## In this issue
1. [2023/216] Two-Round Stateless Deterministic Two-Party Schnorr ...
2. [2023/797] Entropy Suffices for Guessing Most Keys
3. [2023/821] Securing IoT Devices with Fast and Energy Efficient ...
4. [2023/1399] The supersingular Endomorphism Ring and One ...
5. [2023/1527] Adaptive Garbled Circuits and Garbled RAM from Non- ...
6. [2024/336] RAMenPaSTA: Parallelizable Scalable Transparent ...
7. [2024/339] From Random Probing to Noisy Leakages Without ...
8. [2024/342] Massive Superpoly Recovery with a Meet-in-the- ...
9. [2024/351] Improved Differential Meet-In-The-Middle Cryptanalysis
10. [2024/364] Algebraic Algorithm for the Alternating Trilinear ...
11. [2024/367] Accelerating SLH-DSA by Two Orders of Magnitude ...
12. [2024/372] Two-Round Maliciously-Secure Oblivious Transfer ...
13. [2024/381] Quantum Circuits of AES with a Low-depth Linear ...
14. [2024/382] Decentralized Access Control Infrastructure for ...
15. [2024/383] Malicious Security for SCALES: Outsourced ...
16. [2024/384] Transmitter Actions for Secure Integrated Sensing ...
17. [2024/385] A New Public Key Cryptosystem Based on the Cubic ...
18. [2024/386] High-Throughput Secure Multiparty Computation with ...
19. [2024/387] Parallel Zero-knowledge Virtual Machine
20. [2024/388] Leakage-Resilient Attribute-Based Encryption with ...
21. [2024/389] On the Feasibility of Sliced Garbling
22. [2024/390] STIR: Reed–Solomon Proximity Testing with Fewer Queries
23. [2024/391] On Information-Theoretic Secure Multiparty ...
24. [2024/392] Heuristic Ideal Obfuscation Scheme based on LWE ...
25. [2024/393] Revisiting the May--Meurer--Thomae Algorithm --- ...
26. [2024/394] A Deniably Authenticated Searchable Public Key ...
27. [2024/395] Notus: Dynamic Proofs of Liabilities from Zero- ...
28. [2024/396] On the impact of ionizing and non-ionizing ...
29. [2024/397] Exponent-VRFs and Their Applications
30. [2024/398] The Last Challenge Attack: Exploiting a Vulnerable ...
31. [2024/399] A Direct PRF Construction from Kolmogorov Complexity
32. [2024/400] SILBE: an Updatable Public Key Encryption Scheme ...
33. [2024/401] Plover: Masking-Friendly Hash-and-Sign Lattice ...
34. [2024/402] Efficient Unbalanced Quorum PSI from Homomorphic ...
35. [2024/403] DARE to agree: Byzantine Agreement with Optimal ...
36. [2024/404] Breaking the DECT Standard Cipher with Lower Time Cost
37. [2024/405] Traceable Secret Sharing: Strong Security and ...
38. [2024/406] Some notes on algorithms for abelian varieties
39. [2024/407] Permutation-Based Hashing Beyond the Birthday Bound
40. [2024/408] Modular Indexer: Fully User-Verified Execution ...
41. [2024/409] Nebula: A Privacy-First Platform for Data Backhaul
42. [2024/410] Recent Progress in Quantum Computing Relevant to ...
43. [2024/411] Polytopes in the Fiat-Shamir with Aborts Paradigm
44. [2024/412] Quasi-Optimal Permutation Ranking and Applications ...
45. [2024/413] Bent functions construction using extended ...
46. [2024/414] Quantum One-Wayness of the Single-Round Sponge with ...
47. [2024/415] Column-wise Garbling, and How to Go Beyond the ...
## 2023/216
* Title: Two-Round Stateless Deterministic Two-Party Schnorr Signatures From Pseudorandom Correlation Functions
* Authors: Yashvanth Kondi, Claudio Orlandi, Lawrence Roy
* [Permalink](
https://eprint.iacr.org/2023/216)
* [Download](
https://eprint.iacr.org/2023/216.pdf)
### Abstract
Schnorr signatures are a popular choice due to their simplicity, provable security, and linear structure that enables relatively easy threshold signing protocols. The deterministic variant of Schnorr (where the nonce is derived in a stateless manner
using a PRF from the message and a long term secret) is widely used in practice since it mitigates the threats of a faulty or poor randomness generator (which in Schnorr leads to catastrophic breaches of security). Unfortunately, threshold protocols for
the deterministic variant of Schnorr have so far been quite inefficient, as they make non black-box use of the PRF involved in the nonce generation.
