Path: ...!eternal-september.org!feeder3.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: IACR ePrint Archive Newsgroups: sci.crypt Subject: [digest] 2025 Week 12 Date: Mon, 24 Mar 2025 02:28:37 -0000 Organization: A noiseless patient Spider Lines: 1298 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Injection-Date: Mon, 24 Mar 2025 03:28:41 +0100 (CET) Injection-Info: dont-email.me; posting-host="090ba1fd9467217cca55313562e05fdf"; logging-data="4009079"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1/gFjflpPMz4oETR9B0HEqmmeytA2FcxjM=" Cancel-Lock: sha1:qc5rveCOqDYmBBHtm+G/M6ywoJE= Bytes: 69784 ## In this issue 1. [2025/384] Optimizing Final Exponentiation for Pairing- ... 2. [2025/388] Fair Exchange for Decentralized Autonomous ... 3. [2025/501] Quantum Key-Recovery Attacks on Permutation-Based ... 4. [2025/502] Registration-Based Encryption in the Plain Model 5. [2025/503] Max Bias Analysis: A New Approach on Computing the ... 6. [2025/504] Ideal Compartmented Secret Sharing Scheme Based on ... 7. [2025/505] Capitalized Bitcoin Fork for National Strategic Reserve 8. [2025/506] On the Estonian Internet Voting System, IVXV, SoK ... 9. [2025/507] Scalable Zero-knowledge Proofs for Non-linear ... 10. [2025/508] Towards Building Scalable Constant-Round MPC from ... 11. [2025/509] Almost Optimal KP and CP-ABE for Circuits from ... 12. [2025/510] Adaptive Adversaries in Byzantine-Robust Federated ... 13. [2025/511] VeriSSO: A Privacy-Preserving Legacy-Compatible ... 14. [2025/512] Optimizing AES-GCM on ARM Cortex-M4: A Fixslicing ... 15. [2025/513] Server-Aided Anonymous Credentials 16. [2025/514] On Extractability of the KZG Family of Polynomial ... 17. [2025/515] Compressed Sigma Protocols: New Model and ... 18. [2025/516] Don't Use It Twice: Reloaded! On the Lattice ... 19. [2025/517] Designated-Verifier SNARGs with One Group Element 20. [2025/518] Secret-Sharing Schemes for General Access ... 21. [2025/519] mid-pSquare: Leveraging the Strong Side-Channel ... 22. [2025/520] Masking-Friendly Post-Quantum Signatures in the ... 23. [2025/521] Division polynomials for arbitrary isogenies 24. [2025/522] New Techniques for Analyzing Fully Secure ... 25. [2025/523] Assembly optimised Curve25519 and Curve448 ... 26. [2025/524] Ring Referral: Efficient Publicly Verifiable Ad hoc ... 27. [2025/525] Deniable Secret Sharing 28. [2025/526] AI Agents in Cryptoland: Practical Attacks and No ... 29. [2025/527] SoK: Fully-homomorphic encryption in smart contracts 30. [2025/528] VeRange: Verification-efficient Zero-knowledge ... 31. [2025/529] On the Anonymity in "A Practical Lightweight ... 32. [2025/530] Lattice-based extended withdrawable signatures 33. [2025/531] Understanding the new distinguisher of alternant ... 34. [2025/532] Chunking Attacks on File Backup Services using ... 35. [2025/533] JesseQ: Efficient Zero-Knowledge Proofs for ... 36. [2025/534] Plonkify: R1CS-to-Plonk transpiler 37. [2025/535] zkPyTorch: A Hierarchical Optimized Compiler for ... 38. [2025/536] A Fiat-Shamir Transformation From Duplex Sponges ## 2025/384 * Title: Optimizing Final Exponentiation for Pairing-Friendly Elliptic Curves= with Odd Embedding Degrees Divisible by 3 * Authors: Loubna Ghammam, Nadia El Mrabet, Walid Haddaji, Leila Ben Abdelgha= ni * [Permalink](https://eprint.iacr.org/2025/384) * [Download](https://eprint.iacr.org/2025/384.pdf) ### Abstract In pairing-based cryptography, the final exponentiation with a large fixed ex= ponent is essential to ensure unique outputs in both Tate and optimal ate pai= rings. While significant progress has been made in optimizing elliptic curves= with even embedding degrees, advancements for curves with odd embedding degr= ees, particularly those divisible by 3, have been more limited. This paper in= troduces new optimization techniques for computing the final exponentiation o= f the optimal ate pairing on these curves. The first technique takes advantag= e of some existing seeds' forms, which enable cyclotomic cubing, and extends = this approach to generate new seeds with a similar structure. The second tech= nique involves generating new seeds with sparse ternary representations, repl= acing squaring operations with cyclotomic cubing. The first technique improves efficiency by $1.7\%$ and $1.5\%$ compared to th= e square and multiply (\textbf{SM}) method for existing seeds at $192-$bit an= d $256-$bit security levels, respectively. For newly generated seeds, it achi= eves efficiency gains of $3.4\%$ at $128-$bit, $5\%$ at $192-$bit, and $8.6\%= $ at $256-$bit security levels. The second technique improves efficiency by $= 3.3\%$ at $128-$bit, $19.5\%$ at $192-$bit, and $4.3\%$ at $256-$bit security= levels. ## 2025/388 * Title: Fair Exchange for Decentralized Autonomous Organizations via Thresho= ld Adaptor Signatures * Authors: Ruben Baecker, Paul Gerhart, Jonathan Katz, Dominique Schr=C3=B6der * [Permalink](https://eprint.iacr.org/2025/388) * [Download](https://eprint.iacr.org/2025/388.pdf) ### Abstract A Decentralized Autonomous Organization (DAO) enables