[continued from previous message]
Our algorithm naturally extends to solving ideal-SVP. Given an ideal $I \subset R$, where $R = \mathbb{Z}[x]/\langle x^t + 1 \rangle$ with a power-of-two integer $t = nd$, we can find the nonzero shortest element of $I$ in time $\exp(O(\frac{t}{2e} \ln \
ln t))$, improving upon the previous enumeration bound of $\exp(O(\frac{t}{2e} \ln t))$.
## 2025/481
* Title: RHQC: post-quantum ratcheted key exchange from coding assumptions
* Authors: Julien Juaneda, Marina Dehez-Clementi, Jean-Christophe Deneuville, Jérôme Lacan
* [Permalink](
https://eprint.iacr.org/2025/481)
* [Download](
https://eprint.iacr.org/2025/481.pdf)
### Abstract
Key Exchange mechanisms (KE or KEMs) such as the Diffie-Hellman protocol have proved to be a cornerstone conciliating the efficiency of symmetric encryption and the practicality of public key primitives.
Such designs however assume the non-compromission of the long term asymmetric key in use. To relax this strong security assumption, and allow for modern security features such as Perfect Forward Secrecy (PFS) or Post Compromise Security (PCS),
Ratcheted-KE (RKE) have been proposed.
This work proposes to turn the Hamming Quasi-Cyclic (HQC) cryptosystem into such a Ratcheted-KE, yielding the first code-based such construction.
Interestingly, our design allows indifferently one party to update the key on-demand rather than the other, yielding a construction called bi-directional RKE, which compares favorably to generic transformations.
Finally, we prove that the resulting scheme satisfies the usual correctness and key-indistinguishability properties, and suggest concrete sets of parameters, assuming different real-life use cases.
## 2025/482
* Title: An Efficient Sequential Aggregate Signature Scheme with Lazy Verification
* Authors: Arinjita Paul, Sabyasachi Dutta, Kouichi Sakurai, C. Pandu Rangan
* [Permalink](
https://eprint.iacr.org/2025/482)
* [Download](
https://eprint.iacr.org/2025/482.pdf)
### Abstract
A sequential aggregate signature scheme (SAS) allows multiple potential signers to sequentially aggregate their respective signatures into a single compact signature. Typically, verification of a SAS signatures requires access to all messages and public
key pairs utilized in the aggregate generation. However, efficiency is crucial for cryptographic protocols to facilitate their practical implementation. To this end, we propose a sequential aggregate signature scheme with lazy verification for a set of
user-message pairs, allowing the verification algorithm to operate without requiring access to all messages and public key pairs in the sequence. This construction is based on the RSA assumption in the random oracle model and is particularly beneficial
in resource constrained applications that involve forwarding of authenticated information between parties, such as certificate chains. As an extension of this work, we introduce the notion of sequentially aggregatable proxy re-signatures that enables
third parties or proxies to transform aggregatable signatures under one public key to another, useful in applications such as sharing web certificates and authentication of network paths. We also present a construction of a sequential aggregate proxy re-
signature scheme, secure in the random oracle model, based on the RSA assumption, which may be of independent interest.
## 2025/483
* Title: Adaptively Secure Threshold Blind BLS Signatures and Threshold Oblivious PRF
* Authors: Stanislaw Jarecki, Phillip Nazarian
* [Permalink](
https://eprint.iacr.org/2025/483)
* [Download](
https://eprint.iacr.org/2025/483.pdf)
### Abstract
We show the first threshold blind signature scheme and threshold Oblivious PRF (OPRF) scheme which remain secure in the presence of an adaptive adversary, who can adaptively decide which parties to corrupt throughout the lifetime of the scheme. Moreover,
our adaptively secure schemes preserve the minimal round complexity and add only a small computational overhead over prior solutions that offered security only for a much less realistic static adversary, who must choose the subset of corrupted parties
before initializing the protocol.
Our threshold blind signature scheme computes standard BLS signatures while our threshold OPRF computes a very efficient "2HashDH" OPRF [JKK14]. We prove adaptive security of both schemes in the Algebraic Group Model (AGM). Our adaptively secure
threshold schemes are as practical as the underlying standard single-server BLS blind signature and 2HashDH OPRF, and they can be used to add cryptographic fault-tolerance and decentralize trust in any system that relies on blind signatures, like
anonymous credentials and e-cash, or on OPRF, like the OPAQUE password authentication and the Privacy Pass anonymous authentication scheme, among many others.