In this paper, we present the first two-party threshold protocol for Schnorr signatures, where signing is stateless and deterministic, and only makes black-box use of the underlying cryptographic algorithms.
We present a protocol from general assumptions which achieves covert security, and a protocol that achieves full active security under standard factoring-like assumptions. Our protocols make crucial use of recent advances within the field of pseudorandom
correlation functions (PCFs).
As an additional benefit, only two-rounds are needed to perform distributed signing in our protocol, connecting our work to a recent line of research on the trade-offs between round complexity and cryptographic assumptions for threshold Schnorr
signatures.
## 2023/797
* Title: Entropy Suffices for Guessing Most Keys
* Authors: Timo Glaser, Alexander May, Julian Nowakowski
* [Permalink](
https://eprint.iacr.org/2023/797)
* [Download](
https://eprint.iacr.org/2023/797.pdf)
### Abstract
Historically, most cryptosystems chose their keys uniformly at random. This is in contrast to modern (lattice-based) schemes, which typically sample their keys from more complex distributions $\mathcal{D}$, such as the discrete Gaussian or centered
binomial distribution.
It is well-known that any key drawn from the uniform distribution $\mathcal{U}$ can be guessed using at most $2^{\operatorname{H}(\mathcal{U})}$ key guesses, where $\operatorname{H}(\mathcal{U})$ denotes the entropy of the uniform distribution. However,
for keys drawn from general distributions $\mathcal{D}$ only a lower bound of $\Omega(2^{\operatorname{H}(\mathcal{D})})$ key guesses is known. In fact, Massey (1994) even ruled out that the number of key guesses can be upper bounded by a function of the
entropy alone.
When analyzing the complexity of so-called hybrid lattice-attacks (which combine lattice reduction with key guessing) one therefore usually conservatively underestimates the complexity of key guessing by $2^{\operatorname{H}(\mathcal{D})}$. However, a
tight complexity analysis is missing, and due to Massey's result considered impossible.
In this work, we bypass Massey's impossibility result by focusing on the typical cryptographic setting, where keys are drawn from $n$-fold product distributions $\mathcal{D} = \chi^n$.
It is well known that the optimal key guessing algorithm enumerates keys in $\chi^n$ in descending order of probability. In order to provide a refined analysis, we allow to abort enumeration after a certain amount of key guesses. As our main result, we
prove that for any discrete probability distribution $\chi$ the key guessing algorithm that we abort after $2^{\operatorname{H}(\chi)n}$ keys has asymptotically success probability $\frac 1 2$, taken over the random key choice. The aborted algorithm
allows for a quantum version with success probability $\frac 1 2$ within $2^{\operatorname{H}(\chi)n/2}$ key guesses. In other words, for any distribution $\chi$, we achieve a Grover-type square root speedup.
Furthermore, we show that for the distributions used in Kyber and Falcon, the aborted algorithm outperforms the non-aborted algorithm by an exponential factor in the runtime. Hence, for a typical multi-key scenario, where a (large scale) adversary wants
to attack as many keys with as few as possible resources, our results show that it greatly pays off to tackle only the likely keys.
## 2023/821
* Title: Securing IoT Devices with Fast and Energy Efficient Implementation of PRIDE and PRESENT Ciphers
* Authors: Vijay Dahiphale, Hrishikesh Raut, Gaurav Bansod, Devendra Dahiphale * [Permalink](
https://eprint.iacr.org/2023/821)
* [Download](
https://eprint.iacr.org/2023/821.pdf)
### Abstract
The rise of low-power, cost-efficient internet-connected devices has led to a need for lightweight cryptography. The lightweight block cipher PRIDE, designed by Martin R. Albrecht, is one of the most efficient ciphers designed for IoT-constrained
environments. It is useful for connected devices, requires fewer resources to implement, and has high performance. PRIDE is a software-oriented lightweight cipher optimized for microcontrollers. This paper focuses on the FPGA implementation of the PRIDE
cipher by keeping throughput, energy, and power consumption metrics focused. The paper also presents a novel and simpler diagrammatical view of a Matrix Layer implementation of the PRIDE cipher. We also implemented the PRESENT cipher using the same
metrics. We analyzed different design metrics on Field Programmable Gate Arrays (FPGAs) and compared the metrics of the PRIDE implementation with the well-known cipher PRESENT. This gives us an insight into the efficiency and reliability of PRIDE in IoT-
constrained environments. We also proposed different architectures of the PRIDE cipher for 16-bit and 32-bit datapaths.
