## In this issue

1. [2024/356] On Central Primitives for Quantum Cryptography with ...
2. [2024/548] Efficient isochronous fixed-weight sampling with ...
3. [2024/753] Summation-based Private Segmented Membership Test ...
4. [2024/759] Watermarking Language Models for Many Adaptive Users
5. [2024/1014] Grafting: Complementing RNS in CKKS
6. [2024/1015] Expediting Homomorphic Computation via ...
7. [2024/1016] A Succinct Range Proof for Polynomial-based Vector ...
8. [2024/1017] Accelerating pairings on BW10 and BW14 Curves
9. [2024/1018] Sparsity-Aware Protocol for ZK-friendly ML Models: ...
10. [2024/1019] Exploiting Clock-Slew Dependent Variability in CMOS ...
11. [2024/1020] chainBoost: A Secure Performance Booster for ...
12. [2024/1021] ammBoost: State Growth Control for AMMs
13. [2024/1022] Competitive Policies for Online Collateral Maintenance
14. [2024/1023] Constant-Size Unbounded Multi-Hop Fully Homomorphic ...
15. [2024/1024] Attribute-Based Threshold Issuance Anonymous ...
16. [2024/1025] Polynomial sharings on two secrets: Buy one, get ...
17. [2024/1026] MaSTer: Maliciously Secure Truncation for ...
18. [2024/1027] Structured-Seed Local Pseudorandom Generators and ...
19. [2024/1028] FASIL: A challenge-based framework for secure and ...
20. [2024/1029] Oblivious Single Access Machines: A New Model for ...
21. [2024/1030] GRASP: Accelerating Hash-based PQC Performance on ...
22. [2024/1031] SACfe: Secure Access Control in Functional ...
23. [2024/1032] Threshold OPRF from Threshold Additive HE
24. [2024/1033] Adaptively Secure 5 Round Threshold Signatures from ...
25. [2024/1034] A Practical Protocol for Quantum Oblivious Transfer ...
26. [2024/1035] Reading It like an Open Book: Single-trace Blind ...
27. [2024/1036] A note on the G-FFT
28. [2024/1037] A note on adding zero-knowledge to STARKs
29. [2024/1038] Constraint-Packing and the Sum-Check Protocol over ...
30. [2024/1039] Reduction from Average-Case M-ISIS to Worst-Case ...
31. [2024/1040] PeaceFounder: centralised E2E verifiable evoting ...
32. [2024/1041] Embedding Integer Lattices as Ideals into ...
33. [2024/1042] Efficient Verifiable Differential Privacy with ...
34. [2024/1043] Cryptography in the Common Haar State Model: ...
35. [2024/1044] Searching for differential addition chains
36. [2024/1045] Efficient Secret Sharing for Large-Scale Applications
37. [2024/1046] The Sum-Check Protocol over Fields of Small ...
38. [2024/1047] Improved Multi-Party Fixed-Point Multiplication
39. [2024/1048] Distributional Secure Merge
40. [2024/1049] KyberSlash: Exploiting secret-dependent division ...
41. [2024/1050] On Sequential Functions and Fine-Grained Cryptography
42. [2024/1051] Adaptor Signatures: New Security Definition and A ...
43. [2024/1052] A New Fine Tuning Method for FHEW/TFHE ...
44. [2024/1053] Stochastic Secret Sharing with $1$-Bit Shares and ...
45. [2024/1054] Optimized Computation of the Jacobi Symbol
46. [2024/1055] Enhancing Local Verification: Aggregate and Multi- ...
47. [2024/1056] Shuffle Arguments Based on Subset-Checking
48. [2024/1057] Password-authenticated Key Exchange and Applications
49. [2024/1058] Natively Compatible Super-Efficient Lookup ...
50. [2024/1059] HEProfiler: An In-Depth Profiler of Approximate ...
51. [2024/1060] Quirky Interactive Reductions of Knowledge
52. [2024/1061] Insta-Pok3r: Real-time Poker on Blockchain
53. [2024/1062] Compact Key Function Secret Sharing with Non-linear ...
54. [2024/1063] VIMz: Verifiable Image Manipulation using Folding- ...
55. [2024/1064] ArcEDB: An Arbitrary-Precision Encrypted Database ...
56. [2024/1065] AITIA: Efficient Secure Computation of Bivariate ...

