From Newsgroup: sci.crypt
## In this issue
1. [2025/1290] Improving the Selection Rule of Correlation Attacks ...
2. [2025/1981] Vision: A Modular Framework for Anonymous ...
3. [2026/28] On the design of Survivable Distributed ...
4. [2026/185] EFFICIENT QUATERNION ALGORITHMS FOR THE DEURING ...
5. [2026/195] The HyperFrog Cryptosystem: High-Genus Voxel ...
6. [2026/234] When Trying to Catch Cheaters Breaks the MPC: ...
7. [2026/340] Improving Neural-Inspired Integral Distinguishers ...
8. [2026/347] Relaxed Modular PCS from Arbitrary PCS and ...
9. [2026/348] Provable Security and Privacy Analysis of WPA3's ...
10. [2026/350] Hybridization of Cryptographic Primitives: A ...
11. [2026/421] Cryptanalysis of Polynomial Learning With Errors ...
12. [2026/485] SIMD HSS and aHMAC from Interval Encoding with ...
13. [2026/486] White-Box Attacks on PhotoDNA Perceptual Hash Function
14. [2026/487] Bootstrapping-Free Blind PCS: Achieving Constant ...
15. [2026/488] SoK: Offline Finding Protocols for Lightweight ...
16. [2026/489] Threshold Oblivious Pseudorandom Functions from ...
17. [2026/490] Towards Modeling Cybersecurity Behavior of Humans ...
18. [2026/491] SoK: Private Transformer-Based Model Inference
19. [2026/492] The Landscape of Reusable Garbling
20. [2026/493] The SQInstructor: a guide to SQIsign and the ...
21. [2026/494] $\mathsf{GlueLUT}$: Generalized Lookup Table ...
22. [2026/495] Linear Code Equivalence via Pl|+cker Coordinates
23. [2026/496] On quadratic equations of $q$-regular tree and ...
24. [2026/497] Trustworthy Agent Network: Trust in Agent Networks ...
25. [2026/498] Bridging Programmability, Efficiency, and Bounded ...
26. [2026/499] Accelerating FAEST Signatures on ARM: NEON SIMD AES ...
27. [2026/500] Expander properties of superspecial isogeny ...
28. [2026/501] More Bris|-s in Ballet: Extending Differential and ...
29. [2026/502] Efficient RLWE based Chosen-Ciphertext Secure Dual- ...
30. [2026/503] SwiftSNNI: Optimized Scheduling for Secure Neural ...
31. [2026/504] Compression And Decompression Under FHE Using ...
32. [2026/505] SCALE-FL: Scalable Cryptography-based Aggregation ...
33. [2026/506] Unclonable Encryption in the Haar Random Oracle Model
34. [2026/507] Practically Efficient Linear-Time Protocols for ...
35. [2026/508] Schnorr Blind Signatures and Signed ElGamal KEM in ...
36. [2026/509] PUFF: Maximally Proactive Security for Free in ...
37. [2026/510] FHorgEt: A Cryptographic Solution for Secure ...
38. [2026/511] Human-Extractable ZK Proofs of Knowledge: A ...
39. [2026/512] Securely Scaling Autonomy: The Role of Cryptography ...
40. [2026/513] zkBSA: Auditable Blockchain Stealth Address
41. [2026/514] Secure Matrix Invertibility Testing over Fields of ...
42. [2026/515] Privacy at your Fingertips: Enabling Rapid Client- ...
43. [2026/516] Towards Compact UOV-Based MQ Signatures: ...
44. [2026/517] Multi-Instance Security Degradation of Code-Based KEMs
45. [2026/518] ${{\mathsf{SMA}^2\mathsf{RT}}}$ : Secret-Metadata ...
46. [2026/519] A Generalized Partial Exposure Lattice Attack ...
47. [2026/520] Sparse optimisation and quantum-inspired encoding ...
48. [2026/521] UniMSM: An Efficient and Flexible Hardware ...
## 2025/1290
* Title: Improving the Selection Rule of Correlation Attacks for Remote Power Analysis
* Authors: Oriol Farr|as, Vincent Grosso, Miquel Guiot, Carlos Andres Lara-Nino * [Permalink](
https://eprint.iacr.org/2025/1290)
* [Download](
https://eprint.iacr.org/2025/1290.pdf)
### Abstract
Remote power analysis is a novel threat to information systems. Under this attack model, the adversary does not require direct physical access to the platform or specialized sensing equipment. Most of the literature in this field deals with advanced acquisition methods and adversarial models. In contrast, side-channel analysis techniques for remote attacks have not been sufficiently explored. We bridge this gap by taking a look at the characteristics of the data recovered from remote power analysis. We use these insights to propose a novel selection rule for correlation-based attacks that boosts success confidence. This improvement comes from the observation that the samples in a power trace are not independent. We show that adjacent samples can also provide useful information by proposing a post-processing step that capitalizes on these additional leakages. In contrast to previous work, the proposed technique does not rely on the selection of points of interest within the power traces. We further investigate the characteristics of "remote" power traces and their effect on the proposed selection rule through experiments with real (TDC, ChipWhisperer) and synthetic data sets. To assess the advantage of the proposed improvement, we also introduce novel performance metrics that divert from known-key evaluation techniques.
## 2025/1981
* Title: Vision: A Modular Framework for Anonymous Credential Systems
* Authors: Anja Lehmann, Andrey Sidorenko, Alexandros Zacharakis
* [Permalink](
https://eprint.iacr.org/2025/1981)
* [Download](
https://eprint.iacr.org/2025/1981.pdf)
### Abstract
Anonymous credentials enable the unlinkable presentation of previously attested information, or even only predicates thereof. They are a versatile tool and currently enjoy attention in various real-world applications, ranging from the European Digital Identity project to Privacy Pass. While each application usually requires their own tailored variant of anonymous credentials, they all share the same common blueprint. So far, this has not been leveraged though, and currently several proposals either targeting monolithic variants of core components such as BBS signatures, or application-speciN4Uc protocols undergo standardization. This is clearly not optimal, as the same work gets repeated multiple times, while still risking ending up with many slight modiN4Ucations of the same main idea and protocols. In this work we present our vision to use a modular approach to build anonymous credential systems: they are built from a core component rCo consisting of a commitment, signature and NIZK scheme rCo that can be extended with additional commitment-based modules in a plug-and-play manner. We sketch modules for pseudonyms, range proofs and device binding. Importantly, apart from the committed input, all modules are entirely independent of each other. We use this modularity to propose a concrete instantiation that uses BBS signatures for the core component and ECDSA signatures for device binding, addressing the need to bind modern credential schemes to legacy signatures in secure hardware elements.
## 2026/28
* Title: On the design of Survivable Distributed Passwordless Authentication and Single Sign-On
* Authors: Luca Ferretti, Federico Magnanini, Mauro Andreolini, Mattia Trabucco, Michele Colajanni
* [Permalink](
https://eprint.iacr.org/2026/028)
* [Download](
https://eprint.iacr.org/2026/028.pdf)
### Abstract
Single Sign-On (SSO) protocols allow an identity provider to authenticate users and report the outcome by issuing identity attestations. Recent attacks show that breaching the identity provider infrastructure enables adversaries to issue arbitrary identity attestations and impersonate users. Survivable SSO protocols limit the risks of similar intrusions, but they have only been defined for password-based authentication, inheriting their limitations against powerful attacks such as credential phishing. While phishing-resistant passwordless authentication protocols have been standardized, they are not designed to guarantee intrusion tolerance. We initiate the research for Survivable Passwordless SSO (SPS) and propose a modular approach which includes the novel definition of Survivable Passwordless Challenge-response (SPC) protocols for authentication as a sub-routine of SSO. We give the first frameworks and game-based security definitions both for SPC and SPS which capture both novel attack classes, such as session injection attacks in a decentralized setting, and existing but not yet formalized attack classes, such as detection of cloned authenticators. The design of the models includes novel strategies to capture proactive security in survivable protocols within security definitions and to compose authentication and SSO through a modular approach. Our strategies and models may also be applied with minor modifications to non-survivable protocols, possibly providing a novel approach to assess the security of existing SSO protocols.
## 2026/185
* Title: EFFICIENT QUATERNION ALGORITHMS FOR THE DEURING CORRESPONDENCE, AND APPLICATION TO THE EVALUATION OF MODULAR POLYNOMIALS
* Authors: Antonin Leroux
* [Permalink](
https://eprint.iacr.org/2026/185)
* [Download](
https://eprint.iacr.org/2026/185.pdf)
### Abstract
This work presents several algorithms to perform operations in
the quaternion ideals and orders stemming from the Deuring correspondence. While most of the desired operations can be solved with generic linear algebra, we show that they can be performed much more efficiently while maintaining a strict control over the size of the integers involved. This allows us to obtain a
very efficient implementation with fixed sized integers of the effective Deuring
correspondence.
We apply our new algorithms to improve greatly the practical performances
of a recent algorithm by Corte-Real Santos, Eriksen, Leroux, Meyer and Panny
to evaluate modular polynomials. Our new implementation, including several other improvements, runs 20 times faster than before for the level rao = 11681. The Deuring correspondence also plays a central role in the most recent developments in isogeny-based cryptography, and in particular in the SQIsign signature scheme submitted to the NIST PQC competition. After the latest progresses, it appears that fixed-sized efficient quaternion operations is one of
the main missing feature of the most recent implementations of SQIsign. We believe that several of our new algorithms could be very useful for that.