## 2023/1399
* Title: The supersingular Endomorphism Ring and One Endomorphism problems are equivalent
* Authors: Aurel Page, Benjamin Wesolowski
* [Permalink](
https://eprint.iacr.org/2023/1399)
* [Download](
https://eprint.iacr.org/2023/1399.pdf)
### Abstract
The supersingular Endomorphism Ring problem is the following: given a supersingular elliptic curve, compute all of its endomorphisms. The presumed hardness of this problem is foundational for isogeny-based cryptography. The One Endomorphism problem only
asks to find a single non-scalar endomorphism. We prove that these two problems are equivalent, under probabilistic polynomial time reductions.
We prove a number of consequences. First, assuming the hardness of the endomorphism ring problem, the Charles–Goren–Lauter hash function is collision resistant, and the SQIsign identification protocol is sound for uniformly random keys. Second, the
endomorphism ring problem is equivalent to the problem of computing arbitrary isogenies between supersingular elliptic curves, a result previously known only for isogenies of smooth degree. Third, there exists an unconditional probabilistic algorithm to
solve the endomorphism ring problem in time $\tilde O(p^{1/2})$, a result that previously required to assume the generalized Riemann hypothesis.
To prove our main result, we introduce a flexible framework for the study of isogeny graphs with additional information. We prove a general and easy-to-use rapid mixing theorem.
## 2023/1527
* Title: Adaptive Garbled Circuits and Garbled RAM from Non-Programmable Random Oracles
* Authors: Cruz Barnum, David Heath, Vladimir Kolesnikov, Rafail Ostrovsky
* [Permalink](
https://eprint.iacr.org/2023/1527)
* [Download](
https://eprint.iacr.org/2023/1527.pdf)
### Abstract
Garbled circuit techniques that are secure in the adaptive setting -- where inputs are chosen after the garbled program is sent -- are motivated by practice, but they are notoriously difficult to achieve. Prior adaptive garbling is either impractically
expensive or encrypts the entire garbled program with the output of a programmable random oracle (PRO), a strong assumption.
We present a simple framework for proving adaptive security of garbling schemes in the non-programmable random oracle (NPRO) model. NPRO is a milder assumption than PRO, and it is close to the assumption required by the widely used Free XOR extension.
Our framework is applicable to a number of existing GC techniques, which are proved adaptively secure without modification.
As our main application of the framework, we construct and prove adaptively secure a garbling scheme for tri-state circuits, a recently proposed circuit model that captures both Boolean circuits and RAM programs (Heath et al., Crypto 2023). For a given
TSC $C$, our garbling of $C$ is at most $|C|\cdot \lambda$ bits long, where $\lambda$ is the security parameter. This implies both an adaptively secure garbled Boolean circuit scheme, as well an adaptively secure garbled RAM scheme where the garbling of $
T$ steps of a RAM program has size $O(T \cdot \log^3 T \cdot \log \log T \cdot \lambda)$ bits.
Our scheme is concretely efficient: its Boolean circuit handling matches the performance of half-gates, and it is adaptively secure from NPRO.
## 2024/336
* Title: RAMenPaSTA: Parallelizable Scalable Transparent Arguments of Knowledge for RAM Programs
* Authors: Khai Hanh Tang, Minh Pham, Chan Nam Ngo
* [Permalink](
https://eprint.iacr.org/2024/336)
* [Download](
https://eprint.iacr.org/2024/336.pdf)
### Abstract
Incremental Verifiable Computation (IVC) allows a prover to prove to a verifier the correct execution of a sequential computation. Recent works focus on improving the universality and efficiency of IVC Schemes, which can be categorized into Accumulation
and Folding-based IVCs with Folding-based ones being more efficient (due to their deferred proof generation until the final step). Unfortunately, both approaches satisfy only heuristic security as they model the Random Oracle (RO) as a circuit in their
non-constant depth recursive composition of the base Scheme. Such drawback is two-fold: to connect the consecutive execution step the RO is recursively modeled as a circuit during the folding or the accumulating process, and again in the final SNARK
wrapper circuit (a common practice in Folding-based IVCs).
