We propose a generic compiler that can convert any zero-knowledge (ZK) proof for SIMD circuits to general circuits efficiently, and an extension that can preserve the space complexity of the proof systems. Our compiler can immediately produce new ...

We describe in this paper how to perform a padding oracle attack against the GlobalPlatform SCP02 protocol. SCP02 is implemented in smart cards and used by transport companies, in the banking world and by mobile network operators (UICC/SIM cards). ...

This paper studies several building blocks needed for electronic voting in order to prepare for the post-quantum era. In particular, we present lattice-based constructions for a generic zero-knowledge (ZK) proof of ballot correctness, a ZK proof ...

Homomorphic encryption (HE) protects data in-use, but can be computationally expensive. To avoid the costly bootstrapping procedure that refreshes ciphertexts, some works have explored client-aided outsourcing protocols, where the client ...

Hashing arbitrary values to points on an elliptic curve is a required step in many cryptographic constructions. One of the first techniques was due to Shallue and van de Woestijne (ANTS-VII), and applied to essentially all elliptic curves over ...${\mathbb{}}_{}{\mathbb{}}_{}$${\mathfrak{}}_{\mathrm{}}{\mathfrak{}}_{\mathrm{}}$${\mathbb{}}_{}$${\mathfrak{}}_{\mathrm{}}{\mathfrak{}}_{\mathrm{}}$${{}_{}}_{{\mathbb{}}_{}}$${\mathfrak{}}_{\mathrm{}}{\mathfrak{}}_{\mathrm{}}$${\mathbb{}}_{}$${}_{{\mathfrak{}}_{\mathrm{}}}{\mathfrak{}}_{\mathrm{}}$

In this paper, we present a new representation of the AES key schedule, with some implications to the security of AES-based schemes. In particular, we show that the AES-128 key schedule can be split into four independent parallel computations ...

Cryptographic group actions are a relaxation of standard cryptographic groups that have less structure. This lack of structure allows them to be plausibly quantum resistant despite Shor’s algorithm, while still having a number of applications. The ...

This paper presents a procedure to construct parameterized families of prime-order endomorphism-equipped elliptic curves that are defined over the scalar field of pairing-friendly elliptic curve families such as Barreto–Lynn–Scott (BLS), Barreto–...

Combinatorial attacks on small max norm LWE keys suffer enormous memory requirements, which render them inefficient in realistic attack scenarios. Therefore, more memory-efficient substitutes for these algorithms are needed. In this work, we ...${\mathrm{}}^{\mathrm{}}$${\mathrm{}}^{\mathrm{}}$${}^{}$$\mathrm{}\mathrm{}$${\mathrm{}\mathrm{}}^{}$${\mathrm{}}^{\mathrm{}}$${\mathrm{}}^{\mathrm{}}$

It is well-known that randomness is essential for secure cryptography. The randomness used in cryptographic primitives is not necessarily recoverable even by the party who can, e.g., decrypt or recover the underlying secret/message. Several ...${\mathsf{}}^{\mathrm{}}$${\mathsf{}}^{\mathrm{}}$

Boomerang attacks are extensions of differential attacks that make it possible to combine two unrelated differential properties of the first and second part of a cryptosystem with probabilities p and q into a new differential-like property of the ...${}^{\mathrm{}}{}^{\mathrm{}}$${}^{\mathrm{}}$${\mathrm{}}^{\mathrm{}}$${\mathrm{}}^{\mathrm{}}$${\mathrm{}}^{\mathrm{}}$

We construct the first actively-secure Multi-Party Computation (MPC) protocols with an arbitrary number of parties in the dishonest majority setting, for an arbitrary field $\mathbb{F}$ with constant communication overhead over the “passive-GMW” protocol (...${\mathcal{}}_{}$${\mathcal{}}_{}$$\mathcal{}$$\mathcal{}$$\mathcal{}$${\mathcal{}}_{}$${\mathcal{}}_{}$

Chameleon-hash functions, introduced by Krawczyk and Rabin (NDSS’00), are trapdoor collision-resistant hash functions parametrized by a public key. If the corresponding secret key is known, arbitrary collisions for the hash function can be found ...

We present new protocols for Asynchronous Verifiable Secret Sharing for Shamir (i.e., threshold $t<n$) sharing of secrets. Our protocols:

• Use only “lightweight” cryptographic primitives, such as hash functions;
• Can share secrets over rings such as Z/(...

Two of the most useful cryptographic primitives that can be constructed from one-way functions are pseudorandom generators (PRGs) and universal one-way hash functions (UOWHFs). In order to implement them in practice, the efficiency of such ...

We put forward two natural generalizations of predicate encryption (PE), dubbed multi-key and multi-input PE. More in details, our contributions are threefold.

• Definitions. We formalize security of multi-key PE and multi-input PE following the ...

A hinting pseudorandom generator (PRG) is a potentially stronger variant of PRG with a “deterministic” form of circular security with respect to the seed of the PRG (Koppula and Waters, in: Boldyreva and Micciancio (eds) CRYPTO 2019, Part II, ...

A common strategy for constructing multivariate encryption schemes is to use a central map that is easy to invert over an extension field, along with a small number of modifications to thwart potential attacks. In this work, we study the ...${}^{}$${}_{}$${}^{}$

Competitions are widely viewed as the safest way to select cryptographic algorithms. This paper surveys procedures that have been used in cryptographic competitions, and analyzes the extent to which those procedures reduce security risks.

Driven by the open problem raised by Hofheinz and Kiltz (J Cryptol 25(3):484–527, 2012), we study the formalization of lattice-based programmable hash function (PHF) and give three types of concrete constructions by using several techniques such ...