[continued from previous message]

Our first contribution is a new fNIM called $\mathsf{dms}$, it addresses both (ii) and (iii).
It is as simple as adding Schnorr PoPs to the schoolbook pairing-based fNIM of Boldyreva (PKC'03).
(ii) For a group of 1000 signers, verification of these PoPs is: $5+$ times faster than for the previous pairing-based PoPs; and $3+$ times faster than the Verifier's processing of the setup in SMSKR (and contrary to the latter, needs not be re-started
when a new member joins the group).
(iii) We prove a tight reduction to the discrete logarithm (DL), in the algebraic group model (AGM). Given the current estimation of roughly 128 bits of security for the DL in both the curves BLS12-381 and BLS12-377, we deduce a probability of forgery of
$\mathsf{dms}$ no higher than about $2^{-93}$ for a time $2^{80}$ adversary. This reduction is our main technical contribution. The only related proof before was for an interactive Schnorr-based multi-signature scheme, using Schnorr PoPs. Our approach easily fills a gap in this proof, since we take into account that the adversary
has access to a signing oracle even before publishing its PoPs. But in our context of pairing-based multi-signatures, extraction of the keys of the adversary is significantly more complicated, since the signing oracle produces a correlated random string.
We finally provide another application of $\mathsf{dms}$, which is that it can be plugged in recent threshold signatures without setup (presented by Das et al at CCS'23, and Garg et al at SP'24), since these schemes implicitly build on any arbitrary BLS-
based fNIM.

Our second contribution addresses (i), it is a very simple compiler: $\mathcal{M}to\mathcal{A}$ (multi-to-aggregate). It turns any fNIM into an fNIA, suitable for aggregation of signatures on messages with a prefix in common, with the restriction that a
signer must not sign twice using the same prefix. The resulting fNIA is post-quantum secure as soon as the fNIM is, such as Chipmunk (CCS'23). We demonstrate the relevance for Diem by applying $\mathcal{M}to\mathcal{A}$ to $\mathsf{dms}$: the resulting
fNIA enables to verify 39x faster an aggregate of 129 signatures, over messages with $7$ bits-long variable parts, than BGLS.



## 2024/1082

* Title: Quantum Implementation of LSH
* Authors: Yujin Oh, Kyungbae Jang, Hwajeong Seo
* [Permalink](https://eprint.iacr.org/2024/1082)
* [Download](https://eprint.iacr.org/2024/1082.pdf)

### Abstract

As quantum computing progresses, the assessment of cryptographic algorithm resilience against quantum attack gains significance interests in the field of cryptanalysis. Consequently, this paper implements the depth-optimized quantum circuit of Korean
hash function (i.e., LSH) and estimates its quantum attack cost in quantum circuits. By utilizing an optimized quantum adder and employing parallelization techniques, the proposed quantum circuit achieves a 78.8\% improvement in full depth and a 79.1\%
improvement in Toffoli depth compared to previous the-state-of art works.
In conclusion, based on the implemented quantum circuit, we estimate the resources required for a Grover collision attack and evaluate the post-quantum security of LSH algorithms.



## 2024/1083

* Title: LEA Block Cipher in Rust Language: Trade-off between Memory Safety and Performance
* Authors: Sangwon Kim, Siwoo Eum, Minho Song, Hwajeong Seo
* [Permalink](https://eprint.iacr.org/2024/1083)
* [Download](https://eprint.iacr.org/2024/1083.pdf)

### Abstract

Cryptography implementations of block cipher have been written in C language due to its strong features on system-friendly features. However, the C language is prone to memory safety issues, such as buffer overflows and memory leaks. On the other hand,
Rust, novel system programming language, provides strict compile-time memory safety guarantees through its ownership model. This paper presents the implementation of LEA block cipher in Rust language, demonstrating features to prevent common memory
vulnerabilities while maintaining performance. We compare the Rust implementation with the traditional C language version, showing that while Rust incurs a reasonable memory overhead, it achieves comparable the execution timing of encryption and
decryption. Our results highlight Rust’s suitability for secure cryptographic applications, striking the balance between memory safety and execution efficiency.



