Browse Proceedings

At Eurocrypt 2017, the Even-Mansour (EM) cipher was modified to thwart the attack using Simon’s algorithm: replace the XOR operation with modular addition. We call it Even-Mansour+ (EM+) cipher. Kuperberg’s algorithm can recover the key of EM+ in ...${\mathrm{}}^{\mathrm{}\sqrt{}}$

Block ciphers are often used as building blocks for one-way compression functions, which in turn, can be employed to construct hash functions. Two well-known important methods in the design of one-way compression function from block ciphers are ...

At ASIACRYPT 2021, Phil Hebborn et al., developed a powerful theory for block ciphers against integral distinguishers under the assumption of independent round keys and a whitening key XORed with the full state. Nevertheless, for certain block ...

The Ascon cipher suite has recently become the preferred standard in the NIST Lightweight Cryptography standardization process. Despite its prominence, the initial dedicated security analysis for the Ascon mode was conducted quite recently. This ...${\mathrm{}}^{}{\mathrm{}}^{}$$$$$${\mathrm{}}^{}$

In this paper, we evaluate the security against differential attacks for three important stream ciphers: SNOW-V, SNOW-Vi and KCipher-2. SNOW-V and SNOW-Vi are proposed as standard encryption schemes for the 5G mobile communication system, while ...

Type-II Generalized Feistel Structures are widely used to design block ciphers benefit from their simplicity and high parallelism. However, there is a trade-off between efficiency (i.e. the number of rounds) and compactness (i.e. the partition ...

Floating-point fully homomorphic encryption (FPFHE) supports arbitrary computation on ciphertexts and yields approximate results. On one hand, for the state-of-the-art, the CKKS-like scheme (Jutla et al., EUROCRYPT 2022) achieves a precision of ...

The NTRU problem has proven a useful building block for efficient bootstrapping in Fully Homomorphic Encryption (FHE) schemes, and different such schemes have been proposed. FINAL (ASIACRYPT 2022) first constructed FHE using homomorphic ...

Fully homomorphic encryption (FHE) enables users to process encrypted data, while preserving data privacy throughout the data computation process. It develops ways to privately execute neural networks. Although bit-wise FHE over the torus (TFHE) ...$\mathrm{}\mathrm{}\mathrm{}$$\mathrm{}$${}_{\mathit{}}\mathrm{}$$\mathcal{}\mathrm{}$$\mathrm{}$

In this work we present ${\displaystyle \mathsf{HERatio}}$, a homomorphic encryption scheme that builds on the scheme of Brakerski, and Fan and Vercauteren. Our scheme naturally accepts Laurent polynomials as inputs, allowing it to work with rationals via their bounded base-...

Fully homomorphic encryption (FHE) allows for computation on encrypted data, providing effective privacy protection in data processing scenarios such as cloud computing and machine learning. However, the efficiency and storage overhead of the FHE ...

This paper proposes two polynomial approximation methods for general step functions to tackle this problem. The first method leverages the fact that any step function can be expressed as a linear combination of shifted sign functions. This ...${}_{}{}_{\mathrm{}}{}_{\mathrm{}}$${}_{}$

Attribute-based encryption (ABE) is an important technology in building access control systems with precise control and scalability. In an ABE system, there exists a private key generator (PKG) that issues all private keys. The PKG has a ...

Public key encryption with equality test, proposed by Yang et al. (CT-RSA 2010), allows anyone to check whether two ciphertexts of distinct public keys are encryptions of the same plaintext or not using trapdoors, and identity-based encryption ...$\mathsf{}\mathsf{}$$\mathsf{}\mathsf{}$$\mathsf{}\mathsf{}$$\mathsf{}\mathsf{}$$\mathsf{}\mathsf{}$$\mathsf{}$$\mathsf{}\mathsf{}$$\mathsf{}\mathsf{}$$\mathsf{}$$\mathsf{}\mathsf{}$$\mathsf{}$$\mathsf{}\mathsf{}$$\mathsf{}\mathsf{}$$\mathsf{}$

Publicly Verifiable Symmetric Searchable Encryption (PV-SSE) enables a client to delegate verification process of search results to an auditor without revealing private information. However, most of existing PV-SSE schemes are only designed for ...

Updatable encryption (UE) is a special type of symmetric-key encryption (SKE) that allows a third party to update ciphertexts while protecting plaintexts. Alamati et al. (CRYPTO 2019) showed a curious connection between UE and public-key ...

Non-malleable codes are designed to provide security of highly sensitive data against tampering attacks where traditional error correction and error detection codes fail. An attacker can perform tampering experiment on the codeword but non-...

Identity-based signatures (IBS) allow the signer’s identity information to be used as the public key for signature verification, eliminating the need for managing certificates to establish ownership of the corresponding public key. The Schnorr-...

Threshold ring signatures (TRS) allow several signers to sign the same message on behalf of a group. This scheme is fully anonymity in that a signature reveals the number of signers who created the signature but tells nothing about the identity of ...

Threshold signature is a powerful cryptographic technique with a large number of real-life applications. As designed by Boneh and Komlo (CRYPTO’22), TAPS is a new threshold signature integrating privacy and accountability. It allows a combiner to ...

The window $\tau$-adic non-adjacent form (window $\tau$NAF) was initially proposed by Solinas in 2000 as a method to calculate scalar multiplication on the Koblitz curves. To ensure the correctness of the window $\tau$NAF, Blake, Murty, and Xu demonstrated that ...${}_{}{\mathbb{}}_{{\mathrm{}}^{}}$$$$$$$$$$$$\mathrm{}$${}_{\mathrm{}}$

Pairings are useful tools in cryptography and efficient implementations play a critical role in their usage, where Miller’s algorithms are the main method for all pairings. As an alternative approach, elliptic nets were first employed to evaluate ...$\mathrm{}{\mathsf{}}^{}$

A good differential is a start for a successful differential attack. However, a differential might be invalid, i.e., there is no right pair following the differential due to some contradictions in the conditions imposed by the differential. In ...