## In this issue
1. [2023/1382] HELM: Navigating Homomorphic Encryption through ...
2. [2024/1571] Basefold in the List Decoding Regime
3. [2025/200] Improved Secure Two-party Computation from a ...
4. [2025/255] Tighter Security Notions for a Modular Approach to ...
5. [2025/258] MPC with Publicly Identifiable Abort from ...
6. [2025/262] PKE and ABE with Collusion-Resistant Secure Key Leasing
7. [2025/271] Unconditional foundations for supersingular ...
8. [2025/274] Post-Quantum Blind Signatures from Matrix Code ...
9. [2025/283] Honest Majority MPC with $\tilde{O}(|C|)$ ...
10. [2025/285] MicroCrypt Assumptions with Quantum Input Sampling ...
11. [2025/286] Verifiable Computation for Approximate Homomorphic ...
12. [2025/287] A reduction from Hawk to the principal ideal ...
13. [2025/288] How to Securely Implement Cryptography in Deep ...
14. [2025/289] Significantly Improved Cryptanalysis of Salsa20 ...
15. [2025/290] Dynamic Decentralized Functional Encryption: ...
16. [2025/291] A Note on Adaptive Security in Hierarchical ...
17. [2025/292] Tight Lower Bounds and New Upper Bounds For ...
18. [2025/293] Anamorphic-Resistant Encryption; Or Why the ...
19. [2025/294] Neo: Lattice-based folding scheme for CCS over ...
20. [2025/295] Stationary Syndrome Decoding for Improved PCGs
21. [2025/296] DFS: Delegation-friendly zkSNARK and Private ...
22. [2025/297] Practical Zero-Trust Threshold Signatures in Large- ...
23. [2025/298] Stateless Hash-Based Signatures for Post-Quantum ...
24. [2025/299] (Un)breakable curses - re-encryption in the ...
25. [2025/300] Pseudorandom Functions with Weak Programming ...
26. [2025/301] Making Protocol FSU Revocable
27. [2025/302] FHE-SNARK vs. SNARK-FHE: From Analysis to Practical ...
28. [2025/303] Asynchronous Algorand: Reaching Agreement with Near ...
29. [2025/304] Lattice-based Cryptography: A survey on the ...
30. [2025/305] The Malice of ELFs: Practical Anamorphic-Resistant ...
31. [2025/306] Dimensional e$\mathsf{ROS}$ion: Improving the ...
32. [2025/307] Quasi-Linear Indistinguishability Obfuscation via ...
33. [2025/308] ChiLow and ChiChi: New Constructions for Code ...
34. [2025/309] A Unified Treatment of Anamorphic Encryption
35. [2025/310] Non-Interactive Key Exchange: New Notions, New ...
36. [2025/311] Malleable SNARKs and Their Applications
37. [2025/312] Traceable Verifiable Random Functions
38. [2025/313] Lattice-based $\Sigma$-Protocols for Polynomial ...
39. [2025/314] Towards Optimally Secure Deterministic ...
40. [2025/315] Cryptanalysis of Full SCARF
41. [2025/316] $\mathsf{Zinc}$: Succinct Arguments with Small ...
42. [2025/317] Minicrypt PIR for Big Batches
43. [2025/318] Traceable Verifiable Secret Sharing and Applications
44. [2025/319] Single Trace Side-Channel Vulnerabilities Discovery ...
45. [2025/320] Committing Authenticated Encryption: Generic ...
46. [2025/321] Differential Cryptanalysis of the Reduced Pointer ...
47. [2025/322] Partial and Fully Homomorphic Matching of IP ...
48. [2025/323] A Generic Approach to Adaptively-Secure Broadcast ...
49. [2025/324] Fine-Grained Complexity in a World without Cryptography
50. [2025/325] On Quantum Money and Evasive Obfuscation
## 2023/1382
* Title: HELM: Navigating Homomorphic Encryption through Gates and Lookup Tables
* Authors: Charles Gouert, Dimitris Mouris, Nektarios Georgios Tsoutsos
* [Permalink](
https://eprint.iacr.org/2023/1382)
* [Download](
https://eprint.iacr.org/2023/1382.pdf)
### Abstract
As cloud computing continues to gain widespread adoption, safeguarding the confidentiality of data entrusted to third-party cloud service providers becomes a critical concern. While traditional encryption methods offer protection for data at rest and in
transit, they fall short when it comes to where it matters the most, i.e., during data processing.
