Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                



Dates are inconsistent

Dates are inconsistent

137 results sorted by ID

Possible spell-corrected query: Class group
2024/1806 (PDF) Last updated: 2024-11-05
Encrypted RAM Delegation: Applications to Rate-1 Extractable Arguments, Homomorphic NIZKs, MPC, and more
Abtin Afshar, Jiaqi Cheng, Rishab Goyal, Aayush Yadav, Saikumar Yadugiri
Foundations

In this paper we introduce the notion of encrypted RAM delegation. In an encrypted RAM delegation scheme, the prover creates a succinct proof for a group of two input strings $x_\mathsf{pb}$ and $x_\mathsf{pr}$, where $x_\mathsf{pb}$ corresponds to a large \emph{public} input and $x_\mathsf{pr}$ is a \emph{private} input. A verifier can check correctness of computation of $\mathcal{M}$ on $(x_\mathsf{pb}, x_\mathsf{pr})$, given only the proof $\pi$ and $x_\mathsf{pb}$. We design encrypted...

2024/1520 (PDF) Last updated: 2024-09-27
On the rough order assumption in imaginary quadratic number fields
Antonio Sanso
Attacks and cryptanalysis

In this paper, we investigate the rough order assumption (\(RO_C\)) introduced by Braun, Damgård, and Orlandi at CRYPTO 23, which posits that class groups of imaginary quadratic fields with no small prime factors in their order are computationally indistinguishable from general class groups. We present a novel attack that challenges the validity of this assumption by leveraging properties of Mordell curves over the rational numbers. Specifically, we demonstrate that if the rank of the...

2024/1392 (PDF) Last updated: 2024-09-05
Key Policy Attribute-Based Encryption Leveraging Isogeny-Based Cryptography
Madické Diadji Mbodj, Anis Bkakria
Public-key cryptography

We present the first Key Policy Attribute-Based Encryption (KP-ABE) scheme employing isogeny-based cryptography through class group actions, specifically utilizing the Csi-FiSh instantiation and pairing groups. We introduce a new assumption, denoted Isog-DLin, which combines the isogeny and DLin assumptions. We propose the following constructions: a small universe KP-ABE and a large universe KP-ABE under the Isog-DBDH assumption, and a small universe KP-ABE under the Isog-DLin assumption. In...

2024/1172 (PDF) Last updated: 2024-07-19
Generalized class group actions on oriented elliptic curves with level structure
Sarah Arpin, Wouter Castryck, Jonathan Komada Eriksen, Gioella Lorenzon, Frederik Vercauteren
Public-key cryptography

We study a large family of generalized class groups of imaginary quadratic orders $O$ and prove that they act freely and (essentially) transitively on the set of primitively $O$-oriented elliptic curves over a field $k$ (assuming this set is non-empty) equipped with appropriate level structure. This extends, in several ways, a recent observation due to Galbraith, Perrin and Voloch for the ray class group. We show that this leads to a reinterpretation of the action of the class group of a...

2024/1077 (PDF) Last updated: 2024-07-09
Securely Training Decision Trees Efficiently
Divyanshu Bhardwaj, Sandhya Saravanan, Nishanth Chandran, Divya Gupta
Cryptographic protocols

Decision trees are an important class of supervised learning algorithms. When multiple entities contribute data to train a decision tree (e.g. for fraud detection in the financial sector), data privacy concerns necessitate the use of a privacy-enhancing technology such as secure multi-party computation (MPC) in order to secure the underlying training data. Prior state-of-the-art (Hamada et al.) construct an MPC protocol for decision tree training with a communication of $\mathcal{O}(hmN\log...

2024/993 (PDF) Last updated: 2024-06-19
Limits on the Power of Prime-Order Groups: Separating Q-Type from Static Assumptions
George Lu, Mark Zhandry
Foundations

Subgroup decision techniques on cryptographic groups and pairings have been critical for numerous applications. Originally conceived in the composite-order setting, there is a large body of work showing how to instantiate subgroup decision techniques in the prime-order setting as well. In this work, we demonstrate the first barrier to this research program, by demonstrating an important setting where composite-order techniques cannot be replicated in the prime-order setting. In...

2024/840 (PDF) Last updated: 2024-10-30
Batching-Efficient RAM using Updatable Lookup Arguments
Moumita Dutta, Chaya Ganesh, Sikhar Patranabis, Shubh Prakash, Nitin Singh
Cryptographic protocols

RAM (random access memory) is an important primitive in verifiable computation. In this paper, we focus on realizing RAM with efficient batching property, i.e, proving a batch of $m$ updates on a RAM of size $N$ while incurring a cost that is sublinear in $N$. Classical approaches based on Merkle-trees or address ordered transcripts to model RAM correctness are either concretely inefficient, or incur linear overhead in the size of the RAM. Recent works explore cryptographic accumulators...

2024/814 (PDF) Last updated: 2024-05-24
Succinct Homomorphic Secret Sharing
Damiano Abram, Lawrence Roy, Peter Scholl
Cryptographic protocols

This work introduces homomorphic secret sharing (HSS) with succinct share size. In HSS, private inputs are shared between parties, who can then homomorphically evaluate a function on their shares, obtaining a share of the function output. In succinct HSS, a portion of the inputs can be distributed using shares whose size is sublinear in the number of such inputs. The parties can then locally evaluate a function $f$ on the shares, with the restriction that $f$ must be linear in the succinctly...

2024/785 Last updated: 2024-06-02
SmartBean: Transparent, Concretely Efficient, Polynomial Commitment Scheme with Logarithmic Verification and Communication Costs that Runs on Any Group
Frank Y.C. Lu
Cryptographic protocols

We introduce a new, concretely efficient, transparent polynomial commitment scheme with logarithmic verification time and communication cost that can run on any group. Existing group-based polynomial commitment schemes must use less efficient groups, such as class groups of unknown order or pairing-based groups to achieve transparency (no trusted setup), making them expensive to adopt in practice.  We offer the first group-based polynomial commitment scheme that can run on any group s.t....

2024/723 (PDF) Last updated: 2024-10-22
$\mathsf{OPA}$: One-shot Private Aggregation with Single Client Interaction and its Applications to Federated Learning
Harish Karthikeyan, Antigoni Polychroniadou
Applications

Our work aims to minimize interaction in secure computation due to the high cost and challenges associated with communication rounds, particularly in scenarios with many clients. In this work, we revisit the problem of secure aggregation in the single-server setting where a single evaluation server can securely aggregate client-held individual inputs. Our key contribution is the introduction of One-shot Private Aggregation ($\mathsf{OPA}$) where clients speak only once (or even choose not to...

2024/717 (PDF) Last updated: 2024-10-28
An Improved Threshold Homomorphic Cryptosystem Based on Class Groups
Lennart Braun, Guilhem Castagnos, Ivan Damgård, Fabien Laguillaumie, Kelsey Melissaris, Claudio Orlandi, Ida Tucker
Cryptographic protocols

We present distributed key generation and decryption protocols for an additively homomorphic cryptosystem based on class groups, improving on a similar system proposed by Braun, Damgård, and Orlandi at CRYPTO '23. Our key generation is similarly constant round but achieves lower communication complexity than the previous work. This improvement is in part the result of relaxing the reconstruction property required of the underlying integer verifiable secret sharing scheme. This eliminates the...

2024/382 (PDF) Last updated: 2024-03-01
Decentralized Access Control Infrastructure for Enterprise Digital Asset Management
Chirag Madaan, Rohan Agarwal, Vipul Saini, Ujjwal Kumar
Cryptographic protocols

With the rapidly evolving landscape of cryptography, blockchain technology has advanced to cater to diverse user requirements, leading to the emergence of a multi-chain ecosystem featuring various use cases characterized by distinct transaction speed and decentralization trade-offs. At the heart of this evolution lies digital signature schemes, responsible for safeguarding blockchain-based assets such as ECDSA, Schnorr, and EdDSA, among others. However, a critical gap exists in the...

