## In this issue

1. [2023/808] Generic-Group Lower Bounds via Reductions Between ...
2. [2023/1525] Committing AE from Sponges: Security Analysis of ...
3. [2024/272] Deep Learning Based Analysis of Key Scheduling ...
4. [2024/273] Information-Theoretic Homomorphic Encryption and ...
5. [2024/274] Amortized Large Look-up Table Evaluation with ...
6. [2024/275] The Multi-user Constrained PRF Security of ...
7. [2024/276] Reduce and Prange: Revisiting Prange's Information ...
8. [2024/277] Fault Attacks on UOV and Rainbow
9. [2024/278] Circle STARKs
10. [2024/279] Polynomial-Time Key-Recovery Attack on the ${\tt ...
11. [2024/280] HARTS: High-Threshold, Adaptively Secure, and ...
12. [2024/281] Polynomial Commitments from Lattices: Post-Quantum ...
13. [2024/282] A Concrete Analysis of Wagner's $k$-List Algorithm ...
14. [2024/283] Toward Malicious Constant-Rate 2PC via Arithmetic ...
15. [2024/284] Practical Improvements to Statistical Ineffective ...
16. [2024/285] Mirrored Commitment: Fixing ``Randomized Partial ...
17. [2024/286] Efficient Zero-Knowledge Arguments and Digital ...
18. [2024/287] CAPABARA: A Combined Attack on CAPA
19. [2024/288] A generic algorithm for efficient key recovery in ...
20. [2024/289] SoK: Parameterization of Fault Adversary Models - ...
21. [2024/290] Secure Integrated Sensing and Communication under ...
22. [2024/291] Quantum Pseudorandomness Cannot Be Shrunk In a ...
23. [2024/292] IDEA-DAC: Integrity-Driven Editing for Accountable ...
24. [2024/293] Registered Attribute-Based Signature
25. [2024/294] Multiplex: TBC-based Authenticated Encryption with ...
26. [2024/295] An Efficient Hash Function for Imaginary Class Groups
27. [2024/296] Attacking ECDSA with Nonce Leakage by Lattice ...
28. [2024/297] Accelerating Training and Enhancing Security ...
29. [2024/298] New Models for the Cryptanalysis of ASCON
30. [2024/299] Divide and Surrender: Exploiting Variable Division ...
31. [2024/300] Diving Deep into the Preimage Security of AES-like ...
32. [2024/301] Recommendations for the Design and Validation of a ...
33. [2024/302] Pseudorandom unitaries with non-adaptive security
34. [2024/303] Single Pass Client-Preprocessing Private ...
35. [2024/304] A Two-Layer Blockchain Sharding Protocol Leveraging ...
36. [2024/305] Single-Input Functionality against a Dishonest ...
37. [2024/306] Concretely Efficient Lattice-based Polynomial ...
38. [2024/307] SweetPAKE: Key exchange with decoy passwords
39. [2024/308] C'est très CHIC: A compact password-authenticated ...
40. [2024/309] NiLoPher: Breaking a Modern SAT-Hardened Logic- ...
41. [2024/310] A Zero-Dimensional Gröbner Basis for Poseidon
42. [2024/311] Aggregating Falcon Signatures with LaBRADOR
43. [2024/312] Trapdoor Memory-Hard Functions
44. [2024/313] The Complexity of Algebraic Algorithms for LWE
45. [2024/314] Exploring the Advantages and Challenges of Fermat ...
46. [2024/315] Alternative Key Schedules for the AES
47. [2024/316] Threshold Garbled Circuits with Low Overhead
48. [2024/317] Closing the Efficiency Gap between Synchronous and ...
49. [2024/318] Plinko: Single-Server PIR with Efficient Updates ...
50. [2024/319] On the cryptosystems based on two Eulerian ...
51. [2024/320] POPSTAR: Lightweight Threshold Reporting with ...
52. [2024/321] Formal Verification of Emulated Floating-Point ...
53. [2024/322] Theoretical Explanation and Improvement of Deep ...
54. [2024/323] Circuit Bootstrapping: Faster and Smaller
55. [2024/324] Under What Conditions Is Encrypted Key Exchange ...
56. [2024/325] Proofs for Deep Thought: Accumulation for large ...

## 2023/808

* Title: Generic-Group Lower Bounds via Reductions Between Geometric-Search Problems: With and Without Preprocessing
* Authors: Benedikt Auerbach, Charlotte Hoffmann, Guillermo Pascual-Perez
* [Permalink](https://eprint.iacr.org/2023/808)
* [Download](https://eprint.iacr.org/2023/808.pdf)

### Abstract

The generic-group model (GGM) aims to capture algorithms working over groups of prime order that only rely on the group operation, but do not exploit any additional structure given by the concrete implementation of the group. In it, it is possible to prove information-theoretic lower bounds on the hardness of problems like the discrete logarithm (DL) or computational Diffie-Hellman (CDH). Thus, since its introduction, it has served as a valuable tool to assess the concrete security provided by cryptographic schemes based on such problems. A work on the related algebraic-group model (AGM) introduced a method, used by many subsequent works, to adapt GGM lower bounds for one problem to another, by means of conceptually simple reductions.

