Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: IACR ePrint Archive <noreply@example.invalid>
Newsgroups: sci.crypt
Subject: [digest] 2025 Week 15
Date: Mon, 14 Apr 2025 02:29:10 -0000
Organization: A noiseless patient Spider
Lines: 1732
Message-ID: <J7ajSyF9ophLMxBAvBAQcf-Vy-teT4La@eprint.iacr.org.invalid>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Injection-Date: Mon, 14 Apr 2025 04:29:14 +0200 (CEST)
Injection-Info: dont-email.me; posting-host="700163dd2beb03da3c9511be2d083d2c";
	logging-data="339451"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19aNjEPJPoP5WYLMwSBlA5b3zQ5BiqS+04="
Cancel-Lock: sha1:rIQ4hJOEAr9zd+6t2Dl5Etjducw=
Bytes: 93472

## In this issue

1. [2024/746] The Art of Bonsai: How Well-Shaped Trees Improve ...
2. [2025/378] Side-Channel and Fault Injection Attacks on VOLEitH ...
3. [2025/612] More NTRU+Sign Signatures from Cyclotomic Trinomials
4. [2025/621] SPHINCSLET: An Area-Efficient Accelerator for the ...
5. [2025/622] Byzantine Reliable Broadcast and Tendermint ...
6. [2025/623] CertainSync: Rateless Set Reconciliation with Certainty
7. [2025/624] Trapdoor one-way functions from tensors
8. [2025/625] FHECAP: An Encrypted Control System with Piecewise ...
9. [2025/626] Tree-based Quantum Carry-Save Adder
10. [2025/627] Everlasting Fully Dynamic Group Signatures
11. [2025/628] Improving the Masked Division for the FALCON Signature
12. [2025/629] Audience Injection Attacks: A New Class of Attacks ...
13. [2025/630] Charge Your Clients: Payable Secure Computation and ...
14. [2025/631] Dyna-hinTS: Silent Threshold Signatures for Dynamic ...
15. [2025/632] On breaking McEliece keys using brute force
16. [2025/633] Hybrid-query bounds with partial input control - ...
17. [2025/634] Cryptography based on 2D Ray Tracing
18. [2025/635] Towards Scalable YOSO MPC via Packed Secret-Sharing
19. [2025/636] Impossible Differential Attack on SAND-64
20. [2025/637] A Study of Blockchain Consensus Protocols
21. [2025/638] Round-Efficient Adaptively Secure Threshold ...
22. [2025/639] Cryptomania v.s. Minicrypt in a Quantum World
23. [2025/640] Multi-Party Private Set Operations from Predicative ...
24. [2025/641] Scalable Non-Fungible Tokens on Bitcoin
25. [2025/642] A Meta-Complexity Characterization of Quantum ...
26. [2025/643] Obfuscation for Deep Neural Networks against Model ...
27. [2025/644] Attacking at non-harmonic frequencies in screaming- ...
28. [2025/645] GIGA Protocol: Unlocking Trustless Parallel ...
29. [2025/646] Secret-Key PIR from Random Linear Codes
30. [2025/647] Anamorphic Voting: Ballot Freedom Against Dishonest ...
31. [2025/648] HQC Beyond the BSC: Towards Error Structure-Aware ...
32. [2025/649] Guaranteed Termination Asynchronous Complete Secret ...
33. [2025/650] ADC-BE: Optimizing Worst-Case Bandwidth in ...
34. [2025/651] Low-Latency Bootstrapping for CKKS using Roots of Unity
35. [2025/652] MultiCent: Secure and Scalable Centrality Measures ...
36. [2025/653] Fission: Distributed Privacy-Preserving Large ...
37. [2025/654] ECDSA Cracking Methods
38. [2025/655] Taking AI-Based Side-Channel Attacks to a New Dimension
39. [2025/656] Unbounded Multi-Hop Proxy Re-Encryption with HRA ...
40. [2025/657] Key Derivation Functions Without a Grain of Salt
41. [2025/658] Efficient Verifiable Mixnets from Lattices, Revisited
42. [2025/659] Scalable and Fine-Tuned Privacy Pass from Group ...
43. [2025/660] Eccfrog512ck2: An Enhanced 512-bit Weierstrass ...
44. [2025/661] An LLM Framework For Cryptography Over Chat Channels
45. [2025/662] Attribute-Based Publicly Verifiable Secret Sharing
46. [2025/663] Intermundium-DL: Assessing the Resilience of ...
47. [2025/664] Publicly Verifiable Generalized Secret Sharing ...
48. [2025/665] MProve-Nova: A Privacy-Preserving Proof of Reserves ...
49. [2025/666] Adaptive Robustness of Hypergrid Johnson-Lindenstrauss
50. [2025/667] Vector Commitment Design, Analysis, and ...

