Cryptology ePrint Archive
Not a member yet
24907 research outputs found
Sort by
Collusion-Safe Proxy Re-Encryption
Proxy re-encryption is a cryptographic scheme enabling a delegator (user ) to delegate its decryption right to a valid delegatee (user ) through a proxy, who cannot extract any information about the message during the procedure. An important security notion is the security against collusion between the proxy and the delegatee. In this case, the adversary has the secret key of the delegatee, , and the re-encryption key, . The master secret security is first formalised by Ateniese et al. (NDSS\u2705) to capture the secrecy of \u27s secret key during collusion. This notion was further formalised by Zhou et al. (ASIACRYPT\u2723) as the indistinguishability of re-encrypted ciphertext against chosen-message attacks, called collusion safety, which implies the master secret security. In this paper, we find that a PRE scheme is not master secret secure as they claimed, and many other schemes were not master secret secure. Then, we propose a generic construction to achieve collusion safety at the cost of doubling the key size from the IND-CPA secure PRE, enjoying a much better generality and efficiency than the existing technique by secret sharing
Faster Bootstrapping for CKKS with Less Modulus Consumption
In fully homomorphic encryption, bootstrapping serves as a key component while also remaining the performance bottleneck of the scheme. Specifically, for CKKS bootstrapping, this bottleneck is reflected in significant computational overhead and modulus consumption.
In this work, we improve the CKKS bootstrapping with lower time complexity and less modulus consumption. We first propose a novel rescaling operation, called level-conserving rescaling, that acts on CoeffsToSlots for saving moduli. Secondly, we reconstruct the rotation keys and merge the plaintext-ciphertext multiplication and rescaling operations into the key-switching procedure, which reduces the time complexity of matrix-vector multiplication for matrices with 64 non-zero diagonals, albeit with increased space overhead. By combining the two methods in CoeffsToSlots in a non-trivial manner, we not only further accelerate the homomorphic linear transformations and save one level of moduli, but also reduce the total size of rotation keys.
Experiments demonstrate the practicability of our techniques. Compared to the state of the art, our approaches saves one level of moduli, achieves a improvement in bootstrapping throughput and an reduction of rotation key size in CoeffsToSlots. Furthermore, with sufficient storage, our technology achieves up to higher bootstrapping throughput than before, at the cost of doubling the rotation key size in CoeffsToSlots. The bootstrapping precision and failure probability remain identical to the previous method
Side-Channel Sensitivity Analysis on HQC: Towards a Fully Masked Implementation
Hamming Quasi-Cyclic (HQC) has recently been officially selected for standardization by NIST as a post-quantum KEM alternative to ML-KEM.
This milestone raises new requirements, in particular the need to design and deploy secure implementations of the scheme.
This paper presents two major contributions to secure HQC against Side-Channel Attacks (SCAs).
First, we present a detailed sensitivity analysis of HQC, highlighting the critical variables and critical internal functions that need to be protected.
Second and main contribution, we propose the first fully masked HQC implementation at any order.
It is also the first PQC masked implementation that is formally proved to be secure in the MIMO-SNI security model.
This security, introduced by Cassiers and Standaert in 2020, ensures the security of gadgets composition against propagating probes.
