| Deutsch English Français Italiano |
|
<sIhtVK8Yxx_LURSpmj8B7sMVfzaxVfWk@eprint.iacr.org.invalid> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail
From: IACR ePrint Archive <noreply@example.invalid>
Newsgroups: sci.crypt
Subject: [digest] 2025 Week 12
Date: Mon, 24 Mar 2025 02:28:37 -0000
Organization: A noiseless patient Spider
Lines: 1298
Message-ID: <sIhtVK8Yxx_LURSpmj8B7sMVfzaxVfWk@eprint.iacr.org.invalid>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: quoted-printable
Injection-Date: Mon, 24 Mar 2025 03:28:41 +0100 (CET)
Injection-Info: dont-email.me; posting-host="090ba1fd9467217cca55313562e05fdf";
logging-data="4009079"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/gFjflpPMz4oETR9B0HEqmmeytA2FcxjM="
Cancel-Lock: sha1:qc5rveCOqDYmBBHtm+G/M6ywoJE=
Bytes: 69784
## In this issue
1. [2025/384] Optimizing Final Exponentiation for Pairing- ...
2. [2025/388] Fair Exchange for Decentralized Autonomous ...
3. [2025/501] Quantum Key-Recovery Attacks on Permutation-Based ...
4. [2025/502] Registration-Based Encryption in the Plain Model
5. [2025/503] Max Bias Analysis: A New Approach on Computing the ...
6. [2025/504] Ideal Compartmented Secret Sharing Scheme Based on ...
7. [2025/505] Capitalized Bitcoin Fork for National Strategic Reserve
8. [2025/506] On the Estonian Internet Voting System, IVXV, SoK ...
9. [2025/507] Scalable Zero-knowledge Proofs for Non-linear ...
10. [2025/508] Towards Building Scalable Constant-Round MPC from ...
11. [2025/509] Almost Optimal KP and CP-ABE for Circuits from ...
12. [2025/510] Adaptive Adversaries in Byzantine-Robust Federated ...
13. [2025/511] VeriSSO: A Privacy-Preserving Legacy-Compatible ...
14. [2025/512] Optimizing AES-GCM on ARM Cortex-M4: A Fixslicing ...
15. [2025/513] Server-Aided Anonymous Credentials
16. [2025/514] On Extractability of the KZG Family of Polynomial ...
17. [2025/515] Compressed Sigma Protocols: New Model and ...
18. [2025/516] Don't Use It Twice: Reloaded! On the Lattice ...
19. [2025/517] Designated-Verifier SNARGs with One Group Element
20. [2025/518] Secret-Sharing Schemes for General Access ...
21. [2025/519] mid-pSquare: Leveraging the Strong Side-Channel ...
22. [2025/520] Masking-Friendly Post-Quantum Signatures in the ...
23. [2025/521] Division polynomials for arbitrary isogenies
24. [2025/522] New Techniques for Analyzing Fully Secure ...
25. [2025/523] Assembly optimised Curve25519 and Curve448 ...
26. [2025/524] Ring Referral: Efficient Publicly Verifiable Ad hoc ...
27. [2025/525] Deniable Secret Sharing
28. [2025/526] AI Agents in Cryptoland: Practical Attacks and No ...
29. [2025/527] SoK: Fully-homomorphic encryption in smart contracts
30. [2025/528] VeRange: Verification-efficient Zero-knowledge ...
31. [2025/529] On the Anonymity in "A Practical Lightweight ...
32. [2025/530] Lattice-based extended withdrawable signatures
33. [2025/531] Understanding the new distinguisher of alternant ...
34. [2025/532] Chunking Attacks on File Backup Services using ...
35. [2025/533] JesseQ: Efficient Zero-Knowledge Proofs for ...
36. [2025/534] Plonkify: R1CS-to-Plonk transpiler
37. [2025/535] zkPyTorch: A Hierarchical Optimized Compiler for ...
38. [2025/536] A Fiat-Shamir Transformation From Duplex Sponges
## 2025/384
* Title: Optimizing Final Exponentiation for Pairing-Friendly Elliptic Curves=
with Odd Embedding Degrees Divisible by 3
* Authors: Loubna Ghammam, Nadia El Mrabet, Walid Haddaji, Leila Ben Abdelgha=
ni
* [Permalink](https://eprint.iacr.org/2025/384)
* [Download](https://eprint.iacr.org/2025/384.pdf)
### Abstract
In pairing-based cryptography, the final exponentiation with a large fixed ex=
ponent is essential to ensure unique outputs in both Tate and optimal ate pai=
rings. While significant progress has been made in optimizing elliptic curves=
with even embedding degrees, advancements for curves with odd embedding degr=
ees, particularly those divisible by 3, have been more limited. This paper in=
troduces new optimization techniques for computing the final exponentiation o=
f the optimal ate pairing on these curves. The first technique takes advantag=
e of some existing seeds' forms, which enable cyclotomic cubing, and extends =
this approach to generate new seeds with a similar structure. The second tech=
nique involves generating new seeds with sparse ternary representations, repl=
acing squaring operations with cyclotomic cubing.
The first technique improves efficiency by $1.7\%$ and $1.5\%$ compared to th=
e square and multiply (\textbf{SM}) method for existing seeds at $192-$bit an=
d $256-$bit security levels, respectively. For newly generated seeds, it achi=
eves efficiency gains of $3.4\%$ at $128-$bit, $5\%$ at $192-$bit, and $8.6\%=
$ at $256-$bit security levels. The second technique improves efficiency by $=
3.3\%$ at $128-$bit, $19.5\%$ at $192-$bit, and $4.3\%$ at $256-$bit security=
levels.