To address this limitation, we present HELM, a framework for privacy-preserving data processing using homomorphic encryption. HELM automatically transforms arbitrary programs expressed in a Hardware Description Language (HDL), such as Verilog, into
equivalent homomorphic circuits, which can then be efficiently evaluated using encrypted inputs. HELM features two modes of encrypted evaluation: a) a gate mode that consists of standard Boolean gates, and b) a lookup table mode which significantly
reduces the size of the circuit by combining multiple gates into lookup tables. Finally, HELM introduces a scheduler that enables embarrassingly parallel processing in the encrypted domain. We evaluate HELM with the ISCAS'85 and ISCAS'89 benchmark suites
as well as real-world applications such as AES and image filtering. Our results outperform prior works by up to $65\times$.
## 2024/1571
* Title: Basefold in the List Decoding Regime
* Authors: Ulrich Haböck
* [Permalink](
https://eprint.iacr.org/2024/1571)
* [Download](
https://eprint.iacr.org/2024/1571.pdf)
### Abstract
In this writeup we discuss the soundness of the Basefold multilinear polynomial commitment scheme [Zeilberger, Chen, Fisch 23] applied to Reed-Solomon codes, and run with proximity parameters up to the Johnson list decoding bound.
Our security analysis relies on a generalization of the celebrated correlated agreement theorem from [Ben-Sasson, et al., 20] to linear subcodes of Reed-Solomon codes, which turns out a by-product of the Guruswami-Sudan list decoder analysis.
We further highlight a non-linear variant of the subcode correlated
agreement theorem, which is flexible enough to apply to Basefold-like protocols such as recent optimizations of FRI-Binius [Diamond, Posen 24], and which we believe sufficient for proving the security of a recent multilinear version of STIR [Arnon,
Chiesa, Fenzi, Yogev 24] in the list-decoding regime
## 2025/200
* Title: Improved Secure Two-party Computation from a Geometric Perspective
* Authors: Hao Guo, Liqiang Peng, Haiyang Xue, Li Peng, Weiran Liu, Zhe Liu, Lei Hu
* [Permalink](
https://eprint.iacr.org/2025/200)
* [Download](
https://eprint.iacr.org/2025/200.pdf)
### Abstract
Multiplication and other non-linear operations are widely recognized as the most costly components of secure two-party computation (2PC) based on linear secret sharing. Multiplication and non-linear operations are well known to be the most expensive
protocols in secure two-party computation (2PC). Moreover, the comparison protocol (or $\mathsf{Wrap}$ protocol) is essential for various operations such as truncation, signed extension, and signed non-uniform multiplication. This paper aims to optimize
these protocols by avoiding invoking the costly comparison protocol, thereby improving their efficiency.
We propose a novel approach to study 2PC from a geometric perspective. Specifically, we interpret the two shares of a secret as the horizontal and vertical coordinates of a point in a Cartesian coordinate system, with the secret itself represented as the
corresponding point. This reformulation allows us to address the comparison problem by determining the region where the point lies. Furthermore, we identify scenarios where the costly comparison protocol can be replaced by more efficient evaluating AND
gate protocols within a constrained range. Using this method, we improve protocols for truncation, signed extension and signed non-uniform multiplication, all of which are fundamental to 2PC. In particular, for the one-bit error truncation protocol and
signed extension protocols, we reduce the state-of-the-art communication complexities of Cheetah (USENIX’22) and SirNN (S\&P’21) from $\approx \lambda (l + 1)$ to $\approx \lambda$ in two rounds, where $l$ is the input length and $\lambda$ is the
security parameter. For signed multiplication with non-uniform bit-width, we reduce the communication cost of SirNN's by 40\% to 60\%.
