[crypto] Fwd: [CWG] Crypto Working Group, December 1
R. Hirschfeld
ray at unipay.nl
Mon Nov 27 21:54:36 CET 2023
-------- Original Message --------
Subject: [CWG] Crypto Working Group, December 1
Date: 2023-11-27 17:44
From: Hülsing, Andreas <a.t.huelsing at tue.nl>
To: Hülsing, Andreas <a.t.huelsing at tue.nl>
Cc: simona s <simonas at cs.ru.nl>, "Amadori, A. (Alessandro)"
<alessandro.amadori at tno.nl>, "Tanja Lange (tanja at hyperelliptic.org)"
<tanja at hyperelliptic.org>, Zekeriya Erkin - EWI <Z.Erkin at tudelft.nl>
Dear all,
Please find below the program for the next crypto working group that
happens this Friday. Sorry for being late. We will send an update as
soon as the last title and abstract are known.
Cheers,
Andreas
CRYPTO WORKING GROUP
Friday, December 01, 2023
De Kargadoor (http://www.kargadoor.nl/utrecht/zaalverhuur.html)
Oudegracht 36, Utrecht
Program
10:45 - 11:30 Mario Marhuenda Beltran (RU)
Generic Security of the SAFE API and Its Applications
11:30 - 11:45 Coffee / tea break
11:45 - 12:30 Andreas Hülsing (TU/e)
SDitH in the QROM
12:30 - 14:00 Lunch break (lunch not included)
14:00 - 14:45 Yu-Hsuan Huang (CWI)
TBA
14:45 - 15:00 Coffee / tea break
15:00 - 15:45 Fiona Weber (TU/e)
An Asymmetric Key-Update Mechanism for SDLSP
--------------------------------------------------------------------------------
Abstracts
--------------------------------------------------------------------------------
Mario Marhuenda Beltran (RU)
*Generic Security of the SAFE API and Its Applications*
We provide security foundations for SAFE, a recently introduced API
framework for sponge-based hash functions tailored to prime-field-based
protocols. SAFE aims to provide a robust and foolproof interface, has
been implemented in the Neptune hash framework and some zero-knowledge
proof projects, but currently lacks any security proof. Our results pave
the way of using SAFE with the full taxonomy of hash functions,
including SNARK-, lattice-, and x86-friendly hashes.
--------------------------------------------------------------------------------
Andreas Hülsing (TU/e)
*SDitH in the QROM*
The MPC in the Head (MPCitH) paradigm has recently led to significant
improvements for signatures in the code-based setting. In this paper we
consider some modifications to a recent twist of MPCitH, called
Hypercube-MPCitH, that in the code-based setting provides the currently
best known signature sizes. By compressing the Hypercube-MPCitH
five-round code-based identification scheme into three-rounds we obtain
two main benefits. On the one hand, it allows us to further develop
recent techniques to provide a tight security proof in the
quantum-accessible random oracle model (QROM), avoiding the catastrophic
reduction losses incurred using generic QROM-results for Fiat-Shamir. On
the other hand, we can reduce the already low-cost online part of the
signature even further. In addition, we propose the use of proof-of-work
techniques that allow to reduce the signature size. On the technical
side, we develop generalizations of several QROM proof techniques and
introduce a variant of the recently proposed extractable QROM.
--------------------------------------------------------------------------------
Yu-Hsuan Huang (CWI)
*TBA*
--------------------------------------------------------------------------------
Fiona Weber (TU/e)
*An Asymmetric Key-Update Mechanism for SDLSP*
The Space Data Link Security Protocol (SDLSP) is used by various space
agencies, including ESA and NASA, to secure civilian communication
between mission-control and satellites.
So far this protocol is only using symmetric cryptography which
restricts its ability to securely update secret keys and causes
quadratic scaling for future use-cases like satellite-to-satellite
communication.
We set out to design an asymmetric key-update/installation mechanism
that resolves these issues.
Our protocol uses the multi-KEM approach that has become increasingly
common as part of the move to post-quantum cryptography and is based on
Post-Quantum Noise.
We analyzed and proved the security of this protocol in a simplified
eCK-model that does not allow for corruption of ephemeral secrets.
This model has the advantage of being simpler than the more traditional
eCK-models, while only ignoring security-aspects that many practitioners
consider a problem of the OS.
More information about the crypto
mailing list