## 2026/195
* Title: The HyperFrog Cryptosystem: High-Genus Voxel Topology as a Trapdoor for Post-Quantum KEMs
* Authors: Victor Duarte Melo
* [Permalink](
https://eprint.iacr.org/2026/195)
* [Download](
https://eprint.iacr.org/2026/195.pdf)
### Abstract
We present HyperFrog, a lattice-based Key Encapsulation Mechanism (KEM) targeting post-quantum security levels. The construction instantiates a variant of the Learning With Errors (LWE) problem in which the secret vector is derived from high-genus topological structures embedded in a three-dimensional grid. Unlike standard LWE schemes that draw secrets from uniform or Gaussian distributions, HyperFrog uses a topology-mining procedure to generate sparse binary secret keys corresponding to connected subgraphs with cyclomatic number (genus) >= 8, introducing geometric constraints while preserving combinatorial hardness.
To achieve practical robustness, the scheme applies the Fujisaki-Okamoto (FO) transform, attaining IND-CCA2 security under standard assumptions. The reference implementation, internally codenamed "Topological Obsidian", includes a constant-time decoding routine based on branchless arithmetic to eliminate secret-dependent control flow during decryption and re-encryption. We provide benchmark results on an AMD Ryzen 9 5950X implementation using AVX2 vectorization for polynomial arithmetic, and demonstrate the integration of the KEM into a high-performance AES-256-GCM hybrid encryption pipeline.
## 2026/234
* Title: When Trying to Catch Cheaters Breaks the MPC: Breaking and Fixing Delayed Consistency Checks in Trident, Fantastic Four, SWIFT, and Quad (Full Version)
* Authors: Andreas Br|+ggemann, Thomas Schneider
* [Permalink](
https://eprint.iacr.org/2026/234)
* [Download](
https://eprint.iacr.org/2026/234.pdf)
### Abstract
Actively secure multi-party computation in the honest-majority setting often relies on multiple parties computing the same message to be sent. This additional redundancy allows to detect when a party deviates from the protocol. Many works utilize this for efficient protocol design, with some protocols delaying and batching consistency checks to further boost efficiency. In this paper, we show multiple cases where such batched consistency checks render the protocols insecure. Our concrete attacks derive additional knowledge from the batched consistency checks, reconstructing values on intermediate wires. Specifically, we show concrete attacks on Trident (NDSS'20), Fantastic Four (USENIX Security'21) including its implementation in the popular MP-SPDZ framework (CCS'20), and Quad (PoPETS'25). Furthermore, we find how an imprecise specification of SWIFT (USENIX Security'21) can enable a similar attack and reveal a gap in their security proof. Finally, we propose a fix for all protocols with a small performance overhead. Our provably secure fix uses a generic, joint consistency check that replaces the former, insecure consistency checks.
## 2026/340
* Title: Improving Neural-Inspired Integral Distinguishers via a Linear-Algebraic Approach
* Authors: Yunjae Hwang, Insung Kim, Sunyeop Kim, Myungkyu Lee, Hanbeom Shin, Deukjo Hong, Seokhie Hong, Dongjae Lee, Jaechul Sung, Byoungjin Seok
* [Permalink](
https://eprint.iacr.org/2026/340)
* [Download](
https://eprint.iacr.org/2026/340.pdf)
### Abstract
The recent study has demonstrated that neural networks can serve as a navigator for an automatic search model for integral cryptanalysis with a reduction in computational complexity. However, the inherent drawbacks of using a deep learning model such as large datasets and limited interpretability are the major obstacles in cryptanalysis. In this paper, we introduce another simple data-driven approach using the linear algebraic concept to characterize key-independent balance properties as the kernel of a matrix with empirical parity data. We stack the ciphertext parities obtained under many independent keys into the parity matrix and prove that every mask satisfying the matrix multiplication as zero corresponds exactly to a balance property. Candidates of the balance mask from the test are additionally evaluated by the spurious mask test.
We demonstrate the practicality and generality of the kernel methodology on seven lightweight block ciphers spanning SPN with SKINNY, Midori, PRESENT, LED and ARX with SPECK, SIMON, SIMECK. Across these cases, our method recovers known distinguishers and reveals additional non-trivial linear combinations missed by conventional analyses. We additionally position the kernel method relative to other similar methodologies. Our results show that the kernel method provides a rigorous and cipher-agnostic alternative to neural feature exploration and complements division property-based search techniques.
## 2026/347
* Title: Relaxed Modular PCS from Arbitrary PCS and Applications to SNARKs for Integers
* Authors: Alireza Shirzad, Sriram Sridhar, Dimitrios Papadopoulos, Charalampos Papamanthou
* [Permalink](
https://eprint.iacr.org/2026/347)
* [Download](
https://eprint.iacr.org/2026/347.pdf)
### Abstract
\emph{Modular Polynomial Commitment Schemes (Mod-PCS)} extend standard PCSs by enabling provable evaluation of integer polynomials modulo a random modulus, providing a natural foundation for SNARKs that operate directly over large integers without emulating arithmetic in finite fields. Only two Mod-PCS constructions are known. The first (Campanelli and Hall-Andersen, IACR ePrint 2024) serves primarily as a feasibility result and is impractical and not post-quantum secure due to its reliance on groups of unknown order. The second (Garetta et al., CRYPTO 2025) introduces the weaker notion of \emph{relaxed} Mod-PCS, but is not fully succinct: committing to a multilinear polynomial with $N$ terms and $B$-bit coefficients requires $O(\sqrt{N}B)$ proof size and verification time.
We present a black-box transformation that builds relaxed Mod-PCS from any standard PCS, enabling new constructions. Instantiating our transformation with a tensor-code PCS yields the first relaxed Mod-PCS with $O(\log (N+B))$ proof size and verifier time, which is transparent and plausibly post-quantum secure. Using this scheme within the framework of Garetta et al., we obtain the first fully succinct SNARK for the Customizable Constraint System over $\mathbb{Z}_B$, achieving $O(B\log N + N\log N \log B)$ prover time and $O(\log (N+B))$ verifier time and proof size.
Our approach relies on a commitment-switching technique for integer polynomials and a new batched integer commitment scheme from any PCS. We further introduce improved arguments for integer addition and multiplication, correctness of the number-theoretic transform, and general Diophantine relations over committed integers.
## 2026/348
* Title: Provable Security and Privacy Analysis of WPA3's SAE and SAE-PK Protocols
* Authors: Shan Chen, Kaige Pan, Olga Sanina
* [Permalink](
https://eprint.iacr.org/2026/348)
* [Download](
https://eprint.iacr.org/2026/348.pdf)
### Abstract
SAE and SAE-PK are the core security protocols introduced in the latest Wi-Fi security standard, WPA3, to protect personal networks. SAE-PK extends SAE to prevent the so-called evil twin attacks, where an attacker with the knowledge of the password attempts to impersonate a legitimate access point. In this work, we present the first provable security and privacy analysis of SAE and SAE-PK. We introduce formal models that capture their intended properties and use these models to analyze the guarantees these protocols provide.
First, we identify an attack that prevents SAE from fulfilling its intended authentication guarantees. As a result, SAE can only be proven secure within a weaker security model, which we also formalize and show the proof in. To achieve the desired level of security, we propose two simple fixes, resulting in two efficient SAE protocols that we call SAEv2 and SAEv3. We prove that both protocols meet the intended security guarantees, with SAEv3 providing greater robustness.
Next, we prove that SAE-PK is indeed secure against evil twin attacks, but its current design introduces a theoretical vulnerability to offline dictionary attacks, which contradicts the expected security guarantees of SAE-PK as an enhanced password-authenticated key exchange protocol. To remedy this, we show that SAE-PK can be modified with minimal changes to fully realize its desired security goals.
Finally, we analyze the privacy guarantees of SAE, SAE-PK, and our proposed enhanced variants. We prove that their cryptographic core preserves the unlinkability of client devices across distinct Wi-Fi networks, if MAC address randomization is properly applied.
## 2026/350
* Title: Hybridization of Cryptographic Primitives: A Generalized Framework for Adaptive Security
* Authors: Zahra Seyedi, Eckhard Pfluegel, Shahzad Ahmad, Willie Kouam, Stefan Rass
* [Permalink](
https://eprint.iacr.org/2026/350)
* [Download](
https://eprint.iacr.org/2026/350.pdf)
### Abstract
Hybrid cryptographic schemes combine multiple primitives to provide resilience against diverse threats, particularly in the post-quantum era where classical algorithms face potential quantum attacks. However, existing hybrid approaches rely on predefined, fixed pairings of specific cryptographic algorithms, limiting their adaptability to evolving security requirements and heterogeneous deployment environments. This paper presents a generalized framework for the hybridization of cryptographic primitives that enables dynamic, user-driven composition of encryption schemes and digital signatures. Our approach leverages all-or-nothing transformations (AONTs) to construct hybrid schemes where an adversary must break all constituent primitives simultaneously to compromise the system. We formally prove that if at least one component scheme remains secure (IND-CPA for encryption, EUF-CMA for signatures), the entire hybrid construction achieves security equivalent to its strongest component. Unlike conventional approaches that prescribe specific algorithm combinations, our framework allows flexible selection and integration of classical, post-quantum, or mixed cryptographic primitives based on specific security requirements, computational constraints, and threat models. Our generalized hybridization methodology naturally extends to key encapsulation mechanisms and other cryptographic primitives, providing a foundation for building future adaptive cryptographic systems that remain secure even as individual components are compromised over time. This addresses a critical gap in current cryptographic practices and will provide users a methodology to construct flexible, robust security architectures for the post-quantum era.
## 2026/421
* Title: Cryptanalysis of Polynomial Learning With Errors (PLWE): A Survey
* Authors: Rahinatou Yuh Njah Nchiwo
* [Permalink](
https://eprint.iacr.org/2026/421)
* [Download](
https://eprint.iacr.org/2026/421.pdf)
### Abstract
Lattice-based cryptography (LBC) has emerged as one of the most promising fields supporting post-quantum cryptography (PQC). The Learning With Errors (LWE) problem \cite{Regev}, due to its strong security guarantees, plays a fundamental role in LBC, although it is not very efficient for cryptographic applications. To address this limitation, several variants of LWE have been developed, such as Ring-LWE (RLWE) \cite{LPR2010}, which is suitable for theoretical purposes, and Polynomial-LWE (PLWE) \cite{BV}, which is more practical.
