[crypto] Fwd: CWG program 23 May

Fri May 9 14:08:47 CEST 2025

-------- Original Message --------
Subject: CWG program 23 May
Date: 2025-05-09 13:07
 From: "Guarise Vieira, Heloise" <h.guarise.vieira at tue.nl>
To:

Dear all,

Find below the program for the next Crypto Working Group, on 23 May at 
de Kargadoor, in Utrecht.
The address to de Kargadoor is Oudegracht 36 (google 
maps<https://maps.app.goo.gl/UZUjwUNUbvJZhnv89>).

Best regards,

10:45
An Algebraic Approach for Evaluating Random Probing Security with 
Application to AES
Vahid Jahandideh

In this research, we address a key challenge in securing cryptographic 
implementations: protecting them against side-channel attacks, where 
unintended physical signals—such as power consumption or electromagnetic 
emissions—can be exploited to extract secret information, like 
cryptographic keys. While existing protections (notably masking) offer 
theoretical security guarantees, ensuring their robustness in realistic, 
noisy environments remains a complex task. Our contribution introduces a 
practical method to assess how resilient these protections are when 
leaks occur randomly and unpredictably. We propose a streamlined 
approach that not only provides meaningful security estimates but also 
enables an efficient design for protecting AES, a widely used encryption 
standard. This work aims to bridge the gap between theoretical models 
and practical security, with potential implications for any system where 
secure cryptographic processing is essential.

11:30 - lunch break

11:45
A Hybrid Post-Quantum Password Authenticated Key Exchange
Jelle Vos

NIST has been standardizing post-quantum KEMs and post-quantum 
signatures, which allow us to instantiate existing systems with 
post-quantum alternatives. However, organizations are typically not so 
eager to replace classical primitives directly with post-quantum ones 
because they have not gotten as much scrutiny and have not reached the 
same level of maturity. Instead, organizations want to deploy hybrid 
constructions, which are guaranteed to be as strong as the classical 
primitive, but they are also conjectured to withstand quantum attacks. 
Hybrid KEMs and hybrid signatures are easy to achieve by composing two 
KEMs or two signatures in parallel, but the same does not hold for all 
protocols and primitives. One such example is a password-authenticated 
key exchange (PAKE), which establishes a shared high-entropy key between 
two parties who know a shared low-entropy password (without relying on 
PKI). When composing two existing PAKEs in parallel, there are many 
cases in which the resulting PAKE is only as strong as the weakest link, 
allowing one to break security by breaking only one of the two PAKEs. We 
propose the first secure hybrid PAKE based on standardized primitives 
called CPaceOQUAKE as well as an extension to the asymmetric setting, in 
which one of the two parties only needs a verifier of the password.

12:30 - lunch break

14:00
Shifting our knowledge of MQ-Sign security
Monika Trimoska

Unbalanced Oil and Vinegar (UOV) is one of the oldest, simplest, and 
most studied ad-hoc multivariate signature schemes. UOV signature 
schemes are attractive because they have very small signatures and fast 
verification. On the downside, they have large public and secret keys. 
As a result, variations of the traditional UOV scheme are usually 
developed with the goal to reduce the key sizes. Seven variants of UOV 
were submitted to the additional call for digital signatures by NIST, 
prior to which, a variant named MQ-Sign was submitted to the (South) 
Korean post-quantum cryptography competition (KpqC). In this talk, we 
will look closely into MQ-Sign and show the full timeline of the 
evolution of this signature scheme, including several algebraic attacks 
and changes to the design.

14:45 - coffee break

15:00
Secure Floating Points
Thijs Veugen
Secure multi-party computation (MPC) and homomorphic encryption are very 
powerful tools to compute with secret numbers without revealing inputs 
or any intermediate values. To securely achieve high accuracy with 
varying number sizes, one needs to work with floating points in the 
secret (secret-shared or encrypted) domain. The main bottleneck of 
secure floating points is addition. We improve its efficiency by 
designing a protocol for multiple additions, using standard building 
blocks available in most MPC platforms. The more additions n were 
combined, the larger the relative gain, up to a factor 13 with n = 
1,024. Additionally, we introduce a new protocol for securely computing 
the bitlength (given upper bound M), the first one with linear time 
complexity and constant round complexity. It reduces secure 
multiplications with a factor 4 (for the constant-round solution), or 
the number of communication rounds with a factor M/2 (for the 
logarithmic-round solution). We evaluate accuracy, execution time and 
communication complexity of our protocols, and release them open source, 
such that they can be used to improve the efficiency of secure 
floating-point arithmetic.

15:45 - end of activities
--

[Image]

Heloise Vieira, PhD
Discrete Mathematics Cluster, Project Leader
Department of Mathematics and Computer Science
Phone number +31 (0)402474864

De Zaale, Eindhoven
05 MetaForum, MF 5.120