PMAC2x, we then demonstrate the potential of our MAC family by using $\mathsf{SuperSonic}$ to construct a highly efficient, beyond-birthday secure, stateless, and deterministic authenticated encryption scheme, which we call SonicAE.
## 2024/1981
* Title: Shutter Network: Private Transactions from Threshold Cryptography
* Authors: Stefan Dziembowski, Sebastian Faust, Jannik Luhn
* [Permalink](
https://eprint.iacr.org/2024/1981)
* [Download](
https://eprint.iacr.org/2024/1981.pdf)
### Abstract
With the emergence of DeFi, attacks based on re-ordering transactions have become an essential problem for public blockchains. Such attacks include front-running or sandwiching transactions, where the adversary places transactions at a particular place
within a block to influence a financial asset’s market price. In the Ethereum space, the value extracted by such attacks is often referred to as miner/maximal extractable value (MEV), which to date is estimated to have reached a value of more than USD
1.3B. A promising approach to protect against MEV is to hide the transaction data so block proposers cannot choose the order in which transactions are executed based on the transactions’ content. This paper describes the cryptographic protocol
underlying the Shutter network. Shutter has been available as an open-source project since the end of 2021 and has been running in production since Oct. 2022.
## 2024/1982
* Title: New Results in Quantum Analysis of LED: Featuring One and Two Oracle Attacks
* Authors: Siyi Wang, Kyungbae Jang, Anubhab Baksi, Sumanta Chakraborty, Bryan Lee, Anupam Chattopadhyay, Hwajeong Seo
* [Permalink](
https://eprint.iacr.org/2024/1982)
* [Download](
https://eprint.iacr.org/2024/1982.pdf)
### Abstract
Quantum computing has attracted substantial attention from researchers across various fields. In case of the symmetric key cryptography, the main problem is posed by the application of Grover's search. In this work, we focus on quantum analysis of the
lightweight block cipher LED.
This paper proposes an optimized quantum circuit for LED, minimizing the required number of qubits, quantum gates, and circuit depth. Furthermore, we conduct Grover's attack and Search with Two Oracles (STO) attack on the proposed LED cipher, estimating
the quantum resources required for the corresponding attack oracles. The STO attack outperforms the usual Grover's search when the state size is less than the key size. Beyond analyzing the cipher itself (i.e., the ECB mode), this work also evaluates
the effectiveness of quantum attacks on LED across different modes of operation.
## 2024/1983
* Title: UTRA: Universe Token Reusability Attack and Verifiable Delegatable Order-Revealing Encryption
* Authors: Jaehwan Park, Hyeonbum Lee, Junbeom Hur, Jae Hong Seo, Doowon Kim
* [Permalink](
https://eprint.iacr.org/2024/1983)
* [Download](
https://eprint.iacr.org/2024/1983.pdf)
### Abstract
As dataset sizes continue to grow, users face increasing difficulties in performing processing tasks on their local machines. From this, privacy concerns about data leakage have led data owners to upload encrypted data and utilize secure range queries to
cloud servers.
To address these challenges, order-revealing encryption (ORE) has emerged as a promising solution for large numerical datasets. Building on this, delegatable order-revealing encryption (DORE) was introduced, allowing operations between encrypted datasets
with different secret keys in multi-client ORE environments. DORE operates through authorization tokens issued by the data owner. However, security concerns had arisen about unauthorized users exploiting data without permission, leading to the
development of a secure order-revealing encryption scheme (SEDORE). These attacks can result in unauthorized data access and significant financial losses in modern cloud service providers (CSPs) utilizing pay-per-query systems. In addition, efficient
delegatable order-revealing encryption (EDORE), which improves speed and storage compared to SEDORE with identical security levels, was also introduced.
Although both SEDORE and EDORE were designed to be robust against these attacks, we have identified that they still retain the same vulnerabilities within the same threat model. To address these issues, we propose Verifiable Delegatable Order-Revealing
Encryption (VDORE), which protects against attacks by using the Schnorr Signature Scheme to verify the validity of the token that users send. We propose a precise definition and robust proof to improve the unclear definition and insufficient proof
regarding token unforgeability in the SEDORE.
