Cryptology ePrint Archive
Not a member yet
    24907 research outputs found

    SCAPEgoat: Side-channel Analysis Library

    Get PDF
    Side-channel analysis (SCA) is a growing field in hardware security where adversaries extract secret information from embedded devices by measuring physical observables like power consumption and electromagnetic emanation. SCA is a security assessment method used by governmental labs, standardization bodies, and researchers, where testing is not just limited to standardized cryptographic circuits, but it is expanded to AI accelerators, Post Quantum circuits, systems, etc. Despite its importance, SCA is performed on an ad hoc basis in the sense that its flow is not systematically optimized and unified among labs. As a result, the current solutions do not account for fair comparisons between analyses. Furthermore, neglecting the need for interoperability between datasets and SCA metric computation increases students’ barriers to entry. To address this, we introduce SCAPEgoat, a Python-based SCA library with three key modules devoted to defining file format, capturing interfaces, and metric calculation. The custom file framework organizes side-channel traces using JSON for metadata, offering a hierarchical structure similar to HDF5 commonly applied in SCA, but more flexible and human-readable. The metadata can be queried with regular expressions, a feature unavailable in HDF5. Secondly, we incorporate memory-efficient SCA metric computations, which allow using our functions on resource-restricted machines. This is accomplished by partitioning datasets and leveraging statistics-based optimizations on the metrics. In doing so, SCAPEgoat makes the SCA more accessible to newcomers so that they can learn techniques and conduct experiments faster and with the possibility to expand on in the future

    Tighter Concrete Security for the Simplest OT

    Get PDF
    The Chou-Orlandi batch oblivious transfer (OT) protocol is a particularly attractive OT protocol that bridges the gap between practical efficiency and strong security guarantees and is especially notable due to its simplicity. The security analysis provided by Chou and Orlandi bases the security of their protocol on the hardness of the computational Diffie-Hellman (CDH\mathsf{CDH}) problem in prime-order groups. Concretely, in groups in which no better-than-generic algorithms are known for the CDH\mathsf{CDH} problem, their security analysis yields that an attacker running in time tt and issuing qq random-oracle queries breaks the security of their protocol with probability at most ϵq2t/2κ/2\epsilon \leq q^2 \cdot t / 2^{\kappa/2}, where κ\kappa is the bit-length of the group\u27s order. This concrete bound, however, is somewhat insufficient for 256-bit groups (e.g., for κ=256\kappa = 256, it does not provide any guarantee already for t=248t = 2^{48} and q=240q = 2^{40}). In this work, we establish a tighter concrete security bound for the Chou-Orlandi protocol. First, we introduce the list square Diffie-Hellman (-sqDH\ell\text{-}\mathsf{sqDH}) problem and present a tight reduction from the security of the protocol to the hardness of solving -sqDH\ell\text{-}\mathsf{sqDH}. That is, we completely shift the task of analyzing the concrete security of the protocol to that of analyzing the concrete hardness of the -sqDH\ell\text{-}\mathsf{sqDH} problem. Second, we reduce the hardness of the -sqDH\ell\text{-}\mathsf{sqDH} problem to that of the decisional Diffie-Hellman (DDH\mathsf{DDH}) problem without incurring a multiplicative loss. Our key observation is that although CDH\mathsf{CDH} and DDH\mathsf{DDH} have the same assumed concrete hardness, relying on the hardness of DDH\mathsf{DDH} enables our reduction to efficiently test the correctness of the solutions it produces. Concretely, in groups in which no better-than-generic algorithms are known for the DDH\mathsf{DDH} problem, our analysis yields that an attacker running in time tt and issuing qtq \leq t random-oracle queries breaks the security of the Chou-Orlandi protocol with probability at most ϵt/2κ/2\epsilon \leq t / 2^{\kappa/2} (i.e., we eliminate the above multiplicative q2q^2 term). We prove our results within the standard real-vs-ideal framework considering static corruptions by malicious adversaries, and provide a concrete security treatment by accounting for the statistical distance between a real-model execution and an ideal-model execution

    EvoLUTe+: Fine-Grained Look-Up-Table-based RTL IP Redaction

    Get PDF
    Hardware obfuscation is an active trustworthy design technique targeting threats in the IC supply chain, such as IP piracy and overproduction. Recent research on Intellectual Property (IP) protection technologies suggests that using embedded reconfigurable components (e.g., eFPGA redaction) could be a promising approach to hide the functional and structural information of security-critical designs. However, such techniques suffer from almost prohibitive overhead in terms of area, power, delay, and testability. This paper proposes an obfuscation technique called EvoLUTe+, which is a unique and more fine-grained redaction approach using smaller reconfigurable components (e.g., Look-Up Tables (LUTs)). EvoLUTe+ achieves fine-grained partitioning, sub-circuit coloring, and scoring of IP, and then encrypts the original IP through the substitution of some sub-circuits. Different attacks are used to test the robustness of EvoLUTe+, including structural and machine learning attacks, as well as Bounded Model Checking (BMC) attacks. The overhead of the obfuscation design is also analyzed. Experimental results demonstrate that EvoLUTe+ exhibits robustness with acceptable overhead while resisting such threat models