2024/337 (PDF) Last updated: 2024-06-14
Solving the Tensor Isomorphism Problem for special orbits with low rank points: Cryptanalysis and repair of an Asiacrypt 2023 commitment scheme
Valerie Gilchrist, Laurane Marco, Christophe Petit, Gang Tang
Attacks and cryptanalysis

The Tensor Isomorphism Problem (TIP) has been shown to be equivalent to the matrix code equivalence problem, making it an interesting candidate on which to build post-quantum cryptographic primitives. These hard problems have already been used in protocol development. One of these, MEDS, is currently in Round 1 of NIST's call for additional post-quantum digital signatures. In this work, we consider the TIP for a special class of tensors. The hardness of the decisional version of this...

2024/295 (PDF) Last updated: 2024-09-13
An Efficient Hash Function for Imaginary Class Groups
Kostas Kryptos Chalkias, Jonas Lindstrøm, Arnab Roy
Implementation

This paper presents a new efficient hash function for imaginary class groups. Many class group based protocols, such as verifiable delay functions, timed commitments and accumulators, rely on the existence of an efficient and secure hash function, but there are not many concrete constructions available in the literature, and existing constructions are too inefficient for practical use cases. Our novel approach, building on Wesolowski's initial scheme, achieves a 200 fold increase in...

2024/201 (PDF) Last updated: 2024-02-09
Breaking the decisional Diffie-Hellman problem in totally non-maximal imaginary quadratic orders
Antonio Sanso
Attacks and cryptanalysis

This paper introduces an algorithm to efficiently break the Decisional Diffie-Hellman (DDH) assumption in totally non-maximal imaginary quadratic orders, specifically when $\Delta_1 = 3$, and $f$ is non-prime with knowledge of a single factor. Inspired by Shanks and Dedekind's work on 3-Sylow groups, we generalize their observations to undermine DDH security.

2024/178 (PDF) Last updated: 2024-02-09
Fast Public-Key Silent OT and More from Constrained Naor-Reingold
Dung Bui, Geoffroy Couteau, Pierre Meyer, Alain Passelègue, Mahshid Riahinia
Cryptographic protocols

Pseudorandom Correlation Functions (PCFs) allow two parties, given correlated evaluation keys, to locally generate arbitrarily many pseudorandom correlated strings, e.g. Oblivious Transfer (OT) correlations, which can then be used by the two parties to jointly run secure computation protocols. In this work, we provide a novel and simple approach for constructing PCFs for OT correlation, by relying on constrained pseudorandom functions for a class of constraints containing a weak...

2024/034 (PDF) Last updated: 2024-10-24
How (not) to hash into class groups of imaginary quadratic fields?
István András Seres, Péter Burcsi, Péter Kutas
Secret-key cryptography

Class groups of imaginary quadratic fields (class groups for short) have seen a resurgence in cryptography as transparent groups of unknown order. They are a prime candidate for being a trustless alternative to RSA groups because class groups do not need a (distributed) trusted setup to sample a cryptographically secure group of unknown order. Class groups have recently found many applications in verifiable secret sharing, secure multiparty computation, transparent polynomial commitments,...

2023/1652 (PDF) Last updated: 2024-06-11
On Sigma-Protocols and (packed) Black-Box Secret Sharing Schemes
Claudia Bartoli, Ignacio Cascudo
Cryptographic protocols

$\Sigma$-protocols are a widely utilized, relatively simple and well understood type of zero-knowledge proofs. However, the well known Schnorr $\Sigma$-protocol for proving knowledge of discrete logarithm in a cyclic group of known prime order, and similar protocols working over this type of groups, are hard to generalize to dealing with other groups. In particular with hidden order groups, due to the inability of the knowledge extractor to invert elements modulo the order. In this paper,...

2023/1651 (PDF) Last updated: 2024-03-20
Publicly Verifiable Secret Sharing over Class Groups and Applications to DKG and YOSO
Ignacio Cascudo, Bernardo David
Cryptographic protocols

Publicly Verifiable Secret Sharing (PVSS) allows a dealer to publish encrypted shares of a secret so that parties holding the corresponding decryption keys may later reconstruct it. Both dealing and reconstruction are non-interactive and any verifier can check their validity. PVSS finds applications in randomness beacons, distributed key generation (DKG) and in YOSO MPC (Gentry et al. CRYPTO'21), when endowed with suitable publicly verifiable re-sharing as in YOLO YOSO (Cascudo et al....

2023/1450 (PDF) Last updated: 2023-09-22
Post-Quantum Fully Homomorphic Encryption with Group Ring Homomorphisms
Christopher Leonardi, Maya Gusak
Attacks and cryptanalysis

Gentry's groundbreaking work showed that a fully homomorphic, provably secure scheme is possible via bootstrapping a somewhat homomorphic scheme. However, a major drawback of bootstrapping is its high computational cost. One alternative is to use a different metric for noise so that homomorphic operations do not accumulate noise, eliminating the need for boostrapping altogether. Leonardi and Ruiz-Lopez present a group-theoretic framework for such a ``noise non-accumulating'' multiplicative...

2023/1447 (PDF) Last updated: 2023-09-22
Practical Round-Optimal Blind Signatures in the ROM from Standard Assumptions
Shuichi Katsumata, Michael Reichle, Yusuke Sakai
Public-key cryptography

Blind signatures serve as a foundational tool for privacy-preserving applications and have recently seen renewed interest due to new applications in blockchains and privacy-authentication tokens. With this, constructing practical round-optimal (i.e., signing consists of the minimum two rounds) blind signatures in the random oracle model (ROM) has been an active area of research, where several impossibility results indicate that either the ROM or a trusted setup is inherent. In this work,...

2023/1243 (PDF) Last updated: 2023-08-16
Multi-Stage Group Key Distribution and PAKEs: Securing Zoom Groups against Malicious Servers without New Security Elements
Cas Cremers, Eyal Ronen, Mang Zhao
Cryptographic protocols

Video conferencing apps like Zoom have hundreds of millions of daily users, making them a high-value target for surveillance and subversion. While such apps claim to achieve some forms of end-to-end encryption, they usually assume an incorruptible server that is able to identify and authenticate all the parties in a meeting. Concretely this means that, e.g., even when using the “end-to-end encrypted” setting, malicious Zoom servers could eavesdrop or impersonate in arbitrary groups. In...

2023/1239 (PDF) Last updated: 2023-08-16
CSI-Otter: Isogeny-based (Partially) Blind Signatures from the Class Group Action with a Twist
Shuichi Katsumata, Yi-Fu Lai, Jason T. LeGrow, Ling Qin
Public-key cryptography

In this paper, we construct the first provably-secure isogeny-based (partially) blind signature scheme. While at a high level the scheme resembles the Schnorr blind signature, our work does not directly follow from that construction, since isogenies do not offer as rich an algebraic structure. Specifically, our protocol does not fit into the "linear identification protocol" abstraction introduced by Hauck, Kiltz, and Loss (EUROCYRPT'19), which was used to generically construct...

2023/984 (PDF) Last updated: 2024-05-21
Generating Supersingular Elliptic Curves over $\mathbb{F}_p$ with Unknown Endomorphism Ring
Youcef Mokrani, David Jao
Public-key cryptography

A number of supersingular isogeny based cryptographic protocols require the endomorphism ring of the initial elliptic curve to be either unknown or random in order to be secure. To instantiate these protocols, Basso et al. recently proposed a secure multiparty protocol that generates supersingular elliptic curves defined over $\mathbb{F}_{p^2}$ of unknown endomorphism ring as long as at least one party acts honestly. However, there are many protocols that specifically require curves defined...