We revisit this problem, with a focus on the Folding-based IVCs due to their efficiency, and propose the detachment of RO invocation from the folding circuit. We can instead accumulate such invocations, yielding the so-called Conditional Folding (CF)
Scheme to overcome the first drawback. One can consider our CF Scheme a hybrid Folding-Accumulation Scheme with provable security. We provide a non-trivial practical construction for our CF scheme that is natively parallelizable, which offers great
efficiency. We rigorously prove the security of our CF scheme (also for the case of folding in parallel; and our scheme can be made non-interactive using Fiat-Shamir). Our CF scheme is generic and does not require trusted setup. It can be adapted to
construct the first IVC for RAM programs, i.e. Parallelizable Scalable Transparent Arguments of Knowledge for RAM Programs that we dub RAMenPaSTA, that can be used to build zero-knowledge virtual machines (zkVMs). Both our CF Scheme and RAMenPaSTA can be
of independent research interests.
## 2024/339
* Title: From Random Probing to Noisy Leakages Without Field-Size Dependence
* Authors: Gianluca Brian, Stefan Dziembowski, Sebastian Faust
* [Permalink](
https://eprint.iacr.org/2024/339)
* [Download](
https://eprint.iacr.org/2024/339.pdf)
### Abstract
Side channel attacks are devastating attacks targeting cryptographic implementations. To protect against these attacks, various countermeasures have been proposed -- in particular, the so-called masking scheme. Masking schemes work by hiding sensitive
information via secret sharing all intermediate values that occur during the evaluation of a cryptographic implementation. Over the last decade, there has been broad interest in designing and formally analyzing such schemes. The random probing model
considers leakage where the value on each wire leaks with some probability $\epsilon$. This model is important as it implies security in the noisy leakage model via a reduction by Duc et al. (Eurocrypt 2014). Noisy leakages are considered the "gold-
standard" for analyzing masking schemes as they accurately model many real-world physical leakages. Unfortunately, the reduction of Duc et al. is non-tight, and in particular requires that the amount of noise increases by a factor of $|\mathbb{F}|$ for
circuits that operate over $\mathbb{F}$ (where $\mathbb{F}$ is a finite field). In this work, we give a generic transformation from random probing to average probing, which avoids this loss of $|\mathbb{F}|$. Since the average probing is identical to
the noisy leakage model (Eurocrypt 2014), this yields for the first time a security analysis of masked circuits where the noise parameter $\delta$ in the noisy leakage model is independent of $|\mathbb{F}|$. The latter is particularly important for
cryptographic schemes operating over large fields, e.g., the AES or the recently standardized post-quantum schemes.
## 2024/342
* Title: Massive Superpoly Recovery with a Meet-in-the-middle Framework -- Improved Cube Attacks on Trivium and Kreyvium
* Authors: Jiahui He, Kai Hu, Hao Lei, Meiqin Wang
* [Permalink](
https://eprint.iacr.org/2024/342)
* [Download](
https://eprint.iacr.org/2024/342.pdf)
### Abstract
The cube attack extracts the information of secret key bits by recovering the coefficient called superpoly in the output bit with respect to a subset of plaintexts/IV, which is called a cube. While the division property provides an efficient way to
detect the structure of the superpoly, superpoly recovery could still be prohibitively costly if the number of rounds is sufficiently high. In particular, Core Monomial Prediction (CMP) was proposed at ASIACRYPT 2022 as a scaled-down version of Monomial
Prediction (MP), which sacrifices accuracy for efficiency but ultimately gets stuck at 848 rounds of \trivium.
In this paper, we provide new insights into CMP by elucidating the algebraic meaning to the core monomial trails. We prove that it is sufficient to recover the superpoly by extracting all the core monomial trails, an approach based solely on CMP, thus
demonstrating that CMP can achieve perfect accuracy as MP does. We further reveal that CMP is still MP in essence, but with variable substitutions on the target function. Inspired by the divide-and-conquer strategy that has been widely used in previous
literature, we design a meet-in-the-middle (MITM) framework, in which the CMP-based approach can be embedded to achieve a speedup.