## 2024/356

* Title: On Central Primitives for Quantum Cryptography with Classical Communication
* Authors: Kai-Min Chung, Eli Goldin, Matthew Gray
* [Permalink](https://eprint.iacr.org/2024/356)
* [Download](https://eprint.iacr.org/2024/356.pdf)

### Abstract

Recent work has introduced the "Quantum-Computation Classical-Communication" (QCCC) (Chung et. al.) setting for cryptography. There has been some evidence that
One Way Puzzles (OWPuzz) are the natural central cryptographic primitive for this
setting (Khurana and Tomer). For a primitive to be considered central it should have several characteristics. It should be well behaved (which for this paper we will
think of as having amplification, combiners, and universal constructions); it should
be implied by a wide variety of other primitives; and it should be equivalent to some
class of useful primitives. We present combiners, correctness and security amplifica-
tion, and a universal construction for OWPuzz. Our proof of security amplification
uses a new and cleaner version construction of EFI from OWPuzz (in comparison to
the result of Khurana and Tomer) that generalizes to weak OWPuzz and is the most
technically involved section of the paper. It was previously known that OWPuzz are
implied by other primitives of interest including commitments, symmetric key encryp-
tion, one way state generators (OWSG), and therefore pseudorandom states (PRS). However we are able to rule out OWPuzz’s equivalence to many of these primitives
by showing a black box separation between general OWPuzz and a restricted class of OWPuzz (those with efficient verification, which we call EV − OWPuzz). We then
show that EV − OWPuzz are also implied by most of these primitives, which separates
them from OWPuzz as well. This separation also separates extending PRS from highly
compressing PRS answering an open question of Ananth et. al.



## 2024/548

* Title: Efficient isochronous fixed-weight sampling with applications to NTRU * Authors: Décio Luiz Gazzoni Filho, Tomás S. R. Silva, Julio López
* [Permalink](https://eprint.iacr.org/2024/548)
* [Download](https://eprint.iacr.org/2024/548.pdf)

### Abstract

We present a solution to the open problem of designing a linear-time, unbiased and timing attack-resistant shuffling algorithm for fixed-weight sampling. Although it can be implemented without timing leakages of secret data in any architecture, we
illustrate with ARMv7-M and ARMv8-A implementations; for the latter, we take advantage of architectural features such as NEON and conditional instructions, which are representative of features available on architectures targeting similar systems, such as
Intel. Our proposed algorithm improves asymptotically upon the current approach based on constant-time sorting networks ($O(n)$ versus $O(n \log^2 n)$), and an implementation of the new algorithm applied to NTRU is also faster in practice, by a factor of
up to $6.91\ (591\%)$ on ARMv8-A cores and $12.89\ (1189\%)$ on the Cortex-M4; it also requires fewer uniform random bits. This translates into performance improvements for NTRU encapsulation, compared to state-of-the-art implementations, of up to 50\%
on ARMv8-A cores and 72\% on the Cortex-M4, and small improvements to key generation (up to 2.7\% on ARMv8-A cores and 6.1\% on the Cortex-M4), with negligible impact on code size and a slight improvement in RAM usage for the Cortex-M4.



## 2024/753

* Title: Summation-based Private Segmented Membership Test from Threshold-Fully Homomorphic Encryption
* Authors: Nirajan Koirala, Jonathan Takeshita, Jeremy Stevens, Taeho Jung
* [Permalink](https://eprint.iacr.org/2024/753)
* [Download](https://eprint.iacr.org/2024/753.pdf)