## 2025/484
* Title: EvoLUTe+: Fine-Grained Look-Up-Table-based RTL IP Redaction
* Authors: Rui Guo, M Sazadur Rahman, Jingbo Zhou, Hadi M Kamali, Fahim Rahman, Farimah Farahmandi, Mark Tehranipoor
* [Permalink](
https://eprint.iacr.org/2025/484)
* [Download](
https://eprint.iacr.org/2025/484.pdf)
### Abstract
Hardware obfuscation is an active trustworthy design technique targeting threats in the IC supply chain, such as IP piracy and overproduction. Recent research on Intellectual Property (IP) protection technologies suggests that using embedded
reconfigurable components (e.g., eFPGA redaction) could be a promising approach to hide the functional and structural information of security-critical designs. However, such techniques suffer from almost prohibitive overhead in terms of area, power,
delay, and testability. This paper proposes an obfuscation technique called EvoLUTe+, which is a unique and more fine-grained redaction approach using smaller reconfigurable components (e.g., Look-Up Tables (LUTs)). EvoLUTe+ achieves fine-grained
partitioning, sub-circuit coloring, and scoring of IP, and then encrypts the original IP through the substitution of some sub-circuits. Different attacks are used to test the robustness of EvoLUTe+, including structural and machine learning attacks, as
well as Bounded Model Checking (BMC) attacks. The overhead of the obfuscation design is also analyzed. Experimental results demonstrate that EvoLUTe+ exhibits robustness with acceptable overhead while resisting such threat models.
## 2025/485
* Title: Key reconstruction for QC-MDPC McEliece from imperfect distance spectrum
* Authors: Motonari Ohtsuka, Takahiro Ishimaru, Rei Iseki, Shingo Kukita, Kohtaro Watanabe
* [Permalink](
https://eprint.iacr.org/2025/485)
* [Download](
https://eprint.iacr.org/2025/485.pdf)
### Abstract
McEliece cryptosystems, based on code-based cryptography, is a candidate in Round 4 of NIST's post-quantum cryptography standardization process. The QC-MDPC (quasi-cyclic moderate-density parity-check) variant is particularly noteworthy due to its small
key length. The Guo-Johansson-Stankovski (GJS) attack against the QC-MDPC McEliece cryptosystem was recently proposed and has intensively been studied. This attack reconstructs the secret key using information on decoding error rate (DER). However, in
practice, obtaining complete DER information is presumed to be time-consuming. This paper proposes two algorithms to reconstruct the secret key under imperfection in the DER information and evaluates the relationship between the imperfection and
efficiency of key reconstruction. This will help us to increase the efficacy of the GJS attack.
## 2025/486
* Title: On One-Shot Signatures, Quantum vs Classical Binding, and Obfuscating Permutations
* Authors: Omri Shmueli, Mark Zhandry
* [Permalink](
https://eprint.iacr.org/2025/486)
* [Download](
https://eprint.iacr.org/2025/486.pdf)
### Abstract
One-shot signatures (OSS) were defined by Amos, Georgiou, Kiayias, and Zhandry (STOC'20). These allow for signing exactly one message, after which the signing key self-destructs, preventing a second message from ever being signed. While such an object is
impossible classically, Amos et al observe that OSS may be possible using quantum signing keys by leveraging the no-cloning principle. OSS has since become an important conceptual tool with many applications in decentralized settings and for quantum
cryptography with classical communication. OSS are also closely related to separations between classical-binding and collapse-binding for post-quantum hashing and commitments. Unfortunately, the only known OSS construction due to Amos et al. was only
justified in a classical oracle model, and moreover their justification was ultimately found to contain a fatal bug. Thus, the existence of OSS, even in a classical idealized model, has remained open.