## 2024/1084

* Title: Enabling Complete Atomicity for Cross-chain Applications Through Layered State Commitments
* Authors: Yuandi Cai, Ru Cheng, Yifan Zhou, Shijie Zhang, Jiang Xiao, Hai Jin * [Permalink](https://eprint.iacr.org/2024/1084)
* [Download](https://eprint.iacr.org/2024/1084.pdf)

### Abstract

Cross-chain Decentralized Applications (dApps) are increasingly popular for their ability to handle complex tasks across various blockchains, extending beyond simple asset transfers or swaps. However, ensuring all dependent transactions execute correctly
together, known as complete atomicity, remains a challenge. Existing works provide financial atomicity, protecting against monetary loss, but lack the ability to ensure correctness for complex tasks. In this paper, we introduce Avalon, a transaction
execution framework for cross-chain dApps that guarantees complete atomicity for the first time. Avalon achieves this by introducing multiple state layers above the native one to cache state transitions, allowing for efficient management of these state
transitions. Most notably, for concurrent cross-chain transactions, Avalon resolves not only intra-chain conflicts but also addresses potential inconsistencies between blockchains via a novel state synchronization protocol, enabling serializable cross-
chain execution. We implement Avalon using smart contracts in Cosmos ecosystem and evaluate its commitment performance, demonstrating acceptable latency and gas consumption even under conflict cases.



## 2024/1085

* Title: Randomized Distributed Function Computation with Semantic Communications: Applications to Privacy
* Authors: Onur Gunlu
* [Permalink](https://eprint.iacr.org/2024/1085)
* [Download](https://eprint.iacr.org/2024/1085.pdf)

### Abstract

Randomized distributed function computation refers to remote function computation where transmitters send data to receivers which compute function outputs that are randomized functions of the inputs. We study the applications of semantic communications
in randomized distributed function computation to illustrate significant reductions in the communication load, with a particular focus on privacy. The semantic communication framework leverages generalized remote source coding methods, where the remote
source is a randomized version of the observed data. Since satisfying security and privacy constraints generally require a randomization step, semantic communication methods can be applied to such function computation problems, where the goal is to
remotely simulate a sequence at the receiver such that the transmitter and receiver sequences follow a target probability distribution. Our performance metrics guarantee (local differential) privacy for each input sequence, used in two different
distributed function computation problems, which is possible by using strong coordination methods.

This work provides lower bounds on Wyner's common information (WCI), which is one of the two corner points of the coordination-randomness rate region characterizing the ultimate limits of randomized distributed function computation. The WCI corresponds
to the case when there is no common randomness shared by the transmitter and receiver. Moreover, numerical methods are proposed to compute the other corner point for continuous-valued random variables, for which an unlimited amount of common randomness
is available. Results for two problems of practical interest illustrate that leveraging common randomness can decrease the communication load as compared to the WCI corner point significantly. We also illustrate that semantic communication gains over
lossless compression methods are achieved also without common randomness, motivating further research on limited common randomness scenarios.



## 2024/1086

* Title: Obfuscated Key Exchange
* Authors: Felix Günther, Douglas Stebila, Shannon Veitch
* [Permalink](https://eprint.iacr.org/2024/1086)
* [Download](https://eprint.iacr.org/2024/1086.pdf)

### Abstract

Censorship circumvention tools enable clients to access endpoints in a network despite the presence of a censor. Censors use a variety of techniques to identify content they wish to block, including filtering traffic patterns that are characteristic of
proxy or circumvention protocols and actively probing potential proxy servers. Circumvention practitioners have developed fully encrypted protocols (FEPs), intended to have traffic that appears indistinguishable from random. A FEP is typically composed
of a key exchange protocol to establish shared secret keys, and then a secure channel protocol to encrypt application data; both must avoid revealing to observers that an obfuscated protocol is in use.

We formalize the notion of obfuscated key exchange, capturing the requirement that a key exchange protocol's traffic "looks random" and that it resists active probing attacks, in addition to ensuring secure session keys and authentication. We show that
the Tor network's obfs4 protocol satisfies this definition. We then show how to extend the obfs4 design to defend against stronger censorship attacks and present a quantum-safe obfuscated key exchange protocol. To instantiate our quantum-safe protocol
using the ML-KEM (Kyber) standard, we present Kemeleon, a new mapping between ML-KEM public keys/ciphertexts and uniform byte strings.