This survey provides a systematic review of vulnerable instances of PLWE. These attacks may extend to RLWE in instances where the two problems are equivalent..
This paper serves as a resource for those seeking a structured overview of the state-of-the-art attacks on PLWE.
## 2026/485
* Title: SIMD HSS and aHMAC from Interval Encoding with Application to One-Bit-Per-Gate Garbling
* Authors: Jaehyung Kim, Hanjun Li, Huijia Lin, Zeyu Liu
* [Permalink](
https://eprint.iacr.org/2026/485)
* [Download](
https://eprint.iacr.org/2026/485.pdf)
### Abstract
Primitives enabling homomorphic computation over secret-shared values--Homomorphic Secret Sharing (HSS) and algebraic Homomorphic MACs (aHMAC)--have recently emerged as efficient alternatives to ciphertext-based primitives such as fully homomorphic encryption (FHE) and attribute-based encryption (ABE). Leveraging the distributed nature of secret sharing, direct constructions of HSS and aHMAC are simple, lightweight, avoid costly bootstrapping, and have many applications including one-bit-per-gate garbled circuits.
Despite encouraging progress, all existing direct schemes still lack one key feature: efficient Single Instruction Multiple Data (SIMD) evaluation, a capability that has been critical to the efficiency of FHE. This gap leaves the potential of substantial efficiency improvements untapped.
We present the first SIMD evaluation techniques for HSS and aHMAC, based on variants of the RLWE assumption. Using a new interval coefficient encoding, our approach embeds $\sqrt{n}$ integer-valued slots per ring element and supports $\sqrt{n}$-fold batch addition and multiplication in just $O(\log n)$ ring operations, achieving a multiplicative $\tilde O(\sqrt{n})$ improvement in amortized efficiency over prior direct constructions. Building on top of these improvements, we show a streamlined one-bit-per-gate SIMD garbling scheme with similar efficiency gains in the online phase.
Our efficiency gains are concrete. Concrete operation counts and microbenchmark based estimates show $6\times$--$10\times$ improvements in amortized multiplication cost over prior non-SIMD constructions, with up to $25\times$--$50\times$ speedups for aggregation-heavy workloads such as matrix--vector multiplication. These results demonstrate the practical potential of SIMD techniques for secret-sharing-based homomorphic computation.
## 2026/486
* Title: White-Box Attacks on PhotoDNA Perceptual Hash Function
* Authors: Maxime Deryck, Diane Leblanc-Albarel, Bart Preneel
* [Permalink](
https://eprint.iacr.org/2026/486)
* [Download](
https://eprint.iacr.org/2026/486.pdf)
### Abstract
EYaaraAEYaLEYaiEYaLEYE+EYaUEYE| is a widely deployed perceptual hash function used for the detection of illicit content such as Child Sexual Abuse Material (CSAM). This paper presents the first mathematical description of EYE|EYaOEYaOEYaAEYaoEYaAEYaa EYaaraAEYaLEYaiEYaLEYE+EYaUEYE|, a new function which has identical outputs to that of EYaaraAEYaLEYaiEYaLEYE+EYaUEYE| for a large database of test images. From this description, several design weaknesses are identified: the algorithm is piece-wise linear and differentiable, the hash value only depends on the sum of the RGB values of each pixel, and it is trivial to find images with hash value equal to all zeroes.
The paper further demonstrates that gradient-based optimization techniques and quadratic programming can exploit the mathematical weaknesses of EYE|EYaOEYaOEYaAEYaoEYaAEYaa EYaaraAEYaLEYaiEYaLEYE+EYaUEYE| and EYaaraAEYaLEYaiEYaLEYE+EYaUEYE| to produce visually appealing exact collisions and second preimages; for near-collisions and near-second-preimages the image quality can be further improved. The same techniques can be used to recover the rough shapes of an image from its hash value, disproving the claim from the designer that EYaaraAEYaLEYaiEYaLEYE+EYaUEYE| is irreversible. Finally, it is also shown that it is easy to produce high-quality perceptually identical images with a hash value that is far from the original image allowing to avoid detection. We have implemented our attacks on a large set of varied images and we have tested them on both EYE|EYaOEYaOEYaAEYaoEYaAEYaa EYaaraAEYaLEYaiEYaLEYE+EYaUEYE| and EYaaraAEYaLEYaiEYaLEYE+EYaUEYE|. Our attacks have success rates close or equal to 100% and run in seconds or minutes on a personal laptop; they present a substantial improvement over earlier work that requires hours on parallel machines and that results only in near-collisions. We believe that with additional optimization of the parameters, the image quality and/or the attack performance can be further improved.
Our work demonstrates that EYaaraAEYaLEYaiEYaLEYE+EYaUEYE| is unreliable for the detection of illicit content: it is easy to incriminate someone by sending them false content with a hash value close to illicit content (a false positive) and to avoid detection of illicit content with minimal modifications to an image (a false negative). False positives and leakage of information are particularly problematic in a Client Side Scanning (CSS) scenario as envisaged by several countries, where large hash databases would be stored on every user device and billions of images would be hashed with EYaaraAEYaLEYaiEYaLEYE+EYaUEYE| every day. Overall, our research cast serious doubts on the suitability of EYaaraAEYaLEYaiEYaLEYE+EYaUEYE|for the large-scale detection of illicit content.
## 2026/487
* Title: Bootstrapping-Free Blind PCS: Achieving Constant Depth and Linear Prover
* Authors: Kexi Huang, Yanpei Guo, Wenjie Qu, Jiaheng Zhang
* [Permalink](
https://eprint.iacr.org/2026/487)
* [Download](
https://eprint.iacr.org/2026/487.pdf)
### Abstract
In this work, we construct a new and highly efficient blind polynomial commitment scheme (PCS) over non-binary fields. Our scheme is specifically designed to handle encrypted coefficients without requiring expensive bootstrapping operations, achieving a breakthrough in the "complexity-depth" trade-off.
The proposed scheme features an extremely efficient prover both asymptotically and concretely. The commitment and evaluation phases are dominated by a strictly linear $O(n)$ number of field operations. Furthermore, the construction maintains a constant multiplicative depth, which is a critical requirement for efficiency in homomorphic encryption settings. Concretely, for large-scale circuit sizes, our prover is significantly faster than prior state-of-the-art schemes such as phalanx and laminate.
Our underlying technique is the Generalized RAA code, an extremely efficient error-correcting code that extends the binary RAA code structure to arbitrary non-binary prime fields $\mathbb{F}_{p}$. We analyze the bounds over non-binary fields, which demonstrate that this code maintains a linear minimum distance property with high probability. By combining LigerorCOs IOPP framework, we obtain the first asymptotically and concretely good blind PCS that achieves strictly linear $O(n)$ encoding complexity for the prover while avoiding the expensive bootstrapping operations.
## 2026/488
* Title: SoK: Offline Finding Protocols for Lightweight Location Tracking
* Authors: Akshaya Kumar, Carolina Ortega P|-rez, Joseph Jaeger, Thomas Ristenpart, Michael A. Specter
* [Permalink](
https://eprint.iacr.org/2026/488)
* [Download](
https://eprint.iacr.org/2026/488.pdf)
### Abstract
Offline finding (OF) protocols---such as Apple's Find My, Google's Find Hub, SamsungrCOs SmartThingsFind, and Tile---enable hundreds of millions of users to track their belongings via Bluetooth-based tracker tags. However, their scale and tracking capabilities give rise to privacy risks for tag owners and bystanders, as well as safety risks for victims of tag-facilitated stalking. In response, academics and practitioners have suggested cryptographic and non-cryptographic mitigations to improve privacy and anti-stalking protections, working to navigate complex and subtle tensions between these goals. The result is a large landscape of privacy goals, threat models, protocol designs, implementations, and analyses.
In this work, we systematize the OF protocol landscape. We gather and analyze a corpus of 49 research papers and OF protocol technical specifications, and use it to develop a taxonomy capturing the functionality, security, and privacy goals of OF protocols. We use the taxonomy to guide a focused assessment of the four major OF deployments along with six academic constructions, comparing design choices, consolidating known attacks, and analyzing the designs' trade-offs between privacy, security, abusability, and efficiency. We provide a simple OF protocol that achieves most security goals, and which clarifies the essential cryptographic components underlying OF protocols. We also provide a survey of physical layer attacks and usability issues that undermine protections in practice. Finally, we discuss open problems and potential research directions towards secure, interoperable, and abuse-resistant OF systems.
## 2026/489
* Title: Threshold Oblivious Pseudorandom Functions from Isogeny Group Actions * Authors: Robi Pedersen
* [Permalink](
https://eprint.iacr.org/2026/489)
* [Download](
https://eprint.iacr.org/2026/489.pdf)
### Abstract
We present a new verifiable oblivious pseudorandom function (VOPRF) from isogeny group actions. Our construction is twice as fast as the previous state of the art of Delpech de Saint Guilhem and Pedersen at a slightly higher communication cost. One major contribution is the realization of a new proof protocol that is integrated as a two-party computation into the OPRF protocol, making the output verifiable. The main design choice behind our construction and this new proof system is to enable an easy transformation into a threshold protocol, something previous designs have not achieved. To this end, we present our VOPRF in a modular way based on different subroutines. We show how to replace these subroutines with their threshold counterparts, using simulation-based arguments. This results in the first threshold VOPRF from isogenies and one of the first threshold VOPRFs in the post-quantum literature. In contrast to other post-quantum threshold VOPRF designs, our construction has input and output size independent of the number of server parties and furthermore is robust, while other designs rely on aborts in the presence of malicious parties.