## 2025/255
* Title: Tighter Security Notions for a Modular Approach to Private Circuits
* Authors: Bohan Wang, Juelin Zhang, Yu Yu, Weijia Wang
* [Permalink](
https://eprint.iacr.org/2025/255)
* [Download](
https://eprint.iacr.org/2025/255.pdf)
### Abstract
To counteract side-channel attacks, a masking scheme splits each intermediate variable into $n$ shares and transforms each elementary operation (e.g., field addition and multiplication) to the masked correspondence called gadget, such that intrinsic
noise in the leakages renders secret recovery infeasible in practice. A simple and efficient security notion is the probing model ensuring that any $n-1$ shares are independently distributed from the secret input. One requirement of the probing model is
the noise in the leakages should increase with the number of shares, largely restricting the side-channel security in the low-noise scenario. Another security notion for masking, called the random probing model, allows each variable to leak with a
probability $p$. While this model reflects the physical reality of side channels much better, it brings significant overhead. At Crypto 2018, Ananth et al. proposed a modular approach that can provide random probing security for any security level by
expanding small base gadgets with $n$ share recursively, such that the tolerable leakage probability $p$ decreases with $n$ while the security increases exponentially with the recursion depth of expansion. Then, Belaïd et al. provided a formal security
definition called Random Probing Expandability (RPE) and an explicit framework using the modular approach to construct masking schemes at Crypto 2020.
In this paper, we investigate how to tighten the RPE definition via allowing the dependent failure probabilities of multiple inputs, which results in a new definition called related RPE. It can be directly used for the expansion of multiplication gates
and reduce the complexity of the base multiplication gadget from $\mathcal{O}(n^2\log n)$ proposed at Asiacrypt 2021 to $\mathcal{O}(n^2)$ and maintain the same security level. Furthermore, we describe a method to expand any gates (rather than only
multiplication) with the related RPE gadgets.
Besides, we denote another new RPE definition called Multiple inputs RPE used for the expansion of multiple-input gates composed with any gates. Utilizing these methods, we reduce the complexity of 3-share circuit compiler to $\mathcal{O}(|C|\cdot\kappa^{
3.2})$, where $|C|$ is the size of the unprotected circuit and the protection failure probability of the global circuit is $2^{-\kappa}$. In comparison, the complexity of the state-of-the-art work, proposed at Eurocrypt 2021, is $\mathcal{O}(|C|\cdot\
kappa^{3.9})$ for the same value of $n$. Additionally, we provide the construction of a 5-share circuit compiler with a complexity $\mathcal{O}(|C|\cdot\kappa^{2.8})$.
## 2025/258
* Title: MPC with Publicly Identifiable Abort from Pseudorandomness and Homomorphic Encryption
* Authors: Marc Rivinius
* [Permalink](
https://eprint.iacr.org/2025/258)
* [Download](
https://eprint.iacr.org/2025/258.pdf)
### Abstract
Publicly identifiable abort is a critical feature for ensuring accountability in outsourced computations using secure multiparty computation (MPC). Despite its importance, no prior work has specifically addressed identifiable abort in the context of
outsourced computations. In this paper, we present the first MPC protocol that supports publicly identifiable abort with minimal overhead for external clients. Our approach minimizes client-side computation by requiring only a few pseudorandom function
evaluations per input. On the server side, the verification process involves lightweight linear function evaluations using homomorphic encryption. This results in verification times of a few nanoseconds per operation for servers, with client overhead
being approximately two orders of magnitude lower. Additionally, the public verifiability of our protocol reduces client input/output costs compared to SPDZ-based protocols, on which we base our protocol. For example, in secure aggregation use cases, our
protocol achieves over twice the efficiency during the offline phase and up to an 18 % speedup in the online phase, significantly outperforming SPDZ.
## 2025/262
* Title: PKE and ABE with Collusion-Resistant Secure Key Leasing
* Authors: Fuyuki Kitagawa, Ryo Nishimaki, Nikhil Pappu
* [Permalink](
https://eprint.iacr.org/2025/262)
* [Download](
https://eprint.iacr.org/2025/262.pdf)
### Abstract
Secure key leasing (SKL) is an advanced encryption functionality that allows a secret key holder to generate a quantum decryption key and securely lease it to a user. Once the user returns the quantum decryption key (or provides a classical certificate
confirming its deletion), they lose their decryption capability. Previous works on public key encryption with SKL (PKE-SKL) have only considered the single-key security model, where the adversary receives at most one quantum decryption key. However, this
model does not accurately reflect real-world applications of PKE-SKL. To address this limitation, we introduce collusion-resistant security for PKE-SKL (denoted as PKE-CR-SKL). In this model, the adversary can adaptively obtain multiple quantum
decryption keys and access a verification oracle which validates the correctness of queried quantum decryption keys. Importantly, the size of the public key and ciphertexts must remain independent of the total number of generated quantum decryption keys.