## 2024/1087

* Title: Tyche: Probabilistic Selection over Encrypted Data for Generative Language Models
* Authors: Lars Folkerts, Nektarios Georgios Tsoutsos
* [Permalink](https://eprint.iacr.org/2024/1087)
* [Download](https://eprint.iacr.org/2024/1087.pdf)

### Abstract

Generative AI, a significant technological disruptor in recent years, has impacted domains like augmented reality, coding assistance, and text generation. However, use of these models requires users to trust the model owners with their sensitive data
given as input to the model. Fully Homomorphic Encryption (FHE) offers a promising solution, and many earlier works have investigated the use this technology for machine learning as a service (MLaaS) applications. Still, these efforts do not cater to
generative models that operate probabilistically, allowing for diverse and creative outputs. In this work, we introduce three novel probabilistic selection algorithms for autoregressive generative AI: multiplication-scaled cumulative sum, heuristic
cumulative sum, and the random-multiplication argmax. Each of these approaches presents distinctive challenges in optimizing the trade-off between precision and timing performance, a balance intricately tied to the specific characteristics of the data
under consideration. Our results show that the random multiplication argmax-based method is more scalable than the cumulative sum methods and can accurately mimic the plaintext selection curve.



## 2024/1088

* Title: HElix: Genome Similarity Detection in the Encrypted Domain
* Authors: Rostin Shokri, Charles Gouert, Nektarios Georgios Tsoutsos
* [Permalink](https://eprint.iacr.org/2024/1088)
* [Download](https://eprint.iacr.org/2024/1088.pdf)

### Abstract

As the field of genomics continues to expand and more sequencing data is gathered, genome analysis becomes increasingly relevant for many users. For example, a common scenario entails users trying to determine if their DNA samples are similar to DNA
sequences hosted in a larger remote repository. Nevertheless, end users may be reluctant to upload their DNA sequences, while the owners of remote genomics repositories are unwilling to openly share their database. To address this challenge, we propose
two distinct approaches based on fully homomorphic encryption to preserve the privacy of the genomic data and enable queries directly on ciphertexts. The first is based on the ubiquitous MinHash algorithm and can determine if similar matches exist in the
database, while the second involves a bespoke bloom filter construction for determining exact matches. We validate both approaches across various database sizes using both GPU and CPU-based cloud servers.



## 2024/1089

* Title: Juliet: A Configurable Processor for Computing on Encrypted Data
* Authors: Charles Gouert, Dimitris Mouris, Nektarios Georgios Tsoutsos
* [Permalink](https://eprint.iacr.org/2024/1089)
* [Download](https://eprint.iacr.org/2024/1089.pdf)

### Abstract

Fully homomorphic encryption (FHE) has become progressively more viable in the years since its original inception in 2009. At the same time, leveraging state-of-the-art schemes in an efficient way for general computation remains prohibitively difficult
for the average programmer. In this work, we introduce a new design for a fully homomorphic processor, dubbed Juliet, to enable faster operations on encrypted data using the state-of-the-art TFHE and cuFHE libraries for both CPU and GPU evaluation. To
improve usability, we define an expressive assembly language and instruction set architecture (ISA) judiciously designed for end-to-end encrypted computation. We demonstrate Juliet's capabilities with a broad range of realistic benchmarks including
cryptographic algorithms, such as the lightweight ciphers Simon and Speck, as well as logistic regression (LR) inference and matrix multiplication.



## 2024/1090

* Title: PolyFHEmus: Rethinking Multiplication in Fully Homomorphic Encryption * Authors: Charles Gouert, Nektarios Georgios Tsoutsos
* [Permalink](https://eprint.iacr.org/2024/1090)
* [Download](https://eprint.iacr.org/2024/1090.pdf)

### Abstract

Homomorphic encryption is a powerful technology that solves key privacy concerns in cloud computing by enabling computation on encrypted data. However, it has not seen widespread adoption due to prohibitively high latencies. In this article, we identify
polynomial multiplication as a bottleneck and investigate alternative algorithms to accelerate encrypted computing.