### Abstract

In many real-world scenarios, there are cases where a client wishes
to check if a data element they hold is included in a set segmented
across a large number of data holders. To protect user privacy, the
client’s query and the data holders’ sets should remain encrypted throughout the whole process. Prior work on Private Set Intersection (PSI), Multi-Party PSI (MPSI), Private Membership Test (PMT),
and Oblivious RAM (ORAM) falls short in this scenario in many
ways. They either require data holders to possess the sets in plain-
text, incur prohibitively high latency for aggregating results from a
large number of data holders, leak the information about the party
holding the intersection element, or induce a high false positive.
This paper introduces the primitive of a Private Segmented Mem-
bership Test (PSMT). We give a basic construction of a protocol to
solve PSMT using a threshold variant of approximate-arithmetic
homomorphic encryption and show how to overcome existing
challenges to construct a PSMT protocol without leaking information about the party holding the intersection element or false
positives for a large number of data holders ensuring IND-CPA^𝐷
security. Our novel approach is superior to existing state-of-the-art approaches in scalability with regard to the number of supported
data holders. This is enabled by a novel summation-based homo-
morphic membership check rather than a product-based one, as
well as various novel ideas addressing technical challenges. Our
PSMT protocol supports many more parties (up to 4096 in experiments) compared to prior related work that supports only around
100 parties efficiently. Our experimental evaluation shows that our
method’s aggregation of results from data holders can run in 92.5s
for 1024 data holders and a set size of 2^25, and our method’s over-
head increases very slowly with the increasing number of senders.
We also compare our PSMT protocol to other state-of-the-art PSI
and MPSI protocols and discuss our improvements in usability with
a better privacy model and a larger number of parties



## 2024/759

* Title: Watermarking Language Models for Many Adaptive Users
* Authors: Aloni Cohen, Alexander Hoover, Gabe Schoenbach
* [Permalink](https://eprint.iacr.org/2024/759)
* [Download](https://eprint.iacr.org/2024/759.pdf)

### Abstract

We study watermarking schemes for language models with provable guarantees. As we show, prior works offer no robustness guarantees against adaptive prompting: when a user queries a language model more than once, as even benign users do. And with just a
single exception (Christ and Gunn, 2024), prior works are restricted to zero-bit watermarking: machine-generated text can be detected as such, but no additional information can be extracted from the watermark. Unfortunately, merely detecting AI-
generated text may not prevent future abuses.

We introduce multi-user watermarks, which allow tracing model-generated text to individual users or to groups of colluding users, even in the face of adaptive prompting. We construct multi-user watermarking schemes from undetectable, adaptively robust,
zero-bit watermarking schemes (and prove that the undetectable zero-bit scheme of Christ, Gunn, and Zamir (2024) is adaptively robust). Importantly, our scheme provides both zero-bit and multi-user assurances at the same time. It detects shorter snippets
just as well as the original scheme, and traces longer excerpts to individuals.

The main technical component is a construction of message-embedding watermarks from zero-bit watermarks. Ours is the first generic reduction between watermarking schemes for language models. A challenge for such reductions is the lack of a unified
abstraction for robustness --- that marked text is detectable even after edits. We introduce a new unifying abstraction called AEB-robustness. AEB-robustness provides that the watermark is detectable whenever the edited text "approximates enough blocks"
of model-generated output.



## 2024/1014

* Title: Grafting: Complementing RNS in CKKS
* Authors: Jung Hee Cheon, Hyeongmin Choe, Minsik Kang, Jaehyung Kim
* [Permalink](https://eprint.iacr.org/2024/1014)
* [Download](https://eprint.iacr.org/2024/1014.pdf)

### Abstract

The RNS variant of the CKKS scheme (SAC 2018) is widely implemented due to its computational efficiency. However, the current optimized implementations of the RNS-CKKS scheme have a limitation when choosing the ciphertext modulus. It requires the scale
factors to be approximately equal to a factor (or a product of factors) of the ciphertext modulus. This restriction causes inefficiency when the scale factor is not close to the power of the machine's word size, wasting the machine's computation budget.

In this paper, we solve this implementation-side issue algorithmically by introducing \emph{Grafting}, a ciphertext modulus management system. In Grafting, we mitigate the link between the ciphertext modulus and the application-dependent scale factor. We
efficiently enable rescaling by an arbitrary amount of bits by suggesting a method managing the ciphertext modulus with mostly word-sized factors. Thus, we can fully utilize the machine architecture with word-sized factors of the ciphertext modulus while
keeping the application-dependent scale factors. This also leads to hardware-friendly RNS-CKKS implementation as a side effect. Furthermore, we apply our technique to Tuple-CKKS multiplication (CCS 2023), solving a restriction due to small scale factors.