## 2026/490
* Title: Towards Modeling Cybersecurity Behavior of Humans in Organizations
* Authors: Klaas Ole K|+rtz
* [Permalink](
https://eprint.iacr.org/2026/490)
* [Download](
https://eprint.iacr.org/2026/490.pdf)
### Abstract
We undertake a comprehensive and structured synthesis of the drivers of human behavior in cybersecurity, focusing specifically on people within organizations (i.e., especially employees in companies), and integrate key concepts such as awareness, security culture, and usability into a coherent theoretical framework. This model is then compared with several relevant behavioral models that fundamentally represent drivers of human behavior.
Additionally, we discuss how this theoretical framework can help the domain of agentic AI security: We argue that as AI systems increasingly act as autonomous agents within organizations and based on natural language processing, they also exhibit vulnerabilities analogous to human behavioral risks. Consequently, we propose that this human-centric model offers a blueprint for developing additional security strategies against manipulation attacks targeting AI agents.
## 2026/491
* Title: SoK: Private Transformer-Based Model Inference
* Authors: Yuntian Chen, Tianpei Lu, Zhanyong Tang, Bingsheng Zhang, Zhiying Shi, Yuxiang Luan, Zhuzhu Wang
* [Permalink](
https://eprint.iacr.org/2026/491)
* [Download](
https://eprint.iacr.org/2026/491.pdf)
### Abstract
The growing demand for privacy-preserving Transformer inference has led to the emergence of numerous protocols designed to protect sensitive data and model parameters. These protocols utilize diverse cryptographic tools under varying assumptions, each presenting unique characteristics and trade-offs between computation, communication, and accuracy. In this paper, we conduct a systematic and in-depth analysis of existing approaches from diverse performance perspectives, identifying their limitations and research gaps. We further evaluate the reproducibility of prior systems and re-benchmark representative solutions under standardized configurations. Our results yield a principled guideline for balancing protocol trade-offs under different deployment settings.
## 2026/492
* Title: The Landscape of Reusable Garbling
* Authors: Anasuya Acharya, Carmit Hazay, Rahul Satish
* [Permalink](
https://eprint.iacr.org/2026/492)
* [Download](
https://eprint.iacr.org/2026/492.pdf)
### Abstract
Reusability is a recurring theme in cryptography, appearing in various contexts where a one-time setup produces an encoded program that can be applied to multiple inputs. Prominent examples include indistinguishability obfuscation (iO), functional encryption (FE), laconic function evaluation (LFE), homomorphic secret-sharing (HSS), and function secret-sharing (FSS), each offering different trade-offs in efficiency and functionality. A particularly clean setting for reusability arises in garbling schemes: a garbler publishes a garbled circuit that can be evaluated on multiple inputs chosen by an evaluator. While one-time garbling has become a central and widely applicable primitive, its reusable variant has received comparatively little attention, typically studied only as a consequence of FE.
In this work, we revisit the foundations of reusable garbling and develop a framework that clarifies its relationship to other reusable primitives. We first show that reusable garbling is equivalent to a single-key private-key variant of FE, capturing exactly the guarantees required for reusability and isolating it as a primitive in its own right. This equivalence further implies a black-box separation between reusable garbling and public-key FE, establishing that reusability can be realized entirely within the private-key setting without invoking public-key mechanisms. Building on this perspective, we demonstrate direct constructions from several inherently reusable primitives, including LFE, iO, HSS, and FSS, broadening the foundations of reusable garbling and revealing how reusability naturally emerges across diverse cryptographic paradigms.
## 2026/493
* Title: The SQInstructor: a guide to SQIsign and the Deuring Correspondence with level structures
* Authors: Giacomo Borin, Luca De Feo, Guido Maria Lido, Sina Schaeffler
* [Permalink](
https://eprint.iacr.org/2026/493)
* [Download](
https://eprint.iacr.org/2026/493.pdf)
### Abstract
We explore the use of level structures to generalize the SQIsign signature scheme. We give a general framework where, given the public key and the commitment, the challenge is to exhibit an isogeny between them with an additional requirement, namely to map a chosen level structure to nother.
We then instantiate the framework using 1-dimensional and 2-dimensional isogenies.
In doing that we provide a new explicit Deuring correspondence for supersingular elliptic curves with level structures and solve new constrained norm equations.
## 2026/494
* Title: $\mathsf{GlueLUT}$: Generalized Lookup Table Arguments over Residue Rings via Auxiliary Fields
* Authors: Yuanju Wei, Zhelei Zhou, Xinxuan Zhang, Songyu Wu, Binwu Xiang, Cheng Hong, Yi Deng
* [Permalink](
https://eprint.iacr.org/2026/494)
* [Download](
https://eprint.iacr.org/2026/494.pdf)
### Abstract
Lookup Table (LUT) arguments are a central efficiency primitive in modern SNARKs, and existing high-performance constructions are largely tailored to large fields. Meanwhile, an increasingly important class of applications is natively ring-based, with arithmetic carried out over residue rings $\mathbb{Z}_Q:=\mathbb{Z}/Q\mathbb{Z}$. We find that naively extending field-based lookup table techniques to rings faces fundamental obstacles, which can lead to unsoundness, limited applicability, or poor efficiency.
We introduce $\mathsf{GlueLUT}$, a general framework for constructing LUT arguments over arbitrary residue ring $\mathbb{Z}_Q$ that supports arbitrary tables. Our main technical tool is a new primitive called Cross-Modulus Consistency (CMC) PIOP, proves that two witnesses defined over coprime moduli share the same underlying integer in the canonical range. Using our CMC PIOP as a glue, we perform the lookups over an auxiliary field $\mathbb{F}_P$ (for a prime $P>Q$) and then certify the consistency between the witness over $\mathbb{Z}_Q$ and the witness over $\mathbb{F}_P$, thereby avoiding the obstacles of constructing LUT arguments directly over rings. We further provide two optimized instantiations, $\mathsf{GlueLUT}$-$\mathsf{v1}$ for $Q=pq$ and $\mathsf{GlueLUT}$-$\mathsf{v2}$ for $Q=p^k$, capturing common modulus families in practice. Finally, we implement $\mathsf{GlueLUT}$-$\mathsf{v1}$ and $\mathsf{GlueLUT}$-$\mathsf{v2}$ as stand-alone PIOPs and report prototype results that corroborate our theoretical efficiency.
## 2026/495
* Title: Linear Code Equivalence via Pl|+cker Coordinates
* Authors: Gessica Alecci, Giuseppe D'Alconzo
* [Permalink](
https://eprint.iacr.org/2026/495)
* [Download](
https://eprint.iacr.org/2026/495.pdf)
### Abstract
The assumed hardness of the Linear Code Equivalence problem (LCE) lies at the core of the security of the LESS signature scheme and other signature schemes with advanced functionalities. The LCE problem asks to determine whether two linear codes are equivalent. This equivalence is represented by a monomial matrix $Q$, i.e. the product of a diagonal matrix $D$ and a permutation matrix $P$. The recovery of $Q=DP$ is known to be reduced to the recovery of the permutation matrix $P$ alone. Exploiting this fact, we construct an algebraic model for LCE involving only the matrix $P$. To this end, we study the action of monomial matrices on linear codes using tools from algebraic geometry, including Pl|+cker coordinates and fields of invariant rational functions. In particular, we analyse the action of diagonal matrices on linear codes, which can be interpreted as diagonal scaling of the coordinates of elements of the Grassmannian. We propose a method to determine algebraically independent generators of the field of rational functions invariant under this action, without relying on Reynolds operators or Gr||bner basis computations. Furthermore, given two equivalent codes, we apply our results to explicitly construct, for each invariant function, a polynomial having $P$ as a root. However, the resulting polynomials are not of practical use: their degrees are high for cryptographically relevant parameters, and the number of monomials grows exponentially, making them infeasible to manipulate. Despite this limitation, our results are of theoretical interest, as they constitute the first application of these tools to the cryptanalysis of LCE and provide insight into how algebraic geometry and invariant theory can be employed in Cryptography.
## 2026/496
* Title: On quadratic equations of $q$-regular tree and their applications in Graph Theory and Cryptography.
* Authors: Vasyl Ustimenko, Tymoteusz Chojecki
* [Permalink](
https://eprint.iacr.org/2026/496)
* [Download](
https://eprint.iacr.org/2026/496.pdf)
### Abstract
Graphs $D(n, q)$ and their connected components $CD(n, q)$ were defined 30 years ago.
We observe shortly their applications to Extremal Graph Theory,
Spectral Graph Theory, Algebraic Graph Theory, Symmetric Cryptography and Theory of
Low Density Parity Check
Codes. We introduce several new algorithms of Noncommutative Cryptography based on this graphs of large girth,
In particular we propose modification of Diffie-Hellman protocol in terms of semigroup of walks of even length on
the forest obtained as projective limit of $D(n, q)$ and the homomorphic image of this monoid, acting on the vector space $(F_q)^n$ as transformation group $G(n, q)$ of cubical polynomial transformation. The protocol
allows users to elaborate collision vector from $(F_q)^n$ in time $O(n^2)$. The security of this schemes rests on the complexity of Conjugacy Power Problem for affine Cremona semigroup of automorphisms of $F_q[x_1, x_2, \dots, x_n]$. Inverse protocol of El Gamal type allows to use these scheme
for encryption or creating of digital signature. Several obfuscations of these algorithm are given.