## 2024/1091

* Title: MatcHEd: Privacy-Preserving Set Similarity based on MinHash
* Authors: Rostin Shokri, Charles Gouert, Nektarios Georgios Tsoutsos
* [Permalink](https://eprint.iacr.org/2024/1091)
* [Download](https://eprint.iacr.org/2024/1091.pdf)

### Abstract

Fully homomorphic encryption (FHE) enables arbitrary computation on encrypted data, but certain applications remain prohibitively expensive in the encrypted domain. As a case in point, comparing two encrypted sets of data is extremely computationally
expensive due to the large number of comparison operators required. In this work, we propose a novel methodology for encrypted set similarity inspired by the MinHash algorithm and the CGGI FHE scheme. Doing comparisons in FHE requires comparators and
multiplexers or an expensive approximation, which further increases the latency, especially when the goal is to compare two sets of data. The MinHash algorithm can significantly reduce the number of comparisons required by employing a special Carter-
Wegman (CW) hash function as a key building block. However, the modulus operation in the CW hash becomes another key bottleneck because the encrypted sub-circuits required to perform the modular reduction are very large and inefficient in an FHE setting.
Towards that end, we introduce an efficient bitwise FHE-friendly digest function (FFD) to employ as the cornerstone of our proposed encrypted set-similarity. In a Boolean FHE scheme like CGGI, the bitwise operations can be implemented efficiently with
Boolean gates, which allows for faster evaluation times relative to standard Carter-Wegman constructions. Overall, our approach drastically reduces the number of comparisons required relative to the baseline approach of directly computing the Jaccard
similarity coefficients, and is inherently parallelizable, allowing for efficient encrypted computation on multi-CPU and GPU-based cloud servers. We validate our approach by performing a privacy-preserving plagiarism detection across encrypted documents.



## 2024/1092

* Title: Fusion Channel Attack with POI Learning Encoder
* Authors: Xinyao Li, Xiwen Ren, Ling Ning, Changhai Ou
* [Permalink](https://eprint.iacr.org/2024/1092)
* [Download](https://eprint.iacr.org/2024/1092.pdf)

### Abstract

In order to challenge the security of cryptographic systems, Side-Channel Attacks exploit data leaks such as power consumption and electromagnetic emissions. Classic Side-Channel Attacks, which mainly focus on mono-channel data, fail to utilize the joint
information of multi-channel data. However, previous studies of multi-channel attacks have often been limited in how they process and adapt to dynamic data. Furthermore, the different data types from various channels make it difficult to use them
effectively. This study introduces the Fusion Channel Attack with POI Learning Encoder (FCA), which employs a set of POI Learning encoders that learn the inverse base transformation function family and project the data of each channel into a unified
fusion latent space. Furthermore, our method introduces an optimal transport theory based metric for evaluating feature space fusion, which is used to assess the differences in feature spaces between channels. This model not only enhances the ability to
process and interpret multi-source data, but also significantly improves the accuracy and applicability of SCAs in different environments.



## 2024/1093

* Title: Faster Lookup Table Evaluation with Application to Secure LLM Inference
* Authors: Xiaoyang Hou, Jian Liu, Jingyu Li, Jiawen Zhang, Kui Ren
* [Permalink](https://eprint.iacr.org/2024/1093)
* [Download](https://eprint.iacr.org/2024/1093.pdf)

### Abstract

As large language models (LLMs) continue to gain popularity, concerns about user privacy are amplified, given that the data submitted by users for inference may contain sensitive information. Therefore, running LLMs through secure two-party computation (
a.k.a. secure LLM inference) has emerged as a prominent topic. However, many operations in LLMs, such as Softmax and GELU, cannot be computed using conventional gates in secure computation; instead, lookup tables (LUTs) have to be utilized, which makes
LUT to be an essential primitive in secure LLM inference.