2023/897 (PDF) Last updated: 2024-07-23
On the Impossibility of Algebraic NIZK In Pairing-Free Groups
Emanuele Giunta
Foundations

Non-Interactive Zero-Knowledge proofs (NIZK) allow a prover to convince a verifier that a statement is true by sending only one message and without conveying any other information. In the CRS model, many instantiations have been proposed from group-theoretic assumptions. On the one hand, some of these constructions use the group structure in a black-box way but rely on pairings, an example being the celebrated Groth-Sahai proof system. On the other hand, a recent line of research realized...

2023/808 (PDF) Last updated: 2024-02-19
Generic-Group Lower Bounds via Reductions Between Geometric-Search Problems: With and Without Preprocessing
Benedikt Auerbach, Charlotte Hoffmann, Guillermo Pascual-Perez
Foundations

The generic-group model (GGM) aims to capture algorithms working over groups of prime order that only rely on the group operation, but do not exploit any additional structure given by the concrete implementation of the group. In it, it is possible to prove information-theoretic lower bounds on the hardness of problems like the discrete logarithm (DL) or computational Diffie-Hellman (CDH). Thus, since its introduction, it has served as a valuable tool to assess the concrete security provided...

2023/670 (PDF) Last updated: 2024-10-17
Behemoth: transparent polynomial commitment scheme with constant opening proof size and verifier time
István András Seres, Péter Burcsi
Cryptographic protocols

Polynomial commitment schemes are fundamental building blocks in numerous cryptographic protocols such as verifiable secret sharing, zero-knowledge succinct non-interactive arguments, and many more. The most efficient polynomial commitment schemes rely on a trusted setup which is undesirable in trust-minimized applications, e.g., cryptocurrencies. However, transparent polynomial commitment schemes are inefficient (polylogarithmic opening proofs and/or verification time) compared to their...

2023/595 (PDF) Last updated: 2023-06-27
SPDH-Sign: towards Efficient, Post-quantum Group-based Signatures
Christopher Battarbee, Delaram Kahrobaei, Ludovic Perret, Siamak F. Shahandashti
Cryptographic protocols

In this paper, we present a new diverse class of post-quantum group-based Digital Signature Schemes (DSS). The approach is significantly different from previous examples of group-based digital signatures and adopts the framework of group action-based cryptography: we show that each finite group defines a group action relative to the semidirect product of the group by its automorphism group, and give security bounds on the resulting signature scheme in terms of the group-theoretic...

2023/451 (PDF) Last updated: 2024-08-08
Non-interactive VSS using Class Groups and Application to DKG
Aniket Kate, Easwar Vivek Mangipudi, Pratyay Mukherjee, Hamza Saleem, Sri Aravinda Krishnan Thyagarajan
Cryptographic protocols

We put forward a non-interactive verifiable secret sharing (NI-VSS) scheme using class groups – we call it cgVSS. Our construction follows the standard framework of encrypting the shares to a set of recipients and generating a non-interactive proof of correct sharing. However, as opposed to prior works, such as Groth’s [Eprint 2021], or Gentry et al.’s [Eurocrypt 2022], we do not require any range proof - this is possible due to the unique structure of class groups, that enables efficient...

2023/317 (PDF) Last updated: 2023-03-03
The special case of cyclotomic fields in quantum algorithms for unit groups
Razvan Barbulescu, Adrien Poulalion
Attacks and cryptanalysis

Unit group computations are a cryptographic primitive for which one has a fast quantum algorithm, but the required number of qubits is $\tilde{O}(m^5)$. In this work we propose a modification of the algorithm for which the number of qubits is $\tilde{O}(m^2)$ in the case of cyclotomic fields. Moreover, under a recent conjecture on the size of the class group of $\mathbb{Q}(\zeta_m+\zeta_m^{-1})$, the quantum algorithms is much simpler because it is a hidden subgroup problem (HSP) algorithm...

2023/058 (PDF) Last updated: 2023-10-23
SCALLOP: scaling the CSI-FiSh
Luca De Feo, Tako Boris Fouotsa, Péter Kutas, Antonin Leroux, Simon-Philipp Merz, Lorenz Panny, Benjamin Wesolowski
Public-key cryptography

We present SCALLOP: SCALable isogeny action based on Oriented supersingular curves with Prime conductor, a new group action based on isogenies of supersingular curves. Similarly to CSIDH and OSIDH, we use the group action of an imaginary quadratic order’s class group on the set of oriented supersingular curves. Compared to CSIDH, the main benefit of our construction is that it is easy to compute the class-group structure; this data is required to uniquely represent — and efficiently act...

2022/1510 (PDF) Last updated: 2024-02-16
Witness Encryption for Succinct Functional Commitments and Applications
Matteo Campanelli, Dario Fiore, Hamidreza Khoshakhlagh
Public-key cryptography

Witness encryption (WE), introduced by Garg, Gentry, Sahai, and Waters (STOC 2013) allows one to encrypt a message to a statement $\mathsf{x}$ for some NP language $\mathcal{L}$, such that any user holding a witness for $\mathsf{x} \in \mathcal{L}$ can decrypt the ciphertext. The extreme power of this primitive comes at the cost of its elusiveness: a practical construction from established cryptographic assumptions is currently out of reach. In this work, we investigate a new notion of...

2022/1489 (PDF) Last updated: 2023-01-14
On new results on Extremal Algebraic Graph Theory and their connections with Algebraic Cryptography
Vasyl Ustimenko
Foundations

Homogeneous algebraic graphs defined over arbitrary field are classical objects of Algebraic Geometry. This class includes geometries of Chevalley groups $A_2(F)$, $B_2(F)$ and $G_2(F)$ defined over arbitrary field $F$. Assume that codimension of homogeneous graph is the ratio of dimension of variety of its vertices and the dimension of neighbourhood of some vertex. We evaluate minimal codimension $v(g)$ and $u(h)$ of algebraic graph of prescribed girth $g$ and cycle indicator....

2022/1466 (PDF) Last updated: 2023-09-13
I want to ride my BICYCL: BICYCL Implements CryptographY in CLass groups
Cyril Bouvier, Guilhem Castagnos, Laurent Imbert, Fabien Laguillaumie
Implementation

We introduce BICYCL an Open Source C++ library that implements arithmetic in the ideal class groups of imaginary quadratic fields, together with a set of cryptographic primitives based on class groups. It is available at https://gite.lirmm.fr/crypto/bicycl under GNU General Public License version 3 or any later version. BICYCL provides significant speed-ups on the implementation of the arithmetic of class groups. Concerning cryptographic applications, BICYCL is orders of magnitude faster...

2022/1437 (PDF) Last updated: 2024-05-10
Secure Multiparty Computation from Threshold Encryption Based on Class Groups
Lennart Braun, Ivan Damgård, Claudio Orlandi
Cryptographic protocols

We construct the first actively-secure threshold version of the cryptosystem based on class groups from the so-called CL~framework (Castagnos and Laguillaumie, 2015). We show how to use our threshold scheme to achieve general universally composable (UC) secure multiparty computation (MPC) with only transparent set-up, i.e., with no secret trapdoors involved. On the way to our goal, we design new zero-knowledge (ZK) protocols with constant communication complexity for proving...

2022/1305 (PDF) Last updated: 2022-10-01
Subset Product with Errors over Unique Factorization Domains and Ideal Class Groups of Dedekind Domains
Trey Li
Foundations

It has been half a century since the first several NP-complete problems were discovered by Cook, Karp and Levin in the early 1970s. Till today, thousands of NP-complete problems have been found. Most of them are of combinatorial flavor. We discover new possibilities in purer mathematics and introduce more structures to the theory of computation. We propose a family of abstract problems related to the subset product problem. To describe hardness of abstract problems, we propose a new hardness...