    A note on industrial blockchain threshold signatures in federated learning for unified space-air-ground-sea model training

    Get PDF
    We show that the threshold signature scheme [J. Ind. Inf. Integr. 39: 100593 (2024)] is insecure against forgery attack. An adversary can find an efficient signing algorithm functionally equivalent to the valid signing algorithm, so as to convert the legitimate signature (sig,s,rx)(sig, s, r_x) of message mm into a valid signature (sig,s,rx2˘7)(sig, s, r_x\u27) of any message m2˘7m\u27

    Cross-Platform Benchmarking of the FHE Libraries: Novel Insights into SEAL and OpenFHE

    Get PDF
    The rapid growth of cloud computing and data-driven applications has amplified privacy concerns, driven by the increasing demand to process sensitive data securely. Homomorphic encryption (HE) has become a vital solution for addressing these concerns by enabling computations on encrypted data without revealing its contents. This paper provides a comprehensive evaluation of two leading HE libraries, SEAL and OpenFHE, examining their performance, usability, and support for prominent HE schemes such as BGV and CKKS. Our analysis highlights computational efficiency, memory usage, and scalability across Linux and Windows platforms, emphasizing their applicability in real-world scenarios. Results reveal that Linux outperforms Windows in computation efficiency, with OpenFHE emerging as the optimal choice across diverse cryptographic settings. This paper provides valuable insights for researchers and practitioners to advance privacy-preserving applications using FHE

    zkAML: Zero-knowledge Anti Money Laundering in Smart Contracts with whitelist approach

    Get PDF
    In the interconnected global financial system, anti-money laundering (AML) and combating the financing of terrorism (CFT) regulations are indispensable for safeguarding financial integrity. However, while illicit transactions constitute only a small fraction of overall financial activities, traditional AML/CFT frameworks impose uniform compliance burdens on all users, resulting in inefficiencies, transaction delays, and privacy concerns. These issues stem from the institution-centric model, where financial entities independently conduct compliance checks, resulting in repeated exposure of personally identifiable information (PII) and operational bottlenecks. To address these challenges, we introduce \textsf{zkAML}, a cryptographic framework that offers a novel approach to AML/CFT compliance. By leveraging zero-knowledge Succinct Non-Interactive Argument of Knowledge (zk-SNARK) proofs, \textsf{zkAML}~enables users to cryptographically demonstrate their regulatory compliance without revealing sensitive personal information. This approach eliminates redundant identity checks, streamlines compliance procedures, and enhances transaction efficiency while preserving user privacy. We implement and evaluate \textsf{zkAML}~on a blockchain network to demonstrate its practicality. Our experimental results show that \textsf{zkAML}~achieves 55 transactions per second (TPS) on a public network and 324 TPS on a private network. The zk-SNARK proof generation times are 226.59226.59ms for senders and 215.76215.76ms for receivers, with a constant verification time of 1.471.47ms per transaction. These findings highlight \textsf{zkAML}\u27s potential as a privacy-preserving and regulation-compliant solution for modern financial systems

    Analysis of the Telegram Key Exchange

    Get PDF
    We describe, formally model, and prove the security of Telegram\u27s key exchange protocols for client-server communications. To achieve this, we develop a suitable multi-stage key exchange security model along with pseudocode descriptions of the Telegram protocols that are based on analysis of Telegram\u27s specifications and client source code. We carefully document how our descriptions differ from reality and justify our modelling choices. Our security proofs reduce the security of the protocols to that of their cryptographic building blocks, but the subsequent analysis of those building blocks requires the introduction of a number of novel security assumptions, reflecting many design decisions made by Telegram that are suboptimal from the perspective of formal analysis. Along the way, we provide a proof of IND-CCA security for the variant of RSA-OEAP+ used in Telegram and identify a hypothetical attack exploiting current Telegram server behaviour (which is not captured in our protocol descriptions). Finally, we reflect on the broader lessons about protocol design that can be taken from our work

    Verifiable Decapsulation: Recognizing Faulty Implementations of Post-Quantum KEMs