We present the following constructions:
- A PKE-CR-SKL scheme based on the learning with errors (LWE) assumption.
- An attribute-based encryption scheme with collusion-resistant SKL (ABE-CR-SKL), also based on the LWE assumption.
- An ABE-CR-SKL scheme with classical certificates, relying on multi-input ABE with polynomial arity.
## 2025/271
* Title: Unconditional foundations for supersingular isogeny-based cryptography * Authors: Arthur Herlédan Le Merdy, Benjamin Wesolowski
* [Permalink](
https://eprint.iacr.org/2025/271)
* [Download](
https://eprint.iacr.org/2025/271.pdf)
### Abstract
In this paper, we prove that the supersingular isogeny problem (Isogeny), endomorphism ring problem (EndRing) and maximal order problem (MaxOrder) are equivalent under probabilistic polynomial time reductions, unconditionally.
Isogeny-based cryptography is founded on the presumed hardness of these problems, and their interconnection is at the heart of the design and analysis of cryptosystems like the SQIsign digital signature scheme. Previously known reductions relied on
unproven assumptions such as the generalized Riemann hypothesis. In this work, we present unconditional reductions, and extend this network of equivalences to the problem of computing the lattice of all isogenies between two supersingular elliptic curves
(HomModule).
For cryptographic applications, one requires computational problems to be hard on average for random instances. It is well-known that if Isogeny is hard (in the worst case), then it is hard for random instances. We extend this result by proving that if
any of the above-mentionned classical problems is hard in the worst case, then all of them are hard on average. In particular, if there exist hard instances of Isogeny, then all of Isogeny, EndRing, MaxOrder and HomModule are hard on average.
## 2025/274
* Title: Post-Quantum Blind Signatures from Matrix Code Equivalence
* Authors: Veronika Kuchta, Jason T. LeGrow, Edoardo Persichetti
* [Permalink](
https://eprint.iacr.org/2025/274)
* [Download](
https://eprint.iacr.org/2025/274.pdf)
### Abstract
We construct a novel code-based blind signature scheme, us- ing the Matrix Equivalence Digital Signature (MEDS) group action. The scheme is built using similar ideas to the Schnorr blind signature scheme and CSI-Otter, but uses additional public key and
commitment informa- tion to overcome the difficulties that the MEDS group action faces: lack of module structure (present in Schnorr), lack of a quadratic twist (present in CSI-Otter), and non-commutativity of the acting group. We address security
concerns related to public key validation, and prove the security of our protocol in the random oracle model, using the security framework of Kastner, Loss, and Xu, under a variant of the Inverse Matrix Code Equivalence problem and a mild heuristic
assumption.
## 2025/283
* Title: Honest Majority MPC with $\tilde{O}(|C|)$ Communication in Minicrypt
* Authors: Yifan Song, Xiaxi Ye
* [Permalink](
https://eprint.iacr.org/2025/283)
* [Download](
https://eprint.iacr.org/2025/283.pdf)
### Abstract
In this work, we consider the communication complexity of MPC protocols in honest majority setting achieving malicious security in both information-theoretic setting and computational setting. On the one hand, we study the possibility of basing honest
majority MPC protocols on oblivious linear evaluation (OLE)-hybrid model efficiently with information-theoretic security. More precisely, we instantiate preprocessing phase of the recent work Sharing Transformation (Goyal, Polychroniadou, and Song,
CRYPTO 2022) assuming random OLE correlations. Notably, we are able to prepare packed Beaver triples with malicious security achieving amortized communication of $O(n)$ field elements plus a number of $O(n)$ OLE correlations per packed Beaver triple,
which is the best known result. To further efficiently prepare random OLE correlations, we resort to IKNP-style OT extension protocols (Ishai et al., CRYPTO 2003) in random oracle model.
On the other hand, we derive a communication lower bound for preparing OLE correlations in the information-theoretic setting based on negative results due to Damgård, Larsen, and Nielsen (CRYPTO 2019).
Combining our positive result with the work of Goyal, Polychroniadou, and Song (CRYPTO 2022), we derive an MPC protocol with amortized communication of $O(\ell+\kappa)$ elements per gate in random oracle model achieving malicious security, where $\ell$
denotes the length of a field element and $\kappa$ is the security parameter.