To illustrate the power of these new techniques, we apply the MITM framework to \trivium, \grain and \kreyvium. As a result, not only can the previous computational cost of superpoly recovery be reduced (e.g., 5x faster for superpoly recovery on 192-
round \grain), but we also succeed in recovering superpolies for up to 851 rounds of \trivium and up to 899 rounds of \kreyvium. This surpasses the previous best results by respectively 3 and 4 rounds. Using the memory-efficient M\"obius transform
proposed at EUROCRYPT 2021, we can perform key recovery attacks on target ciphers, even though the superpoly may contain over $2^{40}$ monomials. This leads to the best cube attacks on the target ciphers.
## 2024/351
* Title: Improved Differential Meet-In-The-Middle Cryptanalysis
* Authors: Zahra Ahmadian, Akram Khalesi, Dounia M'foukh, Hossein Moghimi, María Naya-Plasencia
* [Permalink](
https://eprint.iacr.org/2024/351)
* [Download](
https://eprint.iacr.org/2024/351.pdf)
### Abstract
In this paper, we extend the applicability of differential meet-
in-the-middle attacks, proposed at Crypto 2023, to truncated differen-
tials, and in addition, we introduce three new ideas to improve this type
of attack: we show how to add longer structures than the original pa-
per, we show how to improve the key recovery steps by introducing some probability in them, and we combine this type of attacks with the state-
test technique, that was introduced in the context of impossible differ-
ential attacks. Furthermore, we have developed a MILP-based tool to
automate the search for a truncated differential-MITM attack with op-
timized overall complexity, incorporating some of the proposed improve-
ments. Thanks to this, we can build the best known attacks on the cipher
CRAFT, reaching 23 rounds against 21 previously; we provide a new at-
tack on 23-round SKINNY-64-192, and we improve the best attacks on SKINNY-128-384.
## 2024/364
* Title: Algebraic Algorithm for the Alternating Trilinear Form Equivalence Problem
* Authors: Lars Ran, Simona Samardjiska, Monika Trimoska
* [Permalink](
https://eprint.iacr.org/2024/364)
* [Download](
https://eprint.iacr.org/2024/364.pdf)
### Abstract
The Alternating Trilinear Form Equivalence (ATFE) problem was recently used by Tang et al. as a hardness assumption in the design of a Fiat-Shamir digital signature scheme ALTEQ. The scheme was submitted to the additional round for digital signatures of
the NIST standardization process for post-quantum cryptography.
ATFE is a hard equivalence problem known to be in the class of equivalence problems that includes, for instance, the Tensor Isomorphism (TI), Quadratic Maps Linear Equivalence (QMLE) and the Matrix Code Equivalence (MCE) problems. Due to the increased
cryptographic interest, the understanding of its practical hardness has also increased in the last couple of years. Currently, there are several combinatorial and algebraic algorithms for solving it, the best of which is a graph-theoretic algorithm that
also includes an algebraic subroutine.
In this paper, we take a purely algebraic approach to the ATFE problem, but we use a coding theory perspective to model the problem. This modelling was introduced earlier for the MCE problem. Using it, we improve the cost of algebraic attacks against
ATFE compared to previously known ones.
Taking into account the algebraic structure of alternating trilinear forms, we show that the obtained system has less variables but also less equations than for MCE and gives rise to structural degree-3 syzygies. Under the assumption that outside of
these syzygies the system behaves semi-regularly, we provide a concrete, non-asymptotic complexity estimate of the performance of our algebraic attack.
Our results show that the complexity of our attack is below the estimated security levels of ALTEQ by more than 20 bits for NIST level I (and more for the others), thus the scheme requires re-parametrization for all three NIST security levels.