In this work, we propose an alternative approach to extend GGM bounds from one problem to another. Following an idea by Yun (Eurocrypt '15), we show that, in the GGM, the security of a large class of problems can be reduced to that of geometric search-problems. By reducing the security of the resulting geometric-search problems to variants of the search-by-hypersurface problem, for which information theoretic lower bounds exist, we give alternative proofs of several results that used the AGM approach.

The main advantage of our approach is that our reduction from geometric search-problems works, as well, for the GGM with preprocessing (more precisely the bit-fixing GGM introduced by Coretti, Dodis and Guo (Crypto '18)). As a consequence, this opens up the possibility of transferring preprocessing GGM bounds from one problem to another, also by means of simple reductions. Concretely, we prove novel preprocessing bounds on the hardness of the d-strong discrete logarithm, the d-strong Diffie-Hellman inversion, and multi-instance CDH problems, as well as a large class of Uber assumptions. Additionally, our approach applies to Shoup's GGM without additional restrictions on the query behavior of the adversary, while the recent works of Zhang, Zhou, and Katz (Asiacrypt '22) and Zhandry (Crypto '22) highlight that this is not the case for the AGM approach.

## 2023/1525

* Title: Committing AE from Sponges: Security Analysis of the NIST LWC Finalists
* Authors: Juliane Krämer, Patrick Struck, Maximiliane Weishäupl
* [Permalink](https://eprint.iacr.org/2023/1525)
* [Download](https://eprint.iacr.org/2023/1525.pdf)

### Abstract

Committing security has gained considerable attention in the field of authenticated encryption (AE). This can be traced back to a line of recent attacks, which entail that AE schemes used in practice should not only provide confidentiality and authenticity, but also committing security. Roughly speaking, a committing AE scheme guarantees that ciphertexts will decrypt only for one key. Despite the recent research effort in this area, the finalists of the NIST lightweight cryptography standardization process have not been put under consideration yet. We close this gap by providing an analysis of these schemes with respect to their committing security. Despite the structural similarities the finalists exhibit, our results are of a quite heterogeneous nature: We break four of the schemes with effectively no costs, while for two schemes our attacks are costlier, yet still efficient. For the remaining three schemes ISAP, Ascon, and (a slightly modified version of) Schwaemm, we give formal security proofs. Our analysis reveals that sponges—due to their large states—are more favorable for committing security compared to block-ciphers.

## 2024/272

* Title: Deep Learning Based Analysis of Key Scheduling Algorithm of Advanced Ciphers
* Authors: Narendra Kumar Patel, Hemraj Shobharam Lamkuche
* [Permalink](https://eprint.iacr.org/2024/272)
* [Download](https://eprint.iacr.org/2024/272.pdf)

### Abstract

The advancements in information technology have made the Advanced Encryption Standard (AES) and the PRESENT cipher indispensable in ensuring data security and facilitating private transactions. AES is renowned for its flexibility and widespread use in various fields, while the PRESENT cipher excels in lightweight cryptographic situations. This paper delves into a dual examination of the Key Scheduling Algorithms (KSAs) of AES and the PRESENT cipher, which play a crucial role in generating round keys for their respective encryption techniques. By implementing deep learning methods, particularly a Neural Network model, our study aims to unravel the complexities of these KSAs and shed light on their inner workings.

## 2024/273

* Title: Information-Theoretic Homomorphic Encryption and 2-Party Computation
* Authors: Jonathan Trostle
* [Permalink](https://eprint.iacr.org/2024/273)
* [Download](https://eprint.iacr.org/2024/273.pdf)

### Abstract

Homomorphic encryption has been an active area of research since Gentry's breakthrough results on fully homomorphic encryption.
We present secret key somewhat homomorphic schemes where client privacy is information-theoretic (server can be computationally unbounded). As the group order in our schemes gets larger, entropy approaches max-
imal entropy (perfect security). Our basic scheme is additive somewhat homomorphic. In one scheme, the server handles circuit multiplication gates by returning the mulitiplicands to the client which does the
multiplication and sends back the encrypted product. We give a 2-party protocol that also incorporates server inputs where the client privacy is information-theoretic. Server privacy is not information-theoretic, but rather depends on hardness of the subset sum problem. Correctness for the server in the malicious model can be verified by a 3rd party where the client and server privacy are information-theoretically protected from
the verifier. Scaling the 2PC protocol via separate encryption parameters for smaller subcircuits allows the ciphertext size to grow logarithmically as circuit size grows.