## 2025/285
* Title: MicroCrypt Assumptions with Quantum Input Sampling and Pseudodeterminism: Constructions and Separations
* Authors: Mohammed Barhoush, Ryo Nishimaki, Takashi Yamakawa
* [Permalink](
https://eprint.iacr.org/2025/285)
* [Download](
https://eprint.iacr.org/2025/285.pdf)
### Abstract
We investigate two natural relaxations of quantum cryptographic assumptions. First, we examine primitives such as pseudorandom generators ($\text{PRG}$s) and pseudorandom states ($\text{PRS}$s), extended with quantum input sampling, which we term $\text{
PRG}^{qs}$ and $\text{PRS}^{qs}$. In these primitives, the input is sampled via a quantum algorithm rather than uniformly at random. The second relaxation, $\bot$-pseudodeterminism, allows the generator to output $\bot$ on an inverse-polynomial fraction
of inputs.
We demonstrate an equivalence between (bounded-query) logarithmic-sized $\text{PRS}^{qs}$, logarithmic-sized $\text{PRS}^{qs}$, and $\text{PRG}^{qs}$. Notably, such an equivalence remains unknown for the uniform key sampling versions of these primitives.
Furthermore, we establish that $\text{PRG}^{qs}$ can be constructed from $\bot$-pseudodeterministic $\text{PRG}$s ($\bot\text{-PRG}$s).
To further justify our exploration, we present two separation results. First, we examine the relationship between $\bot$-pseudodeterministic notions and their deterministic counterparts. We show that there does not exist a black-box construction of a one-
way state generator $(\text{OWSG})$ from a $\bot\text{-PRG}$, indicating that $\bot$-pseudodeterministic primitives may be inherently weaker than their deterministic counterparts. Second, we explore the distinction between quantum and uniform input
sampling. We prove that there does not exist a black-box construction of a $\bot$-psuedodeterministic $\text{OWSG}$ from a $\text{PRF}^{qs}$, suggesting that primitives relying on quantum input sampling may be weaker than those using traditional uniform
sampling. Given the broad cryptographic applicability of $\text{PRF}^{qs}$s and $\bot\text{-PRG}$s, these separation results yield numerous new insights into the hierarchy of primitives within MicroCrypt.
## 2025/286
* Title: Verifiable Computation for Approximate Homomorphic Encryption Schemes * Authors: Ignacio Cascudo, Anamaria Costache, Daniele Cozzo, Dario Fiore, Antonio Guimarães, Eduardo Soria-Vazquez
* [Permalink](
https://eprint.iacr.org/2025/286)
* [Download](
https://eprint.iacr.org/2025/286.pdf)
### Abstract
We address the problem of proving the validity of computation on ciphertexts of homomorphic encryption (HE) schemes, a feature that enables outsourcing of data and computation while ensuring both data privacy and integrity.
We propose a new solution that handles computations in RingLWE-based schemes, particularly the CKKS scheme for approximate arithmetic. Our approach efficiently handles ciphertext arithmetic in the polynomial ring $R_q$ without emulation overhead and
manages ciphertexts maintenance operations, such as modulus switching, key switching, and rescaling, with small cost.
Our main result is a succinct argument that efficiently handles arithmetic computations and range checks over the ring $R_q$. To build this argument system, we construct new polynomial interactive oracle proofs (PIOPs) and multilinear polynomial
commitments supporting polynomials over $R_q$, unlike prior work which focused on finite fields. We validate the concrete complexity of our approach through implementation and experimentation. Compared to the current state-of-the-art on verifiable HE for
RNS schemes, we present similar performance for small circuits while being able to efficiently scale to larger ones, which was a major challenge for previous constructions as it requires verifying procedures such as relinearization.
## 2025/287
* Title: A reduction from Hawk to the principal ideal problem in a quaternion algebra
* Authors: Clémence Chevignard, Guilhem Mureau, Thomas Espitau, Alice Pellet-Mary, Heorhii Pliatsok, Alexandre Wallet
* [Permalink](
https://eprint.iacr.org/2025/287)
* [Download](
https://eprint.iacr.org/2025/287.pdf)
### Abstract
In this article we present a non-uniform reduction from rank-
2 module-LIP over Complex Multiplication fields, to a variant of the
Principal Ideal Problem, in some fitting quaternion algebra. This reduction
is classical deterministic polynomial-time in the size of the inputs. The quaternion algebra in which we need to solve the variant of the principal
ideal problem depends on the parameters of the module-LIP problem,
but not on the problem’s instance. Our reduction requires the knowledge
of some special elements of this quaternion algebras, which is why it is non-uniform.
