cryptography

Ordinary code is judged on whether it produces the right answer. Cryptographic code is held to a stranger standard: it must produce the right answer in exactly the same amount of time, no matter what the secret data is. Violate that rule and an attacker who can only measure how long your code runs can, given enough samples, recover the key it was protecting. This is why crypto libraries are full …

A garbling scheme encodes a function and an input into two independent artifacts from which the output can be recovered, but nothing else is revealed. This clean separation between function and input has made garbling one of the most versatile primitives in cryptography. Yet it hides an asymmetry that has gone largely unexamined: while the input is cryptographically protected, the function is ful…

Pseudo-random correlation generators based on the Quasi-Abelian syndrome decoding problem were first attacked in an article published at Asiacrypt~2025, using compressed sensing. In this paper, we revisit the security of the problem using a more traditional cryptanalytic tool, namely correlation attacks. As a result, we get a new cryptanalysis which outperforms the attack from Asiac…

Threshold cryptography distributes trust among multiple parties by enabling joint cryptographic operations without reconstructing secret keys. While post-quantum signature schemes based on the MPC-in-the-Head (MPCitH) paradigm are highly generic, recent impossibility results show that their thresholdization either incurs prohibitive distributed symmetric computations or leads to signature sizes g…

Cryptocurrency lending is growing rapidly, and smart-contract-based loans are expected to grow further. However, existing systems are fundamentally limited: they only operate on smart-contract-enabled blockchains, and assets from other blockchains can be used only via tokenized representations. In this work, we propose an oracle-aided cryptographic protocol that implements the logic of collatera…

The concrete security of multivariate post-quantum signature schemes is coming under increasing scrutiny as the NIST standardisation process for additional signatures approaches its final stages. Among the leading candidates, the security of MAYO and QR-UOV relies on the hardness of the underdetermined multivariate quadratic (MQ) problem. This work revisits Hashimoto's algorithm for solving u…

A robust combiner for a cryptographic primitive $P$ takes multiple candidate constructions of $P$ and produces a secure construction of $P$ provided that sufficiently many of the candidates are secure. A closely related notion is that of a security amplifier, where given a weakly secure construction of $P$, we aim to obtain a (strongly) secure one. Intuitively, one may expect that any robust comb…

The SHA-2 family is a U.S. federal standard and mainly includes SHA-256 and SHA-512. In particular, SHA-256 plays a central role in real-world applications and is widely regarded as one of the most important hash functions in use today. At CRYPTO 2026, Li et al. proposed collision attacks up to 37-step SHA-2, but they could not reach 38 steps due to the low-probability uncontrolled part in the c…

Pre-constructed Publicly Verifiable Secret Sharing (PPVSS) extends conventional Publicly Verifiable Secret Sharing (PVSS) by requiring the dealer to publish a commitment or encryption of the shared secret, enabling more efficient and versatile constructions for a variety of cryptographic protocols. In this paper, we further enhance this paradigm by introducing Packed Pre-constructed PVSS (3PVSS),…

I am a cryptography student working on a university project related to cryptographic random key generation from physical entropy sources. I want to design and implement a TRNG-like (True Random Number ...

This paper introduces AuditPay, a novel mechanism for blockchain mixers that enables controlled oversight through an ``auditing budget.’’ Auditors may monitor up to a budgeted number of addresses per epoch (e.g., an hour or a day), without revealing to users which addresses are monitored. Unlike traditional approaches that require users to voluntarily disclose viewing keys to trusted gatekeepers,…

My current Apache version in use: # apache2 -version Server version: Apache/2.4.67 (Debian) Server built: 2026-05-06T09:07:41 I would like to know if and how is it possible to enable PQC (Post-...

Revocable and linkable ring signatures ($\mathsf{RLRS}$) provide a practical mechanism for controllable anonymity, enabling a revocation authority (RA) to mandatorily revoke the anonymity of the real signer. However, existing constructions often rely on the assumption of a fully trusted RA, where the correctness of the revocation is not publicly verifiable rendering honest users vulnerable to und…

End-to-end encryption (E2EE) provides strong confidentiality guarantees to users by preventing service providers from accessing their data. At the same time, it introduces new operational challenges, most notably the restoration of an E2EE-protected backup on a new device after loss of the original device. In recent years, major instant messengers have deployed increasingly sophisticated key-retr…

Stateful hash-based signature schemes such as XMSS and LMS are increasingly important in post-quantum cryptographic deployments, yet their verification paths remain difficult to fuzz effectively because key generation is substantially more expensive than verification. This paper presents a structured libFuzzer methodology for testing stateful hash-based signature verification in liboqs. The propo…

Minimizing round complexity is a central goal in secure Multi-Party Computation (MPC), particularly for deployment on high-latency networks. While constant-round protocols with concrete efficiency have been constructed, they are typically designed for Boolean circuits and each gate incurs a bandwidth cost linear in the security parameter. Moreover, for arithmetic-heavy applications such as privac…

Designing a secure symmetric-key cipher over a vector space over a field $\mathbb F_{p^n}^t$ is well known and understood by the cryptographic community. Even if the attacks are continuously improving, our current understanding regarding the design and security of the majority of the symmetric-key primitives has not fundamentally changed in the last 20 years. How does this picture change when we…

Few-time signatures cap how many signatures a signer can safely issue. Jevil is, to our knowledge, the first post-quantum and transparent (setup-free) few-time signature scheme with a sharp key-recovery cliff: its cap is enforced by a single sharp threshold rather than a slow slope. Signatures one through $n^{\star}$ are existentially unforgeable at approximately $124$-bit classical security; at …

Anthropic's Mythos model can autonomously find zero-day vulnerabilities. Their CVD disclosure process uses manual SHA-3-512 hash commitments to prove findings existed. I built something that automates that in one line of Python. What AetherProof does One function call generates a 128-byte Ed25519-signed receipt that proves: What model ran — FNV-1a hash of provider/model ID What it produced — hash…