From ray at unipay.nl Fri May 9 14:08:47 2025 From: ray at unipay.nl (R. Hirschfeld) Date: Fri, 09 May 2025 14:08:47 +0200 Subject: [crypto] Fwd: CWG program 23 May In-Reply-To: References: Message-ID: <4f76743d2d3cee8bc30f7eb0bb74905a@unipay.nl> -------- Original Message -------- Subject: CWG program 23 May Date: 2025-05-09 13:07 From: "Guarise Vieira, Heloise" To: Dear all, Find below the program for the next Crypto Working Group, on 23 May at de Kargadoor, in Utrecht. The address to de Kargadoor is Oudegracht 36 (google maps). Best regards, 10:45 An Algebraic Approach for Evaluating Random Probing Security with Application to AES Vahid Jahandideh In this research, we address a key challenge in securing cryptographic implementations: protecting them against side-channel attacks, where unintended physical signals?such as power consumption or electromagnetic emissions?can be exploited to extract secret information, like cryptographic keys. While existing protections (notably masking) offer theoretical security guarantees, ensuring their robustness in realistic, noisy environments remains a complex task. Our contribution introduces a practical method to assess how resilient these protections are when leaks occur randomly and unpredictably. We propose a streamlined approach that not only provides meaningful security estimates but also enables an efficient design for protecting AES, a widely used encryption standard. This work aims to bridge the gap between theoretical models and practical security, with potential implications for any system where secure cryptographic processing is essential. 11:30 - lunch break 11:45 A Hybrid Post-Quantum Password Authenticated Key Exchange Jelle Vos NIST has been standardizing post-quantum KEMs and post-quantum signatures, which allow us to instantiate existing systems with post-quantum alternatives. However, organizations are typically not so eager to replace classical primitives directly with post-quantum ones because they have not gotten as much scrutiny and have not reached the same level of maturity. Instead, organizations want to deploy hybrid constructions, which are guaranteed to be as strong as the classical primitive, but they are also conjectured to withstand quantum attacks. Hybrid KEMs and hybrid signatures are easy to achieve by composing two KEMs or two signatures in parallel, but the same does not hold for all protocols and primitives. One such example is a password-authenticated key exchange (PAKE), which establishes a shared high-entropy key between two parties who know a shared low-entropy password (without relying on PKI). When composing two existing PAKEs in parallel, there are many cases in which the resulting PAKE is only as strong as the weakest link, allowing one to break security by breaking only one of the two PAKEs. We propose the first secure hybrid PAKE based on standardized primitives called CPaceOQUAKE as well as an extension to the asymmetric setting, in which one of the two parties only needs a verifier of the password. 12:30 - lunch break 14:00 Shifting our knowledge of MQ-Sign security Monika Trimoska Unbalanced Oil and Vinegar (UOV) is one of the oldest, simplest, and most studied ad-hoc multivariate signature schemes. UOV signature schemes are attractive because they have very small signatures and fast verification. On the downside, they have large public and secret keys. As a result, variations of the traditional UOV scheme are usually developed with the goal to reduce the key sizes. Seven variants of UOV were submitted to the additional call for digital signatures by NIST, prior to which, a variant named MQ-Sign was submitted to the (South) Korean post-quantum cryptography competition (KpqC). In this talk, we will look closely into MQ-Sign and show the full timeline of the evolution of this signature scheme, including several algebraic attacks and changes to the design. 14:45 - coffee break 15:00 Secure Floating Points Thijs Veugen Secure multi-party computation (MPC) and homomorphic encryption are very powerful tools to compute with secret numbers without revealing inputs or any intermediate values. To securely achieve high accuracy with varying number sizes, one needs to work with floating points in the secret (secret-shared or encrypted) domain. The main bottleneck of secure floating points is addition. We improve its efficiency by designing a protocol for multiple additions, using standard building blocks available in most MPC platforms. The more additions n were combined, the larger the relative gain, up to a factor 13 with n = 1,024. Additionally, we introduce a new protocol for securely computing the bitlength (given upper bound M), the first one with linear time complexity and constant round complexity. It reduces secure multiplications with a factor 4 (for the constant-round solution), or the number of communication rounds with a factor M/2 (for the logarithmic-round solution). We evaluate accuracy, execution time and communication complexity of our protocols, and release them open source, such that they can be used to improve the efficiency of secure floating-point arithmetic. 15:45 - end of activities -- [Image] Heloise Vieira, PhD Discrete Mathematics Cluster, Project Leader Department of Mathematics and Computer Science Phone number +31 (0)402474864 De Zaale, Eindhoven 05 MetaForum, MF 5.120