Furthermore, the token generation algorithm in VDORE provides about a $1.5\times$ speed-up compared to SEDORE.
## 2024/1984
* Title: Low Communication Threshold Fully Homomorphic Encryption
* Authors: Alain Passelègue, Damien Stehlé
* [Permalink](
https://eprint.iacr.org/2024/1984)
* [Download](
https://eprint.iacr.org/2024/1984.pdf)
### Abstract
This work investigates constructions of threshold fully homomorphic encryption with low communication, i.e., with small ciphertexts and small decryption shares. In this context, we discuss in detail the technicalities for achieving full-fledged threshold
FHE, and put forward limitations regarding prior works, including an attack against the recent construction of Boudgoust and Scholl [ASIACRYPT 2023]. In light of our observations, we generalize the definition of threshold fully homomorphic encryption by
adding an algorithm which allows to introduce additional randomness in ciphertexts before they are decrypted by parties. In this setting, we are able to propose a construction which offers small ciphertexts and small decryption shares.
## 2024/1985
* Title: Endomorphisms for Faster Cryptography on Elliptic Curves of Moderate CM Discriminants
* Authors: Dimitri Koshelev, Antonio Sanso
* [Permalink](
https://eprint.iacr.org/2024/1985)
* [Download](
https://eprint.iacr.org/2024/1985.pdf)
### Abstract
This article generalizes the widely-used GLV decomposition for scalar multiplication to a broader range of elliptic curves with moderate CM discriminant \( D < 0 \) (up to a few thousand in absolute value). Previously, it was commonly believed that this
technique could only be applied efficiently for small \( D \) values (e.g., up to \( 100 \)). In practice, curves with \( j \)-invariant \( 0 \) are most frequently employed, as they have the smallest possible \( D = -3 \). This article participates in
the decade-long development of numerous real-world curves with moderate \( D \) in the context of ZK-SNARKs. Such curves are typically derived from others, which limits the ability to generate them while controlling the magnitude of \( D \). The most
notable example is so-called "lollipop" curves demanded, among others, in the Mina protocol.
Additionally, the new results are relevant to one of the "classical" curves (with \( D = -619 \)) from the Russian ECC standard. This curve was likely found using the CM method (with overwhelming probability), though this is not explicitly stated in the
standard. Its developers seemingly sought to avoid curves with small \( D \) values, aiming to mitigate potential DLP attacks on such curves, and hoped these attacks would not extend effectively to \( D = -619 \). One goal of the present article is to
address the perceived disparity between the \( D = -3 \) curves and the Russian curve. Specifically, the Russian curve should either be excluded from the standard for potential security reasons or local software should begin leveraging the advantages of
the GLV decomposition.
## 2024/1986
* Title: Improved Quantum Analysis of ARIA
* Authors: Yujin Oh, Kyungbae Jang, Hwajeong Seo
* [Permalink](
https://eprint.iacr.org/2024/1986)
* [Download](
https://eprint.iacr.org/2024/1986.pdf)
### Abstract
As advancements in quantum computing present potential threats to current cryptographic systems, it is necessary to reconsider and adapt existing cryptographic frameworks. Among these, Grover's algorithm reduces the attack complexity of symmetric-key
encryption, making it crucial to evaluate the security strength of traditional symmetric-key systems.
In this paper, we implement an efficient quantum circuit for the ARIA symmetric-key encryption and estimate the required quantum resources. Our approach achieves a reduction of over 61\% in full depth and over 65.5\% in qubit usage compared to the most
optimized previous research. Additionally, we estimate the cost of a Grover attack on ARIA and evaluate its post-quantum security strength.