## 2026/497
* Title: Trustworthy Agent Network: Trust in Agent Networks Must Be Baked In, Not Bolted On
* Authors: Yixiang Yao, Yuhang Yao, Xinyi Fan, Jiechao Gao, Jie Wang, Minjia Zhang, Srivatsan Ravi, Carlee Joe-Wong
* [Permalink](
https://eprint.iacr.org/2026/497)
* [Download](
https://eprint.iacr.org/2026/497.pdf)
### Abstract
The rapid advancement of Large Language Models has given rise to autonomous LLM-based agents capable of complex reasoning and execution. As these agents transition from isolated operation to collaborative ecosystems, we witness the emergence of the Agent-to-Agent (A2A) network, a paradigm where heterogeneous agents autonomously coordinate to solve multi-step tasks. While these networks may offer better task performance compared to simply using one agent to complete the entire task, they introduce systemic vulnerabilities, such as adversarial composition, semantic misalignment, and cascading operational failures, that existing agent alignment techniques cannot address. In this vision paper, we argue that the trustworthiness of A2A networks cannot be fully guaranteed via retrofitting on existing protocols that are largely designed for individual agents. Rather, it must be architected from the very beginning of the A2A coordination framework. We present a comprehensive conceptual framework that situates trust in A2A systems through four design pillars.
## 2026/498
* Title: Bridging Programmability, Efficiency, and Bounded Trust: A Hybrid Privacy-Preserving Smart Contract Framework
* Authors: Youheng Wang, Rujia Li, Zhaoyang Xie, Kaikai Feng, Qingjie Chen, Yang Gao, Sisi Duan
* [Permalink](
https://eprint.iacr.org/2026/498)
* [Download](
https://eprint.iacr.org/2026/498.pdf)
### Abstract
Privacy-preserving smart contracts (PPSCs) extend blockchain computation from transparent execution to confidential applications, enabling mutually distrustful parties to jointly compute contract logic on private inputs. Existing PPSC designs can be categorized into two main paradigms: trusted hardwarerCobased systems and cryptographic systems. Trusted hardware-based systems provide general programmability and the performance is usually close to non-confidential computation, but the hardware has to be trusted. In contrast, cryptographic systems require much lower trust on the hardware but the performance is usually much lower.
In this paper, we propose a hybrid PPSC framework that combines trusted hardware with cryptographic techniques, achieving both general programmability and reduced reliance on trusted hardware. Specifically, the TEE executes the smart contracts, but needs to authenticate the computation. A proof of the encrypted computational results is sent on-chain, and the blockchain authenticates the computational and aggregates the computational results using cryptographic approaches such as homomorphic encryption. In this way, the confidential smart contract via TEE is both efficient and general programmable, without being trusted. Meanwhile, the on-chain cryptographic approach does not introduce high overhead as it only authenticates and aggregates the results. We formalize the system model and security goals, and prove the correctness using the Universal Composability framework. Our implementation and evaluation on Intel SGX as the trusted hardware and Solidity as the smart contract show that our approach achieves nearly no degradation on the performance compared to non-confidential computation.
## 2026/499
* Title: Accelerating FAEST Signatures on ARM: NEON SIMD AES and Parallel VOLE Optimization
* Authors: Seung-Won Lee, Ha-Gyeong Kim, Min-Ho Song, Si-Woo Eum, Hwa-Jeong Seo * [Permalink](
https://eprint.iacr.org/2026/499)
* [Download](
https://eprint.iacr.org/2026/499.pdf)
### Abstract
FAEST is a post-quantum digital signature candidate whose performance is dominated by repeated AES-CTR-based PRG calls in the VOLE-in-the-Head phase, yet its reference implementation provides no FAEST-specialized ARM NEON acceleration path. We present an ARM-oriented optimization that accelerates this bottleneck using general-purpose NEON SIMD instructions without relying on ARMv8 Crypto Extensions. The proposed implementation combines a register-resident 256-byte S-box with TBL/TBX-based four-stage SubBytes, 4-way and 8-way parallel AES block processing, a fixed-size PRG path specialized for the FAEST tree structure, and pthread-based batch-level parallelization of independent VOLE tasks. Evaluated on all 12 parameter sets of FAEST v2 on Raspberry Pi 4 and Apple M2, the combined optimization achieves speedups of up to $136.9\times$ and $330.1\times$, respectively, over the pure-C reference. On RPi4, the single-thread NEON implementation outperforms OpenSSL's software AES, and on M2, the full NEON-plus-pthread configuration outperforms the best available reference configuration, including hardware-accelerated OpenSSL, across all tested parameters.
## 2026/500
* Title: Expander properties of superspecial isogeny digraphs with level structure
* Authors: Thomas Decru, Krijn Reijnders
* [Permalink](
https://eprint.iacr.org/2026/500)
* [Download](
https://eprint.iacr.org/2026/500.pdf)
### Abstract
Charles, Goren and Lauter proved that the supersingular $\ell$-isogeny graph is a Ramanujan graph, which is an optimal expander. Jordan and Zaytman argued that this is no longer true in dimension two, but Florit and Smith showed that those graphs exhibit good expansion properties nonetheless. Castryck, Decru and Smith however have pointed out that the higher-dimensional analogue setting should only consider a subset of all edges, namely the paths corresponding to $(\ell^k,\ell^k)$-isogenies, so-called good extensions, instead of all $(\ell^a,\ell^b,\ell^c,\ell^d)$-isogenies in general, which contain bad extensions too. Such bad extensions lead to many small cycles in the graph, which are a cryptographic problem due to collisions and a graph-theoretic nuisance as these superfluous edges counteract part of the expansion properties. Restricting to good extensions makes the resulting graph directed, as outgoing edges now depend on the incoming edge.
We study $(\ell,\ell)$-level surfaces and $(\ell)^g$-isogeny digraphs restricted to good extensions for concrete small dimensions and degrees $\ell$. These graphs exhibit excellent expander properties: by our heuristic evidence, they are Ramanujan graphs for all primes $\ell$ in dimension 1, and for $\ell = 2$ in dimension 2. Our main conjecture implies that this would still be the case for $\ell=3$ in dimension 2, but not for any larger $\ell$ in dimension 2, or any $\ell$ in dimension 3 and up. Furthermore, we generalize the work of Florit and Smith from $\ell = 2$ to general primes $\ell$, by classifying all abelian surfaces with nontrivial automorphism groups and their actions on their maximal isotropic $(\ell,\ell)-$subgroups.
## 2026/501
* Title: More Bris|-s in Ballet: Extending Differential and Linear Cryptanalysis
* Authors: Emanuele Bellini, Gabriele Bellini, Alessandro De Piccoli, Michela Gallone, David Gerault, Yun Ju Huang, Paul Huynh, Matteo Onger, Simone Pelizzola, Andrea Visconti
* [Permalink](
https://eprint.iacr.org/2026/501)
* [Download](
https://eprint.iacr.org/2026/501.pdf)
### Abstract
In this work, we present new cryptanalytic results on the Ballet block cipher family, a simplified Lay-Massey ARX construction with a linear key schedule, winner of the symmetric algorithm category in the 2018rCo2020 Chinese National Cryptographic Algorithm Competition.
Despite winning the competition, the cipher has received limited attention outside the Chinese Association for Cryptologic Research (CACR) community.
We provide the first classical key recovery attacks in the literature, new explicit differential and linear trails (up to 15 rounds for differential, and 16 for linear, while the original paper only provided a bound for 9 rounds), improved impossible differential trails (8 rounds instead of 7), and the first differential-linear analysis of Ballet (up to 20 rounds).
Our results lead to key recovery attacks on up to 16 rounds of Ballet-128/128/46 and 17 rounds of Ballet-128/256/48, thereby extending the cryptanalytic understanding of this ARX-based design and contributing new insight into its security margin, an area that the designers themselves note warrants further study.
## 2026/502
* Title: Efficient RLWE based Chosen-Ciphertext Secure Dual-Receiver Encryption and Sender-Binding KEM in the Standard Model
* Authors: Laurin Benz, Robert Brede
* [Permalink](
https://eprint.iacr.org/2026/502)
* [Download](
https://eprint.iacr.org/2026/502.pdf)
### Abstract
Key encapsulation mechanism (KEM) is an often used primitive in communication, closely related to public key encryption (PKE). Dual-receiver encryption (DRE) is another primitive closely related to PKE that allows a sender to encrypt a message to two different receivers. Most applications of DRE need the soundness property which guarantees that both receivers decrypt any ciphertext to the same message. Addition ally, IND-CPA security is often not enough and therefore schemes should satisfy a stronger notion like IND-CCA2. Meanwhile, an alternative to IND-CCA2 for KEMs is the IND-SB-CPA security notion which was proven to be strong enough to realize secure channels while in theory enabling the construction of more efficient schemes.
Most IND-CCA2 security proofs rely on the FO transformation, which is only secure in the ROM, and the standard model DREs and KEMs are far from efficient. We fill this gap by providing a sound DRE and a KEM satisfying IND-CCA2 and IND-SB-CPA security respectively. Both schemes are based on RLWE, proven secure in the standard model, and have key sizes of 150 KB and ciphertext sizes of 100 KB, improving upon previous results by a factor of 10x to 100x.
## 2026/503
* Title: SwiftSNNI: Optimized Scheduling for Secure Neural Network Inference (SNNI) on Multi-Core Systems
* Authors: Kanwal Batool, Saleem Anwar, Francesco Regazzoni, Andy Pimentel, Zolt|in |Ud|im Mann
* [Permalink](
https://eprint.iacr.org/2026/503)
* [Download](
https://eprint.iacr.org/2026/503.pdf)
### Abstract
Secure Neural Network Inference (SNNI) enables privacy-preserving inference on encrypted data with strong cryptographic guarantees. However, practical deployments suffer from high preprocessing overhead, significant communication costs, and sequential execution. These limitations lead to low throughput, underutilized system resources, long queueing delays, and poor scalability.