multiple parties to col= lectively manage digital assets in a blockchain setting. We focus on achievin= g fair exchange between DAOs using a cryptographic mechanism that operates wi= th minimal blockchain assumptions and, crucially, does not rely on smart cont= racts. =20 Specifically, we consider a setting where a DAO consisting of $n_\mathsf{S}$ = sellers holding shares of a witness $w$ interacts with a DAO comprising $n_\m= athsf{B}$ buyers holding shares of a signing key $sk$; the goal is for the se= llers to exchange $w$ for a signature under $sk$ transferring a predetermined= amount of funds. =20 Fairness is required to hold both between DAOs (i.e., ensuring that each DAO = receives its asset if and only if the other does) as well as within each DAO = (i.e., ensuring that all members of a DAO receive their asset if and only if = every other member does). =20 We formalize these fairness properties and present an efficient protocol for = DAO-based fair exchange under standard cryptographic assumptions. Our protoco= l leverages certified witness encryption and threshold adaptor signatures, tw= o primitives of independent interest that we introduce and show how to constr= uct efficiently. ## 2025/501 * Title: Quantum Key-Recovery Attacks on Permutation-Based Pseudorandom Funct= ions * Authors: Hong-Wei Sun, Fei Gao, Rong-Xue Xu, Dan-Dan Li, Zhen-Qiang Li, Ke-= Jia Zhang * [Permalink](https://eprint.iacr.org/2025/501) * [Download](https://eprint.iacr.org/2025/501.pdf) ### Abstract Due to their simple security assessments, permutation-based pseudo-random fun= ctions (PRFs) have become widely used in cryptography. It has been shown that= PRFs using a single $n$-bit permutation achieve $n/2$ bits of security, whil= e those using two permutation calls provide $2n/3$ bits of security in the cl= assical setting. This paper studies the security of permutation-based PRFs wi= thin the Q1 model, where attackers are restricted to classical queries and of= fline quantum computations. We present improved quantum-time/classical-data t= radeoffs compared with the previous attacks. Specifically, under the same ass= umptions/hardware as Grover's exhaustive search attack, i.e. the offline Simo= n algorithm, we can recover keys in quantum time $\tilde{O}(2^{n/3})$, with $= O(2^{n/3})$ classical queries and $O(n^2)$ qubits. Furthermore, we enhance pr= evious superposition attacks by reducing the data complexity from exponential= to polynomial, while maintaining the same time complexity. This implies that= permutation-based PRFs become vulnerable when adversaries have access to qua= ntum computing resources. It is pointed out that the above quantum attack can= be used to quite a few cryptography, including PDMMAC and pEDM, as well as g= eneral instantiations like XopEM, EDMEM, EDMDEM, and others. ## 2025/502 * Title: Registration-Based Encryption in the Plain Model * Authors: Jesko Dujmovic, Giulio Malavolta, Wei Qi * [Permalink](https://eprint.iacr.org/2025/502) * [Download](https://eprint.iacr.org/2025/502.pdf) ### Abstract Registration-based encryption (RBE) is a recently developed alternative to id= entity-based encryption, that mitigates the well-known key-escrow problem by = letting each user sample its own key pair. In RBE, the key authority is subst= ituted by a key curator, a completely transparent entity whose only job is to= reliably aggregate users' keys. However, one limitation of all known RBE sch= eme is that they all rely on one-time trusted setup, that must be computed ho= nestly.=20 =20 In this work, we ask whether this limitation is indeed inherent and we in= itiate the systematic study of RBE in the plain model, without any common ref= erence string. We present the following main results: - (Definitions) We show that the standard security definition of RBE = is unachievable without a trusted setup and we propose a slight weakening, wh= ere one honest user is required to be registered in the system. - (Constructions) We present constructions of RBE in the plain model,= based on standard cryptographic assumptions. Along the way, we introduce the= notions of non-interactive witness indistinguishable (NIWI) proofs secure ag= ainst chosen statements attack and re-randomizable RBE, which may be of indep= endent interest. A major limitation of our constructions, is that users must be update= d upon every new registration.=20 - (Lower Bounds) We show that this limitation is in some sense inhere= nt. We prove that any RBE in the plain model that satisfies a certain structu= ral requirement, which holds for all known RBE constructions, must update all= but a vanishing fraction of the users, upon each new registration. This is i= n contrast with the standard RBE settings, where users receive a logarithmic = amount of updates throughout the lifetime of the system. ## 2025/503 * Title: Max Bias Analysis: A New Approach on Computing the Entropy of Free R= ing-Oscillator * Authors: Nicolas David, Eric Garrido * [Permalink](https://eprint.iacr.org/2025/503) ========== REMAINDER OF ARTICLE TRUNCATED ==========