| Deutsch English Français Italiano |
|
<7VFKDcTWLUahsTDgOg36fJ9LxhHuy0Wl@eprint.iacr.org.invalid> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!weretis.net!feeder8.news.weretis.net!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail From: IACR ePrint Archive <noreply@example.invalid> Newsgroups: sci.crypt Subject: [digest] 2024 Week 30 Date: Mon, 29 Jul 2024 02:26:25 -0000 Organization: A noiseless patient Spider Lines: 1078 Message-ID: <7VFKDcTWLUahsTDgOg36fJ9LxhHuy0Wl@eprint.iacr.org.invalid> MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Injection-Date: Mon, 29 Jul 2024 04:26:32 +0200 (CEST) Injection-Info: dont-email.me; posting-host="300283253f1cd75b516e3ea2a65ce787"; logging-data="337641"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+Ak34NCzNZSrAAiESOG9oLxXwM4iDPm3Y=" Cancel-Lock: sha1:1BT7QPRIVKF3ZwP9qr7ULIZXnOM= Bytes: 59788 ## In this issue 1. [2024/875] Succinctly-Committing Authenticated Encryption 2. [2024/1179] Inner Product Ring LWE Problem, Reduction, New ... 3. [2024/1180] Fast computation of 2-isogenies in dimension 4 and ... 4. [2024/1181] AQQUA: Augmenting Quisquis with Auditability 5. [2024/1182] Hyperion: Transparent End-to-End Verifiable Voting ... 6. [2024/1183] Updatable Private Set Intersection from Structured ... 7. [2024/1184] Sanitizable and Accountable Endorsement for Dynamic ... 8. [2024/1185] Erebor and Durian: Full Anonymous Ring Signatures ... 9. [2024/1186] MATTER: A Wide-Block Tweakable Block Cipher 10. [2024/1187] STORM =E2=80=94 Small Table Oriented Redundancy-based SCA ... 11. [2024/1188] Lightweight Dynamic Linear Components for Symmetric ... 12. [2024/1189] The Espresso Sequencing Network: HotShot Consensus, ... 13. [2024/1190] Efficient Two-Party Secure Aggregation via ... 14. [2024/1191] A note on ``a novel authentication protocol for ... 15. [2024/1192] Towards ML-KEM & ML-DSA on OpenTitan 16. [2024/1193] The syzygy distinguisher 17. [2024/1194] Hardware Implementation and Security Analysis of ... 18. [2024/1195] Efficient Implementation of Super-optimal Pairings ... 19. [2024/1196] Client-Aided Privacy-Preserving Machine Learning 20. [2024/1197] Optimizing Rectangle and Boomerang Attacks: A ... 21. [2024/1198] ECO-CRYSTALS: Efficient Cryptography CRYSTALS on ... 22. [2024/1199] On degrees of carry and Scholz's conjecture 23. [2024/1200] Depth-Aware Arithmetization of Common Primitives in ... 24. [2024/1201] Designing a General-Purpose 8-bit (T)FHE Processor ... 25. [2024/1202] Prover - Toward More Efficient Formal Verification ... 26. [2024/1203] Preservation of Speculative Constant-time by ... 27. [2024/1204] A fast heuristic for mapping Boolean circuits to ... 28. [2024/1205] Analysis of One Scheme for User Authentication and ... 29. [2024/1206] Applying Post-Quantum Cryptography Algorithms to a ... 30. [2024/1207] What Have SNARGs Ever Done for FHE? 31. [2024/1208] H=E1=B4=87=E1=B4=8B=E1=B4=80=E1=B4=9B=E1=B4=8F=C9=B4: Horizon= tally-Scalable zkSNARKs via Proof ... 32. [2024/1209] Collaborative CP-NIZKs: Modular, Composable Proofs ... ## 2024/875 * Title: Succinctly-Committing Authenticated Encryption * Authors: Mihir Bellare, Viet Tung Hoang * [Permalink](https://eprint.iacr.org/2024/875) * [Download](https://eprint.iacr.org/2024/875.pdf) ### Abstract Recent attacks and applications have led to the need for symmetric encryption= schemes that, in addition to providing the usual authenticity and privacy, a= re also committing. In response, many committing authenticated encryption sch= emes have been proposed. However, all known schemes, in order to provide s bi= ts of committing security, suffer an expansion---this is the length of the ci= phertext minus the length of the plaintext---of 2s bits. This incurs a cost i= n bandwidth or storage. (We typically want s=3D128, leading to 256-bit expans= ion.) However, it has been considered unavoidable due to birthday attacks. We= show how to bypass this limitation. We give authenticated encryption (AE) sc= hemes that provide s bits of committing security, yet suffer expansion only a= round s as long as messages are long enough, namely more than s bits. We call= such schemes succinct. We do this via a generic, ciphertext-shortening trans= form called SC: given an AE scheme with 2s-bit expansion, SC returns an AE sc= heme with s-bit expansion while preserving committing security. SC is very ef= ficient; an AES-based instantiation has overhead just two AES calls. As a too= l, SC uses a collision-resistant invertible PRF called HtM, that we design, a= nd whose analysis is technically difficult. To add the committing security th= at SC assumes to a base scheme, we also give a transform CTY that improves Ch= an and Rogaway's CTX. Our results hold in a general framework for authenticat= ed encryption, called AE3, that includes both AE1 (also called AEAD) and AE2 = (also called nonce-hiding AE) as special cases, so that we in particular obta= in succinctly-committing AE schemes for both these settings. ## 2024/1179 * Title: Inner Product Ring LWE Problem, Reduction, New Trapdoor Algorithm fo= r Inner Product Ring LWE Problem and Ring SIS Problem * Authors: Zhuang Shan, Leyou Zhang, Qing Wu, Qiqi Lai * [Permalink](https://eprint.iacr.org/2024/1179) * [Download](https://eprint.iacr.org/2024/1179.pdf) ### Abstract Lattice cryptography is currently a major research focus in public-key encryp= tion, renowned for its ability to resist quantum attacks. The introduction of= ideal lattices (ring lattices) has