This work introduces \textit{SwiftSNNI}, a unified, resource-aware scheduling framework for SNNI. It implements a hybrid offlinerCoonline strategy that orchestrates offline preprocessing ($T_{\text{pre}, i}$) and online inference ($T_{\text{on}, i}$) jobs to maximize parallelism. By formulating SNNI scheduling as a constrained optimization problem, \textit{SwiftSNNI} overlaps $T_{\text{pre, i}}$ phase execution of future requests with active $T_{\text{on, j}}$ jobs. \textit{SwiftSNNI} also incorporates optional advance notices to enable proactive $T_{\text{pre}, i}$, which further reduces average input delay ($D$).
Evaluations using five benchmark neural networks (M1, M2, HiNet, AlexNet, VGG-16) under diverse workloads and stochastic arrival rates confirm substantial performance gains. Compared to a parallelized sequential baseline (MS-SHARK), \textit{SwiftSNNI} achieves up to 97\% lower average input delay ($D$), a 81\% reduction in makespan ($\approx 5.4 \times$ speedup), and delivers $5.6 \times$ increase in throughput. Furthermore, \textit{SwiftSNNI} reduces average waiting time ($W$) by over 99\%, demonstrating robust starvation prevention for high-concurrency workloads. \textit{SwiftSNNI} supports concurrent execution, scales to larger neural networks, and provides an efficient runtime for SNNI deployments. The \footnote{
https://github.com/KanwalBat00l/SwiftSNNI}{\textit{SwiftSNNI}} implementation is available online.
## 2026/504
* Title: Compression And Decompression Under FHE Using Error-Correcting Codes and Copy-And-Recurse
* Authors: Adi Akavia, Hayim Shaul, Ofer Shayevitz
* [Permalink](
https://eprint.iacr.org/2026/504)
* [Download](
https://eprint.iacr.org/2026/504.pdf)
### Abstract
Compression has been a fundamental problem in computer science for decades. Simply put, we want to represent a low-entropy vector $v$ of size $n$ with less than $n$ elements so that $v$ can be reconstructed (decompressed) from the shorter representation.
Since compressed vectors require less storage and less communication, compression algorithms are part of almost every digital system.
When the vector is encrypted with fully homomorphic encryption (FHE) the problem becomes significantly harder. Some research (e.g., [TCHES'19, CCS'21, EuroCrypt'23 ,USENIX'24]) have considered the problem of compressing an encrypted vector but they all assumed the decompression step happens in cleartext. This is a significant restriction. For example, any system with an untrusted agent that needs to receive data and analyze it cannot use existing compression algorithms.
In this paper, we give the first (to the best of our knowledge) non-trivial compression-decompression algorithms that are both FHE-friendly.
Our algorithms use the copy-and-recurse technique together with the known duality between compression and error-correcting codes.
Our experiments show that our decompression algorithm is faster than the folklore decompression algorithm. This is useful in systems with an agent-in-the-middle that is bounded by communication and by computation.
## 2026/505
* Title: SCALE-FL: Scalable Cryptography-based Aggregation with Lightweight Enclaves for Federated Learning
* Authors: Micah Brody, Antonia Januszewicz, Jiachen Zhao, Nirajan Koirala, Taeho Jung
* [Permalink](
https://eprint.iacr.org/2026/505)
* [Download](
https://eprint.iacr.org/2026/505.pdf)
### Abstract
Privacy-Preserving Federated Learning (PPFL) emphasizes the security and privacy of contributors' data in scenarios such as healthcare, smart grids, and the Internet of Things. However, ensuring the security and privacy throughout PPFL can be challenging, given the complexities of maintaining relationships with many users across multiple epochs. Additionally, under a threat model in which the aggregating server and corrupted users are colluding adversaries, honest users' inputs and output data must be protected at all stages. Two common tools for enforcing privacy in federated learning are Private Stream Aggregation (PSA) and Trusted Execution Environments (TEE). However, PSA-only approaches still expose the raw aggregate to the server (and thus to colluding parties). TEE-only aggregation typically incurs non-negligible per-client per-epoch overhead at scale because the TEE must handle per-client communication and maintain per-client state/key material. This paper presents SCALE-FL, a novel solution for PPFL that maintains security while achieving near-plaintext performance using a state-of-the-art PSA protocol to collect user information and a TEE to hide information about the raw aggregate. By using a PSA protocol for aggregation, we can maintain the privacy of information on the untrusted server without requiring per-user key storage or use by the TEE. Then, the aggregate is securely processed by the TEE in plaintext, without the heavy encryption required on an untrusted server. Finally, we ensure the security of user inputs in the federated learning output by using Differential Privacy (DP). The additional overhead introduced by SCALE-FL is 1% of the overhead of the plain FL executions.
## 2026/506
* Title: Unclonable Encryption in the Haar Random Oracle Model
* Authors: James Bartusek, Eli Goldin
* [Permalink](
https://eprint.iacr.org/2026/506)
* [Download](
https://eprint.iacr.org/2026/506.pdf)
### Abstract
We construct unclonable encryption (UE) in the Haar random oracle model, where all parties have query access to $U,U^\dagger,U^*,U^T$ for a Haar random unitary $U$. Our scheme satisfies the standard notion of unclonable indistinguishability security, supports reuse of the secret key, and can encrypt arbitrary-length messages. That is, we give the first evidence that (reusable) UE, which requires computational assumptions, exists in ``micocrypt'', a world where one-way functions may not exist.
As one of our central technical contributions, we build on the recently introduced path recording framework to prove a natural ``unitary reprogramming lemma'', which may be of independent interest.
## 2026/507
* Title: Practically Efficient Linear-Time Protocols for Server-Aided Private Set Union and Third Party Private Set Operations
* Authors: Foo Yee Yeo, Jason H. M. Ying
* [Permalink](
https://eprint.iacr.org/2026/507)
* [Download](
https://eprint.iacr.org/2026/507.pdf)
### Abstract
We present protocols for server-aided private set union (PSU), third-party private set difference (TP-PSD) and third-party private symmetric difference (TP-PSymD). In a third-party setting, the receiver who obtains the output is an external inputless party with two other participating input parties. The protocols for third-party private set operations presented in this work are significantly more efficient than that of Yeo and Ying (USENIX rCO25). Our results improve upon the above work in both the computational complexity and practical performances. Moreover, our protocols demonstrate practical gains by achieving substantially quicker running times as well as the ability to run on much larger sets. Our server-aided private set union protocol is several times faster than existing state-of-the-art two-party private set union protocols.
## 2026/508
* Title: Schnorr Blind Signatures and Signed ElGamal KEM in Algebraic Group Action Model
* Authors: Dung Hoang Duong, Willy Susilo, Chuanqi Zhang
* [Permalink](
https://eprint.iacr.org/2026/508)
* [Download](
https://eprint.iacr.org/2026/508.pdf)
### Abstract
Schnorr blind signature is one of the most efficient and widely used blind signatures. At CRYPTO'23, Katsumata et al. proposed CSI-Otter, the first blind signature from isogenies, which does not follow the construction framework of the Schnorr blind signature. Instead, CSIOtter was constructed from the sigma protocol for an OR relation that captures the idea of the Abe-Okamoto signature and hence can adapt the proof techniques by Kastner, Loss and Xu (PKC'22) into its security proof. Unfortunately, the concurrent security of CSIOtter was later broken independently by Katsumata et al. (PKC'24) and Do et al. (Eurocrypt'24). As a result, CSI-Otter and all Schnorr-like blind signature schemes constructed from sigma protocols with small challenge space are limited to the sequential setting, though it is still a very meaningful security guarantee.
In this paper, we provide an intensive study of the Schnorr blind signature from isogenies in the Algebraic Group Action Model (AGAM) and the Random Oracle Model (ROM). In particular, we first prove the tight security of the existing Schnorr signature from isogenies under the group action discrete logarithm assumption (GADLOG) in AGAM + ROM, which serves as the foundation for the proof of the sequential security, the log-concurrent security, and the 2-concurrent security of the Schnorr blind signature in AGAM + ROM under the hardness of the one-more group action discrete logarithm (OMGADLOG) assumption. In addition, of independent interest, we also present the Schnorr-Signed Hashed ElGamal KEM from isogenies and prove its CCA2 security in AGAM + ROM under the hardness of GADLOG.
## 2026/509
* Title: PUFF: Maximally Proactive Security for Free in Perfectly Secure MPC with Guaranteed Output Delivery
* Authors: Jiarui Li, Mengzhen Zou, Guidong Li, Guoyan Zhang, Chen Qian
* [Permalink](
https://eprint.iacr.org/2026/509)
* [Download](
https://eprint.iacr.org/2026/509.pdf)
### Abstract
Achieving proactive security in perfectly-secure Multi-Party Computation (MPC) with guaranteed output delivery is a significant challenge, primarily because traditional protocols require all participants to be continuously online, rendering them impractical for many applications. The recently proposed layered MPC model~\cite{C:DDGIKK23} addresses this by allowing parties to be offline for extended periods. However, existing protocols for this model incur substantial overhead compared to their counterparts in the standard static setting.
This work introduces a unified framework and essential building blocks for constructing protocols in the layered model, instantiable with both Shamir and CNF secret sharing. Using this framework, we develop highly efficient protocols for Verifiable Secret Sharing (VSS) and secure multiplication for proactive security.
Applying our framework, we construct layered MPC protocols that drastically reduce the communication complexity and the number of layers required to evaluate an arithmetic circuit of depth $D$. Specifically, our Shamir-based MPC achieves $O(n^6)$ per-gate communication with a total layer depth of $D+13$, representing a significant improvement over the $O(n^9)$ complexity and $10D+8$ depth of~\cite{C:DDGIKK23}.