Our proof-of-concept implementation shows that the overall complexity of RNS-CKKS is almost proportional to the number of coprime factors comprising the ciphertext modulus, of size smaller than the machine's word size. This results in a substantial speed-
up from Grafting: $17$-$51$% faster homomorphic multiplications and $43$% faster CoeffsToSlots in bootstrapping, implemented based on the HEaaN library. We estimate that the computational gain could range up to $1.71\times$ speed-up for the current
parameters used in the RNS-CKKS libraries.



## 2024/1015

* Title: Expediting Homomorphic Computation via Multiplicative Complexity-aware Multiplicative Depth Minimization
* Authors: Mingfei Yu, Giovanni De Micheli
* [Permalink](https://eprint.iacr.org/2024/1015)
* [Download](https://eprint.iacr.org/2024/1015.pdf)

### Abstract

Fully homomorphic encryption (FHE) enables secure data processing without compromising data access, but its computational cost and slower execution compared to plaintext operations pose challenges. The growing interest in FHE-based secure computation
necessitates the acceleration of homomorphic computations. While existing research primarily targets the reduction of the multiplicative depth (MD) of homomorphic circuits, this paper addresses the trade-off between MD reduction and the increase in
multiplicative complexity (MC), a critical gap often overlooked during circuit optimization and potentially resulting in suboptimal outcomes. Three contributions are presented: (a) an exact synthesis paradigm for optimal homomorphic circuit
implementations, (b) an efficient heuristic algorithm named MC-aware MD minimization, and (c) a homomorphic circuit optimization flow combining MC-aware MD minimization with existing MD reduction techniques. Experimental results demonstrate a 21.32%
average reduction in homomorphic computation time and showcase significantly improved efficiency in circuit optimization.



## 2024/1016

* Title: A Succinct Range Proof for Polynomial-based Vector Commitment
* Authors: Rui Gao, Zhiguo Wan, Yuncong Hu, Huaqun Wang
* [Permalink](https://eprint.iacr.org/2024/1016)
* [Download](https://eprint.iacr.org/2024/1016.pdf)

### Abstract

A range proof serves as a protocol for the prover to prove to the verifier that a committed number lies in a specified range, such as $[0,2^n)$, without disclosing the actual value. Range proofs find extensive application in various domains. However, the
efficiency of many existing schemes diminishes significantly when confronted with batch proofs encompassing multiple elements.
To improve the scalability and efficiency, we propose MissileProof, a vector range proof scheme, proving that every element in the committed vector is within $[0,2^n)$. We first reduce this argument to a bi-to-univariate SumCheck problem and a
bivariate polynomial ZeroTest problem. Then generalizing the idea of univariate SumCheck PIOP, we design a bi-to-univariate SumCheck PIOP. By introducing a random polynomial, we construct the bivariate polynomial ZeroTest using a univariate polynomial
ZeroTest and a univariate polynomial SumCheck PIOP. Finally, combining the PIOP for vector range proof, a KZG-based polynomial commitment scheme and the Fiat-Shamir transformation, we get a zero-knowledge succinct non-interactive vector range proof.
Compared with existing schemes, our scheme has the optimal proof size ($O(1)$), the optimal commitment length ($O(1)$),
and the optimal verification time ($O(1)$), at the expense of slightly sacrificing proof time ($O(l\log l\cdot n\log n)$ operations on the prime field for FFT and $O(ln)$ group exponentiations in $\mathbb{G}$). Moreover, we implemented an anti-money-
laundering stateless blockchain based on the MissileProof. The gas consumption of the verification smart contract is reduced by 85%.



## 2024/1017

* Title: Accelerating pairings on BW10 and BW14 Curves
* Authors: Senegue Gomez Nyamsi, Laurian Guimagang Azebaze, Emmanuel Fouotsa
* [Permalink](https://eprint.iacr.org/2024/1017)
* [Download](https://eprint.iacr.org/2024/1017.pdf)

### Abstract

Since the advent of pairing based cryptography, many researchers have developed several techniques and variants of pairings to optimise the speed of pairing computations. The selection of the elliptic curve for a given pairing based protocol is crucial
for operations in the first and second pairing groups of points of the elliptic curve and for many cryptographic schemes. A new variant of superoptimal pairing was proposed in 2023, namely x-superoptimal pairing on curves with odd prime embedding degrees
BW13-310 and BW19-286. This paper extends the definition of the x-superoptimal pairing on elliptic curves with even embedding degrees BW10-511 and BW14-351 at 128 bits security level. We provide a suitable formula of the x-superoptimal pairing on BW10-
511 and BW14-351 where the Miller loop is about $13.5\%$ and $21.6\%$ faster than the optimal ate pairing on BW10-511 and BW14-351 respectively. The correctness of the x-superoptimal pairing on BW10-511 and BW14-351 and bilinearity has been verified by a
Magma code.