In this paper, we propose $\mathsf{ROTL}$, a secure two-party protocol for LUT evaluations. Compared with FLUTE (the state-of-the-art LUT presented at Oakland '23), it achieves upto 11.6$\times$ speedup in terms of overall performance and 155$\times$
speedup in terms of online performance. Furthermore, $\mathsf{ROTL}$ can support arithmetic shares (which is required by secure LLM inference), whereas FLUTE can only support boolean shares. At the heart of $\mathsf{ROTL}$ is a novel protocol for secret-
shared rotation, which allows two parties to generate additive shares of the rotated table without revealing the rotation offset. We believe this protocol is of independent interest. Based on $\mathsf{ROTL}$, we design a novel secure comparison protocol;
compared with the state-of-the-art, it achieves a 2.4$\times$ bandwidth reduction in terms of online performance.

To support boolean shares, we further provide an optimization for FLUTE, by reducing its computational complexity from $O(l\cdot n^2)$ to $O(n\log n+l\cdot n)$ and shifting $O(n\log n)$ computation to the preprocessing phase. As a result, compared with
FLUTE, it achieves upto 10.8$\times$ speedup in terms of overall performance and 962$\times$ speedup in terms of online performance.



## 2024/1094

* Title: Notes on Multiplying Cyclotomic Polynomials on a GPU
* Authors: Joseph Johnston
* [Permalink](https://eprint.iacr.org/2024/1094)
* [Download](https://eprint.iacr.org/2024/1094.pdf)

### Abstract

Lattice cryptography has many exciting applications, from homomorphic encryption to zero knowledge proofs. We explore the algebra of cyclotomic polynomials underlying many practical lattice cryptography constructions, and we explore algorithms for
multiplying cyclotomic polynomials on a GPU.



## 2024/1095

* Title: Lower Bound on Number of Compression Calls of a Collision-Resistance Preserving Hash
* Authors: Debasmita Chakraborty, Mridul Nandi
* [Permalink](https://eprint.iacr.org/2024/1095)
* [Download](https://eprint.iacr.org/2024/1095.pdf)

### Abstract

The collision-resistant hash function is an early cryptographic primitive
that finds extensive use in various applications. Remarkably, the Merkle-Damgård
and Merkle tree hash structures possess the collision-resistance preserving property,
meaning the hash function remains collision-resistant when the underlying compression function is collision-resistant. This raises the intriguing question of whether reducing the number of underlying compression function calls with the collision-
resistance preserving property is possible. In pursuit of addressing these inquiries, we prove that for an ℓn-to-sn-bit collision-resistance preserving hash function designed using r tn-to-n-bit compression function calls, we must have r ≥ ⌈(ℓ−
s)/(t−1)⌉. Throughout the paper, all operations other than the compression function are assumed to be linear (which we call linear hash mode).



## 2024/1096

* Title: Post-Quantum Ready Key Agreement for Aviation
* Authors: Marcel Tiepelt, Christian Martin, Nils Maeurer
* [Permalink](https://eprint.iacr.org/2024/1096)
* [Download](https://eprint.iacr.org/2024/1096.pdf)

### Abstract

Transitioning from classically to quantum secure key agreement protocols may require to exchange fundamental components, for example, exchanging Diffie-Hellman-like key exchange with a key encapsulation mechanism (KEM). Accordingly, the corresponding
security proof can no longer rely on the Diffie-Hellman assumption, thus invalidating the security guarantees. As a consequence, the security properties have to be re-proven under a KEM-based security notion.
We initiate the study of the LDACS key agreement protocol (Edition 01.01.00 from 25.04.2023), which is soon-to-be-standardized by the International Civil Aviation Organization. The protocol's cipher suite features Diffie-Hellman as well as a KEM-based
key agreement protocol to provide post-quantum security. While the former results in an instantiation of an ISO key agreement inheriting all security properties, the security achieved by the latter is ambiguous.
We formalize the computational security using the systematic notions of de Saint Guilhem, Fischlin and Warinshi (CSF '20), and prove the exact security that the KEM-based variant achieves in this model; primarily entity authentication, key secrecy and
key authentication. To further strengthen our ``pen-and-paper'' findings, we model the protocol and its security guarantees using Tamarin, providing an automated proof of the security against a Dolev-Yao attacker.