## 2026/510
* Title: FHorgEt: A Cryptographic Solution for Secure Machine Unlearning
* Authors: David Balb|is, Dario Fiore, Georgios Raikos, Damien Robissout, Claudio Soriente
* [Permalink](
https://eprint.iacr.org/2026/510)
* [Download](
https://eprint.iacr.org/2026/510.pdf)
### Abstract
Data regulations grant users the right to be forgotten, empowering them to control if and when their data is used in applications such as machine learning training. Machine unlearning offers a promising mechanism to enforce this right by enabling the removal of specific training data from models. Existing machine unlearning approaches, however, assume an honest server that correctly executes all unlearning requests. In practice, this assumption is too strong: nothing prevents a server from falsely claiming to have performed unlearning while secretly retaining the original model or continuing to use the data for training. Such behaviours remain possible even when unlearning requests are verifiable---for example, via zero-knowledge proofs---because the server may still keep copies of the data or model.
In this work, we argue that a security model for machine unlearning should capture data confidentiality throughout the lifecycle of a model, including training, inference, and unlearning. We introduce such a formalism and then present the first machine learning framework that provides cryptographic guarantees that unlearning requests are properly executed and that users' data is forgotten. We implement our framework using fully-homomorphic encryption (FHE) and secure multi-party computation (MPC), within a distributed setting where training, unlearning and inference requests are handled by a group of servers. Our constructions are secure in the honest-but-curious model if at least one of the servers is honest, and can be lifted against actively malicious servers following standard techniques. We also show, via a proof-of-concept implementation, that such a system does not add a significant overhead on top of FHE-based training.
## 2026/511
* Title: Human-Extractable ZK Proofs of Knowledge: A Solution to Dark DAOs
* Authors: Zeyuan Yin, Leiyuan Tian, Bingsheng Zhang, Kui Ren
* [Permalink](
https://eprint.iacr.org/2026/511)
* [Download](
https://eprint.iacr.org/2026/511.pdf)
### Abstract
A Decentralized Autonomous Organization (DAO) is a pioneering evolution to realize a decentralized democratic governance over a blockchain. In a DAO, stakeholders usually make collective decisions through secure on-chain voting. Recently, Dark DAO (Austgen et al., arXiv:2311.03530) was proposed as a decentralized cartel that enables automated vote-buying. It attacks the inalienable authentication of a remote e-voting system by leveraging key encumbrance via MPC or TEEs, enabling a voter to pass the authentication without knowing the actual key. To defend against this new type of attack, the notions of individual knowledge (Dziembowski et al., CRYPTO '23) and complete knowledge (Kelkar et al., CCS '24) were proposed, ensuring that the prover has unencumbered knowledge of a secret. However, their solutions rely on TEEs or ASICs, which are difficult to deploy on blockchain.
Inspired by the human-extractable CAPTCHA puzzles proposed by Kumarasubramanian et al. (PKC '13), we propose a new primitive called human-extractable zero-knowledge proofs of knowledge (HE-ZKPoK) as an alternative solution to Dark DAOs. Our HE-ZKPoK protocol forces the prover to solve human-extractable CAPTCHA puzzles along with completing a standard zero-knowledge proof of knowledge, avoiding the need for specialized hardware. As a result, any human entity can extract the witness merely by looking at the prover's CAPTCHA queries and the associated puzzles. Under the assumption that humans cannot encumber a secret, we conclude that if a voter sells his vote, his secret key will be fully exposed, thus deterring voters from engaging in vote-buying.
## 2026/512
* Title: Securely Scaling Autonomy: The Role of Cryptography in Future Unmanned Aircraft Systems (UAS)
* Authors: Paul Rochford, William J Buchanan, Rich Macfarlane, Madjid Tehrani
* [Permalink](
https://eprint.iacr.org/2026/512)
* [Download](
https://eprint.iacr.org/2026/512.pdf)
### Abstract
The decentralisation of autonomous Unmanned Aircraft Systems (UAS) introduces significant challenges for establishing secure communication and consensus in contested, resource-constrained environments. This research addresses these challenges by conducting a comprehensive performance evaluation of two cryptographic technologies: Messaging Layer Security (MLS) for group key exchange, and threshold signatures (FROST and BLS) for decentralised consensus. Seven leading open-source libraries were methodically assessed through a series of static, network-simulated, and novel bulk-signing benchmarks to measure their computational efficiency and practical resilience. This paper confirms that MLS is a viable solution, capable of supporting the group sizes and throughput requirements of a UAS swarm. It corroborates prior work by identifying the Cisco MLSpp library as unsuitable for dynamic environments due to poorly scaling group management functions, while demonstrating that OpenMLS is a highly performant and scalable alternative. Furthermore, the findings show that operating MLS in a 'Key Management' mode offers a dramatic increase in performance and resilience, a critical trade-off for UAS operations. For consensus, the benchmarks reveal a range of compromises for developers to consider, while identifying the Zcash FROST implementation as the most effective all-around performer for sustained, high-volume use cases due to its balance of security features and efficient verification.
## 2026/513
* Title: zkBSA: Auditable Blockchain Stealth Address
* Authors: Siyuan Zheng, Zhe Han
* [Permalink](
https://eprint.iacr.org/2026/513)
* [Download](
https://eprint.iacr.org/2026/513.pdf)
### Abstract
Stealth addresses provide receiver privacy but lack mechanisms for regulatory compliance, creating a critical gap in regulated financial blockchains where amounts are transparent yet identities must remain private. We present zkBSArCothe first modular framework for auditable stealth addresses that reconciles unlinkability with enforceable KYC/AML compliance. zkBSA combines four orthogonal components: a stealth address scheme, public-key encryption for secure audit data transmission, a vector commitment to a public compliance whitelist, and a zero-knowledge proof system. This enables preventive on-chain verification: transactions to non-whitelisted receivers are cryptographically rejected, while authorized auditors can decrypt receiver identities for oversight. We formalize a dual-adversary security modelrCocapturing unlinkability against public observers and compliance soundness against malicious sendersrCoand prove zkBSArCOs security under standard cryptographic assumptions. We implement a practical proof-of-concept using ERC-5564, EC-ElGamal, Merkle trees, and RISC Zero zkVM. Our evaluation demonstrates scalability to 16 million users, with proof generation under 5.3 seconds and fixed on-chain verification cost (~235k gas). zkBSA thus enables real-world deployment of privacy-preserving yet regulator-compliant transactions, bridging privacy-enhancing technologies and regulatory requirements in amount-transparent settings.
## 2026/514
* Title: Secure Matrix Invertibility Testing over Fields of Small Order or Characteristics
* Authors: Seungwoo Han, Jooyoung Lee, Seungmin Park, Mincheol Son
* [Permalink](
https://eprint.iacr.org/2026/514)
* [Download](
https://eprint.iacr.org/2026/514.pdf)
### Abstract
Multi-party matrix invertibility testing over finite fields of small order or characteristic is a pivotal operation for thresholdizing Multivariate Quadratic (MQ) signature schemes. However, achieving perfect privacy in a constant number of rounds remains a challenge: existing solutions are not perfectly secure with leakage of certain information or inefficient in terms of computational and communication complexity, in particular, when $p\leq n$, where $p$ and $n$ denote the characteristic of the underlying field and the matrix size, respectively.
To address these limitations, we propose two protocols for perfectly secure multi-party testing of matrix invertibility. The first protocol extends the Cramer-Damg{\aa}rd protocol to fields of small order by employing the field lifting technique. The second protocol is based on a multiparty computation of the Samuelson-Berkowitz algorithm, specifically designed for fields with a small characteristic where $p \leq n$. Both constructions are formalized in the Arithmetic Black-Box (ABB) model with the Shamir's secret sharing scheme.
We show that both protocols achieve perfect privacy with the tradeoff between online and offline rounds. Specifically, the first protocol runs in $7$ offline rounds with complexity $O(N \cdot n^4+n^5)$ and in $3$ online rounds with complexity $O(n^3)$, and the second protocol runs in $3$ offline rounds with complexity $O(n^3)$ and in $9$ online rounds with complexity $O(n^4)$, where $n$ is the matrix size and $N$ is the number of parties.
## 2026/515
* Title: Privacy at your Fingertips: Enabling Rapid Client-Side Operations in Fully Homomorphic Encryption
* Authors: Aikata Aikata, Florian Krieger, Sujoy Sinha Roy
* [Permalink](
https://eprint.iacr.org/2026/515)
* [Download](
https://eprint.iacr.org/2026/515.pdf)
### Abstract
Fully Homomorphic Encryption (FHE) allows users to offload large computations to servers without revealing the underlying data. Due to this unique feature, it is applicable to a variety of domains, including privacy-preserving Machine Learning. However, all FHE schemes have two problems- slow encryption/decryption and substantial ciphertext expansion. Thus, despite its significant potential, the practical implementation of FHE faces considerable challenges due to massive computation and communication overhead. In this work we address this gap, and propose a novel \tonetwo approach to optimize client-side homomorphic encryption, leveraging bootstrapping.
This technique minimizes ciphertext expansion and reduces the communication overhead on the server as well as the client. We also eliminate the need for encoding and decoding by the client, thereby omitting the floating-point arithmetic requirement for FHE over approximate numbers. The elegance of this technique lies in its ability to utilize the built-in FHE routines and inherently maintain security and precision guarantees. The proposed technique reduces the enc/decryption computation and communication requirements by up to $97\%$. We employ the proposed techniques to develop a framework for FHE client operations that is compatible with both software and hardware platforms. We conduct a comprehensive design analysis and FPGA prototyping, present ASIC synthesis results, and provide microcontroller performance evaluations. The efficient architecture design methodology demonstrates up to $76\times$ speedup compared to prior works on the same platform.