2022/1187 (PDF) Last updated: 2022-09-09
Strongly Anonymous Ratcheted Key Exchange
Benjamin Dowling, Eduard Hauck, Doreen Riepel, Paul Rösler
Cryptographic protocols

Anonymity is an (abstract) security goal that is especially important to threatened user groups. Therefore, widely deployed communication protocols implement various measures to hide different types of information (i.e., metadata) about their users. Before actually defining anonymity, we consider an attack vector about which targeted user groups can feel concerned: continuous, temporary exposure of their secrets. Examples for this attack vector include intentionally planted viruses on...

2022/1180 (PDF) Last updated: 2022-09-08
Cryptographic multilinear maps using pro-p groups
Delaram Kahrobaei, Mima Stanojkovski
Cryptographic protocols

Kahrobaei, Tortora, Tota showed how, to any nilpotent group of class n, one can associate a non-interactive key exchange protocol between n+1 users. The multilinear commutator maps associated to nilpotent groups play a key role in this protocol. In the present paper, we explore some alternative platforms, such as pro-p groups.

2022/1143 (PDF) Last updated: 2022-09-02
Threshold Linearly Homomorphic Encryption on $\mathbf{Z}/2^k\mathbf{Z}$
Guilhem Castagnos, Fabien Laguillaumie, Ida Tucker
Public-key cryptography

A threshold public key encryption protocol is a public key system where the private key is distributed among $n$ different servers. It offers high security since no single server is entrusted to perform the decryption in its entirety. It is the core component of many multiparty computation protocols which involves mutually distrusting parties with common goals. It is even more useful when it is homomorphic, which means that public operations on ciphertexts translate to operations on the...

2022/980 (PDF) Last updated: 2022-07-31
Fast norm computation in smooth-degree Abelian number fields
Daniel J. Bernstein
Attacks and cryptanalysis

This paper presents a fast method to compute algebraic norms of integral elements of smooth-degree cyclotomic fields, and, more generally, smooth-degree Galois number fields with commutative Galois groups. The typical scenario arising in $S$-unit searches (for, e.g., class-group computation) is computing a $\Theta(n\log n)$-bit norm of an element of weight $n^{1/2+o(1)}$ in a degree-$n$ field; this method then uses $n(\log n)^{3+o(1)}$ bit operations. An $n(\log n)^{O(1)}$ operation count...

2022/755 (PDF) Last updated: 2022-06-13
Low-latency Hardware Architecture for VDF Evaluation in Class Groups
Danyang Zhu, Jing Tian, Minghao Li, Zhongfeng Wang

The verifiable delay function (VDF), as a kind of cryptographic primitives, has recently been adopted quite often in decentralized systems. Highly correlated to the security of VDFs, the fastest implementation for VDF evaluation is generally desired to be publicly known. In this paper, for the first time, we propose a low-latency hardware implementation for the complete VDF evaluation in the class group by joint exploiting optimizations. On one side, we reduce the required computational...

2022/742 (PDF) Last updated: 2022-06-09
Application of Automorphic Forms to Lattice Problems
Samed Düzlü, Juliane Krämer
Foundations

In this paper, we propose a new approach to the study of lattice problems used in cryptography. We specifically focus on module lattices of a fixed rank over some number field. An essential question is the hardness of certain computational problems on such module lattices, as the additional structure may allow exploitation. The fundamental insight is the fact that the collection of those lattices are quotients of algebraic manifolds by arithmetic subgroups. Functions on these spaces are...

2022/719 (PDF) Last updated: 2022-08-21
Contingent payments from two-party signing and verification for abelian groups
Sergiu Bursuc, Sjouke Mauw
Cryptographic protocols

The fair exchange problem has faced for a long time the bottleneck of a required trusted third party. The recent development of blockchains introduces a new type of party to this problem, whose trustworthiness relies on a public ledger and distributed computation. The challenge in this setting is to reconcile the minimalistic and public nature of blockchains with elaborate fair exchange requirements, from functionality to privacy. Zero-knowledge contingent payments (ZKCP) are a class of...

2022/702 Last updated: 2022-06-09
Kevlar: Transparent, Efficient, Polynomial Commitment Scheme with Logarithmic Verification and Communication Costs on Efficient Groups
Frank Y.C. Lu
Cryptographic protocols

We introduce a new efficient, transparent setup, polynomial commitment scheme that runs on efficient groups with logarithmic verifier and communication costs. Existing group based polynomial commitment schemes must run on costly groups such as class groups with unknown order or pairing based groups to achieve transparency (no trusted setup), making them slow in practice, and non-group based schemes such as Reed-Soloman based schemes has its own set of pros and cons compared to group based...

2022/696 (PDF) Last updated: 2024-07-23
On the Impossibility of Algebraic Vector Commitments in Pairing-Free Groups
Dario Catalano, Dario Fiore, Rosario Gennaro, Emanuele Giunta
Foundations

Vector Commitments allow one to (concisely) commit to a vector of messages so that one can later (concisely) open the commitment at selected locations. In the state of the art of vector commitments, algebraic constructions have emerged as a particularly useful class, as they enable advanced properties, such as stateless updates, subvector openings and aggregation, that are for example unknown in Merkle-tree-based schemes. In spite of their popularity, algebraic vector commitments remain...

2022/604 (PDF) Last updated: 2022-06-22
Algorithm Substitution Attacks against Receivers
Marcel Armour, Bertram Poettering
Implementation

This work describes a class of Algorithm Substitution Attack (ASA) generically targeting the receiver of a communication between two parties. Our work provides a unified framework that applies to any scheme where a secret key is held by the receiver; in particular, message authentication schemes (MACs), authenticated encryption (AEAD) and public key encryption (PKE). Our unified framework brings together prior work targeting MAC schemes and AEAD schemes; we extend prior work by showing that...

2022/584 (PDF) Last updated: 2022-05-17
Revisiting the Uber Assumption in the Algebraic Group Model: Fine-Grained Bounds in Hidden-Order Groups and Improved Reductions in Bilinear Groups
Lior Rotem

We prove strong security guarantees for a wide array of computational and decisional problems, both in hidden-order groups and in bilinear groups, within the algebraic group model (AGM) of Fuchsbauer, Kiltz and Loss (CRYPTO '18). As our first contribution, we put forth a new fine-grained variant of the Uber family of assumptions in hidden-order groups. This family includes in particular the repeated squaring function of Rivest, Shamir and Wagner, which underlies their time-lock puzzle as...

2022/517 (PDF) Last updated: 2022-05-02
Local permutation polynomials and the action of e-Klenian groups
Jaime Gutierrez, Jorge Jimenez Urroz
Cryptographic protocols

Permutation polynomials of finite fields have many applications in Coding Theory, Cryptography and Combinatorics. In the first part of this paper we present a new family of local permutation polynomials based on a class of symmetric subgroups without fixed points, the so called e-Klenian groups. In the second part we use the fact that bivariate local permutation polynomials define Latin Squares, to discuss several constructions of Mutually Orthogonal Latin Squares (MOLS) and, in...

2022/419 (PDF) Last updated: 2022-07-01
Dew: Transparent Constant-sized zkSNARKs
Arasu Arun, Chaya Ganesh, Satya Lokam, Tushar Mopuri, Sriram Sridhar
Cryptographic protocols

We construct polynomial commitment schemes with constant sized evaluation proofs and logarithmic verification time in the transparent setting. To the best of our knowledge, this is the first result achieving this combination of properties. Our starting point is a transparent inner product commitment scheme with constant-sized proofs and linear verification. We build on this to construct a polynomial commitment scheme with constant size evaluation proofs and logarithmic (in the degree...