elevated the theoretical framework of lat= tice cryptography. Ideal lattice cryptography, compared to classical lattice = cryptography, achieves more acceptable operational efficiency through fast Fo= urier transforms. However, to date, issues of impracticality or insecurity pe= rsist in ideal lattice problems. In order to provide a reasonable and secure = trapdoor algorithm, this paper introduces the concept of "Inner Product Ring = LWE" and establishes its quantum resistance and indistinguishability using kn= owledge of time complexity, fixed-point theory, and statistical distances. In= ner product Ring LWE is easier to construct trapdoor algorithms compared to R= ing LWE. Additionally, leveraging the properties of NTRU, we propose a more s= ecure Ring SIS trapdoor algorithm. ## 2024/1180 * Title: Fast computation of 2-isogenies in dimension 4 and cryptographic app= lications * Authors: Pierrick Dartois * [Permalink](https://eprint.iacr.org/2024/1180) * [Download](https://eprint.iacr.org/2024/1180.pdf) ### Abstract Dimension 4 isogenies have first been introduced in cryptography for the cryp= tanalysis of Supersingular Isogeny Diffie-Hellman (SIDH) and have been used c= onstructively in several schemes, including SQIsignHD, a derivative of SQIsig= n isogeny based signature scheme. Unlike in dimensions 2 and 3, we can no lon= ger rely on the Jacobian model and its derivatives to compute isogenies. In d= imension 4 (and higher), we can only use theta-models. Previous works by Roma= in Cosset, David Lubicz and Damien Robert have focused on the computation of = $\ell$-isogenies in theta-models of level $n$ coprime to $\ell$ (which requir= es to use $n^g$ coordinates in dimension $g$). For cryptographic applications= , we need to compute chains of $2$-isogenies, requiring to use $\geq 3^g$ coo= rdinates in dimension $g$ with state of the art algorithms. =20 In this paper, we present algorithms to compute chains of $2$-isogenies betwe= en abelian varieties of dimension $g\geq 1$ with theta-coordinates of level $= n=3D2$, generalizing a previous work by Pierrick Dartois, Luciano Maino, Giac= omo Pope and Damien Robert in dimension $g=3D2$. We propose an implementation= of these algorithms in dimension $g=3D4$ to compute endomorphisms of ellipti= c curve products derived from Kani's lemma with applications to SQIsignHD and= SIDH cryptanalysis. We are now able to run a complete key recovery attack on= SIDH when the endomorphism ring of the starting curve is unknown within a fe= w seconds on a laptop for all NIST SIKE parameters. ## 2024/1181 * Title: AQQUA: Augmenting Quisquis with Auditability * Authors: George Papadoulis, Danai Balla, Panagiotis Grontas, Aris Pagourtzis * [Permalink](https://eprint.iacr.org/2024/1181) * [Download](https://eprint.iacr.org/2024/1181.pdf) ### Abstract We propose AQQUA: a digital payment system that combines auditability and pri= vacy. AQQUA extends Quisquis by adding two authorities; one for registration = and one for auditing. These authorities do not intervene in the everyday tran= saction processing; as a consequence, the decentralized nature of the cryptoc= urrency is not disturbed. Our construction is account-based. An account consi= sts of an updatable public key which functions as a cryptographically unlinka= ble pseudonym, and of commitments to the balance, the total amount of coins s= pent, and the total amount of coins received. In order to participate in the = system a user creates an initial account with the registration authority. To = protect their privacy, whenever the user wants to transact they create unlink= able new accounts by updating their public key and the total number of accoun= ts they own (maintained in committed form). The audit authority may request a= n audit at will. The user must prove in zero-knowledge that all their account= s are compliant to specific policies. We formally define a security model ca= pturing the properties that a private and auditable digital payment system sh= ould possess and we analyze the security of AQQUA under this model. ## 2024/1182 * Title: Hyperion: Transparent End-to-End Verifiable Voting with Coercion Mit= igation * Authors: Aditya Damodaran, Simon Rastikian, Peter B. R=C3=B8nne, Peter Y A = Ryan * [Permalink](https://eprint.iacr.org/2024/1182) * [Download](https://eprint.iacr.org/2024/1182.pdf) ### Abstract We present Hyperion, an end-to-end verifiable e-voting scheme that allows the= voters to identify their votes in cleartext in the final tally. In contrast = to schemes like Selene or sElect, identification is not via (private) tracker= numbers but via cryptographic commitment terms. After publishing the tally, = the Election Authority provides each voter with an individual dual key. Voter= s identify their votes by raising their dual key to their secret trapdoor key= and finding the matching commitment term in the tally.=20 The dual keys are self-certifying in that, without the voter's trapdoor key, = it is intractable to forge a dual key that, when raised to the trapdoor key, = will match an alternative commitment. On the other hand, a voter can use thei= r own trapdoor key to forge a dual key to fool any would-be coercer. Additionally, we propose a variant of Hyperion that counters the tracker coll= ision threat present in Selene. We introduce individual verifiable views: eac= h voter gets their own independently shuffled view of the master Bulletin Boa= ========== REMAINDER OF ARTICLE TRUNCATED ==========