## 2024/1097

* Title: The Cost of Maintaining Keys in Dynamic Groups with Applications to Multicast Encryption and Group Messaging
* Authors: Michael Anastos, Benedikt Auerbach, Mirza Ahad Baig, Miguel Cueto Noval, Matthew Kwan, Guillermo Pascual-Perez, Krzysztof Pietrzak
* [Permalink](https://eprint.iacr.org/2024/1097)
* [Download](https://eprint.iacr.org/2024/1097.pdf)

### Abstract

In this work we prove lower bounds on the (communication) cost of maintaining a shared key among a dynamic group of users.
Being "dynamic'' means one can add and remove users from the group.
This captures important protocols like multicast encryption (ME) and continuous group-key agreement (CGKA), which is the primitive underlying many group messaging applications.

We prove our bounds in a combinatorial setting where the state of the protocol progresses in rounds.
The state of the protocol in each round is captured by a set system, with each of its elements specifying a set of users who share a secret key.
We show this combinatorial model implies bounds in symbolic models for ME and CGKA that capture, as building blocks, PRGs, PRFs, dual PRFs, secret sharing, and symmetric encryption in the setting of ME, and PRGs, PRFs, dual PRFs, secret sharing, public-
key encryption, and key-updatable public-key encryption in the setting of CGKA. The models are related to the ones used by Micciancio and Panjwani (Eurocrypt'04) and Bienstock et al. (TCC'20) to analyze ME and CGKA, respectively.

We prove - using the Bollobás' Set Pairs Inequality - that the cost (number of uploaded ciphertexts) for replacing a set of $d$ users in a group of size $n$ is $\Omega(d\ln(n/d))$.
Our lower bound is asymptotically tight and both improves on a bound of $\Omega(d)$ by Bienstock et al. (TCC'20), and generalizes a result by Micciancio and Panjwani (Eurocrypt'04), who proved a lower bound of $\Omega(\log(n))$ for $d=1$.



## 2024/1098

* Title: Limits of Black-Box Anamorphic Encryption
* Authors: Dario Catalano, Emanuele Giunta, Francesco Migliaro
* [Permalink](https://eprint.iacr.org/2024/1098)
* [Download](https://eprint.iacr.org/2024/1098.pdf)

### Abstract

(Receiver) Anamorphic encryption, introduced by Persiano $ \textit{et al.}$ at Eurocrypt 2022, considers the question of achieving private communication in a world where secret decryption keys are under the control of a dictator. The challenge here is to
be able to establish a secret communication channel to exchange covert (i.e. anamorphic) messages on top of some already deployed public key encryption scheme.

Over the last few years several works addressed this challenge by showing new constructions, refined notions and extensions.
Most of these constructions, however, are either ad hoc, in the sense that they build upon specific properties of the underlying PKE, or impose severe restrictions on the size of the underlying anamorphic message space.

In this paper we consider the question of whether it is possible to have realizations of the primitive that are both generic and allow for large anamorphic message spaces. We give strong indications that, unfortunately, this is not the case.

Our first result shows that $ \textit{any black-box realization} $ of the primitive, i.e. any realization that accesses the underlying PKE only via oracle calls, $ \textit{must} $ have an anamorphic message space of size at most $poly(\lambda)$ ($\lambda$
security parameter).

Even worse, if one aims at stronger variants of the primitive (and, specifically, the notion of asymmetric anamorphic encryption, recently proposed by Catalano $ \textit{et al.} $) we show that such black-box realizations are plainly impossible, i.e. no
matter how small the anamorphic message space is.

Finally, we show that our impossibility results are rather tight: indeed, by making more specific assumptions on the underlying PKE, it becomes possible to build generic AE where the anamorphic message space is of size $\Omega(2^\lambda)$.