2022/363 (PDF) Last updated: 2022-06-14
An Algebraic Framework for Silent Preprocessing with Trustless Setup and Active Security
Damiano Abram, Ivan Damgård, Claudio Orlandi, Peter Scholl
Cryptographic protocols

Recently, number-theoretic assumptions including DDH, DCR and QR have been used to build powerful tools for secure computation, in the form of homomorphic secret-sharing (HSS), which leads to secure two-party computation protocols with succinct communication, and pseudorandom correlation functions (PCFs), which allow non-interactive generation of a large quantity of correlated randomness. In this work, we present a group-theoretic framework for these classes of constructions, which unifies...

2022/316 (PDF) Last updated: 2022-03-08
Bounded Functional Encryption for Turing Machines: Adaptive Security from General Assumptions
Shweta Agrawal, Fuyuki Kitagawa, Anuja Modi, Ryo Nishimaki, Shota Yamada, Takashi Yamakawa
Public-key cryptography

The recent work of Agrawal et al., [Crypto '21] and Goyal et al. [Eurocrypt '22] concurrently introduced the notion of dynamic bounded collusion security for functional encryption (FE) and showed a construction satisfying the notion from identity based encryption (IBE). Agrawal et al., [Crypto '21] further extended it to FE for Turing machines in non-adaptive simulation setting from the sub-exponential learining with errors assumption (LWE). Concurrently, the work of Goyal et al. [Asiacrypt...

2022/297 (PDF) Last updated: 2022-03-07
Promise $\Sigma$-protocol: How to Construct Efficient Threshold ECDSA from Encryptions Based on Class Groups
Yi Deng, Shunli Ma, Xinxuan Zhang, Hailong Wang, Xuyang Song, Xiang Xie
Cryptographic protocols

Threshold Signatures allow $n$ parties to share the ability of issuing digital signatures so that any coalition of size at least $t+1$ can sign, whereas groups of $t$ or fewer players cannot. The currently known class-group-based threshold ECDSA constructions are either inefficient (requiring parallel-repetition of the underlying zero knowledge proof with small challenge space) or requiring rather non-standard low order assumption. In this paper, we present efficient threshold ECDSA...

2021/1681 (PDF) Last updated: 2021-12-24
On the security of OSIDH
Pierrick Dartois, Luca De Feo
Public-key cryptography

The Oriented Supersingular Isogeny Diffie-Hellman is a post-quantum key exchange scheme recently introduced by Colò and Kohel. It is based on the group action of an ideal class group of a quadratic imaginary order on a subset of supersingular elliptic curves, and in this sense it can be viewed as a generalization of the popular isogeny based key exchange CSIDH. From an algorithmic standpoint, however, OSIDH is quite different from CSIDH. In a sense, OSIDH uses class groups which are more...

2021/1583 (PDF) Last updated: 2022-10-05
Orientations and the supersingular endomorphism ring problem
Benjamin Wesolowski

We study two important families of problems in isogeny-based cryptography and how they relate to each other: computing the endomorphism ring of supersingular elliptic curves, and inverting the action of class groups on oriented supersingular curves. We prove that these two families of problems are closely related through polynomial-time reductions, assuming the generalised Riemann hypothesis. We identify two classes of essentially equivalent problems. The first class corresponds to the...

2021/1471 (PDF) Last updated: 2022-08-30
Efficient Searchable Symmetric Encryption for Join Queries
Charanjit Jutla, Sikhar Patranabis
Cryptographic protocols

The Oblivious Cross-Tags (OXT) protocol due to Cash et al. (CRYPTO'13) is a highly scalable searchable symmetric encryption (SSE) scheme that allows fast processing of conjunctive and more general Boolean queries over encrypted relational databases. A longstanding open question has been to extend OXT to also support queries over joins of tables without pre-computing the joins. In this paper, we solve this open question without compromising on the nice properties of OXT with respect to both...

2021/1407 (PDF) Last updated: 2021-10-24
A Concrete Treatment of Efficient Continuous Group Key Agreement via Multi-Recipient PKEs
Keitaro Hashimoto, Shuichi Katsumata, Eamonn Postlethwaite, Thomas Prest, Bas Westerbaan
Cryptographic protocols

Continuous group key agreements (CGKAs) are a class of protocols that can provide strong security guarantees to secure group messaging protocols such as Signal and MLS. Protection against device compromise is provided by commit messages: at a regular rate, each group member may refresh their key material by uploading a commit message, which is then downloaded and processed by all the other members. In practice, propagating commit messages dominates the bandwidth consumption of existing...

2021/1292 (PDF) Last updated: 2022-09-16
A Fast Large-Integer Extended GCD Algorithm and Hardware Design for Verifiable Delay Functions and Modular Inversion
Kavya Sreedhar, Mark Horowitz, Christopher Torng
Implementation

The extended GCD (XGCD) calculation, which computes Bézout coefficients b_a, b_b such that b_a ∗ a_0 + b_b ∗ b_0 = GCD(a_0, b_0), is a critical operation in many cryptographic applications. In particular, large-integer XGCD is computationally dominant for two applications of increasing interest: verifiable delay functions that square binary quadratic forms within a class group and constant-time modular inversion for elliptic curve cryptography. Most prior work has focused on fast software...

2021/1272 (PDF) Last updated: 2022-03-16
Efficient CCA Timed Commitments in Class Groups
Sri AravindaKrishnan Thyagarajan, Guilhem Castagnos, Fabien Laguillaumie, Giulio Malavolta
Cryptographic protocols

Timed commitments [Boneh and Naor, CRYPTO 2000] are the timed analogue of standard commitments, where the commitment can be non-interactively opened after a pre-specified amount of time passes. Timed commitments have a large spectrum of applications, such as sealed bid auctions, fair contract signing, fair multi-party computation, and cryptocurrency payments. Unfortunately, all practical constructions rely on a (private-coin) trusted setup and do not scale well with the number of...

2021/1184 (PDF) Last updated: 2021-12-03
On Time-Lock Cryptographic Assumptions in Abelian Hidden-Order Groups
Aron van Baarsen, Marc Stevens
Foundations

In this paper we study cryptographic finite abelian groups of unknown order and hardness assumptions in these groups. Abelian groups necessitate multiple group generators, which may be chosen at random. We formalize this setting and hardness assumptions therein. Furthermore, we generalize the algebraic group model and strong algebraic group model from cyclic groups to arbitrary finite abelian groups of unknown order. Building on these formalizations, we present techniques to deal with this...

2021/738 (PDF) Last updated: 2021-09-17
On the Impossibility of Purely Algebraic Signatures
Nico Döttling, Dominik Hartmann, Dennis Hofheinz, Eike Kiltz, Sven Schäge, Bogdan Ursu
Foundations

The existence of one-way functions implies secure digital signatures, but not public-key encryption (at least in a black-box setting). Somewhat surprisingly, though, efficient public-key encryption schemes appear to be much easier to construct from concrete algebraic assumptions (such as the factoring of Diffie-Hellman-like assumptions) than efficient digital signature schemes. In this work, we provide one reason for this apparent difficulty to construct efficient signature...

2021/624 (PDF) Last updated: 2021-05-17
Group Structure in Correlations and its Applications in Cryptography
Guru-Vamsi Policharla, Manoj Prabhakaran, Rajeev Raghunath, Parjanya Vyas
Cryptographic protocols

Correlated random variables are a key tool in cryptographic applications like secure multi-party computation. We investigate the power of a class of correlations that we term group correlations: A group correlation is a uniform distribution over pairs $(x,y) \in G^2$ such that $x+y\in S$, where $G$ is a (possibly non-abelian) group and $S$ is a subset of $G$. We also introduce bi-affine correlations and show how they relate to group correlations. We present several structural results, new...

