## In this issue

1. [2023/1384] Application of Mordell-Weil lattices with large ...
2. [2024/550] Fast Parallelizable Misuse-Resistant Authenticated ...
3. [2024/1147] A reduction from Hawk to the principal ideal ...
4. [2024/1148] On hermitian decomposition lattices and the module- ...
5. [2024/1149] Improved High-Order Masked Generation of Masking ...
6. [2024/1150] Finding Practical Parameters for Isogeny-based ...
7. [2024/1151] Privacy-Preserving Data Deduplication for Enhancing ...
8. [2024/1152] Secure Multiparty Computation of Symmetric ...
9. [2024/1153] Designated-Verifier zk-SNARKs Made Easy
10. [2024/1154] Blockchain Space Tokenization
11. [2024/1155] Cross Ledger Transaction Consistency for Financial ...
12. [2024/1156] On affine forestry over integral domains and ...
13. [2024/1157] Shift-invariant functions and almost liftings
14. [2024/1158] A Note on `` Provably Secure and Lightweight ...
15. [2024/1159] LaPSuS – A Lattice-Based Private Stream Aggregation ....
16. [2024/1160] Post-Quantum Access Control with Application to ...
17. [2024/1161] On the Concrete Security of Non-interactive FRI
18. [2024/1162] Practical Traceable Receipt-Free Encryption
19. [2024/1163] On the Number of Restricted Solutions to ...
20. [2024/1164] A Crack in the Firmament: Restoring Soundness of ...
21. [2024/1165] Respire: High-Rate PIR for Databases with Small Records
22. [2024/1166] On the Relationship between FuncCPA and FuncCPA+
23. [2024/1167] Expanding the Toolbox: Coercion and Vote-Selling at ...
24. [2024/1168] Time is not enough: Timing Leakage Analysis on ...
25. [2024/1169] Attacking Tropical Stickel Protocol by MILP and ...
26. [2024/1170] Rudraksh: A compact and lightweight post-quantum ...
27. [2024/1171] Tight Time-Space Tradeoffs for the Decisional ...
28. [2024/1172] Generalized class group actions on oriented ...
29. [2024/1173] Cryptanalysis of Rank-2 Module-LIP with Symplectic ...
30. [2024/1174] Grafted Trees Bear Better Fruit: An Improved ...
31. [2024/1175] AVeCQ: Anonymous Verifiable Crowdsourcing with ...
32. [2024/1176] A zero-trust swarm security architecture and protocols
33. [2024/1177] Cryptanalysis of two post-quantum authenticated key ...
34. [2024/1178] Towards Quantum-Safe Blockchain: Exploration of PQC ...

## 2023/1384

* Title: Application of Mordell-Weil lattices with large kissing numbers to acceleration of multi-scalar multiplication on elliptic curves
* Authors: Dmitrii Koshelev
* [Permalink](https://eprint.iacr.org/2023/1384)
* [Download](https://eprint.iacr.org/2023/1384.pdf)

### Abstract

This article aims to speed up (the precomputation stage of) multi-scalar multiplication (MSM) on ordinary elliptic curves of $j$-invariant $0$ with respect to specific ''independent'' (a.k.a. ''basis'') points. For this purpose, so-called Mordell--Weil lattices (up to rank $8$) with large kissing numbers (up to $240$) are employed. In a nutshell, the new approach consists in obtaining more efficiently a considerable number (up to $240$) of certain elementary linear combinations of the ``independent'' points. By scaling the point (re)generation process, it is thus possible to get a significant performance gain.. As usual, the resulting curve points can be then regularly used in the main stage of an MSM algorithm to avoid repeating computations. Seemingly, this is the first usage of lattices with large kissing numbers in cryptography, while such lattices have already found numerous applications in other mathematical domains. Without exaggeration, the article results can strongly affect performance of today's real-world elliptic curve cryptography, since MSM is a widespread primitive (often the unique bottleneck) in modern protocols. Moreover, the new (re)generation technique is prone to further improvements by considering Mordell--Weil lattices with even greater kissing numbers.