## 2024/1018

* Title: Sparsity-Aware Protocol for ZK-friendly ML Models: Shedding Lights on Practical ZKML
* Authors: Alan Li, Qingkai Liang, Mo Dong
* [Permalink](https://eprint.iacr.org/2024/1018)
* [Download](https://eprint.iacr.org/2024/1018.pdf)

### Abstract

As deep learning is being widely adopted across various domains, ensuring the integrity of models has become increasingly crucial. Despite the recent advances in Zero-Knowledge Machine Learning (ZKML) techniques, proving the inference over large ML
models is still prohibitive. To enable practical ZKML, model simplification techniques like pruning and quantization should be applied without hesitation. Contrary to conventional belief, recent development in ML space have demonstrated that these
simplification techniques not only condense complex models into forms with sparse, low-bit weight matrices, but also maintain exceptionally high model accuracies that matches its unsimplified counterparts.

While such transformed models seem inherently ZK-friendly, directly applying existing ZK proof frameworks still lead to suboptimal inference proving performance. To make ZKML truly practical, a quantization-and-pruning-aware ZKML framework is needed. In
this paper, we propose SpaGKR, a novel sparsity-aware ZKML framework that is proven to surpass capabilities of existing ZKML methods. SpaGKR is a general framework that is widely applicable to any computation structure where sparsity arises. It is
designed to be modular - all existing GKR-based ZKML frameworks can be seamlessly integrated with it to get remarkable compounding performance enhancements. We tailor SpaGKR specifically to the most commonly-used neural network structure - the linear
layer, and propose the SpaGKR-LS protocol that achieves asymptotically optimal prover time. Notably, when applying SpaGKR-LS to a special series of simplified model - ternary network, it achieves further efficiency gains by additionally leveraging the
low-bit nature of model parameters.



## 2024/1019

* Title: Exploiting Clock-Slew Dependent Variability in CMOS Digital Circuits Towards Power and EM SCA Resilience
* Authors: Archisman Ghosh, Md. Abdur Rahman, Debayan Das, Santosh Ghosh, Shreyas Sen
* [Permalink](https://eprint.iacr.org/2024/1019)
* [Download](https://eprint.iacr.org/2024/1019.pdf)

### Abstract

Mathematically secured cryptographic implementations leak critical information in terms of power, EM emanations, etc. Several circuit-level countermeasures are proposed to hinder side channel leakage at the source. Circuit-level countermeasures (e.g.,
IVR, STELLAR, WDDL, etc) are often preferred as they are generic and have low overhead. They either dither the voltage randomly or attenuate the meaningful signature at $V_{DD}$ port. Although any digital implementation has two generic ports, namely
clock and $V_{DD}$, circuit-level countermeasures primarily focus on $V_{DD}$ port, and countermeasures using the clock are mainly unexplored. System-level clock randomization is ineffective due to post-processing techniques. This work, for the first
time, presents clock-based countermeasures by providing a controlled slew that exploits the inherent variability of digital circuits in terms of power consumption and transforms power/EM emanation into a complex function of data and slew. Due to this,
minimum traces-to-disclosure (MTD) improves by 100$\times$ with respect to the unprotected one.
Moreover, the slewed clock reduces the leaky frequency, and the clock randomization countermeasure is more effective as it becomes more difficult} to post-process in the frequency domain. Clock slew and randomization together have a cumulative effect(
1800x) more than the multiplication of individual techniques (100x & 5x respectively). In brief, this paper presents a clock-level generic synthesizable countermeasure technique that improved the minimum-traces-to-disclosure (MTD) by 1800$\times$ and
incurs only 11% area overhead, $<3\%$ power overhead (measured) and $<6\%$ performance overhead (measured). Moreover, this can be easily combined with other power-port-based mitigation techniques for enhanced security.