2021/358 (PDF) Last updated: 2021-09-21
Time- and Space-Efficient Arguments from Groups of Unknown Order
Alexander R. Block, Justin Holmgren, Alon Rosen, Ron D. Rothblum, Pratik Soni
Cryptographic protocols

We construct public-coin time- and space-efficient zero-knowledge arguments for $\mathbf{NP}$. For every time $T$ and space $S$ non-deterministic RAM computation, the prover runs in time $T \cdot \mathrm{polylog}(T)$ and space $S \cdot \mathrm{polylog}(T)$, and the verifier runs in time $n \cdot \mathrm{polylog}(T)$, where $n$ is the input length. Our protocol relies on hidden order groups, which can be instantiated with a trusted setup from the hardness of factoring (products of safe...

2021/333 (PDF) Last updated: 2021-06-09
Sumcheck Arguments and their Applications
Jonathan Bootle, Alessandro Chiesa, Katerina Sotiraki
Cryptographic protocols

We introduce a class of interactive protocols, which we call *sumcheck arguments*, that establishes a novel connection between the sumcheck protocol (Lund et al. JACM 1992) and folding techniques for Pedersen commitments (Bootle et al. EUROCRYPT 2016). We define a class of sumcheck-friendly commitment schemes over modules that captures many examples of interest, and show that the sumcheck protocol applied to a polynomial associated with the commitment scheme yields a succinct argument of...

2021/291 (PDF) Last updated: 2021-03-07
Bandwidth-efficient threshold EC-DSA revisited: Online/Offline Extensions, Identifiable Aborts, Proactivity and Adaptive Security
Guilhem Castagnos, Dario Catalano, Fabien Laguillaumie, Federico Savasta, Ida Tucker
Cryptographic protocols

Due to their use in crypto-currencies, threshold ECDSA signatures have received much attention in recent years. Though efficient solutions now exist both for the two party, and the full threshold scenario, there is still much room for improvement, be it in terms of protocol functionality, strengthening security or further optimising efficiency. In the past few months, a range of protocols have been published, allowing for a non interactive -- and hence extremely efficient -- signing...

2020/1619 (PDF) Last updated: 2021-01-04
Getting Rid of Linear Algebra in Number Theory Problems
Paul Kirchner, Pierre-Alain Fouque
Public-key cryptography

We revisit some well-known cryptographic problems in a black box modular ring model of computation. This model allows us to compute with black box access to the ring $\mathbb{Z}/m\mathbb{Z}$. We develop new generic ring algorithms to recover $m$ even if it is unknown. At the end, Maurer's generic algorithm allows to recover an element from its black box representation. However, we avoid Maurer's idealized model with CDH oracle for the multiplication in the hidden ring by introducing a new...

2020/1617 (PDF) Last updated: 2021-03-05
Arguments of Knowledge via hidden order groups
Steve Thakur
Cryptographic protocols

We study non-interactive arguments of knowledge (AoKs) for commitments in groups of hidden order. We provide protocols whereby a Prover can demonstrate certain properties of and relations between committed sets/multisets, with succinct proofs that are publicly verifiable against the constant-sized commitments. In particular, we provide AoKs for the disjointness of committed sets/multisets in cryptographic accumulators, with a view toward applications to verifiably outsourcing data storage...

2020/1325 (PDF) Last updated: 2023-02-10
On Self-Equivalence Encodings in White-Box Implementations
Adrián Ranea, Bart Preneel
Secret-key cryptography

All academic methods to secure software implementations of block ciphers against adversaries with full control of the device have been broken. Despite the huge progress in the cryptanalysis of these white-box implementations, no recent progress has been made on the design side. Most of the white-box designs follow the CEJO framework, where each round is encoded by composing it with small random permutations. While several generic attacks have been proposed on the CEJO framework, no generic...

2020/1310 (PDF) Last updated: 2024-09-16
A note on the low order assumption in class groups of imaginary quadratic number fields
Karim Belabas, Thorsten Kleinjung, Antonio Sanso, Benjamin Wesolowski
Public-key cryptography

In this short note we analyze the low order assumption in the imaginary quadratic number fields. We show how this assumption is broken for Mersenne primes. We also provide a description on how to possible attack this assumption for other class of prime numbers leveraging some new mathematical tool coming from higher (cubic) number fields.

2020/1161 (PDF) Last updated: 2020-10-05
KVaC: Key-Value Commitments for Blockchains and Beyond
Shashank Agrawal, Srinivasan Raghuraman
Cryptographic protocols

As blockchains grow in size, validating new transactions becomes more and more resource intensive. To deal with this, there is a need to discover compact encodings of the (effective) state of a blockchain -- an encoding that allows for efficient proofs of membership and updates. In the case of account-based cryptocurrencies, the state can be represented by a key-value map, where keys are the account addresses and values consist of account balance, nonce, etc. We propose a new commitment...

2020/477 (PDF) Last updated: 2020-04-28
Partially Structure-Preserving Signatures: Lower Bounds, Constructions and More
Essam Ghadafi
Public-key cryptography

In this work we first provide a framework for defining a large subset of pairing-based digital signature schemes which we call Partially Structure-Preserving Signature (PSPS) schemes. PSPS schemes are similar in nature to structure-preserving signatures with the exception that in these schemes messages are scalars from $\Z^n_p$ instead of being source group elements. This class encompasses various existing schemes which have a number of desirable features which makes them an ideal building...

2020/297 (PDF) Last updated: 2020-09-08
Random Self-reducibility of Ideal-SVP via Arakelov Random Walks
Koen de Boer, Léo Ducas, Alice Pellet-Mary, Benjamin Wesolowski
Public-key cryptography

Fixing a number field, the space of all ideal lattices, up to isometry, is naturally an Abelian group, called the *Arakelov class group*. This fact, well known to number theorists, has so far not been explicitly used in the literature on lattice-based cryptography. Remarkably, the Arakelov class group is a combination of two groups that have already led to significant cryptanalytic advances: the class group and the unit torus. In the present article, we show that the Arakelov class group...

2020/289 (PDF) Last updated: 2020-03-06
The security of Groups of Unknown Order based on Jacobians of Hyperelliptic Curves
Jonathan Lee
Cryptographic protocols

Recent work using groups of unknown order to construct verifiable delay functions, polynomial commitment schemes and non interactive zero knowledge proofs have provoked fresh interest in the construction of efficient cryptographic groups of unknown order. It has been suggested that the Jacobian of hyperelliptic curves of genus 3 could be suitable for this purpose. Regrettably, efficient algorithms to compute the order of the Jacobian of a hyperelliptic curve are known. Concretely, it is...

2020/286 (PDF) Last updated: 2020-03-06
Shorter Non-Interactive Zero-Knowledge Arguments and ZAPs for Algebraic Languages
Geoffroy Couteau, Dominik Hartmann
Public-key cryptography

We put forth a new framework for building pairing-based non-interactive zero- knowledge (NIZK) arguments for a wide class of algebraic languages, which are an extension of linear languages, containing disjunctions of linear languages and more. Our approach differs from the Groth-Sahai methodology, in that we rely on pairings to compile a $\Sigma$-protocol into a NIZK. Our framework enjoys a number of interesting features: – conceptual simplicity, parameters derive from the...

2020/225 (PDF) Last updated: 2020-02-21
Generic-Group Delay Functions Require Hidden-Order Groups
Lior Rotem, Gil Segev, Ido Shahaf

Despite the fundamental importance of delay functions, underlying both the classic notion of a time-lock puzzle and the more recent notion of a verifiable delay function, the only known delay function that offers both sufficient structure for realizing these two notions and a realistic level of practicality is the ``iterated squaring'' construction of Rivest, Shamir and Wagner. This construction, however, is based on rather strong assumptions in groups of hidden orders, such as the RSA group...

