[continued from previous message]

Peer-to-peer energy trading markets enable users to exchange electricity, directly offering them increased financial benefits. However, discrepancies often arise between the electricity volumes committed to in trading auctions and the volumes actually
consumed or injected. Solutions designed to address this issue often require access to sensitive information that should be kept private.

This paper presents a novel, fully privacy-preserving billing protocol designed to protect users' sensitive consumption and production data in the context of billing protocols for energy trading. Leveraging advanced cryptographic techniques, including
fully homomorphic encryption (FHE) and pseudorandom zero sharing (PRZS), our protocol ensures robust security and confidentiality while addressing the critical issue of managing discrepancies between promised and actual electricity volumes. The proposed
protocol guarantees that users' sensitive information remains inaccessible to external parties, including the trading platform and billing server. By utilizing FHE, the protocol allows computations on encrypted data without compromising privacy, while
PRZS ensures secure aggregation of individual discrepancies of each household. This combination of cryptographic primitives maintains data privacy and enhances billing accuracy, even when fluctuations in energy supply and demand occur.

We analyze real-time consumption and production data from 100 households to experimentally validate the effectiveness and efficiency of our billing model. By implementing a flexible framework compatible with any billing method, we demonstrate that our
protocol can accurately compute individual bills for 100 households in approximately 0.17 seconds.



## 2024/1563

* Title: Optimized One-Dimensional SQIsign Verification on Intel and Cortex-M4 * Authors: Marius A. Aardal, Gora Adj, Arwa Alblooshi, Diego F. Aranha, Isaac A. Canales-Martínez, Jorge Chavez-Saab, Décio Luiz Gazzoni Filho, Krijn Reijnders, Francisco Rodríguez-Henríquez
* [Permalink](https://eprint.iacr.org/2024/1563)
* [Download](https://eprint.iacr.org/2024/1563.pdf)

### Abstract

SQIsign is a well-known post-quantum signature scheme due to its small combined signature and public-key size. However, SQIsign suffers from notably long signing times, and verification times are not short either. To improve this, recent research has
explored both one-dimensional and two-dimensional variants of SQIsign, each with distinct characteristics. In particular, SQIsign2D’s efficient signing and
verification times have made it a focal point of recent research. However, the absence of an optimized one-dimensional verification implementation hampers a thorough comparison between these different variants.

This work bridges this gap in the literature: we provide a state-of-the-art implementation of one-dimensional SQIsign verification, including novel optimizations. We report a record-breaking one-dimensional SQIsign verification time of 8.6 Ice Lake
Mcycles, closely matching SQIsign2D. For uncompressed signatures, the signature size doubles and we verify in only 5.6 Mcycles. Taking advantage of the inherent parallelism available in isogeny computations, we present 5-core variants that can go as low
as 1.3 Mcycles. Furthermore, we present the first implementation that supports both 32-bit and 64-bit processors. It includes optimized assembly code for the Cortex-M4 and has been integrated with the pqm4 project. Our results motivate further research
into one-dimensional SQIsign, as it boasts unique features among isogeny-based schemes.



## 2024/1564

* Title: A Simple Framework for Secure Key Leasing
* Authors: Fuyuki Kitagawa, Tomoyuki Morimae, Takashi Yamakawa
* [Permalink](https://eprint.iacr.org/2024/1564)
* [Download](https://eprint.iacr.org/2024/1564.pdf)

### Abstract

Secure key leasing (a.k.a. key-revocable cryptography) enables us to lease a cryptographic key as a quantum state in such a way that the key can be later revoked in a verifiable manner. We propose a simple framework for constructing cryptographic
primitives with secure key leasing via the certified deletion property of BB84 states. Based on our framework, we obtain the following schemes.

- A public key encryption scheme with secure key leasing that has classical revocation based on any IND-CPA secure public key encryption scheme. Prior works rely on either quantum revocation or stronger assumptions such as the quantum hardness of the
learning with errors (LWE) problem.

- A pseudorandom function with secure key leasing that has classical revocation based on one-way functions. Prior works rely on stronger assumptions such as the quantum hardness of the LWE problem.

- A digital signature scheme with secure key leasing that has classical revocation based on the quantum hardness of the short integer solution (SIS) problem. Our construction has static signing keys, i.e., the state of a signing key almost does not
change before and after signing. Prior constructions either rely on non-static signing keys or indistinguishability obfuscation to achieve a stronger goal of copy-protection.

In addition, all of our schemes remain secure even if a verification key for revocation is leaked after the adversary submits a valid certificate of deletion. To our knowledge, all prior constructions are totally broken in this setting. Moreover, in our
view, our security proofs are much simpler than those for existing schemes.



## 2024/1565

* Title: Fiat-Shamir in the Wild
* Authors: Hieu Nguyen, Uyen Ho, Alex Biryukov
* [Permalink](https://eprint.iacr.org/2024/1565)
* [Download](https://eprint.iacr.org/2024/1565.pdf)

### Abstract

The Fiat-Shamir transformation is a key technique for removing interactivity from cryptographic proof systems in real-world applications. In this work, we discuss five types of Fiat-Shamir-related protocol design errors and illustrate them with concrete
examples mainly taken from real-life applications. We discuss countermeasures for such vulnerabilities.



