Path: ...!weretis.net!feeder9.news.weretis.net!news.quux.org!eternal-september.org!feeder2.eternal-september.org!news.eternal-september.org!.POSTED!not-for-mail
From: IACR ePrint Archive <noreply@example.invalid>
Newsgroups: sci.crypt
Subject: [digest] 2024 Week 46
Date: Mon, 18 Nov 2024 03:30:16 -0000
Organization: A noiseless patient Spider
Lines: 1048
Message-ID: <izll_eaLTPRLAF9py0rXQOvb1WPg41sA@eprint.iacr.org.invalid>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Injection-Date: Mon, 18 Nov 2024 04:30:22 +0100 (CET)
Injection-Info: dont-email.me; posting-host="5453b1bd32052c7beb6f35fadc102da1";
	logging-data="1138725"; mail-complaints-to="abuse@eternal-september.org";	posting-account="U2FsdGVkX19oEpDn+FvgkcVvOwJgG8mvU8fRRVz27QY="
Cancel-Lock: sha1:i/6P2XySO1YdA2lqrDG8Gbp2TYs=
Bytes: 57266

## In this issue

1. [2024/1849] A Linearisation Method for Identifying Dependencies ...
2. [2024/1850] Single-trace side-channel attacks on MAYO ...
3. [2024/1851] Secure Transformer-Based Neural Network Inference ...
4. [2024/1852] Faster algorithms for isogeny computations over ...
5. [2024/1853] Giant Does NOT Mean Strong: Cryptanalysis of BQTRU
6. [2024/1854] A Zero-Knowledge PCP Theorem
7. [2024/1855] Lova: A Novel Framework for Verifying Mathematical ...
8. [2024/1856] "There's always another counter": Detecting Micro- ...
9. [2024/1857] Access-Controlled Inner Product Function-Revealing ...
10. [2024/1858] (In)Security of Threshold Fully Homomorphic ...
11. [2024/1859] Fully Encrypted Machine Learning Protocol using ...
12. [2024/1860] Constructions of self-orthogonal codes and LCD ...
13. [2024/1861] Another Lattice Attack Against an RSA-like Cryptosystem
14. [2024/1862] BatchZK: A Fully Pipelined GPU-Accelerated System ...
15. [2024/1863] Carbon Footprint Traction System Incorporated as ...
16. [2024/1864] Tweakable ForkCipher from Ideal Block Cipher
17. [2024/1865] Tightly-Secure Group Key Exchange with Perfect ...
18. [2024/1866] ARCHER: Architecture-Level Simulator for Side- ...
19. [2024/1867] Symmetric Twin Column Parity Mixers and their ...
20. [2024/1868] IMOK: A compact connector for non-prohibition ...
21. [2024/1869] Black-box Collision Attacks on the NeuralHash ...
22. [2024/1870] A Hard-Label Cryptanalytic Extraction of Non-Fully ...
23. [2024/1871] Field-Agnostic SNARKs from Expand-Accumulate Codes
24. [2024/1872] Amigo: Secure Group Mesh Messaging in Realistic ...
25. [2024/1873] $\mathsf{Cirrus}$: Performant and Accountable ...
26. [2024/1874] Multi-Holder Anonymous Credentials from BBS Signatures
27. [2024/1875] mUOV: Masking the Unbalanced Oil and Vinegar ...
28. [2024/1876] Unbounded Leakage-Resilient Encryption and Signatures
29. [2024/1877] On the Black-Box Complexity of Private-Key Inner- ...
30. [2024/1878] Tighter Security for Group Key Agreement in the ...

## 2024/1849

* Title: A Linearisation Method for Identifying Dependencies in Differential =
Characteristics: Examining the Intersection of Deterministic Linear Relations=
 and Nonlinear Constraints
* Authors: Ling Sun
* [Permalink](https://eprint.iacr.org/2024/1849)
* [Download](https://eprint.iacr.org/2024/1849.pdf)

### Abstract

The analytical perspective employed in the study classifies the theoretical r=
esearch on dependencies in differential characteristics into two types. By ca=
tegorising all dependence representations from the value restrictions and the=
 theory of quasidifferential trails, we pinpoint a specific set of nonlinear =
constraints, which we term linearised nonlinear constraints. We aim to establ=
ish a method that utilises value restrictions to identify these constraints, =
as the current method based on value restrictions is found to be lacking in t=
his area. A linearisation method for searching linearised nonlinear constrain=
ts for a given differential characteristic is developed by leveraging linear =
dependencies between inputs and outputs of active S-boxes. Then, we propose a=
 three-stage evaluation approach to more accurately evaluate differential cha=
racteristics with linearised nonlinear constraints. Four differential charact=
eristics of GIFT-64 are analysed using the three-stage evaluation approach, a=
nd the exact right key spaces and remaining probabilities are given. Accordin=
g to our results, the right key spaces of the four differential characteristi=
cs do not cover the entire key space, and the remaining probabilities are not=
 equivalent to the stated probabilities. Concerning GIFT-128, we find six dif=
ferential characteristics subject to linearised nonlinear constraints. Beside=
s, inconsistencies are detected in the linear and linearised nonlinear constr=
aints in the characteristics of two differentials employed to initiate the mo=
st effective differential attack on GIFT-128. Based on these results, we stro=
ngly advise reassessing the differential attacks that rely on these distingui=
shers. An additional advantage of using the linearisation method and the thre=
e-stage evaluation approach is their ability to identify linear and nonlinear=
 constraints in ciphers that utilise the Generalised Feistel Network (GFN). I=
t leads to the first instantiations of linear and nonlinear constraints in th=
e GFN cipher WARP.