## 2024/1987
* Title: Side-Channel Attack on ARADI
* Authors: Donggeun Kwon, Seokhie Hong
* [Permalink](
https://eprint.iacr.org/2024/1987)
* [Download](
https://eprint.iacr.org/2024/1987.pdf)
### Abstract
In this study, we present the first side-channel attack on the ARADI block cipher, exposing its vulnerabilities to physical attacks in non-profiled scenarios. We propose a novel bitwise divide-and-conquer methodology tailored for ARADI, enabling key
recovery. Furthermore, based on our attack approach, we present a stepwise method for recovering the full 256-bit master key. Through experiments on power consumption traces from an ARM processor, we demonstrate successful recovery of target key bits,
validating the effectiveness of our proposed method. Our findings highlight critical weaknesses in physical security of ARADI and underscore the necessity of implementing effective countermeasures to address side-channel vulnerabilities.
## 2024/1988
* Title: Garbled Circuits with 1 Bit per Gate
* Authors: Hanlin Liu, Xiao Wang, Kang Yang, Yu Yu
* [Permalink](
https://eprint.iacr.org/2024/1988)
* [Download](
https://eprint.iacr.org/2024/1988.pdf)
### Abstract
We present a garbling scheme for Boolean circuits with 1 bit per gate communication based on either ring learning with errors (RLWE) or NTRU assumption, with key-dependent message security. The garbling consists of 1) a homomorphically encrypted seed
that can be expanded to encryption of many pseudo-random bits and 2) one-bit stitching information per gate to reconstruct garbled tables from the expanded ciphertexts. By using low-complexity PRGs, both the garbling and evaluation of each gate require
only O(1) homomorphic addition/multiplication operations without bootstrapping.
## 2024/1989
* Title: Revisiting OKVS-based OPRF and PSI: Cryptanalysis and Better Construction
* Authors: Kyoohyung Han, Seongkwang Kim, Byeonghak Lee, Yongha Son
* [Permalink](
https://eprint.iacr.org/2024/1989)
* [Download](
https://eprint.iacr.org/2024/1989.pdf)
### Abstract
Oblivious pseudorandom function (OPRF) is a two-party cryptographic protocol that allows the receiver to input $x$ and learn $F(x)$ for some PRF $F$, only known to the sender. For private set intersection (PSI) applications, OPRF protocols have evolved
to enhance efficiency, primarily using symmetric key cryptography. Current state-of-the-art protocols, such as those by Rindal and Schoppmann (Eurocrypt '21), leverage vector oblivious linear evaluation (VOLE) and oblivious key-value store (OKVS)
constructions.
In this work, we identify a flaw in an existing security proof, and present practical attacks in the malicious model, which results in additional PRF evaluations than the previous works' claim. In particular, the attack for malicious model is related to
the concept of OKVS overfitting, whose hardness is conjectured in previous works. Our attack is the first one to discuss the concrete hardness of OKVS overfitting problem.
As another flavour of contribution, we generalize OKVS-based OPRF constructions, suggesting new instantiations using a VOLE protocol with only Minicrypt assumptions. Our generalized construction shows improved performance in high-speed network
environments, narrowing the efficiency gap between the OPRF constructions over Cryptomania and Minicrypt.
## 2024/1990
* Title: How To Scale Multi-Party Computation
* Authors: Marcel Keller
* [Permalink](
https://eprint.iacr.org/2024/1990)
* [Download](
https://eprint.iacr.org/2024/1990.pdf)
### Abstract
We propose a solution for optimized scaling of multi-party computation using the MP-SPDZ framework (CCS’20). It does not use manual optimization but extends the compiler and the virtual machine of the framework, thus providing an improvement for any
user. We found that our solution improves timings four-fold for a simple example in MP-SPDZ, and it improves an order of magnitude on every framework using secret sharing considered by Hastings et al. (S&P’19) either in terms of time or RAM usage. The
core of our approach is finding a balance between communication round optimization and memory usage.
## 2024/1991
* Title: CHLOE: Loop Transformation over Fully Homomorphic Encryption via Multi-Level Vectorization and Control-Path Reduction
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)