## 2024/746

* Title: The Art of Bonsai: How Well-Shaped Trees Improve the Communication C=
ost of MLS
* Authors: C=C3=A9line Chevalier, Guirec Lebrun, Ange Martinelli, J=C3=A9r=C3=
=B4me Pl=C3=BBt
* [Permalink](https://eprint.iacr.org/2024/746)
* [Download](https://eprint.iacr.org/2024/746.pdf)

### Abstract

Messaging Layer Security (MLS) is a Secure Group Messaging protocol that uses=
 for its handshake a binary tree =E2=80=93 called a Ratchet Tree =E2=80=93 in=
 order to reach a logarithmic communication cost in the number of group membe=
rs. This Ratchet Tree represents users as its leaves; therefore any change in=
 the group membership results in adding or removing a leaf in the tree. MLS c=
onsequently implements what we call a tree evolution mechanism, consisting of=
 a user add algorithm =E2=80=93 determining where to insert a new leaf =E2=80=
=93 and a tree expansion process =E2=80=93 stating how to increase the size o=
f the tree when no space is available for a new user. The tree evolution mech=
anism currently used by MLS is designed so that it naturally left-balances th=
e Ratchet Tree. However, such a tree structure is often quite inefficient in =
terms of communication cost. Furthermore, one may wonder whether the binary R=
atchet Tree has a degree optimized for the features of MLS.

Therefore, we study in this paper how to improve the communication cost of th=
e handshake in MLS =E2=80=93 realized through an operation called a commit =
=E2=80=93 by considering both the tree evolution mechanism and the tree degre=
e used for the Ratchet Tree. To do so, we determine the tree structure that o=
ptimizes its communication cost and we propose algorithms for both the user a=
dd and the tree expansion processes, that allow to remain close to that optim=
al structure and thus to have a communication cost as close as possible to th=
e optimum. We also find out the Ratchet Tree degree that is best suited to a =
given set of parameters induced by the encryption scheme used by MLS. This st=
udy shows that when using classical (i.e. pre-quantum) ciphersuites, a binary=
 tree is indeed the most appropriate Ratchet Tree; nevertheless, with post-qu=
antum algorithms, it generally becomes more interesting to use instead a tern=
ary tree.

Our improvements do not change the TreeKEM protocol and are easy to implement=
.. With parameter sets corresponding to practical ciphersuites, they reduce Tr=
eeKEM=E2=80=99s communication cost by 5 to 10%. In particular, the gain of 10=
% appears in the post-quantum setting =E2=80=93 when both an optimized tree e=
volution mechanism and a ternary tree are necessary =E2=80=93, which is preci=
sely the context where any optimization of the protocol=E2=80=99s communicati=
on cost is welcome, due to the large bandwidth of PQ encrypted communication.