In some particular cases, these elements can be computed in polynomial
time, making the reduction uniform. This is the case for the Hawk
signature scheme: we show that breaking Hawk is no harder than solving
a variant of the principal ideal problem in a fixed quaternion algebra
(and this reduction is uniform).
## 2025/288
* Title: How to Securely Implement Cryptography in Deep Neural Networks
* Authors: David Gerault, Anna Hambitzer, Eyal Ronen, Adi Shamir
* [Permalink](
https://eprint.iacr.org/2025/288)
* [Download](
https://eprint.iacr.org/2025/288.pdf)
### Abstract
The wide adoption of deep neural networks (DNNs) raises the question of how can we equip them with a desired cryptographic functionality (e.g, to decrypt an encrypted input, to verify that this input is authorized, or to hide a secure watermark in the
output). The problem is that cryptographic primitives are typically designed to run on digital computers that use Boolean gates to map sequences of bits to sequences of bits, whereas DNNs are a special type of analog computer that uses linear mappings
and ReLUs to map vectors of real numbers to vectors of real numbers. This discrepancy between the discrete and continuous computational models raises the question of what is the best way to implement standard cryptographic primitives as DNNs, and whether
DNN implementations of secure cryptosystems remain secure in the new setting, in which an attacker can ask the DNN to process a message whose "bits" are arbitrary real numbers.
In this paper we lay the foundations of this new theory, defining the meaning of correctness and security for implementations of cryptographic primitives as ReLU-based DNNs. We then show that the natural implementations of block ciphers as DNNs can be
broken in linear time by using such nonstandard inputs. We tested our attack in the case of full round AES-128, and had $100\%$ success rate in finding $1000$ randomly chosen keys. Finally, we develop a new method for implementing any desired
cryptographic functionality as a standard ReLU-based DNN in a provably secure and correct way. Our protective technique has very low overhead (a constant number of additional layers and a linear number of additional neurons), and is completely practical.
## 2025/289
* Title: Significantly Improved Cryptanalysis of Salsa20 With Two-Round Criteria
* Authors: Sabyasachi Dey, Subhamoy Maitra, Santanu Sarkar, Nitin Kumar Sharma * [Permalink](
https://eprint.iacr.org/2025/289)
* [Download](
https://eprint.iacr.org/2025/289.pdf)
### Abstract
Over the past decade and a half, cryptanalytic techniques for Salsa20 have been increasingly refined, largely following the overarching concept of Probabilistically Neutral Bits (PNBs) by Aumasson et al. (FSE 2008). In this paper, we present a novel
criterion for choosing key-$\mathcal{IV}$ pairs using certain 2-round criteria and connect that with clever tweaks of existing techniques related to Probabilistically Independent $\mathcal{IV}$ bits (earlier used for ARX ciphers, but not for Salsa20) and
well-studied PNBs. Through a detailed examination of the matrix after initial rounds of Salsa20, we introduce the first-ever cryptanalysis of Salsa20 exceeding $8$ rounds. Specifically, Salsa20/$8.5$, consisting of $256$ secret key bits, can be
cryptanalyzed with a time complexity of $2^{245.84}$ and data amounting to $2^{99.47}$. Further, the sharpness of our attack can be highlighted by showing that Salsa20/$8$ can be broken with time $2^{186.01}$ and data $2^{99.73}$, which is a significant
improvement over the best-known result of Coutinho et al. (Journal of Cryptology, 2023, time $2^{217.14}$ and data $2^{113.14}$). Here, the refinements related to backward biases for PNBs are also instrumental in achieving the improvements. We also
provide certain instances of how these ideas improve the cryptanalysis on $128$-bit versions. In the process, a few critical points are raised on some existing state-of-the-art works in this direction, and in those cases, their estimates of time and data
are revisited to note the correct complexities, revising the incorrect numbers.