## 2024/1099

* Title: FHE-MENNs: Opportunities and Pitfalls for Accelerating Fully Homomorphic Private Inference with Multi-Exit Neural Networks
* Authors: Lars Wolfgang Folkerts, Nektarios Georgios Tsoutsos
* [Permalink](https://eprint.iacr.org/2024/1099)
* [Download](https://eprint.iacr.org/2024/1099.pdf)

### Abstract

With concerns about data privacy growing in a connected world, cryptography researchers have focused on fully homomorphic encryption (FHE) for promising machine learning as a service solutions. Recent advancements have lowered the computational cost by
several orders of magnitude, but the latency of fully homomorphic neural networks remains a barrier to adoption. This work proposes using multi-exit neural networks (MENNs) to accelerate the FHE inference. MENNs are network architectures that provide
several exit points along the depth of the network. This approach allows users to employ results from any exit and terminate the computation early, saving both time and power. First, this work weighs the latency, communication, accuracy, and
computational resource benefits of running FHE-based MENN inference. Then, we present the TorMENNt attack that can exploit the user's early termination decision to launch a concrete side-channel on MENNs. We demonstrate that the TorMENNt attack can
predict the private image classification output of an image set for both FHE and plaintext threat models. We discuss possible countermeasures to mitigate the attack and examine their effectiveness. Finally, we tie the privacy risks with a cost-benefit
analysis to obtain a practical roadmap for FHE-based MENN adoption.



## 2024/1100

* Title: Unforgeability of Blind Schnorr in the Limited Concurrency Setting
* Authors: Franklin Harding, Jiayu Xu
* [Permalink](https://eprint.iacr.org/2024/1100)
* [Download](https://eprint.iacr.org/2024/1100.pdf)

### Abstract

A Blind Signature Scheme (BSS) is a cryptographic primitive that enables a user to obtain a digital signature on a message from a signer without revealing the message itself. The standard security notion against malicious users for a BSS is One-More
Unforgeability (OMUF). One of the earliest and most well-studied blind signature schemes is the Schnorr BSS, although recent results show it does not satisfy OMUF. On the other hand, the Schnorr BSS does satisfy the weaker notion of sequential OMUF ---
which restricts adversaries to opening signing sessions one at a time --- in the Algebraic Group Model (AGM) + Random Oracle Model (ROM). In light of this result, a natural question arises: does the Schnorr BSS satisfy OMUF with regard to adversaries
that open no more than a small number of signing sessions concurrently?

This paper serves as a first step towards characterizing the security of the Schnorr BSS in the limited concurrency setting. Specifically, we demonstrate that the Schnorr BSS satisfies OMUF when at most two signing sessions can be open concurrently (in
the AGM+ROM). Our argument suggests that it is plausible that the Schnorr BSS satisfies OMUF for up to polylogarithmically many concurrent signing sessions.



## 2024/1101

* Title: Stickel’s Protocol using Tropical Increasing Matrices
* Authors: Any Muanalifah, Zahari Mahad, Nurwan, Rosalio G Artes
* [Permalink](https://eprint.iacr.org/2024/1101)
* [Download](https://eprint.iacr.org/2024/1101.pdf)

### Abstract

In this paper we introduce new concept of tropical increasing matrices and then prove that two tropical increasing matrices are commute. Using this property, we modified Stickel’s protocol. This idea similar to [5] where modified Stickel’s protocol
using commuting matrices (Linde De La Puente Matrices).



## 2024/1102

* Title: A Note on ``Privacy Preserving n-Party Scalar Product Protocol''
* Authors: Lihua Liu
* [Permalink](https://eprint.iacr.org/2024/1102)
* [Download](https://eprint.iacr.org/2024/1102.pdf)

### Abstract

We show that the scalar product protocol [IEEE Trans. Parallel Distrib. Syst. 2023, 1060-1066] is insecure against semi-honest server attack, not as claimed. Besides, its complexity increases exponentially with the number $n$, which cannot be put into
practice.



## 2024/1103

* Title: A Note on Efficient Computation of the Multilinear Extension
* Authors: Ron D. Rothblum
* [Permalink](https://eprint.iacr.org/2024/1103)
* [Download](https://eprint.iacr.org/2024/1103.pdf)

### Abstract

The multilinear extension of an $m$-variate function $f : \{0,1\}^m \to \mathbb{F}$, relative to a finite field $\mathbb{F}$, is the unique multilinear polynomial $\hat{f} : \mathbb{F}^m \to \mathbb{F}$ that agrees with $f$ on inputs in $\{0,1\}^m$.


[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)