[crypto] Fwd: [CWG] Crypto Working Group, December 1

R. Hirschfeld ray at unipay.nl
Mon Nov 27 21:54:36 CET 2023 


-------- Original Message --------
Subject: [CWG] Crypto Working Group, December 1
Date: 2023-11-27 17:44
 From: Hülsing, Andreas <a.t.huelsing at tue.nl>
To: Hülsing, Andreas <a.t.huelsing at tue.nl>
Cc: simona s <simonas at cs.ru.nl>, "Amadori, A. (Alessandro)" 
<alessandro.amadori at tno.nl>, "Tanja Lange (tanja at hyperelliptic.org)" 
<tanja at hyperelliptic.org>, Zekeriya Erkin - EWI <Z.Erkin at tudelft.nl>

Dear all,

Please find below the program for the next crypto working group that 
happens this Friday. Sorry for being late. We will send an update as 
soon as the last title and abstract are known.

Cheers,

Andreas


CRYPTO WORKING GROUP

Friday, December 01, 2023
De Kargadoor (http://www.kargadoor.nl/utrecht/zaalverhuur.html)
Oudegracht 36, Utrecht

Program


10:45 - 11:30 Mario Marhuenda Beltran (RU)
               Generic Security of the SAFE API and Its Applications
      
11:30 - 11:45 Coffee / tea break

11:45 - 12:30 Andreas Hülsing (TU/e)
               SDitH in the QROM

12:30 - 14:00 Lunch break (lunch not included)

14:00 - 14:45 Yu-Hsuan Huang (CWI)
               TBA

14:45 - 15:00 Coffee / tea break

15:00 - 15:45 Fiona Weber (TU/e)
            An Asymmetric Key-Update Mechanism for SDLSP


--------------------------------------------------------------------------------
Abstracts
--------------------------------------------------------------------------------

Mario Marhuenda Beltran (RU)

*Generic Security of the SAFE API and Its Applications*

We provide security foundations for SAFE, a recently introduced API 
framework for sponge-based hash functions tailored to prime-field-based 
protocols. SAFE aims to provide a robust and foolproof interface, has 
been implemented in the Neptune hash framework and some zero-knowledge 
proof projects, but currently lacks any security proof. Our results pave 
the way of using SAFE with the full taxonomy of hash functions, 
including SNARK-, lattice-, and x86-friendly hashes.

--------------------------------------------------------------------------------

Andreas Hülsing (TU/e)

*SDitH in the QROM*

The MPC in the Head (MPCitH) paradigm has recently led to significant 
improvements for signatures in the code-based setting. In this paper we 
consider some modifications to a recent twist of MPCitH, called 
Hypercube-MPCitH, that in the code-based setting provides the currently 
best known signature sizes. By compressing the Hypercube-MPCitH 
five-round code-based identification scheme into three-rounds we obtain 
two main benefits. On the one hand, it allows us to further develop 
recent techniques to provide a tight security proof in the 
quantum-accessible random oracle model (QROM), avoiding the catastrophic 
reduction losses incurred using generic QROM-results for Fiat-Shamir. On 
the other hand, we can reduce the already low-cost online part of the 
signature even further. In addition, we propose the use of proof-of-work 
techniques that allow to reduce the signature size. On the technical 
side, we develop generalizations of several QROM proof techniques and 
introduce a variant of the recently proposed extractable QROM.

--------------------------------------------------------------------------------

Yu-Hsuan Huang (CWI)

*TBA*



--------------------------------------------------------------------------------

Fiona Weber (TU/e)

*An Asymmetric Key-Update Mechanism for SDLSP*

The Space Data Link Security Protocol (SDLSP) is used by various space 
agencies, including ESA and NASA, to secure civilian communication 
between mission-control and satellites.
So far this protocol is only using symmetric cryptography which 
restricts its ability to securely update secret keys and causes 
quadratic scaling for future use-cases like satellite-to-satellite 
communication.
We set out to design an asymmetric key-update/installation mechanism 
that resolves these issues.
Our protocol uses the multi-KEM approach that has become increasingly 
common as part of the move to post-quantum cryptography and is based on 
Post-Quantum Noise.
We analyzed and proved the security of this protocol in a simplified 
eCK-model that does not allow for corruption of ephemeral secrets.
This model has the advantage of being simpler than the more traditional 
eCK-models, while only ignoring security-aspects that many practitioners 
consider a problem of the OS.

More information about the crypto mailing list