## 2024/1020

* Title: chainBoost: A Secure Performance Booster for Blockchain-based Resource Markets
* Authors: Zahra Motaqy, Mohamed E. Najd, Ghada Almashaqbeh
* [Permalink](https://eprint.iacr.org/2024/1020)
* [Download](https://eprint.iacr.org/2024/1020.pdf)

### Abstract

Cryptocurrencies and blockchain technology provide an innovative model for reshaping digital services. Driven by the movement toward Web 3.0, recent systems started to provide distributed services, such as computation outsourcing or file storage, on top
of the currency exchange medium. By allowing anyone to join and collect cryptocurrency payments for serving others, these systems create decentralized markets for trading digital resources. Yet, there is still a big gap between the promise of these
markets and their practical viability. Existing initiatives are still early-stage and have already encountered security and efficiency obstacles. At the same time, existing work around promising ideas, specifically sidechains, fall short in exploiting
their full potential in addressing these problems.

To bridge this gap, we propose chainBoost, a secure performance booster for decentralized resource markets. It expedites service related operations, reduces the blockchain size, and supports flexible service-payment exchange modalities at low overhead.
At its core, chainBoost employs a sidechain, that has a (security and semantic) mutual-dependence with the mainchain, to which the system offloads heavy/frequent operations. To enable it, we develop a novel sidechain architecture composed of temporary
and permanent blocks, a block suppression mechanism to prune the sidechain, a syncing protocol to permit arbitrary data exchange between the two chains, and an autorecovery protocol to support robustness and resilience. We analyze the security of
chainBoost, and implement a proof-of-concept prototype for a distributed file storage market as a use case. For a market handling around 2000 transactions per round, our experiments show up to 11x improvement in throughput and 94% reduction in
confirmation time. They also show that chainBoost can reduce the main blockchain size by about 90%, and that it outperforms comparable optimistic rollup solutions by reducing transaction finality by 99.7%.



## 2024/1021

* Title: ammBoost: State Growth Control for AMMs
* Authors: Nicholas Michel, Mohamed E. Najd, Ghada Almashaqbeh
* [Permalink](https://eprint.iacr.org/2024/1021)
* [Download](https://eprint.iacr.org/2024/1021.pdf)

### Abstract

Automated market makers (AMMs) are a form of decentralized cryptocurrency exchanges and considered a prime example of Decentralized Finance (DeFi) applications. Their popularity and high trading activity have resulted in millions of on-chain transactions
leading to serious scalability issues. In this paper, we address the on-chain storage overhead problem of AMMs by utilizing a new sidechain architecture as a layer 2 solution, building a system called ammBoost. Our system reduces the amount of on-chain
transactions, boosts throughput, and supports blockchain pruning. We devise several techniques to enable layer 2 processing for AMMs while preserving correctness and security of the underlying AMM. We also build a proof-of-concept of ammBoost for a
Uniswap-inspired use case to empirically evaluate its performance. Our experiments show that ammBoost decreases the gas cost by 94.53% and the chain growth by at least 80%, and that it can support up to 500x of the daily traffic volume observed for
Uniswap in practice.



## 2024/1022

* Title: Competitive Policies for Online Collateral Maintenance
* Authors: Ghada Almashaqbeh, Sixia Chen, Alexander Russell
* [Permalink](https://eprint.iacr.org/2024/1022)
* [Download](https://eprint.iacr.org/2024/1022.pdf)

### Abstract

Layer-two blockchain protocols emerged to address scalability issues related to fees, storage cost, and confirmation delay of on-chain transactions. They aggregate off-chain transactions into a fewer on-chain ones, thus offering immediate settlement and
reduced transaction fees. To preserve security of the underlying ledger, layer-two protocols often work in a collateralized model; resources are committed on-chain to backup off-chain activities. A fundamental challenge that arises in this setup is
determining a policy for establishing, committing, and replenishing the collateral in a way that maximizes the value of settled transactions.