We give the first standard-model OSS, with provable security assuming (sub-exponential) indistinguishability obfuscation (iO) and LWE. This also gives the first standard-model separation between classical and collapse-binding post-quantum commitments/
hashing, solving a decade-old open problem. Along the way, we also give the first construction with unconditional security relative to a classical oracle. To achieve our standard-model construction, we develop a notion of permutable pseudorandom
permutations (permutable PRPs), and show how they are useful for translating oracle proofs involving random permutations into obfuscation-based proofs. In particular, obfuscating permutable PRPs gives a trapdoor one-way permutation that is $\textit{full-
domain}$, solving another decade-old-problem of constructing this object from (sub-exponential) iO and one-way functions.
## 2025/487
* Title: webSPDZ: Versatile MPC on the Web
* Authors: Thomas Buchsteiner, Karl W. Koch, Dragos Rotaru, Christian Rechberger
* [Permalink](
https://eprint.iacr.org/2025/487)
* [Download](
https://eprint.iacr.org/2025/487.pdf)
### Abstract
Multi-party computation (MPC) has become increasingly practical in the last two decades, solving privacy and security issues in various domains, such as healthcare, finance, and machine learning. One big caveat is that MPC sometimes lacks usability since
the knowledge barrier for regular users can be high. Users have to deal with, e.g., various CLI tools, private networks, and sometimes even must install many dependencies, which are often hardware-dependent.
A solution to improve the usability of MPC is to build browser-based MPC engines where each party runs within a browser window. Two examples of such an MPC web engine are JIFF and the web variant of MPyC. Both support an honest majority with passive
corruptions.
$\texttt{webSPDZ}$: Our work brings one of the most performant and versatile general-purpose MPC engines, MP-SPDZ, to the web. MP-SPDZ supports ≥40 MPC protocols with different security models, enabling many security models on the web. To port MP-SPDZ
to the web, we use Emscripten to compile MP-SPDZ’s C++ BackEnd to WebAssembly and upgrade the party communication for the browser (WebRTC or WebSockets). We call the new MPC web engine webSPDZ. As with the native versions of the mentioned MPC web
engines, MPyC-Web and JIFF, webSPDZ outperforms them in our end-to-end experiments.
We believe that webSPDZ brings forth many interesting and practically relevant use cases. Thus, webSPDZ pushes the boundaries of practical MPC: making MPC more usable and enabling it for a broader community.
## 2025/488
* Title: Exploring General Cyclotomic Rings in Torus-Based Fully Homomorphic Encryption: Part I - Prime Power Instances
* Authors: Philippe Chartier, Michel Koskas, Mohammed Lemou
* [Permalink](
https://eprint.iacr.org/2025/488)
* [Download](
https://eprint.iacr.org/2025/488.pdf)
### Abstract
In the realm of fully homomorphic encryption on the torus, we investigate the algebraic manipulations essential for handling polynomials within cyclotomic rings characterized by prime power indices. This includes operations such as modulo reduction,
computation of the trace operator, extraction, and the blind rotation integral to the bootstrapping procedure, all of which we reformulate within this mathematical framework.
## 2025/489
* Title: Translating Between the Common Haar Random State Model and the Unitary Model
* Authors: Eli Goldin, Mark Zhandry
* [Permalink](
https://eprint.iacr.org/2025/489)
* [Download](
https://eprint.iacr.org/2025/489.pdf)
### Abstract
Black-box separations are a cornerstone of cryptography, indicating barriers to various goals. A recent line of work has explored black-box separations for quantum cryptographic primitives. Namely, a number of separations are known in the Common Haar
Random State (CHRS) model, though this model is not considered a complete separation, but rather a starting point. A few very recent works have attempted to lift these separations to a unitary separation, which are considered complete separations.
Unfortunately, we find significant errors in some of these lifting results.
We prove general conditions under which CHRS separations can be generically lifted, thereby giving simple, modular, and bug-free proofs of complete unitary separations between various quantum primitives. Our techniques allow for simpler proofs of
existing separations as well as new separations that were previously only known in the CHRS model.