## 2025/290
* Title: Dynamic Decentralized Functional Encryption: Generic Constructions with Strong Security
* Authors: Ky Nguyen, David Pointcheval, Robert Schädlich
* [Permalink](
https://eprint.iacr.org/2025/290)
* [Download](
https://eprint.iacr.org/2025/290.pdf)
### Abstract
Dynamic Decentralized Functional Encryption (DDFE) is a generalization of Functional Encryption which allows multiple users to join the system dynamically without interaction and without relying on a trusted third party. Users can independently encrypt
their inputs for a joint evaluation under functions embedded in functional decryption keys; and they keep control on these functions as they all have to contribute to the generation of the functional keys.
In this work, we present new generic compilers which, when instantiated with existing schemes from the literature, improve over the state-of-the-art in terms of security, computational assumptions and functionality. Specifically, we obtain the first
adaptively secure DDFE schemes for inner products in both the standard and the stronger function-hiding setting which guarantees privacy not only for messages but also for the evaluated functions. Furthermore, we present the first DDFE for inner products
whose security can be proven under the LWE assumption in the standard model. Finally, we give the first construction of a DDFE for the attribute-weighted sums functionality with attribute-based access control (with some limitations). All prior
constructions guarantee only selective security, rely on group-based assumptions on pairings, and cannot provide access control.
## 2025/291
* Title: A Note on Adaptive Security in Hierarchical Identity-Based Encryption * Authors: Rishab Goyal, Venkata Koppula, Mahesh Sreekumar Rajasree
* [Permalink](
https://eprint.iacr.org/2025/291)
* [Download](
https://eprint.iacr.org/2025/291.pdf)
### Abstract
We present the first construction for adaptively secure HIBE, that does not rely on bilinear pairings or random oracle heuristics. Notably, we design an adaptively secure HIBE from any selectively secure IBE system in the standard model. Combining this
with known results, this gives the first adaptively secure HIBE system from a wide variety of standard assumptions such as CDH/Factoring/LWE/LPN. We also extend our adaptively secure HIBE system to satisfy full anonymity, giving the first adaptively
secure anonymous HIBE under CDH/LWE assumption. All our HIBE systems support unbounded length identities as well as unbounded number of recursive delegation operations.
## 2025/292
* Title: Tight Lower Bounds and New Upper Bounds For Evolving CDS
* Authors: Tamar Ben David, Anat Paskin-Cherniavsky
* [Permalink](
https://eprint.iacr.org/2025/292)
* [Download](
https://eprint.iacr.org/2025/292.pdf)
### Abstract
Komargodski et. al. defined evolving secret-sharing schemes with an unbounded number of parties. In this model, parties arrive one after the other and the number of parties that will arrive is not known.
Another cryptographic primitive related to secret-sharing is conditional disclosure of secrets protocols (CDS) that defined by Gertner et. al.
A CDS protocol for a Boolean function $f$ involves $k$ servers and a referee. Each server holds a common secret $s$, a common random string $r$, and a private input $x_i$; using these $r$, each server locally computes one message and sends it to the
referee. The referee, knowing the inputs $x_1, \cdots, x_k$ and the messages, should be able to compute $s$ if $f(x_1, \cdots, x_k) = 1$. Otherwise, the referee should not learn information about the secret. In a sense, this is a non-monotone version of
secret sharing schemes.
Peter (ISC 23'), defines evolving CDS, implementing in particular evolving predicate $f:\{0,1\}^*\rightarrow\{0,1\}$ (he handles somewhat more general predicates for larger input domains, but generalizing to other input domains is not hard, and we focus
on boolean predicates). In this setting, the number of parties is unbounded, where the parties arrive in sequential order. Each party, when arrives, sends one random message to a referee, that depending on its input, the secret, and a common randomness.
He also devise evolving CDS protocols for a general evolving predicate via a black-box reduction to evolving secret-sharing scheme for a related access structure.
He analyzes this construction for general access structures, as well as other classes of functions, which yields message complexity $O(2^t)$ for the worst predicates.
In this work we provide new upper and lower bounds for evolving CDS.
Observing that CDS has the potential for improved efficiency, as it is not restricted to monotone operations, we devise a new evolving general CDS construction.
In particular, our construction relies on representing the evolving predicate via an infinite branching program - LINBP, generalizing the monotone infinite branching program based construction of Alon et. al of evolving secret sharing schemes.
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)