2020/196 (PDF) Last updated: 2022-03-01
Trustless unknown-order groups
Samuel Dobson, Steven D. Galbraith, Benjamin Smith
Cryptographic protocols

Groups whose order is computationally hard to compute have important applications including time-lock puzzles, verifiable delay functions, and accumulators. Many applications require trustless setup: that is, not even the group's constructor knows its order. We argue that the impact of Sutherland's generic group-order algorithm has been overlooked in this context, and that current parameters do not meet claimed security levels. We propose updated parameters, and a model for security levels...

2020/151 (PDF) Last updated: 2022-07-20
Breaking the decisional Diffie-Hellman problem for class group actions using genus theory -- extended version
Wouter Castryck, Jana Sotáková, Frederik Vercauteren
Public-key cryptography

In this paper, we use genus theory to analyze the hardness of the decisional Diffie-Hellman problem for ideal class groups of imaginary quadratic orders acting on sets of elliptic curves through isogenies (DDH-CGA). Such actions are used in the Couveignes-Rostovtsev-Stolbunov protocol and in CSIDH. Concretely, genus theory equips every imaginary quadratic order $\mathcal{O}$ with a set of assigned characters $\chi : \text{cl}(\mathcal{O}) \to \{ \pm 1\}$, and for each such character and...

2020/084 (PDF) Last updated: 2021-09-09
Bandwidth-efficient threshold EC-DSA
Guilhem Castagnos, Dario Catalano, Fabien Laguillaumie, Federico Savasta, Ida Tucker
Cryptographic protocols

Threshold Signatures allow n parties to share the power of issuing digital signatures so that any coalition of size at least (t+1) can sign, whereas groups of t or less players cannot. Over the last few years many schemes addressed the question of realizing efficient threshold variants for the specific case of EC-DSA signatures. In this paper we present new solutions to the problem that aim at reducing the overall bandwidth consumption. Our main contribution is a new variant of the Gennaro...

2020/013 (PDF) Last updated: 2020-01-06
On the Cryptographic Hardness of Local Search
Nir Bitansky, Idan Gerichter
Foundations

We show new hardness results for the class of Polynomial Local Search problems ($\mathsf{PLS}$): * Hardness of $\mathsf{PLS}$ based on a falsifiable assumption on bilinear groups introduced by Kalai, Paneth, and Yang (STOC 2019), and the Exponential Time Hypothesis for randomized algorithms. Previous standard model constructions relied on non-falsifiable and non-standard assumptions. * Hardness of $\mathsf{PLS}$ relative to random oracles. The construction is essentially different than...

2019/1252 (PDF) Last updated: 2019-12-24
Simplifying Constructions and Assumptions for $i\mathcal{O}$
Aayush Jain, Huijia Lin, Amit Sahai
Public-key cryptography

The existence of secure indistinguishability obfuscators ($i\mathcal{O}$) has far-reaching implications, significantly expanding the scope of problems amenable to cryptographic study. A recent line of work [Ananth, Jain, and Sahai, 2018; Aggrawal, 2018; Lin and Matt, 2018; Jain, Lin, Matt, and Sahai, 2019] has developed a new theory for building $i\mathcal{O}$~from simpler building blocks, and represents the state of the art in constructing $i\mathcal{O}$~from succinct and...

2019/1229 (PDF) Last updated: 2022-06-29
Transparent SNARKs from DARK Compilers
Benedikt Bünz, Ben Fisch, Alan Szepieniec
Cryptographic protocols

We construct a new polynomial commitment scheme for univariate and multivariate polynomials over finite fields, with logarithmic size evaluation proofs and verification time, measured in the number of coefficients of the polynomial. The underlying technique is a Diophantine Argument of Knowledge (DARK), leveraging integer representations of polynomials and groups of unknown order. Security is shown from the strong RSA and the adaptive root assumptions. Moreover, the scheme does not require a...

2019/1209 (PDF) Last updated: 2020-06-04
On collisions related to an ideal class of order 3 in CSIDH
Hiroshi Onuki, Tsuyoshi Takagi
Public-key cryptography

CSIDH is an isogeny-based key exchange, which is a candidate for post quantum cryptography. It uses the action of an ideal class group on Fp-isomorphic classes of supersingular elliptic curves. In CSIDH, the ideal classes are represented by vectors with integer coefficients. The number of ideal classes represented by these vectors de- termines the security level of CSIDH. Therefore, it is important to investigate the correspondence between the vectors and the ideal classes. Heuristics show...

2019/978 (PDF) Last updated: 2020-10-16
Strength in Numbers: Improving Generalization with Ensembles in Profiled Side-channel Analysis
Guilherme Perin, Lukasz Chmielewski, Stjepan Picek
Applications

The adoption of deep neural networks for profiled side-channel attacks provides powerful options for leakage detection and key retrieval of secure products. When training a neural network for side-channel analysis, it is expected that the trained model can implement an approximation function that can detect leaking side-channel samples and, at the same time, be insensible to noisy (or non-leaking) samples. This outlines a generalization situation where the model can identify the main...

2019/608 (PDF) Last updated: 2019-08-12
Symmetric Primitives with Structured Secrets
Navid Alamati, Hart Montgomery, Sikhar Patranabis
Foundations

Securely managing encrypted data on an untrusted party is a challenging problem that has motivated the study of a variety of cryptographic primitives. A special class of such primitives allows an untrusted party to transform a ciphertext encrypted under one key to a ciphertext under another key, using some auxiliary information that does not leak the underlying data. Prominent examples of such primitives in the symmetric-key setting are key-homomorphic PRFs, updatable encryption, and proxy...

2019/576 (PDF) Last updated: 2020-04-28
On Group-Characterizability of Homomorphic Secret Sharing Schemes
Reza Kaboli, Shahram Khazaei, Maghsoud Parviz
Foundations

A group-characterizable (GC) random variable is induced by a finite group, called main group, and a collection of its subgroups [Chan and Yeung 2002]. The notion extends directly to secret sharing schemes (SSS). It is known that multi-linear SSSs can be equivalently described in terms of GC ones. The proof extends to abelian SSSs, a more powerful generalization of multi-linear schemes, in a straightforward way. Both proofs are fairly easy considering the notion of dual for vector spaces and...

2019/503 (PDF) Last updated: 2020-07-09
Two-Party ECDSA from Hash Proof Systems and Efficient Instantiations
Guilhem Castagnos, Dario Catalano, Fabien Laguillaumie, Federico Savasta, Ida Tucker
Cryptographic protocols

ECDSA is a widely adopted digital signature standard. Unfortunately, efficient distributed variants of this primitive are notoriously hard to achieve and known solutions often require expensive zero knowledge proofs to deal with malicious adversaries. For the two party case, Lindell [Lin17] recently managed to get an efficient solution which, to achieve simulation-based security, relies on an interactive, non standard, assumption on Paillier's cryptosystem. In this paper we generalize...

2019/056 (PDF) Last updated: 2019-01-25
Obfuscating simple functionalities from knowledge assumptions
Ward Beullens, Hoeteck Wee

This paper shows how to obfuscate several simple functionalities from a new Knowledge of OrthogonALity Assumption (KOALA) in cyclic groups which is shown to hold in the Generic Group Model. Specifically, we give simpler and stronger security proofs for obfuscation schemes for point functions, general-output point functions and pattern matching with wildcards. We also revisit the work of Bishop et al. (CRYPTO 2018) on obfuscating the pattern matching with wildcards functionality. We improve...

2018/926 (PDF) Last updated: 2019-05-14
Hard Isogeny Problems over RSA Moduli and Groups with Infeasible Inversion
Salim Ali Altug, Yilei Chen

We initiate the study of computational problems on elliptic curve isogeny graphs defined over RSA moduli. We conjecture that several variants of the neighbor-search problem over these graphs are hard, and provide a comprehensive list of cryptanalytic attempts on these problems. Moreover, based on the hardness of these problems, we provide a construction of groups with infeasible inversion, where the underlying groups are the ideal class groups of imaginary quadratic orders. Recall that in a...