## 2025/490
* Title: PREAMBLE: Private and Efficient Aggregation of Block Sparse Vectors and Applications
* Authors: Hilal Asi, Vitaly Feldman, Hannah Keller, Guy N. Rothblum, Kunal Talwar
* [Permalink](
https://eprint.iacr.org/2025/490)
* [Download](
https://eprint.iacr.org/2025/490.pdf)
### Abstract
We revisit the problem of secure aggregation of high-dimensional vectors in a two-server system such as Prio. These systems are typically used to aggregate vectors such as gradients in private federated learning, where the aggregate itself is protected
via noise addition to ensure differential privacy. Existing approaches require communication scaling with the dimensionality, and thus limit the dimensionality of vectors one can efficiently process in this setup.
We propose PREAMBLE: Private Efficient Aggregation Mechanism for Block-sparse Euclidean Vectors. PREAMBLE is a novel extension of distributed point functions that enables communication- and computation-efficient aggregation of block-sparse vectors,
which are sparse vectors where the non-zero entries occur in a small number of clusters of consecutive coordinates. We then show that PREAMBLE can be combined with random sampling and privacy amplification by sampling results, to allow asymptotically
optimal privacy-utility trade-offs for vector aggregation, at a fraction of the communication cost. When coupled with recent advances in numerical privacy accounting, our approach incurs a negligible overhead in noise variance, compared to the Gaussian
mechanism used with Prio.
## 2025/491
* Title: Blind Brother: Attribute-Based Selective Video Encryption
* Authors: Eugene Frimpong, Bin Liu, Camille Nuoskala, Antonis Michalas
* [Permalink](
https://eprint.iacr.org/2025/491)
* [Download](
https://eprint.iacr.org/2025/491.pdf)
### Abstract
The emergence of video streams as a primary medium for communication and the demand for high-quality video sharing over the internet have given rise to several security and privacy issues, such as unauthorized access and data breaches. To address these
limitations, various Selective Video Encryption (SVE) schemes have been proposed, which encrypt specific portions of a video while leaving others unencrypted. The SVE approach balances security and usability, granting unauthorized users access to certain
parts while encrypting sensitive content. However, existing SVE schemes adopt an all-or-nothing coarse-grain encryption approach, where a user with a decryption key can access all the contents of a given video stream. This paper proposes and designs a
fine-grained access control-based selective video encryption scheme, ABSVE, and a use-case protocol called \protocol. Our scheme encrypts different identified Regions of Interest (ROI) with a unique symmetric key and applies a Ciphertext Policy Attribute
Based Encryption (CP-ABE) scheme to tie these keys to specific access policies. This method provides multiple access levels for a single encrypted video stream. Crucially, we provide a formal syntax and security definitions for ABSVE, allowing for
rigorous security analysis of this and similar schemes -- which is absent in prior works. Finally, we provide an implementation and evaluation of our protocol in the Kvazaar HEVC encoder. Overall, our constructions enhance security and privacy while
allowing controlled access to video content and achieve comparable efficiency to compression without encryption.
## 2025/492
* Title: Endorser Peer Anonymization in Hyperledger Fabric for Consortium of Organizations
* Authors: Dharani J, Sundarakantham K, Kunwar Singh, Mercy Shalinie S
* [Permalink](
https://eprint.iacr.org/2025/492)
* [Download](
https://eprint.iacr.org/2025/492.pdf)
### Abstract
Hyperledger Fabric is a unique permissioned platform for implementing blockchain in a consortium. It has a distinct transaction flow of execute-order-validate. During the execution phase, a pre-determined set of endorsing peers execute a transaction and
sign the transaction response. This process is termed endorsement. In the validation phase, peers validate the transaction with reference to an endorsement policy. The identity of the endorsing organizations is obtainable to all the nodes in the network
through the endorser signature and endorsement policy. Knowing this has led to serious vulnerabilities in the blockchain network.
In this paper, we propose a privacy-preserving endorsement system which conceals both endorser signature and endorsement policy. Endorser is anonymized by replacing the signature scheme with a scoped-linkable threshold ring signature scheme. Endorsement
policy is secured using Pedersen commitments and non-interactive proof of knowledge of integer vector. We also achieve efficiency in the computation by employing non-interactive proof of co-prime roots. We provide the necessary security analysis to prove
that the proposed work guarantees anonymity and unlinkability properties. A comparative analysis of our work with an existing framework is provided which shows that the proposed scheme offers higher level of security and it is optimal in terms of
efficiency.