## 2024/1566

* Title: Dynamic zk-SNARKs
* Authors: Weijie Wang, Charalampos Papamanthou, Shravan Srinivasan, Dimitrios Papadopoulos
* [Permalink](https://eprint.iacr.org/2024/1566)
* [Download](https://eprint.iacr.org/2024/1566.pdf)

### Abstract

In this work, we put forth the notion of dynamic zk-SNARKs. A dynamic zk-SNARK is a zk-SNARK that has an additional update algorithm. The update algorithm takes as input a valid source statement-witness pair $(x,w)\in \mathcal{L}$ along with a verifying
proof $\pi$, and a valid target statement-witness pair $(x',w')\in \mathcal{L}$. It outputs a verifying proof $\pi'$ for $(x',w')$ in sublinear time (for $(x,w)$ and $(x',w')$ with small Hamming distance) potentially with the help of a data structure. To
the best of our knowledge, none of the commonly-used zk-SNARKs are dynamic---a single update in $(x,w)$ can be handled only by recomputing the proof, which requires at least linear time. After presenting the formal definition of dynamic zk-SNARKs, we
provide two constructions. The first one is based on recursive SNARKs and has $O(\log n)$ update time. However it suffers from heuristic security---it must encode the random oracle in the SNARK circuit. The second one and our central contribution, $\
mathsf{Dynaverse}$, is based solely on KZG commitments and has $O(\sqrt{n}\log n)$ update time. Our preliminary evaluation shows, that, while worse asymptotically, $\mathsf{Dynaverse}$ outperforms the recursive-based approach by at least one order of
magnitude.



## 2024/1567

* Title: A New World in the Depths of Microcrypt: Separating OWSGs and Quantum Money from QEFID
* Authors: Amit Behera, Giulio Malavolta, Tomoyuki Morimae, Tamer Mour, Takashi Yamakawa
* [Permalink](https://eprint.iacr.org/2024/1567)
* [Download](https://eprint.iacr.org/2024/1567.pdf)

### Abstract

While in classical cryptography, one-way functions (OWFs) are widely regarded as the “minimal assumption,” the situation in quantum cryptography is less clear. Recent works have put forward two concurrent candidates for the minimal assumption in
quantum cryptography: One-way state generators (OWSGs), postulating the existence of a hard search problem with an efficient verification algorithm, and EFI pairs, postulating the existence of a hard distinguishing problem. Two recent papers [Khurana and
Tomer STOC’24; Batra and Jain FOCS’24] showed that OWSGs imply EFI pairs, but the reverse direction remained open. In this work, we give strong evidence that the opposite direction does not hold: We show that there is a quantum unitary oracle
relative to which EFI pairs exist, but OWSGs do not. In fact, we show a slightly stronger statement that holds also for EFI pairs that output classical bits (QEFID).
As a consequence, we separate, via our oracle, QEFID, and one-way puzzles from OWSGs and several other Microcrypt primitives, including efficiently verifiable one-way puzzles and unclonable state generators. In particular, this solves a problem left open
in [Chung, Goldin, and Gray Crypto’24].
Using similar techniques, we also establish a fully black-box separation (which is slightly weaker than an oracle separation) between private-key quantum money schemes and QEFID pairs.
One conceptual implication of our work is that the existence of an efficient verification algorithm may lead to qualitatively stronger primitives in quantum cryptography.



## 2024/1568

* Title: Oracle Separation Between Quantum Commitments and Quantum One-wayness * Authors: John Bostanci, Boyang Chen, Barak Nehoran
* [Permalink](https://eprint.iacr.org/2024/1568)
* [Download](https://eprint.iacr.org/2024/1568.pdf)

### Abstract

We show that there exists a unitary quantum oracle relative to which quantum commitments exist but no (efficiently verifiable) one-way state generators exist. Both have been widely considered candidates for replacing one-way functions as the minimal
assumption for cryptography—the weakest cryptographic assumption implied by all of computational cryptography. Recent work has shown that commitments can be constructed from one-way state generators, but the other direction has remained open. Our
results rule out any black-box construction, and thus settle this crucial open problem, suggesting that quantum commitments (as well as its equivalency class of EFI pairs, quantum oblivious transfer, and secure quantum multiparty computation) appear to
be strictly weakest among all known cryptographic primitives.



## 2024/1569

* Title: The Supersingular Isogeny Path and Endomorphism Ring Problems: Unconditional Reductions
* Authors: Maher Mamah
* [Permalink](https://eprint.iacr.org/2024/1569)
* [Download](https://eprint.iacr.org/2024/1569.pdf)

### Abstract

In this paper we study several computational problems related to current post-quantum cryptosystems based on isogenies between supersingular elliptic curves. In particular we prove that the supersingular isogeny path and endomorphism ring problems are
unconditionally equivalent under polynomial time reductions. We show that access to a factoring oracle is sufficient to solve the Quaternion path problem of KLPT and prove that these problems are equivalent, where previous results either assumed
heuristics or the generalised Riemann Hypothesis (GRH). Consequently, given Shor’s quantum algorithm for factorisation, our results yield unconditional quantum polynomial reductions between the isogeny path and EndRing problems. Recently these
reductions have become foundational for the security of isogeny-based cryptography

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)