In this paper, we provide benchmarks of our implementation, showing that our masked implementation is competitive in the state-of-the-art masked PQC implementations
THF: Designing Low-Latency Tweakable Block Ciphers
We introduce the (), a new instantiation of the paradigm that employs three hash functions to process tweak inputs. We prove that achieves beyond-birthday-bound security under standard assumptions. By extending the general practical cryptanalysis framework to the multiple-tweak setting, we further demonstrate that offers balanced resistance to both single- and multiple-tweak attacks, thereby enabling the potential for lower latency compared to existing constructions. Building on this framework, we design , a family of tweakable block ciphers optimized for ultra-low latency. features logarithmic-depth Toeplitz-based hashing, which ensures efficient diffusion and scalability with varying tweak lengths. Our cryptanalysis shows that achieves strong security with fewer rounds, while hardware evaluations confirm its superior latency performance. Notably, maintains comparable latency even when the tweak length is doubled, underscoring the scalability advantage of
Two-Server Sublinear PIR with Symmetric Privacy and Statistical Security
The field of private information retrieval (PIR) has made significant strides with a recent focus on protocols that offer sublinear online time, ensuring efficient access to public databases without compromising the privacy of the queries. The pioneering two-server PIR protocols developed by Corrigan-Gibbs and Kogan (EUROCRYPT 2020) enjoy the dual benefits of sublinear online time and statistical security. This allows their protocols to provide high efficiency and resist computationally unbounded adversaries. In this work, we extend this seminal work to the symmetric PIR (SPIR) context, where the protocol must ensure that the client is privy only to the requested database entries, with no knowledge of the remaining data. This enhancement aligns with scenarios where the confidentiality of non-requested information is as critical as the query itself. Our main result is the introduction of the first two-server SPIR protocols that achieve both sublinear online time and statistical security, together with an enhancement for achieving sublinear amortized time. Our protocols require a pragmatic level of shared randomness between the servers, which however is necessary for implementing statistical security in two-server SPIR, as showed by Gertner et al. (STOC 1998)
Rethinking Learning-based Symmetric Cryptanalysis: a Theoretical Perspective
In this paper, we revisit the standard approach to constructing neural distinguishers in symmetric cryptanalysis and introduce a game-like model, the Coin-Tossing model, to generalize this methodology. From the perspective of Boolean functions, we show that many classical cryptanalytic techniques can be generalized as a specific family of Boolean functions, termed the CPF class. We further explore the connection between learning CPF Boolean functions in the Coin-Tossing model and the well-known Learning Parity with Noise (LPN) problem. Leveraging the theoretical analysis, we identify key attributes of CPF functions that significantly affect how effectively machine learning algorithms can learn them. To validate our conclusions, we also conduct extensive experiments based on machine learning algorithms. Incorporating our theoretical insights, we propose an advanced 8-round and 9-round neural distinguisher for SPECK32/64 by reducing the problem complexity. Additionally, we propose a method based on the Goldreich-Levin algorithm to analyze and interpret what black-box distinguishers learn. Using this approach, we reinterpret several established neural distinguishers in terms of Fourier expansion. It is able to resolve the previous neural distinguisher in several Fourier terms. Notably, we identify a new type of distinguisher from neural networks that has not been discovered by cryptanalysts, which can be considered as a variant of the Differential-Linear distinguisher. We also demonstrate that the neural network not only learned the optimal Differential-Linear (DL) distinguishers found using existing MILP/MIQCP models, but also discovered even superior ones
PlasmaFold: An Efficient and Scalable Layer 2 with Client-Side Proving
Despite the growing popularity of blockchains, their scalability remains a significant challenge. Layer-2s (L2s) aim to address this by introducing an operator to process transactions off-chain and post compact summaries to the Layer-1 (L1). However, existing L2 designs struggle with unsatisfactory throughput improvements, complex exit games, limited data availability, stringent synchronization requirements or high computational overhead for users.