## 2024/367
* Title: Accelerating SLH-DSA by Two Orders of Magnitude with a Single Hash Unit
* Authors: Markku-Juhani O. Saarinen
* [Permalink](
https://eprint.iacr.org/2024/367)
* [Download](
https://eprint.iacr.org/2024/367.pdf)
### Abstract
We report on efficient and secure hardware implementation techniques for the FIPS 205 SLH-DSA Hash-Based Signature Standard. We demonstrate that very significant overall performance gains can be obtained from hardware that optimizes the padding formats
and iterative hashing specific to SLH-DSA. A prototype implementation, SLotH, contains Keccak/SHAKE, SHA2-256, and SHA2-512 cores and supports all 12 parameter sets of SLH-DSA. SLotH also supports side-channel secure PRF computation and Winternitz chains.
SLotH drivers run on a small RISC-V control core, as is common in current Root-of-Trust systems.
The new features make SLH-DSA on SLotH many times faster compared to similarly-sized general-purpose hash accelerators. Compared to unaccelerated microcontroller implementations, the performance of SLotH's SHAKE variants is up to $300\times$ faster;
signature generation with 128f parameter set is is 4,903,978 cycles, while signature verification with 128s parameter set is only 179,603 cycles. The SHA2 parameter sets have approximately half of the speed of SHAKE parameter sets. We observe that the
signature verification performance of SLH-DSA's "s" parameter sets is generally better than that of accelerated ECDSA or Dilithium on similarly-sized RoT targets. The area of the full SLotH system is small, from 63 kGE (SHA2, Cat 1 only) to 155 kGe (all
parameter sets). Keccak Threshold Implementation adds another 130 kGE.
We provide sensitivity analysis of SLH-DSA in relation to side-channel leakage. We show experimentally that an SLH-DSA implementation with CPU hashing will rapidly leak the SK.seed master key. We perform a 100,000-trace TVLA leakage assessment with a
protected SLotH unit.
## 2024/372
* Title: Two-Round Maliciously-Secure Oblivious Transfer with Optimal Rate
* Authors: Pedro Branco, Nico Döttling, Akshayaram Srinivasan
* [Permalink](
https://eprint.iacr.org/2024/372)
* [Download](
https://eprint.iacr.org/2024/372.pdf)
### Abstract
We give a construction of a two-round batch oblivious transfer (OT) protocol in the CRS model that is UC-secure against malicious adversaries and has (near) optimal communication cost. Specifically, to perform a batch of $k$ oblivious transfers where the
sender's inputs are bits, the sender and the receiver need to communicate a total of $3k + o(k) \cdot \mathsf{poly}(\lambda)$ bits. We argue that $3k$ bits are required by any protocol with a black-box and straight-line simulator. The security of our
construction is proven assuming the hardness of Quadratic Residuosity (QR) and the Learning Parity with Noise (LPN).
## 2024/381
* Title: Quantum Circuits of AES with a Low-depth Linear Layer and a New Structure
* Authors: Haotian Shi, Xiutao Feng
* [Permalink](
https://eprint.iacr.org/2024/381)
* [Download](
https://eprint.iacr.org/2024/381.pdf)
### Abstract
In recent years quantum computing has developed rapidly. The security threat posed by quantum computing to cryptography makes it necessary to better evaluate the resource cost of attacking algorithms, some of which require quantum implementations of the
attacked cryptographic building blocks. In this paper we manage to optimize quantum circuits of AES in several aspects. Firstly, based on de Brugière \textit{et al.}'s greedy algorithm, we propose an improved depth-oriented algorithm for synthesizing
low-depth CNOT circuits with no ancilla qubits. Our algorithm finds a CNOT circuit of AES MixColumns with depth 10, which breaks a recent record of depth 16. In addition, our algorithm gives low-depth CNOT circuits for many MDS matrices and matrices used
in block ciphers studied in related work. Secondly, we present a new structure named compressed pipeline structure to synthesize quantum circuits of AES, which can be used for constructing quantum oracles employed in quantum attacks based on Grover and
Simon's algorithms. When the number of ancilla qubits required by the round function and its inverse is not very large, our structure will have a better trade-off of $D$-$W$ cost. We then give detailed quantum circuits of AES-128 under the guidance of
our structure and make some comparisons with other circuits. Finally, our encryption circuit and key schedule circuit have their own application scenarios. The Encryption oracle used in Simon's algorithm built with the former will have smaller depth. For
example, we can construct an AES-128 Encryption oracle with $T$-depth 33, while the previous best result is 60. A small variant of the latter, along with our method to make an Sbox input-invariant, can avoid the allocation of extra ancilla qubits for
storing key words in the shallowed pipeline structure. Based on this, we achieve a quantum circuit of AES-128 with the lowest $TofD$-$W$ cost 130720 to date.