2018/842 (PDF) Last updated: 2018-09-20
Attribute-Based Signatures for Unbounded Languages from Standard Assumptions
Yusuke Sakai, Shuichi Katsumata, Nuttapong Attrapadung, Goichiro Hanaoka

Attribute-based signature (ABS) schemes are advanced signature schemes that simultaneously provide fine-grained authentication while protecting privacy of the signer. Previously known expressive ABS schemes support either the class of deterministic finite automata and circuits from standard assumptions or Turing machines from the existence of indistinguishability obfuscations. In this paper, we propose the first ABS scheme for a very general policy class, all deterministic Turin machines,...

2018/791 (PDF) Last updated: 2018-09-01
Practical Fully Secure Unrestricted Inner Product Functional Encryption modulo $p$
Guilhem Castagnos, Fabien Laguillaumie, Ida Tucker
Cryptographic protocols

Functional encryption is a modern public-key cryptographic primitive allowing an encryptor to finely control the information revealed to recipients from a given ciphertext. Abdalla, Bourse, De Caro, and Pointcheval (PKC 2015) were the first to consider functional encryption restricted to the class of linear functions, i.e. inner products. Though their schemes are only secure in the selective model, Agrawal, Libert, and Stehlé (CRYPTO 16) soon provided adaptively secure schemes for the same...

2018/705 (PDF) Last updated: 2020-03-24
Subvector Commitments with Application to Succinct Arguments
Russell W. F. Lai, Giulio Malavolta

We put forward the notion of subvector commitments (SVC): An SVC allows one to open a committed vector at a set of positions, where the opening size is independent of length of the committed vector and the number of positions to be opened. We propose two constructions under variants of the root assumption and the CDH assumption, respectively. We further generalize SVC to a notion called linear map commitments (LMC), which allows one to open a committed vector to its images under linear maps...

2018/623 (PDF) Last updated: 2022-10-26
Efficient verifiable delay functions
Benjamin Wesolowski
Cryptographic protocols

We construct a verifiable delay function (VDF). A VDF is a function whose evaluation requires running a given number of sequential steps, yet the result can be efficiently verified. They have applications in decentralised systems, such as the generation of trustworthy public randomness in a trustless environment, or resource-efficient blockchains. To construct our VDF, we actually build a trapdoor VDF. A trapdoor VDF is essentially a VDF which can be evaluated efficiently by parties who know...

2018/037 (PDF) Last updated: 2018-01-08
Weakly Secure Equivalence-Class Signatures from Standard Assumptions
Georg Fuchsbauer, Romain Gay

Structure-preserving signatures on equivalence classes, or equivalence-class signatures for short (EQS), are signature schemes defined over bilinear groups whose messages are vectors of group elements. Signatures are perfectly randomizable and given a signature on a vector, anyone can derive a signature on any multiple of the vector; EQS thus sign projective equivalence classes. Applications of EQS include the first constant-size anonymous attribute-based credentials, efficient round-optimal...

2017/1029 (PDF) Last updated: 2018-03-28
Efficient Designated-Verifier Non-Interactive Zero-Knowledge Proofs of Knowledge
Pyrros Chaidos, Geoffroy Couteau
Public-key cryptography

We propose a framework for constructing efficient designated-verifier non-interactive zero-knowledge proofs (DVNIZK) for a wide class of algebraic languages over abelian groups, under standard assumptions. The proofs obtained via our framework are proofs of knowledge, enjoy statistical, and unbounded soundness (the soundness holds even when the prover receives arbitrary feedbacks on previous proofs). Previously, no efficient DVNIZK system satisfying any of those three properties was known....

2017/796 (PDF) Last updated: 2017-09-15
Lightweight Symmetric-Key Hidden Vector Encryption without Pairings
Sikhar Patranabis, Debdeep Mukhopadhyay
Cryptographic protocols

Hidden vector encryption (HVE), introduced by Boneh and Waters in TCC'07, is an expressive sub-class of predicate encryption, that allows conjunctive, subset, range and comparison queries over encrypted data. All existing HVE constructions in the cryptographic literature use bilinear pairings over either composite order or prime order groups. In this paper, we address the open problem of constructing a lightweight symmetric-key HVE scheme that does not use bilinear pairings, but only...

2017/343 (PDF) Last updated: 2017-04-21
Towards a Classification of Non-interactive Computational Assumptions in Cyclic Groups
Essam Ghadafi, Jens Groth
Foundations

We study non-interactive computational intractability assumptions in prime-order cyclic groups. We focus on the broad class of computational assumptions, which we call target assumptions, where the adversary's goal is to compute a concrete group element and investigate the structure of this class. Our analysis identifies two families of intractability assumptions, the $q$-Generalized Diffie-Hellman Exponent assumptions and the $q$-Simple Fractional assumptions that imply all other target...

2017/151 (PDF) Last updated: 2017-06-23
Practical Functional Encryption for Quadratic Functions with Applications to Predicate Encryption
Carmen Elisabetta Zaira Baltico, Dario Catalano, Dario Fiore, Romain Gay
Public-key cryptography

We present two practically efficient functional encryption schemes for a large class of quadratic functionalities. Specifically, our constructions enable the computation of so-called bilinear maps on encrypted vectors. This represents a practically relevant class of functions that includes, for instance, multivariate quadratic polynomials (over the integers). Our realizations work over asymmetric bilinear groups and are surprisingly efficient and easy to implement. For instance, in our most...

2016/1104 (PDF) Last updated: 2016-11-23
Practical Functional Encryption for Bilinear Forms
Carmen Elisabetta Zaira Baltico, Dario Catalano, Dario Fiore
Public-key cryptography

We present a practically efficient functional encryption scheme for the class of functionalities that can be expressed via bilinear forms over the integers. Bilinear forms are a general class of quadratic functions that includes, for instance, multivariate quadratic polynomials. Our realization works over asymmetric bilinear groups and is surprisingly simple, efficient and easy to implement. For instance, in our scheme the public key and each ciphertext consist of $2n+1$ and $4n+2$ group...

2016/531 (PDF) Last updated: 2018-06-11
Reducing number field defining polynomials: An application to class group computations
Alexandre Gélin, Antoine Joux

In this paper, we describe how to compute smallest monic polynomials that define a given number field $\mathbb K$. We make use of the one-to-one correspondence between monic defining polynomials of $\mathbb K$ and algebraic integers that generate $\mathbb K$. Thus, a smallest polynomial corresponds to a vector in the lattice of integers of $\mathbb K$ and this vector is short in some sense. The main idea is to consider weighted coordinates for the vectors of the lattice of integers of...

2015/715 (PDF) Last updated: 2015-12-01
New Circular Security Counterexamples from Decision Linear and Learning with Errors
Allison Bishop, Susan Hohenberger, Brent Waters
Foundations

We investigate new constructions of n-circular counterexamples with a focus on the case of n=2. We have a particular interest in what qualities a cryptosystem must have to be able to separate such circular security from IND-CPA or IND-CCA security. To start, we ask whether there is something special about the asymmetry in bilinear groups that is inherent in the works of ABBC10 and CGH12 or whether it is actually the bilinearity that matters. As a further question, we explore whether such...

2015/446 (PDF) Last updated: 2015-05-09
On the Amortized Complexity of Zero-knowledge Protocols
Ronald Cramer, Ivan Damgård, Marcel Keller
Cryptographic protocols

We propose a general technique that allows improving the complexity of zero-knowledge protocols for a large class of problems where previously the best known solution was a simple cut-and-choose style protocol, i.e., where the size of a proof for problem instance $x$ and error probability $2^{-n}$ was $O(|x| n)$ bits. By using our technique to prove $n$ instances simultaneously, we can bring down the proof size per instance to $O(|x| + n)$ bits for the same error probability while using no...

Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.