## 2025/378

* Title: Side-Channel and Fault Injection Attacks on VOLEitH Signature Scheme=
s: A Case Study of Masked FAEST
* Authors: S=C3=B6nke Jendral, Elena Dubrova
* [Permalink](https://eprint.iacr.org/2025/378)
* [Download](https://eprint.iacr.org/2025/378.pdf)

### Abstract

Ongoing efforts to transition to post-quantum public-key cryptosystems have c=
reated the need for algorithms with a variety of performance characteristics =
and security assumptions.
Among the candidates in NIST's post-quantum standardisation process for addit=
ional digital signatures is FAEST, a Vector Oblivious Linear Evaluation in-th=
e-Head (VOLEitH)-based scheme, whose security relies on the one-wayness of th=
e Advanced Encryption Standard (AES).
The VOLEitH paradigm enables competitive performance and signature sizes unde=
r conservative security assumptions.
However, since it was introduced recently, in 2023, its resistance to physica=
l attacks has not yet been analysed. In this paper, we present the first secu=
rity analysis of VOLEitH-based signature schemes in the context of side-chann=
el and fault injection attacks. We demonstrate four practical attacks on a ma=
sked implementation of FAEST in ARM Cortex-M4 capable of recovering the full =
secret key with high probability (greater than 0.87) from a single signature.=
 These attacks exploit vulnerabilities of components specific to VOLEitH sche=
mes and FAEST, such as the parallel all-but-one vector commitments, the VOLE =
generation, and the AES proof generation. Finally, we propose countermeasures=
 to mitigate these attacks and enhance the physical security of VOLEitH-based=
 signature schemes.



## 2025/612

* Title: More NTRU+Sign Signatures from Cyclotomic Trinomials
* Authors: Ga Hee Hong, Joo Woo, Jonghyun Kim, Minkyu Kim, Hochang Lee, Jong =
Hwan Park
* [Permalink](https://eprint.iacr.org/2025/612)
* [Download](https://eprint.iacr.org/2025/612.pdf)

### Abstract

Recently, $\mathsf{NTRU}$+$\mathsf{Sign}$ was proposed as a new compact signa=
ture scheme, following `Fiat-Shamir with Aborts' (FSwA) framework. Its compac=
tness is mainly based on their novel NTRU-based key structure that fits well =
with bimodal distributions in the FSwA framework. However, despite its compac=
tness, $\mathsf{NTRU}$+$\mathsf{Sign}$ fails to provide a diverse set of para=
meters that can meet some desired security levels. This limitation stems from=
 its reliance on a ring $\mathbb{Z}_q[x]/\langle x^n+1 \rangle$, where $n$ is=
 restricted to powers of two, limiting the flexibility in selecting appropria=
te security levels. To overcome this limitation, we propose a revised version=
 of $\mathsf{NTRU}$+$\mathsf{Sign}$ by adopting a ring $\mathbb{Z}_q[x]/\lang=
le x^n-x^{n/2}+1\rangle$ from cyclotomic trinomials, where $n=3D2^{i}3^{j}$ f=
or some positive integers $i$ and $j$. Our parameterization offers three dist=
inct security levels: approximately $120$, $190$, and $260$ bits, while prese=
rving the compactness in $\mathbb{Z}_q[x]/\langle x^n+1 \rangle$. We implemen=
t these re-parameterized $\mathsf{NTRU}$+$\mathsf{Sign}$ schemes, showing tha=
t the performance of $\mathsf{NTRU}$+$\mathsf{Sign}$ from cyclotomic trinomia=
ls is still comparable to previous lattice-based signature schemes such as $\=
mathsf{Dilithium}$ and $\mathsf{HAETAE}$.



## 2025/621

* Title: SPHINCSLET: An Area-Efficient Accelerator for the Full SPHINCS+ Digi=
tal Signature Algorithm
* Authors: Sanjay Deshpande, Yongseok Lee, Cansu Karakuzu, Jakub Szefer, Yunh=
eung Paek
* [Permalink](https://eprint.iacr.org/2025/621)
* [Download](https://eprint.iacr.org/2025/621.pdf)

### Abstract

This work presents SPHINCSLET, the first fully standard-compliant and area-ef=
ficient hardware implementation of the SLH-DSA algorithm, formerly known as S=
PHINCS+, a post-quantum digital signature scheme. SPHINCSLET is designed to b=
e parameterizable across different security levels and hash functions, offeri=
ng a balanced trade-off between area efficiency and performance. Existing har=
dware implementations either feature a large area footprint to achieve fast s=
========== REMAINDER OF ARTICLE TRUNCATED ==========