In this paper, we study this problem under two settings that model collateralized layer-two protocols. The first is a general model in which a party has an on-chain collateral $C$ with a policy to decide on whether to settle or discard each incoming
transaction. The policy also specifies when to replenish $C$ based on the remaining collateral value. The second model considers a discrete setup in which $C$ is divided among $k$ wallets, each of which is of size $C/k$, such that when a wallet is full,
and so cannot settle any incoming transactions, it will be replenished. We devise several online policies for these models, and show how competitive they are compared to optimal (offline) policies that have full knowledge of the incoming transaction
stream. To the best of our knowledge, we are the first to study and formulate online competitive policies for collateral and wallet management in the blockchain setting.



## 2024/1023

* Title: Constant-Size Unbounded Multi-Hop Fully Homomorphic Proxy Re-Encryption from Lattices
* Authors: Feixiang Zhao, Huaxiong Wang, Jian Weng
* [Permalink](https://eprint.iacr.org/2024/1023)
* [Download](https://eprint.iacr.org/2024/1023.pdf)

### Abstract

Proxy re-encryption is a cryptosystem that achieves efficient encrypted data sharing by allowing a proxy to transform a ciphertext encrypted under one key into another ciphertext under a different key. Homomorphic proxy re-encryption (HPRE) extends this
concept by integrating homomorphic encryption, allowing not only the sharing of encrypted data but also the homomorphic computations on such data. The existing HPRE schemes, however, are limited to a single or bounded number of hops of ciphertext re-
encryptions. To address this limitation, this paper introduces a novel lattice-based, unbounded multi-hop fully homomorphic proxy re-encryption (FHPRE) scheme, with constant-size ciphertexts. Our FHPRE scheme supports an unbounded number of reencryption
operations and enables arbitrary homomorphic computations over original, re-encrypted, and evaluated ciphertexts. Additionally, we propose a potential application of our FHPRE scheme in the form of a non-interactive, constant-size multi-user computation
system for cloud computing environments.



## 2024/1024

* Title: Attribute-Based Threshold Issuance Anonymous Counting Tokens and Its Application to Sybil-Resistant Self-Sovereign Identity
* Authors: Reyhaneh Rabaninejad, Behzad Abdolmaleki, Sebastian Ramacher, Daniel Slamanig, Antonis Michalas
* [Permalink](https://eprint.iacr.org/2024/1024)
* [Download](https://eprint.iacr.org/2024/1024.pdf)

### Abstract

Self-sovereign identity (SSI) systems empower users to (anonymously) establish and verify their identity when accessing both digital and real-world resources, emerging as a promising privacy-preserving solution for user-centric identity management.
Recent work by Maram et al. proposes the privacy-preserving Sybil-resistant decentralized SSI system CanDID (IEEE S&P 2021). While this is an important step, notable shortcomings undermine its efficacy. The two most significant among them being the
following: First, unlinkability breaks in the presence of a single malicious issuer. Second, it introduces interactiveness, as the users are required to communicate each time with issuers to collect credentials intended for use in interactions with
applications. This contradicts the goal of SSI, whose aim is to give users full control over their identities. This paper first introduces the concept of publicly verifiable attribute-based threshold anonymous counting tokens (tACT). Unlike recent
approaches confined to centralized settings (Benhamouda et al., ASIACRYPT 2023), tACT operates in a distributed-trust environment. Accompanied by a formal security model and a provably secure instantiation, tACT introduces a novel dimension to token
issuance, which, we believe, holds independent interest. Next, the paper leverages the proposed tACT scheme to construct an efficient Sybil-resistant SSI system. This system supports various functionalities, including threshold issuance, unlinkable multi-
show selective disclosure, and non-interactive, non-transferable credentials that offer constant-size credentials. Finally, our benchmark results show an efficiency improvement in our construction when compared to CanDID all while accommodating a greater
number of issuers and additionally reducing to a one-round protocol that can be run in parallel with all issuers.



## 2024/1025

* Title: Polynomial sharings on two secrets: Buy one, get one free
* Authors: Paula Arnold, Sebastian Berndt, Thomas Eisenbarth, Maximilian Orlt
* [Permalink](https://eprint.iacr.org/2024/1025)
* [Download](https://eprint.iacr.org/2024/1025.pdf)

### Abstract


[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)