## 2024/382
* Title: Decentralized Access Control Infrastructure for Enterprise Digital Asset Management
* Authors: Chirag Madaan, Rohan Agarwal, Vipul Saini, Ujjwal Kumar
* [Permalink](
https://eprint.iacr.org/2024/382)
* [Download](
https://eprint.iacr.org/2024/382.pdf)
### Abstract
With the rapidly evolving landscape of cryptography, blockchain technology has advanced to cater to diverse user requirements, leading to the emergence of a multi-chain ecosystem featuring various use cases characterized by distinct transaction speed and
decentralization trade-offs. At the heart of this evolution lies digital signature schemes, responsible for safeguarding blockchain-based assets such as ECDSA, Schnorr, and EdDSA, among others.
However, a critical gap exists in the current landscape — there is no solution empowering a consortium of entities to collectively manage or generate digital signatures for diverse digital assets in a distributed manner with dynamic threshold settings,
all while mitigating counter-party risks. Existing threshold signature schemes impose a fixed threshold during the key generation phase, limiting the adaptability of threshold settings for the subsequent signature phase. Attempts to address this
challenge often involve relinquishing signature generation control either partially or entirely from the participating parties, introducing vulnerabilities that could jeopardize digital assets in the event of network disruptions.
Addressing this gap, our work introduces an innovative infrastructure that allows a group of users to programmatically define and manage access control policies, supported by a blockchain network dedicated to policy enforcement. This network is uniquely
designed to prevent any entity, including itself, from autonomously generating digital signatures, thereby mitigating counter-party risks and enhancing asset security. This system is particularly suited for enterprise contexts, where collaborative asset
oversight and policy adherence are essential. Our solution marks a significant stride in the realm of blockchain technology, paving the way for more sophisticated and secure digital asset management in a rapidly evolving digital landscape.
## 2024/383
* Title: Malicious Security for SCALES: Outsourced Computation with Ephemeral Servers
* Authors: Anasuya Acharya, Carmit Hazay, Vladimir Kolesnikov, Manoj Prabhakaran
* [Permalink](
https://eprint.iacr.org/2024/383)
* [Download](
https://eprint.iacr.org/2024/383.pdf)
### Abstract
SCALES (Small Clients And Larger Ephemeral Servers) model is a recently proposed model for MPC (Acharya et al., TCC 2022). While the SCALES model offers several attractive features for practical large-scale MPC, the result of Acharya et al. only offered
semi-honest secure protocols in this model.
We present a new efficient SCALES protocol secure against malicious adversaries, for general Boolean circuits. We start with the base construction of Acharya et al. and design and use a suite of carefully defined building blocks that may be of
independent interest. The resulting protocol is UC-secure without honest majority, with a CRS and bulletin-board as setups, and allows publicly identifying deviations from correct execution.
## 2024/384
* Title: Transmitter Actions for Secure Integrated Sensing and Communication
* Authors: Truman Welling, Onur Gunlu, Aylin Yener
* [Permalink](
https://eprint.iacr.org/2024/384)
* [Download](
https://eprint.iacr.org/2024/384.pdf)
### Abstract
This work models a secure integrated sensing and communication (ISAC) system as a broadcast channel with action-dependent channel states and output feedback. The transmitted message is split into a common and a secure message, both of which must be
recovered at the legitimate receiver, while the secure message needs to be kept secret from the eavesdropper. The transmitter actions, such as beamforming vector design, affect the corresponding state distribution at each channel use. The action sequence
is modeled to depend on both the transmitted message and channel output feedback. For perfect channel output feedback, the secrecy-distortion regions are provided for physically-degraded and reversely-physically-degraded secure ISAC channels with
transmitter actions. The corresponding rate regions when the entire message should be kept secret are also provided. We illustrate the results by characterizing the secrecy-distortion region of a binary example.
## 2024/385
* Title: A New Public Key Cryptosystem Based on the Cubic Pell Curve
* Authors: Michel Seck, Abderrahmane Nitaj
* [Permalink](
https://eprint.iacr.org/2024/385)
* [Download](
https://eprint.iacr.org/2024/385.pdf)
### Abstract
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)