## 2025/388
* Title: Fair Exchange for Decentralized Autonomous Organizations via Thresho=
ld Adaptor Signatures
* Authors: Ruben Baecker, Paul Gerhart, Jonathan Katz, Dominique Schr=C3=B6der
* [Permalink](https://eprint.iacr.org/2025/388)
* [Download](https://eprint.iacr.org/2025/388.pdf)
### Abstract
A Decentralized Autonomous Organization (DAO) enables multiple parties to col=
lectively manage digital assets in a blockchain setting. We focus on achievin=
g fair exchange between DAOs using a cryptographic mechanism that operates wi=
th minimal blockchain assumptions and, crucially, does not rely on smart cont=
racts. =20
Specifically, we consider a setting where a DAO consisting of $n_\mathsf{S}$ =
sellers holding shares of a witness $w$ interacts with a DAO comprising $n_\m=
athsf{B}$ buyers holding shares of a signing key $sk$; the goal is for the se=
llers to exchange $w$ for a signature under $sk$ transferring a predetermined=
amount of funds. =20
Fairness is required to hold both between DAOs (i.e., ensuring that each DAO =
receives its asset if and only if the other does) as well as within each DAO =
(i.e., ensuring that all members of a DAO receive their asset if and only if =
every other member does). =20
We formalize these fairness properties and present an efficient protocol for =
DAO-based fair exchange under standard cryptographic assumptions. Our protoco=
l leverages certified witness encryption and threshold adaptor signatures, tw=
o primitives of independent interest that we introduce and show how to constr=
uct efficiently.
## 2025/501
* Title: Quantum Key-Recovery Attacks on Permutation-Based Pseudorandom Funct=
ions
* Authors: Hong-Wei Sun, Fei Gao, Rong-Xue Xu, Dan-Dan Li, Zhen-Qiang Li, Ke-=
Jia Zhang
* [Permalink](https://eprint.iacr.org/2025/501)
* [Download](https://eprint.iacr.org/2025/501.pdf)
### Abstract
Due to their simple security assessments, permutation-based pseudo-random fun=
ctions (PRFs) have become widely used in cryptography. It has been shown that=
PRFs using a single $n$-bit permutation achieve $n/2$ bits of security, whil=
e those using two permutation calls provide $2n/3$ bits of security in the cl=
assical setting. This paper studies the security of permutation-based PRFs wi=
thin the Q1 model, where attackers are restricted to classical queries and of=
fline quantum computations. We present improved quantum-time/classical-data t=
radeoffs compared with the previous attacks. Specifically, under the same ass=
umptions/hardware as Grover's exhaustive search attack, i.e. the offline Simo=
n algorithm, we can recover keys in quantum time $\tilde{O}(2^{n/3})$, with $=
O(2^{n/3})$ classical queries and $O(n^2)$ qubits. Furthermore, we enhance pr=
evious superposition attacks by reducing the data complexity from exponential=
to polynomial, while maintaining the same time complexity. This implies that=
permutation-based PRFs become vulnerable when adversaries have access to qua=
ntum computing resources. It is pointed out that the above quantum attack can=
be used to quite a few cryptography, including PDMMAC and pEDM, as well as g=
eneral instantiations like XopEM, EDMEM, EDMDEM, and others.
## 2025/502
* Title: Registration-Based Encryption in the Plain Model
* Authors: Jesko Dujmovic, Giulio Malavolta, Wei Qi
* [Permalink](https://eprint.iacr.org/2025/502)
* [Download](https://eprint.iacr.org/2025/502.pdf)
### Abstract
Registration-based encryption (RBE) is a recently developed alternative to id=
entity-based encryption, that mitigates the well-known key-escrow problem by =
letting each user sample its own key pair. In RBE, the key authority is subst=
ituted by a key curator, a completely transparent entity whose only job is to=
reliably aggregate users' keys. However, one limitation of all known RBE sch=
eme is that they all rely on one-time trusted setup, that must be computed ho=
nestly.=20
=20
In this work, we ask whether this limitation is indeed inherent and we in=
itiate the systematic study of RBE in the plain model, without any common ref=
erence string. We present the following main results:
- (Definitions) We show that the standard security definition of RBE =
is unachievable without a trusted setup and we propose a slight weakening, wh=
ere one honest user is required to be registered in the system.
- (Constructions) We present constructions of RBE in the plain model,=
based on standard cryptographic assumptions. Along the way, we introduce the=
notions of non-interactive witness indistinguishable (NIWI) proofs secure ag=
ainst chosen statements attack and re-randomizable RBE, which may be of indep=
endent interest.
A major limitation of our constructions, is that users must be update=
d upon every new registration.=20
- (Lower Bounds) We show that this limitation is in some sense inhere=
nt. We prove that any RBE in the plain model that satisfies a certain structu=
ral requirement, which holds for all known RBE constructions, must update all=
but a vanishing fraction of the users, upon each new registration. This is i=
n contrast with the standard RBE settings, where users receive a logarithmic =
amount of updates throughout the lifetime of the system.
## 2025/503
* Title: Max Bias Analysis: A New Approach on Computing the Entropy of Free R=
ing-Oscillator
* Authors: Nicolas David, Eric Garrido
* [Permalink](https://eprint.iacr.org/2025/503)
========== REMAINDER OF ARTICLE TRUNCATED ==========