## 2025/493
* Title: Tighter Concrete Security for the Simplest OT
* Authors: Iftach Haitner, Gil Segev
* [Permalink](
https://eprint.iacr.org/2025/493)
* [Download](
https://eprint.iacr.org/2025/493.pdf)
### Abstract
The Chou-Orlandi batch oblivious transfer (OT) protocol is a particularly attractive OT protocol that bridges the gap between practical efficiency and strong security guarantees and is especially notable due to its simplicity. The security analysis
provided by Chou and Orlandi bases the security of their protocol on the hardness of the computational Diffie-Hellman ($\mathsf{CDH}$) problem in prime-order groups. Concretely, in groups in which no better-than-generic algorithms are known for the $\
mathsf{CDH}$ problem, their security analysis yields that an attacker running in time $t$ and issuing $q$ random-oracle queries breaks the security of their protocol with probability at most $\epsilon \leq q^2 \cdot t / 2^{\kappa/2}$, where $\kappa$ is
the bit-length of the group's order. This concrete bound, however, is somewhat insufficient for 256-bit groups (e.g., for $\kappa = 256$, it does not provide any guarantee already for $t = 2^{48}$ and $q = 2^{40}$).
In this work, we establish a tighter concrete security bound for the Chou-Orlandi protocol. First, we introduce the list square Diffie-Hellman ($\ell\text{-}\mathsf{sqDH}$) problem and present a tight reduction from the security of the protocol to the
hardness of solving $\ell\text{-}\mathsf{sqDH}$. That is, we completely shift the task of analyzing the concrete security of the protocol to that of analyzing the concrete hardness of the $\ell\text{-}\mathsf{sqDH}$ problem. Second, we reduce the
hardness of the $\ell\text{-}\mathsf{sqDH}$ problem to that of the decisional Diffie-Hellman ($\mathsf{DDH}$) problem without incurring a multiplicative loss. Our key observation is that although $\mathsf{CDH}$ and $\mathsf{DDH}$ have the same assumed
concrete hardness, relying on the hardness of $\mathsf{DDH}$ enables our reduction to efficiently test the correctness of the solutions it produces.
Concretely, in groups in which no better-than-generic algorithms are known for the $\mathsf{DDH}$ problem, our analysis yields that an attacker running in time $t$ and issuing $q \leq t$ random-oracle queries breaks the security of the Chou-Orlandi
protocol with probability at most $\epsilon \leq t / 2^{\kappa/2}$ (i.e., we eliminate the above multiplicative $q^2$ term). We prove our results within the standard real-vs-ideal framework considering static corruptions by malicious adversaries, and
provide a concrete security treatment by accounting for the statistical distance between a real-model execution and an ideal-model execution.
## 2025/494
* Title: Electromagnetic Side-Channel Analysis of PRESENT Lightweight Cipher
* Authors: Nilupulee A Gunathilake, Owen Lo, William J Buchanan, Ahmed Al-Dubai * [Permalink](
https://eprint.iacr.org/2025/494)
* [Download](
https://eprint.iacr.org/2025/494.pdf)
### Abstract
Side-channel vulnerabilities pose an increasing threat to cryptographically protected devices. Consequently, it is crucial to observe information leakages through physical parameters such as power consumption and electromagnetic (EM) radiation to reduce
susceptibility during interactions with cryptographic functions. EM side-channel attacks are becoming more prevalent. PRESENT is a promising lightweight cryptographic algorithm expected to be incorporated into Internet-of-Things (IoT) devices in the
future. This research investigates the EM side-channel robustness of PRESENT using a correlation attack model. This work extends our previous Correlation EM Analysis (CEMA) of PRESENT with improved results. The attack targets the Substitution box (S-box)
and can retrieve 8 bytes of the 10-byte encryption key with a minimum of 256 EM waveforms. This paper presents the process of EM attack modelling, encompassing both simple and correlation attacks, followed by a critical analysis.