## 2024/1850

* Title: Single-trace side-channel attacks on MAYO exploiting leaky modular m=
ultiplication
* Authors: S=C3=B6nke Jendral, Elena Dubrova
* [Permalink](https://eprint.iacr.org/2024/1850)
* [Download](https://eprint.iacr.org/2024/1850.pdf)

### Abstract

In response to the quantum threat, new post-quantum cryptographic algorithms =
will soon be deployed to replace existing public-key schemes. MAYO is a quant=
um-resistant digital signature scheme whose small keys and signatures make it=
 suitable for widespread adoption, including on embedded platforms with limit=
ed security resources. This paper demonstrates two single-trace side-channel =
attacks on a MAYO implementation in ARM Cortex-M4 that recover a secret key w=
ith probabilities of 99.9% and 91.6%, respectively. Both attacks use deep lea=
rning-assisted power analysis exploiting information leakage during modular m=
ultiplication to reveal a vector in the oil space. This vector is then extend=
ed to a full secret key using algebraic techniques.



## 2024/1851

* Title: Secure Transformer-Based Neural Network Inference for Protein Sequen=
ce Classification
* Authors: Jingwei Chen, Linhan Yang, Chen Yang, Shuai Wang, Rui Li, Weijie M=
iao, Wenyuan Wu, Li Yang, Kang Wu, Lizhong Dai
* [Permalink](https://eprint.iacr.org/2024/1851)
* [Download](https://eprint.iacr.org/2024/1851.pdf)

### Abstract

Protein sequence classification is crucial in many research areas, such as pr=
edicting protein structures and discovering new protein functions. Leveraging=
 large language models (LLMs) is greatly promising to enhance our ability to =
tackle protein sequence classification problems; however, the accompanying pr=
ivacy issues are becoming increasingly prominent. In this paper, we present a=
 privacy-preserving, non-interactive, efficient, and accurate protocol called=
 encrypted DASHformer to evaluate a transformer-based neural network for prot=
ein sequence classification named DASHformer, provided by the iDASH 2024-Trac=
k 1 competition.  The presented protocol is based on our solution for this co=
mpetition, which won the first place. It is arguably the first secure transfo=
rmer inference protocol capable of performing batch classification for multip=
le protein sequences in a single execution only using leveled homomorphic enc=
ryption (i.e., without bootstrapping). To achieve this, we propose a series o=
f new techniques and algorithmic improvements, including data-driven non-poly=
nomial function fitting, tensor packing, and double baby-step-giant-step for =
computing the product of multiple encrypted matrices. These techniques and im=
provements enable the protocol to classify $163$ encrypted protein sequences =
in about $165$ seconds with $128$-bit security, achieving an amortized time o=
f about one second per sequence.



## 2024/1852

* Title: Faster algorithms for isogeny computations over extensions of finite=
 fields
* Authors: Shiping Cai, Mingjie Chen, Christophe Petit
* [Permalink](https://eprint.iacr.org/2024/1852)
* [Download](https://eprint.iacr.org/2024/1852.pdf)

### Abstract

Any isogeny between two supersingular elliptic curves can be defined over $\m=
athbb{F}_{p^2}$, however, this does not imply that computing such isogenies c=
an be done with field operations in $\mathbb{F}_{p^2}$. In fact, the kernel g=
enerators of such isogenies are defined over extension fields of $\mathbb{F}_=
{p^2}$, generically with extension degree linear to the isogeny degree. Most =
algorithms related to isogeny computations are only efficient when the extens=
ion degree is small. This leads to efficient algorithms used in isogeny-based=
 cryptographic constructions, but also limits their parameter choices at the =
same time. In this paper, we consider three computational subroutines regardi=
ng isogenies, focusing on cases with large extension degrees: computing a bas=
is of $\ell$-torsion points, computing the kernel polynomial of an isogeny gi=
ven a kernel generator, and computing the kernel generator of an isogeny give=
n the corresponding quaternion ideal under the Deuring correspondence. We the=
n apply our algorithms to the constructive Deuring correspondence algorithm f=
rom Eriksen, Panny, Sot=C3=A1kov=C3=A1 and Veroni (LuCaNT'23) in the case of =
a generic prime characteristic, achieving around 30% speedup over their resul=
ts.



## 2024/1853

* Title: Giant Does NOT Mean Strong: Cryptanalysis of BQTRU
* Authors: Ali Raya, Vikas Kumar, Aditi Kar Gangopadhyay, Sugata Gangopadhyay
* [Permalink](https://eprint.iacr.org/2024/1853)
* [Download](https://eprint.iacr.org/2024/1853.pdf)

### Abstract

NTRU-like constructions are among the most studied lattice-based schemes. The=
 freedom of design of NTRU resulted in many variants in literature motivated =
by faster computations or more resistance against lattice attacks by changing=
 the underlying algebra. To the best of our knowledge, BQTRU (DCC 2017), a no=
ncommutative NTRU-like cryptosystem, is the fastest claimed variant of NTRU b=
uilt over the quaternion algebra of the bivariate ring of polynomials. The ke=
y generation and the encryption of BQTRU are claimed to be 16/7 times faster =
than standard NTRU for equivalent levels of security. For key recovery attack=
s, the authors claim that retrieving a decryption key is equivalent to solvin=
g the Shortest Vector Problem (SVP) in expanded Euclidean lattices of giant d=
imensions. This work disproves this claim and proposes practical key and mess=
age recovery attacks that break the moderate parameter sets of BQTRU estimate=
d to achieve $2^{92}$ message security and $2^{166}$ key security on a standa=
rd desktop within less than two core weeks. Furthermore, our analysis shows t=
========== REMAINDER OF ARTICLE TRUNCATED ==========