    Get PDF
    Cryptographic schemes often contain verification steps that are essential for security. Yet, faulty implementations missing these steps can easily go unnoticed, as the schemes might still function correctly. A prominent instance of such a verification step is the re-encryption check in the Fujisaki-Okamoto (FO) transform that plays a prominent role in the post-quantum key encapsulation mechanisms (KEMs) considered in NIST\u27s PQC standardization process. In KEMs built from FO, decapsulation performs a re-encryption check that is essential for security, but not for functionality. In other words, it will go unnoticed if this essential step is omitted or wrongly implemented, opening the door for key recovery attacks. Notably, such an implementation flaw was present in HQC\u27s reference implementation and was only noticed after 19 months. In this work, we develop a modified FO transform that binds re-encryption to functionality, ensuring that a faulty implementation which skips re-encryption will be exposed through basic correctness tests. We do so by adapting the verifiable verification methodology of Fischlin and Günther (CCS 2023) to the context of FO-based KEMs. More concretely, by exporting an unpredictable confirmation code from the public key encryption and embedding it into the key derivation function, we can confirm that (most of) the re-encryption step was indeed performed during decapsulation. We formalize this concept, establish modified FO transforms, and prove how unpredictable PKE confirmation codes turn into noticeable correctness errors for faulty implementations. We show how to apply this technique to ML-KEM and HQC, both with negligible overhead, by leveraging the entropy lost through ciphertext compression or truncation. We confirm that our approach works through mathematical proofs, as well as experimental data. Our experiments show that the implementation flaw in HQC\u27s reference implementation indeed makes basic test cases fail when following our approach

    Towards Trustless Provenance: A Privacy-Preserving Framework for On-chain Media Verification

    Get PDF
    As generative models continue to evolve, verifying the authenticity, provenance, and integrity of digital media has become increasingly critical—particularly for domains like journalism, digital art, and scientific documentation. In this work, we present a decentralized verifiable media ecosystem for managing, verifying, and transacting authentic digital media using zero-knowledge proofs (ZKPs). Building on VIMz (Dziembowski et al., PETS\u2725), we extend the framework in three key directions. First, we generalize the model to support arbitrary image regions to achieve selective transformations support such as redaction and regional blurring—features commonly required in privacy-preserving applications. Second, we introduce performance optimizations that yield up to an 18% improvement in off-chain proof generation, and enhance the framework to support cost-efficient on-chain verification. Third, we design and implement a modular smart contract architecture to support a wide range of decentralized media applications. As a flagship use case, we develop a decentralized media marketplace that enables permissionless licensing, ownership transfer, and verifiable attribution. In this setting, users can share transformed media—such as cropped, blurred, or resized previews—alongside ZKPs that prove derivation from a signed original, eliminating the need to trust the seller. Unlike prior fair exchange protocols, which rely on trusted descriptions or encrypted payload delivery, our system enables verifiable public previews and origin-bound proofs without revealing the full content. This approach unlocks new applications beyond marketplaces, including automated infringement dispute resolution and photography contests with verifiable criteria

    Universal Channel Rebalancing: Flexible Coin Shifting in Payment Channel Networks

    Get PDF
    Payment Channel Networks (PCNs) enhance blockchain scalability by enabling off-chain transactions. However, repeated unidirectional multi-hop payments often cause channel imbalance or depletion, limiting scalability and usability. Existing rebalancing protocols, such as Horcrux [NDSS’25] and Shaduf [NDSS’22], rely on on-chain operations, which hinders efficiency and broad applicability. We propose Universal Channel Rebalancing (UCRb), a blockchain-agnostic, fully off-chain framework that ensures correct behavior among untrusted participants without on-chain interaction. UCRb incorporates the following core innovations: (1) a fair and reliable incentive-compatible mechanism that encourages voluntary user participation in off-chain channel rebalancing, (2) integration of Pedersen commitments to achieve atomic off-chain payments and rebalancing operations, while ensuring balance security, and (3) zero-knowledge proofs to enable privacy-preserving channel initialization and coin shifting, ensuring that user identities and fund allocations remain hidden throughout the process. We evaluate UCRb using real-world Lightning Network dataset and compare its performance against state-of-the-art solutions including Horcrux, Shaduf, and Revive [CCS\u2717]. UCRb exhibits a success ratio enhancement between 15% and 50%, while also reducing the required user deposits by 72%--92%. It maintains an almost negligible rate of channel depletion. Additionally, the long-term performance of UCRb is roughly 1.5 times that of its short-term performance, suggesting that continuous operation leads to improved efficiency. We implement a prototype for UCRb smart contracts and demonstrate its practicality through extensive evaluation. As \texttt{CoinShift} operations require no on-chain interaction, the protocol incurs minimal gas costs. For instance, opening and closing channels with 10 neighbors costs only 130K-160K gas—significantly lower than comparable solutions

    23,634

    full texts

    24,907

    metadata records
    Updated in last 30 days.
    Cryptology ePrint Archive
    Access Repository Dashboard
    Do you manage Open Research Online? Become a CORE Member to access insider analytics, issue reports and manage access to outputs from your repository in the CORE Repository Dashboard! 👇