## 2025/495
* Title: A Security-Enhanced Pairing-Free Certificateless Aggregate Signature for Vehicular Ad-Hoc Networks, Revisited
* Authors: Zhengjun Cao, Lihua Liu
* [Permalink](
https://eprint.iacr.org/2025/495)
* [Download](
https://eprint.iacr.org/2025/495.pdf)
### Abstract
We show that the aggregate signature scheme [IEEE Syst. J., 2023, 17(3), 3822-3833] is insecure against forgery attack. This flaw is due to that the ephemeral key or ephemeral value chosen in the signing phase is not indeed bound to the final
signature. An adversary can sign any message while the verifier cannot find the fraud. We also suggest a revising method to frustrate this attack.
## 2025/496
* Title: Shortcut2Secrets: A Table-based Differential Fault Attack Framework
* Authors: Weizhe Wang, Pierrick Méaux, Deng Tang
* [Permalink](
https://eprint.iacr.org/2025/496)
* [Download](
https://eprint.iacr.org/2025/496.pdf)
### Abstract
Recently, Differential Fault Attacks (DFAs) have proven highly effective against stream ciphers designed for Hybrid Homomorphic Encryption (HHE). In this work, we present a table-based DFA framework called the \textit{shortcut attack}, which generalizes
the attack proposed by Wang and Tang on the cipher \textsf{Elisabeth}.
The framework applies to a broad sub-family of ciphers following the Group Filter Permutator (GFP) paradigm and enhances previous DFAs by improving both the fault identification and path generation steps. Notably, the shortcut attack circumvents the
issue of function representation, allowing successful attacks even when the cipher's filter function cannot be represented over the ring it is defined on.
Additionally, we provide complexity estimates for the framework and apply the shortcut attack to \textsf{Elisabeth-4} and its patches. As a result, we optimize the DFA on \textsf{Elisabeth-4}, requiring fewer keystreams and running faster than previous
methods. Specifically, we achieve a DFA that requires only $3000$ keystreams, which is one-fifth of the previous best result. We also successfully mount a practical DFA on \textsf{Gabriel-4} and provide a theoretical DFA for \textsf{Elisabeth-b4}.
For the latest patch, \textsf{Margrethe-18-4}, which follows the more general Mixed Filter Permutator (MFP) paradigm, we present a DFA in a stronger model. To the best of our knowledge, these are the first DFA results on the patches of \textsf{Elisabeth-
4}. Finally, we derive security margins to prevent shortcut attacks on a broad sub-family of MFP ciphers, which can serve as parameter recommendations for designers.
## 2025/497
* Title: Fast Scloud+: A Fast Hardware Implementation for the Unstructured LWE-based KEM - Scloud+
* Authors: Jing Tian, Yaodong Wei, Dejun Xu, Kai Wang, Anyu Wang, Zhiyuan Qiu, Fu Yao, Guang Zeng
* [Permalink](
https://eprint.iacr.org/2025/497)
* [Download](
https://eprint.iacr.org/2025/497.pdf)
### Abstract
Scloud+ is an unstructured LWE-based key encapsulation mechanism (KEM) with conservative quantum security, in which ternary secrets and lattice coding are incorporated for higher computational and communication efficiency. However, its efficiencies are
still much inferior to those of the structured LWE-based KEM, like ML-KEM (standardized by NIST). In this paper, we present a configurable hardware architecture for Scloud+.KEM to improve the computational efficiency. Many algorithmic and architectural
co-optimizations are proposed to reduce the complexity and increase the degree of parallelism. Specially, the matrix multiplications are computed by a block in serial and the block is calculated in one cycle, without using any multipliers. In addition,
the random bits all are generated by an unfolded Keccak core, well matched with the data flow required by the block matrix multiplier. The proposed design is coded in Verilog and implemented under the SMIC 40nm LP CMOS technology. The synthesized results
show that Scloud+.KEM-128 only costs 23.0 $us$, 24.3 $us$, and 24.6 $us$ in the KeyGen, Encaps, and Decaps stages, respectively, with an area consumption of 0.69 $mm^2$, significantly narrowing the gap with the state-of-the-art of Kyber hardware
implementation.
