cryptography

When you use a cryptocurrency exchange, the flow is simple: you send coins to an address, and the service sends different coins back. But there's a gap. Between sending your deposit and receiving your payout, you're trusting the service completely. There's no contract, no proof, no verifiable commitment. The service could change the rate, swap the destination, or simply not pay out — and you'd ha…

The Recording Standard Oracle with Errors (RstOE) technique is an important tool for quantum security proofs in symmetric-key cryptography. However, against adaptive quantum chosen-plaintext adversaries, traditional RstOE-based proofs may suffer from the ``trivialization of norm” problem. This issue arises from three main causes: the delayed evaluation of bad events, the presence of unrecorded ex…

Fully homomorphic encryption is a promising cryptographic primitive for privacy-preserving computation, yet bootstrapping remains the primary bottleneck for its practical deployment. For the CKKS scheme, the dominant cost of bootstrapping arises from the homomorphic evaluation of the Discrete Fourier Transform (DFT) and its inverse. Existing approaches realize these operations as matrix-vector pr…

Isogeny-based cryptography is a kind of cryptography whose security relies on the computational hardness of the isogeny problem. This field is gaining attention as a promising candidate for post-quantum cryptography. Among the notable schemes within this category is SQIsign, a signature schemes that has been submitted to the NIST Post-Quantum Cryptography Standardization competition. In this pape…

Identity-Based Encryption (IBE) schemes were introduced to simplify public-key infrastructure by using any arbitrary strings as public keys. However, a longstanding criticism of IBE is the trade-off inherent in the ``key escrow'' problem: the design of IBE ensures that the authority possesses a master secret key that allows it to generate secret keys for any identity and, consequently, decrypt an…

Fungible tokens on public blockchains expose all balances and transfer amounts in the clear, which is incompatible with the financial privacy required by many real-world applications. We present Merces a confidential token contract that hides user balances and transaction amounts while preserving on-chain verifiability. The core idea is to store secret shares of balances within a decentralized MP…

With the expansion of Machine Learning as a Service (MLaaS), Secure Multi-Party Computation (MPC) is widely used to protect the privacy of both proprietary models and client data during inference. To achieve practical performance, these protocols typically rely on fixed-point arithmetic over finite rings. However, this design choice introduces a unique arithmetic vulnerability: silent modular wra…

Group signatures are one of the central privacy-preserving authentication mechanisms, offering an interesting trade-off between accountability and anonymity. Their versatility has led to many applications and even standardization at ISO/IEC. Unfortunately, they lack so far efficient quantum-safe constructions, despite several works implementing the seminal framework by Bellare, Micciancio and War…

This work establishes cFHE (compressed FHE), a unified analytical and empirical framework that integrates low-rank matrix factorization techniques into the CKKS homomorphic encryption scheme. Theoretical bounds are derived for the accumulation of relative error across sequences of factorized matrices, leading to an explicit expression for the attainable computation depth as a function of target …

A lookup argument is a cryptographic primitive that allows a prover to convince verifiers that every element of a private query vector belongs to a public table vector without disclosing the underlying data. It can enforce correct instruction execution in zero-knowledge virtual machines and serve as an important supplement to zero-knowledge succinct non-interactive arguments of knowledge (zkSNARK…

Let $n$ be a positive integer, given 2 column vectors $a$ and $c$ such that $B = a \cdot c^T$ is an $n \times n$ matrix. Assuming the elements are in finite field, how difficult is factoring $B$? ...

We study the local leakage resilience of $t$-out-of-$n$ threshold secret sharing schemes. We present a remarkably simple, perfectly correct attack that fully breaks any scheme with linear reconstruction over a finite field using $\lg t + \mathcal{O}(1)$ bits of leakage per share. In particular, this yields concretely efficient attacks on additive secret sharing and on Shamir’s scheme for arbitrar…

Exact fixed-point multiplication over $\mathbb{Z}_{2^k}$ is a fundamental primitive for secure fixed-point arithmetic. However, in the honest-majority, maliciously secure 3PC setting, no prior work simultaneously provides cross-ring compatibility, exact semantics, and malicious security within this efficient framework. In this paper, we address this gap by showing that the core cross-ring bottlen…

The transition from classical public-key cryptography to post-quantum cryptography introduces protocol-level risks that are not fully addressed by configuration review, performance benchmarking, or endpoint reachability testing. Under the current abstraction, deployments may appear operationally correct while still permitting secrecy, authentication, or forward-secrecy violations at the protocol …

When the number field sieve (NFS) is applied to integer factorization, there is a crystal clear reason you need two number fields. We need $$X^2 \equiv Y^2 \bmod N$$ where e.g. $$X^2 \equiv ...

The paper introduces SOLMAE, a lightweight post-quantum signature scheme that follows the traditional hash-and-sign paradigm of Gentry–Peikert–Vaikuntanathan and is instantiated over NTRU lattices using hybrid Gaussian samplers. As a natural successor to earlier designs including Falcon, Mitaka and Antrag, SOLMAE combines the strengths of these approaches. In particular, SOLMAE positions itself a…

Nowadays, governments are world-wide pushing towards building infrastructures to intercept, decrypt and prevent communications among citizens with the goal of catching criminals. The recent notion of anamorphic encryption proposed by Persiano et al. [Eurocrypt 2022] faces the risks of abuses derived from such infrastructures that could be maliciously leveraged to realize the phantom menace of lar…

Garbled circuits are a fundamental primitive in cryptography. While the size of garbled circuits in Yao's original scheme grows linearly with the circuit size, a recent line of work on stacked garbling (SGC) [Heath-Kolesnikov, CRYPTO'20] has achieved near-sublinear size for branching computations, based only on one-way functions. Specifically, these schemes achieve garbled size growing only with …

We formally define Threshold Signatures as-a-Service (TSaaS), in which the honest parties performing the threshold signature respond only to the signing requests of a designated client. This model captures the mainstream industrial use case of threshold signatures which is to implement Wallets as-a-Service. This new model allows for optimizations of existing threshold signature schemes, in parti…