## 2026/516
* Title: Towards Compact UOV-Based MQ Signatures: Rectangular and Lifted Whipping Structures
* Authors: Quang-Duc Nguyen, Minh Hieu Nguyen
* [Permalink](
https://eprint.iacr.org/2026/516)
* [Download](
https://eprint.iacr.org/2026/516.pdf)
### Abstract
Multivariate quadratic (MQ) signatures offer fast signing and verification with small signatures, but their practicality is often limited by large public keys. Recent schemes, such as MAYO, address this limitation by employing the "whipping" technique. This method utilizes emulsifier matrices to expand a mini-UOV map into a larger one while ensuring that signing reduces to solving a linear system a linear system that is full-rank with high probability. In this work, we propose two general improvements to whipping structures that can be broadly applied to UOV-based whipped signatures. First, we introduce rectangular emulsifier matrices. This approach allows the underlying UOV instance to utilize fewer equations, yielding significantly smaller public keys and potentially faster operations, while strictly preserving the necessary full-rank behavior for the core linear combinations of the emulsifiers. Second, we propose lifting the emulsifier matrices to an extension field while maintaining the base UOV map over the ground field. By leveraging the whipping technique to keep the variable-to-equation ratio close to one, this structural modification effectively avoids known lifted system attacks. By combining both techniques, we design a new variant MAYO$^reA_L$ and provide a detailed security analysis against known forgery and key-recovery attacks, and propose parameter sets that improve public key and signature sizes at comparable security levels. Finally, we discuss the applicability of these improvements to SNOVA, noting that due to SNOVArCOs specific design constraints, the lifting technique integrates much more seamlessly than the rectangular matrix modification.
## 2026/517
* Title: Multi-Instance Security Degradation of Code-Based KEMs
* Authors: Alexander May, Gabriel S|i Diogo
* [Permalink](
https://eprint.iacr.org/2026/517)
* [Download](
https://eprint.iacr.org/2026/517.pdf)
### Abstract
The security of most prominent code-based key encapsulation mechanisms (KEMs) relies on the hardness of the syndrome decoding problem. It is well-known that in the presence of $n$ syndromes, one gets a speed-up of roughly $\sqrt n$ for decoding a single syndrome by a technique called Decoding One Out of Many (DOOM), due to Sendrier.
Modern code-based schemes like HQC and BIKE work over a polynomial ring $\mathbb{F}_2[X]/(X^n-1)$ that naturally leads to $n$ syndromes. As a consequence, DOOM-type speed-ups of $\sqrt n$ have been taking into account for the HQC and BIKE parameter selection in the single-instance setting.
However, we analyse a naturally appearing multi-instance setting, where the same public key is used to derive $M$ session keys $K^{(1)}, \ldots, K^{(M)}$. Our attack goal is to reconstruct a single session key $K^{(i)}$.
We show that in an HQC and BIKE multi-instance setting an attacker can construct a DOOM instance with $nM$ syndromes. In a Classic McEliece multi-instance setting, an attacker obtains $M$ syndromes. Our results show that multi-instance security of code-based KEMs degrades as a function of $M$. For KEMs designed for NIST security level 1 we drop below the desired $143$ bits for a number of session keys $M \geq 2^{69}$ ($\texttt{HQC-1}$), $M \geq 2^{8}$ ($\texttt{BIKE-1}$), respectively $M \geq 2^{15}$ ($\texttt{mcecliece3488-64}$).
For HQC, we also analyse a Common Code setting, where all users share the same public quasi-cyclic code. We propose a DOOM-type attack that recovers a secret key given $M$ public keys. Our attack works within less than $143$ bit time complexity using $M \geq 2^{9}$ users. As a consequence, HQC should not be used in a Common Code setting.
## 2026/518
* Title: ${{\mathsf{SMA}^2\mathsf{RT}}}$ : Secret-Metadata Attribute-based Anonymous Rate-limited Tokens
* Authors: Anna Lysyanskaya, Eileen Nolan
* [Permalink](
https://eprint.iacr.org/2026/518)
* [Download](
https://eprint.iacr.org/2026/518.pdf)
### Abstract
In high-volume online servicesrCosuch as privacy-preserving CAPTCHA bypass or metered paywallsrCoservice providers must filter malicious traffic without compromising user privacy. Anonymous tokens with private metadata (ATPM) address this by embedding a hidden bit into a userrCOs token; for example, indicating whether the user is suspected to be a bot. However, existing ATPM constructions are limited by high communication complexity, requiring a fresh interaction with the issuer for every single token. Furthermore, they lack support for fine-grained policy requirements, preventing service providers from verifying user attributes (such as age or subscription status) without stripping away anonymity.
In this work, we bridge this gap by introducing ${{\mathsf{SMA}^2\mathsf{RT}}}$ (Secret Metadata Attribute-based Anonymous Rate-limited Tokens). For the first time in the hidden-metadata context, our construction supports selective attribute disclosure, thereby bridging the gap between the anonymous credentials and anonymous tokens literatures. Our construction leverages signatures on equivalence classes (SEQ) to achieve an rCLissue once, spend N timesrCY capability. This allows a user to interact with the issuer only once to obtain a master credential and subsequently derive up to N unlinkable, valid tokens locally, without further online communication. This significantly reduces server load and network latency, making the scheme highly practical for real-time web applications. Each derived token preserves the issuerrCOs hidden metadata bit and supports selective disclosure of the userrCOs attributes
## 2026/519
* Title: A Generalized Partial Exposure Lattice Attack Against an RSA variant Based on Cubic Pell Curves
* Authors: Michel Seck, Hortense Boudjou Tchapgnouo
* [Permalink](
https://eprint.iacr.org/2026/519)
* [Download](
https://eprint.iacr.org/2026/519.pdf)
### Abstract
Nitaj and Seck recently published an RSA variant (MJAGA 2024) based on the cubic Pell equation $\mathcal{P}_c(N): u^3+cv^3+c^2w^3-3cuvw= 1$ over $\mathbb{Z}/N\mathbb{Z}$ when $N=p^rq^s$. In their cryptosystem, the public exponent $e$ and the private exponent $d$ are related to the key equation $d\equiv e^{-1}\pmod{p^{2(r-1)}q^{2(s-1)}(p-1)^2(q-1)^2}$. In AfricaCrypt 2025, Rahmani and Nitaj published a lattice attack on their scheme in the particular case of $r=s=1$ by exploiting the key equation $ed - (p-1)^2(q-1)^2 k = 1$.
In this paper, we present a new generalized partial exposure lattice attack on the scheme of Nitaj and Seck by examining the key equation $eu_0 - (p-1)^2(q-1)^2 v_0 = w_0$ when some bits of $p$ or $q$ are known.
## 2026/520
* Title: Sparse optimisation and quantum-inspired encoding for ransomware detection
* Authors: Elodie Mutombo Ngoie, Mike Wa Nkongolo
* [Permalink](
https://eprint.iacr.org/2026/520)
* [Download](
https://eprint.iacr.org/2026/520.pdf)
### Abstract
Ransomware remains a persistent cybersecurity threat difficult to detect due to high-dimensional network traffic and sophisticated obfuscation techniques. Existing feature selection methods often struggle with redundancy, noise, and the curse of dimensionality, leading to poor generalisation and limited interpretability in ransomware detection. To address these challenges, we propose BioSparse-MCP, a hybrid feature selection framework that integrates gradient-based optimisation with the Minimax Concave Penalty (MCP) to enforce sparsity, alongside a Rotated Circular Partitioning (RCP) strategy to improve the spatial organisation of selected features. This design reduces redundancy, enhances discriminative power, and provides rotation-aware representations that overcome the limitations of conventional dimensionality reduction. The framework further incorporates a Quantum Feature Mapping (QFM)-inspired geometric transformation, in which features are projected onto a spherical space, rotated, and partitioned into angular sectors, while preserving linear computational complexity. All RCP and QFM operations are classically simulated, ensuring compatibility with conventional machine learning pipelines and real-time deployment without specialised hardware. Implemented in Python using standard numerical libraries, BioSparse-MCP was evaluated on 149,043 network traffic instances with an ensemble of KNN and LSTM models. The approach achieved high detection accuracy with a low False Positive Rate (0.25%). Feature attribution analysis highlights cryptocurrency addresses, threat signatures, and IP-level features as key contributors. These results demonstrate that combining sparse optimisation with quantum-inspired geometric encoding provides an efficient and interpretable solution for ransomware detection in high-dimensional network environments.
## 2026/521
* Title: UniMSM: An Efficient and Flexible Hardware Accelerator for Multi-Scalar Multiplication
* Authors: Kaixuan Wang, Yifan Yanggong, Chenti Baixiao, Xiaoyu Yang, Lei Wang * [Permalink](
https://eprint.iacr.org/2026/521)
* [Download](
https://eprint.iacr.org/2026/521.pdf)
### Abstract
Multi-scalar multiplication (MSM) is a central kernel in cryptographic systems, which evaluates large linear combinations of elliptic-curve points.
Practical MSMs couple millions of terms with hundreds-of-bit modular arithmetic, while PippengerrCOs bucket flow introduces irregular memory updates that can severely degrade utilization under deep pipelines.
In this paper, we present UniMSM, an efficient and flexible hardware accelerator for MSM across practical problem sizes and diverse curve parameters.
First, we design a pipelined point adder based on the extended Jacobian coordinate system and employ a time-multiplexed datapath to reduce modular multiplier cost while sustaining high throughput.
Second, we introduce a conflict-aware scheduling scheme to address bucket-update conflicts and preserve utilization under irregular accesses.
Third, we develop a hardware-friendly variant of the Pippenger algorithm to reduce intermediate storage overhead and serial dependencies in aggregation.
Compared with prior FPGA accelerators, UniMSM achieves up to 2.12$\times$ improvement in area-time product.
Furthermore, UniMSM in ASIC achieves up to a 3.85$\times$ improvement in ATP compared to the SOTA accelerator.
--- Synchronet 3.21d-Linux NewsLink 1.2