Path: nntp.eternal-september.org!news.eternal-september.org!eternal-september.org!.POSTED!not-for-mail From: IACR ePrint Archive Newsgroups: sci.crypt Subject: [digest] 2025 Week 27 Date: Mon, 07 Jul 2025 02:29:59 -0000 Organization: A noiseless patient Spider Lines: 865 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Injection-Date: Mon, 07 Jul 2025 04:30:04 +0200 (CEST) Injection-Info: dont-email.me; posting-host="c82aeeaae7f7b65589d45d067c823c2c"; logging-data="2851916"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+2esn/lKosU9s/NSbr34Qob6PzzPB8GEc=" Cancel-Lock: sha1:cK0h/unYmmLOOCBQH+KJ90sVcNA= ## In this issue 1. [2023/1524] SoK: Signatures With Randomizable Keys 2. [2025/372] KLPT=C2=B2: Algebraic Pathfinding in Dimension Two and ... 3. [2025/1194] Private coins extension with verifiable encryption 4. [2025/1195] On symbolic computations and Post Quantum ... 5. [2025/1196] Limits on the Power of Private Constrained PRFs 6. [2025/1197] How to Copy-Protect All Puncturable Functionalities ... 7. [2025/1198] Brief Comments on Rijndael-256 and the Standard ... 8. [2025/1199] HypSCA: A Hyperbolic Embedding Method for Enhanced ... 9. [2025/1200] Tricycle: Private Transformer Inference with ... 10. [2025/1201] BitBatSPIR: Efficient Batch Symmetric Private ... 11. [2025/1202] t-Probing (In-)Security - Pitfalls on Noise Assumptions 12. [2025/1203] Breaking The Authenticated Encryption scheme HiAE 13. [2025/1204] A search to distinguish reduction for the ... 14. [2025/1205] Generic Construction of Threshold Ring Signatures ... 15. [2025/1206] New Upper and Lower Bounds for Perfectly Secure MPC 16. [2025/1207] Copy-Protection from UPO, Revisited 17. [2025/1208] End-to-End Encrypted Git Services 18. [2025/1209] RingSG: Optimal Secure Vertex-Centric Computation ... 19. [2025/1210] A Generalized Approach to Root-based Attacks ... 20. [2025/1211] May the Force $\textit{not}$ Be with you: Brute- ... 21. [2025/1212] All Proof of Work But No Proof of Play 22. [2025/1213] Tightly Secure Public-Key Encryption with Equality ... 23. [2025/1214] Hobbit: Space-Efficient zkSNARK with Optimal Prover ... 24. [2025/1215] Highly Scalable Searchable Symmetric Encryption for ... 25. [2025/1216] Ring-LWR based Commitments and ZK-PoKs with ... ## 2023/1524 * Title: SoK: Signatures With Randomizable Keys * Authors: Sof=C3=ADa Celi, Scott Griffy, Lucjan Hanzlik, Octavio Perez Kempn= er, Daniel Slamanig * [Permalink](https://eprint.iacr.org/2023/1524) * [Download](https://eprint.iacr.org/2023/1524.pdf) ### Abstract Digital signature schemes with specific properties have recently seen various= real-world applications with a strong emphasis on privacy-enhancing technolo= gies. They have been extensively used to develop anonymous credentials scheme= s and to achieve an even more comprehensive range of functionalities in the d= ecentralized web. Substantial work has been done to formalize different types of signatures whe= re an allowable set of transformations can be applied to message-signature pa= irs to obtain new related pairs. Most of the previous work focused on transfo= rmations with respect to the message being signed, but little has been done t= o study what happens when transformations apply to the signing keys. A first = attempt to thoroughly formalize such aspects was carried by Derler and Slaman= ig (ePrint'16, Designs, Codes and Cryptography'19), followed by the more rece= nt efforts by Backes et al. (ASIACRYPT'18) and Eaton et al. (ePrint'23). Howe= ver, the literature on the topic is vast and different terminology is used ac= ross contributions, which makes it difficult to compare related works and und= erstand the range of applications covered by a given construction. In this work, we present a unified view of signatures with randomizable keys = and revisit their security properties. We focus on state-of-the-art construct= ions and related applications,identifying existing challenges. Our systematiz= ation allows us to highlight gaps, open questions and directions for future r= esearch on signatures with randomizable keys. ## 2025/372 * Title: KLPT=C2=B2: Algebraic Pathfinding in Dimension Two and Applications * Authors: Wouter Castryck, Thomas Decru, P=C3=A9ter Kutas, Abel Laval, Chris= tophe Petit, Yan Bo Ti * [Permalink](https://eprint.iacr.org/2025/372) * [Download](https://eprint.iacr.org/2025/372.pdf) ### Abstract Following Ibukiyama, Katsura and Oort, all principally polarized superspecia= l abelian surfaces over $\overline{\mathbb{F}}_p$ can be represented by a cer= tain type of $2 \times 2$ matrix $g$, having entries in the quaternion algebr= a $B_{p,\infty}$. We present a heuristic polynomial-time algorithm which, upo= n input of two such matrices $g_1, g_2$, finds a "connecting matrix" represen= ting a polarized isogeny of smooth degree between the corresponding surfaces.= Our algorithm should be thought of as a two-dimensional analog of the KLPT a= lgorithm from 2014 due to Kohel, Lauter, Petit and Tignol for finding a conne= cting ideal of smooth norm between two given maximal orders in $B_{p, \infty}= $.