## 2025/498
* Title: Scoop: An Optimizer for Profiling Attacks against Higher-Order Masking * Authors: Nathan Rousselot, Karine Heydemann, Loïc Masure, Vincent Migairou
* [Permalink](
https://eprint.iacr.org/2025/498)
* [Download](
https://eprint.iacr.org/2025/498.pdf)
### Abstract
In this paper we provide new theoretical and empirical evidences that gradient-based deep learning profiling attacks (DL-SCA) suffer from masking schemes. This occurs through an initial stall of the learning process: the so-called plateau effect. To
understand why, we derive an analytical expression of a DL-SCA model targeting simulated traces which enables us to study an analytical expression of the loss. By studying the loss landscape of this model, we show that not only do the magnitudes of the
gradients decrease as the order of masking increases, but the loss landscape also exhibits a prominent saddle point interfering with the optimization process. From these observations, we (1) propose the usage of a second-order optimization algorithm
mitigating the impact of low-gradient areas. In addition, we show how to leverage the intrinsic sparsity of valuable information in SCA traces to better pose the DL-SCA problem. To do so, we (2) propose to use the implicit regularization properties of
the sparse mirror descent. These propositions are gathered in a new publicly available optimization algorithm, Scoop. Scoop combines second-order derivative of the loss function in the optimization process, with a sparse stochastic mirror descent. We
experimentally show that Scoop pushes further the current limitations of DL-SCA against simulated traces, and outperforms the state-of-the-art on the ASCADv1 dataset in terms of number of traces required to retrieve the key, perceived information and
plateau length. Scoop also performs the first non-worst-case attack on the ASCADv2 dataset. On simulated traces, we show that using Scoop reduces the DL-SCA time complexity by the equivalent of one masking order.
## 2025/499
* Title: SCAPEgoat: Side-channel Analysis Library
* Authors: Dev Mehta, Trey Marcantino, Mohammad Hashemi, Sam Karkache, Dillibabu Shanmugam, Patrick Schaumont, Fatemeh Ganji
* [Permalink](
https://eprint.iacr.org/2025/499)
* [Download](
https://eprint.iacr.org/2025/499.pdf)
### Abstract
Side-channel analysis (SCA) is a growing field in
hardware security where adversaries extract secret information
from embedded devices by measuring physical observables like
power consumption and electromagnetic emanation. SCA is a
security assessment method used by governmental labs, standardization
bodies, and researchers, where testing is not just
limited to standardized cryptographic circuits, but it is expanded
to AI accelerators, Post Quantum circuits, systems, etc. Despite
its importance, SCA is performed on an ad hoc basis in the
sense that its flow is not systematically optimized and unified
among labs. As a result, the current solutions do not account
for fair comparisons between analyses. Furthermore, neglecting
the need for interoperability between datasets and SCA metric
computation increases students’ barriers to entry. To address
this, we introduce SCAPEgoat, a Python-based SCA library
with three key modules devoted to defining file format, capturing
interfaces, and metric calculation. The custom file framework
organizes side-channel traces using JSON for metadata, offering
a hierarchical structure similar to HDF5 commonly applied in
SCA, but more flexible and human-readable. The metadata can
be queried with regular expressions, a feature unavailable in
HDF5. Secondly, we incorporate memory-efficient SCA metric
computations, which allow using our functions on resource-restricted
machines. This is accomplished by partitioning datasets
and leveraging statistics-based optimizations on the metrics. In
doing so, SCAPEgoat makes the SCA more accessible to newcomers
so that they can learn techniques and conduct experiments
faster and with the possibility to expand on in the future.
## 2025/500
* Title: SecurED: Secure Multiparty Edit Distance for Genomic Sequences
* Authors: Jiahui Gao, Yagaagowtham Palanikuma, Dimitris Mouris, Duong Tung Nguyen, Ni Trieu
* [Permalink](
https://eprint.iacr.org/2025/500)
* [Download](
https://eprint.iacr.org/2025/500.pdf)
### Abstract
DNA edit distance (ED) measures the minimum number of single nucleotide insertions, substitutions, or deletions required to convert a DNA sequence into another. ED has broad applications in healthcare such as sequence alignment, genome assembly,
functional annotation, and drug discovery. Privacy-preserving computation is essential in this context to protect sensitive genomic data. Nonetheless, the existing secure DNA edit distance solutions lack efficiency when handling large data sequences or
resort to approximations and fail to accurately compute the metric.
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)