This paper introduces PlasmaFold, a novel L2 designed to overcome each of those limitations. PlasmaFold utilizes a hybrid architecture: an operator (aggregator) generates proofs on server side for the honest construction of blocks, while users maintain balance proofs on their own devices. This separation of concerns enables instant, non-interactive exits via balance proofs, while block proofs handle most of the validations, minimizing users’ costs. By leveraging Incrementally Verifiable Computation (IVC), PlasmaFold achieves both instant synchronization and concrete efficiency. Using PlasmaFold proving routines, users can update their balance proofs within a browser in under 1 second per transaction using less than 1 GB of RAM. Our construction does not impact scaling, we show that it remains possible to leverage recent verifiable plasma research designed to keep a minimal on-chain footprint, thereby enabling PlasmaFold to reach a theoretical throughput of over 14000 transactions per second
Integrating and Benchmarking KpqC in TLS/X.509
This paper reports on the implementation and performance evaluation of Korean Post-Quantum Cryptography standards within existing TLS/X.509 infrastructure. We integrated HAETAE, AIMer, SMAUG-T, and NTRU+—the four KpqC standard algorithms—into the OpenSSL ecosystem via a modified liboqs framework. Then, we measured static overhead (certificate size) and dynamic overhead (TLS handshake latency) under both computational-bound (localhost) and network-bound (LAN) settings. Our results indicate that, focusing on the Korean standards, KpqC certificates are 11.5–48 times larger than the classical ECC baseline. In performance, the tested KpqC KEMs increase handshake latency by over 750\% in computation-bound tests (localhost) and by up to 35\% in network-bound tests (LAN). To our knowledge, this study constitutes the first practical evaluation of KpqC standards in real-world TLS environments, providing concrete performance data to guide post-quantum migration strategies
OMIX: Offline Mixing for Scalable Self-Tallying Elections
In electronic voting systems, guaranteeing voter anonymity is essential. One primary method to ensure this is the use of a mix-net, in which a set of mix-servers sequentially shuffle a set of encrypted votes, and generate proofs that a correct permutation has been applied. Whilst mix-nets offer advantages over alternative approaches, their traditional use during the tallying phase introduces a significant robustness bottleneck: the process is inherently sequential and critically depends on trusted authorities to perform shuffling and decryption. Any disruption can prevent the final result from being revealed.
In this work, we propose offline mixing OMIX, the first voting framework to support a mix-net-based system in which trustees never handle encrypted votes, while also ensuring that each voter\u27s cost is independent of the total number of voters. In particular, the contributions of permutations by mix-servers and decryption shares by trustees are completed and publicly verified before any vote is cast. This eliminates the need for their participation during tallying and enables the first scalable, mix-net-based, and self-tallying voting protocol in the sense of Kiayias and Yung (PKC\u2702).
At the core of OMIX is a distributed key-generation mechanism: each voter locally generates a private voting key and registers a constant-size set of basis public keys. These are permuted and partially decrypted in an offline phase, resulting in a final public decryption key that reveals votes in shuffled order. Our construction leverages the homomorphic and structure-preserving properties of function-hiding inner-product functional encryption, combined with standard primitives, to achieve self-tallying, client scalability, ballot privacy and other voting properties. To support the new mixing structure introduced by OMIX, we also develop a compact and verifiable offline mix-net, based on an enhanced linearly homomorphic signature scheme. This latter primitive may be of independent interest
Quantum-Safe Hybrid Key Exchanges with KEM-Based Authentication
Authenticated Key Exchange (AKE) between any two entities is one of the most important security protocols available for securing our digital networks and infrastructures. In PQCrypto 2023, Bruckner, Ramacher and Striecks proposed a novel hybrid AKE (HAKE) protocol dubbed Muckle+ that is particularly useful in large quantum-safe networks consisting of a large number of nodes. Their protocol is hybrid in the sense that it allows key material from conventional, post-quantum, and quantum cryptography primitives to be incorporated into a single end-to-end authenticated shared key.
To achieve the desired authentication properties, Muckle+ utilizes post-quantum digital signatures. However, available instantiations of such signatures schemes are not yet efficient enough compared to their post-quantum key-encapsulation mechanism (KEM) counterparts, particularly in large networks with potentially several connections in a short period of time.
To mitigate this gap, we propose Muckle# that pushes the efficiency boundaries of currently known HAKE constructions. Muckle# uses post-quantum key-encapsulating mechanisms for implicit authentication inspired by recent works done in the area of Transport Layer Security (TLS) protocols, particularly, in KEMTLS (CCS\u2720).
We port those ideas to the HAKE framework and develop novel proof techniques on the way. Due to our KEM-based approach, the resulting protocol has a slightly different message flow compared to prior work that we carefully align with the HAKE framework and which makes our changes to Muckle+ non-trivial. Lastly, we evaluate the approach by a prototypical implementation and a direct comparison with Muckle+ to highlight the efficiency gains