=20 =20 The KLPT algorithm has proven to be a versatile tool in isogeny-based cryptog= raphy, and our analog has similar applications; we discuss two of them in det= ail. First, we show that it yields a polynomial-time solution to a two-dimens= ional analog of the so-called constructive Deuring correspondence: given a ma= trix $g$ representing a superspecial principally polarized abelian surface, r= ealize the latter as the Jacobian of a genus-$2$ curve (or, exceptionally, as= the product of two elliptic curves if it concerns a product polarization). S= econd, we show that, modulo a plausible assumption, Charles-Goren-Lauter styl= e hash functions from superspecial principally polarized abelian surfaces req= uire a trusted set-up. Concretely, if the matrix $g$ associated with the star= ting surface is known then collisions can be produced in polynomial time. We = deem it plausible that all currently known methods for generating a starting = surface indeed reveal the corresponding matrix. As an auxiliary tool, we pres= ent an efficient method for converting polarized isogenies of powersmooth deg= ree into the corresponding connecting matrix, a step for which a previous app= roach by Chu required super-polynomial (but sub-exponential) time. ## 2025/1194 * Title: Private coins extension with verifiable encryption * Authors: Oleg Fomenko * [Permalink](https://eprint.iacr.org/2025/1194) * [Download](https://eprint.iacr.org/2025/1194.pdf) ### Abstract This paper introduces a protocol for verifiable encryption of values committe= d using Pedersen commitments. It enables a recipient to decrypt the hidden am= ount while proving its consistency with the original commitment, without reve= aling the value publicly. The construction combines symmetric encryption with= zero-knowledge proofs and is made non-interactive via the Fiat-Shamir heuris= tic. The protocol is particularly useful in blockchain settings where confide= ntial but verifiable value transfers are required. ## 2025/1195 * Title: On symbolic computations and Post Quantum Cryptography with Lie Geom= etries. * Authors: Vasyl Ustimenko * [Permalink](https://eprint.iacr.org/2025/1195) * [Download](https://eprint.iacr.org/2025/1195.pdf) ### Abstract Assume that the global density of multivariate map over the commutative ring= is the total number of its coefficients. In the case of finite commutative r= ing K with the multiplicative group K* containing more than 2 elements we su= ggest multivariate public keys in n variables with the public rule of global = density O(n) and degree O(1). Another public keys use public rule of global = density O(n) and degree O(n) together with the space of plaintexts (K*)^n and= the space of ciphertext K^n . We consider examples of protocols of Noncommut= ative Cryptography implemented on the platform of endomorphisms of which all= ow the con-version of mentioned above multivariate public keys into protocol = based cryptosystems of El Gamal type. The cryptosystems and protocols are des= igned in terms of analogue of geometries of Chevalley groups over commutative= rings and their temporal versions. ## 2025/1196 * Title: Limits on the Power of Private Constrained PRFs * Authors: Mengda Bi, Chenxin Dai, Yaohua Ma * [Permalink](https://eprint.iacr.org/2025/1196) * [Download](https://eprint.iacr.org/2025/1196.pdf) ### Abstract Private constrained PRFs are constrained PRFs where the constrained key hides= information about the predicate circuit. Although there are many constructio= ns and applications of PCPRF, its relationship to basic cryptographic primiti= ves, such as one-way functions and public-key encryptions, has been unclear. = For example, we don't know whether one-way functions imply PCPRFs for general= predicates, nor do we know whether 1-key secure PCPRF for all polynomial-siz= ed predicates imply public-key primitives such as public-key encryption and s= ecret-key agreement. =20 In this work, we prove the black-box separation between a 1-key secure PC= PRF for any predicate and a secret-key agreement, which is the first black-bo= x separation result about PCPRF. Specifically, we prove that there exists an = oracle relative to which 1-key secure PCPRFs exist while secret-key agreement= does not. Our proof is based on the simulation-based technique proposed by I= mpagliazzo and Rudich (STOC 89). The main technical challenge in generalizing= the simulation-based technique to PCPRF is the issue of \textit{unfaithfulne= ss} of Eve's simulation to the real world because our oracle is more complica= ted than a random oracle. We introduce a new technique which we call the ``we= ighting" technique and show how to leverage it to circumvent the issue of unf= aithfulness in the proof framework of Impagliazzo and Rudich. ## 2025/1197 * Title: How to Copy-Protect All Puncturable Functionalities Without Conjectu= res: A Unified Solution to Quantum Protection ========== REMAINDER OF ARTICLE TRUNCATED ==========