## 2024/550

* Title: Fast Parallelizable Misuse-Resistant Authenticated Encryption: Low Latency (Decryption-Fast) SIV
* Authors: Mustafa Khairallah
* [Permalink](https://eprint.iacr.org/2024/550)
* [Download](https://eprint.iacr.org/2024/550.pdf)

### Abstract

MRAE security is an important goal for many AEAD applications where the nonce uniqueness cannot be maintained and security risks are significant. However, MRAE schemes can be quite expensive. Two of the SoTA MRAE-secure schemes; Deoxys-II and AES-GCM-SIV rely on internal parallelism and special instructions to achieve competitive performance. However, they both suffer from the same bottleneck, they have at least one call to the underlying primitive that cannot be parallelized to any other call. Romulus-M and LMDAE are two other more recent MRAE secure schemes based on TBCs that target low area hardware. However, they are unparallelizable so they are slower than their counterparts.

In this paper, we present two new AEAD modes and four instantiations based on Tweakable Block Ciphers. These new modes target equipping high-speed applications on parallel platforms with nonce misuse resistant AEAD (MRAE). The first mode, LLSIV, targets similar performance on single-core platforms to SCT-2, while eliminating the bottlenecks that make SCT-2 not fully parallelizable. The enhanced parallelism allows LLSIV to encrypt significantly more blocks on parallel platforms, compared to SCT-2, in the same amount of time. LLSIV is based on the NaT MAC, where each ciphertext block can itself be viewed as an instance of NaT when the plaintext is prepended with
.. The trade-off is that LLSIV requires the inverse function of the TBC. However, the inverse function is used only once per message and we demonstrate that for parallel implementations it represents a very small overhead.

We give an instantiation of LLSIV based on the SKINNY-128-384 TBC, and a pruned scheme, dubbed pLLSIV, which targets enhanced performance compared both SCT-2 and LLSIV on all platforms, while having reduced security claims. It relies on the recently popularized prove-then-prune methodology to take full advantage of the properties of LLSIV. This leads to a significant performance improvement, making pLLSIV even faster than online TBC-based schemes that are not MRAE-secure. Last but not least, we give an instantiation that uses the primitives used in AES-GCM-SIV: the PolyVal hash function and AES. Our instantiation is faster than AES-GCM-SIV on all platforms and have better bounds. On the other hand, it relies on the ideal cipher model as it uses the ICE TBC proposed as part of the Remus AEAD design.

The second mode we describe is LLDFV. It uses ideas from LLSIV combined the Decryption-Fast SIV (DFV) framework proposed recently by Minematsu. The goal is to reduce the number of calls to the TBC by one, while making the scheme as parallelizable as LLSIV. This makes the scheme faster that DFV on all platforms.

## 2024/1147

* Title: A reduction from Hawk to the principal ideal problem in a quaternion algebra
* Authors: Clémence Chevignard, Pierre-Alain Fouque, Guilhem Mureau, Alice Pellet-Mary, Alexandre Wallet
* [Permalink](https://eprint.iacr.org/2024/1147)
* [Download](https://eprint.iacr.org/2024/1147.pdf)

### Abstract

In this article we present a non-uniform reduction from rank-2 module-LIP over Complex Multiplication fields, to a variant of the Principal Ideal Problem, in some fitting quaternion algebra. This reduction is classical deterministic polynomial-time in the size of the inputs. The quaternion algebra in which we need to solve the variant of the principal ideal problem depends on the parameters of the module-LIP problem, but not on the problem’s instance.. Our reduction requires the knowledge of some special elements of this quaternion algebras, which is why it is non-uniform.

In some particular cases, these elements can be computed in polynomial time, making the reduction uniform. This is in particular the case for the Hawk signature scheme: we show that breaking Hawk is no harder than solving a variant of the principal ideal problem in a fixed quaternion algebra (and this reduction is uniform).

## 2024/1148

* Title: On hermitian decomposition lattices and the module-LIP problem in rank 2
* Authors: Thomas Espitau, Heorhii Pliatsok
* [Permalink](https://eprint.iacr.org/2024/1148)
* [Download](https://eprint.iacr.org/2024/1148.pdf)

### Abstract

In this short note, we introduce a specific class of rank two lattices over CM fields endowed with additional symmetries, which are involved in the decomposition of algebraic integers in Hermitian squares. As an application, we show an elementary reduction from the module-LIP problem in rank 2 over a CM or totally real number field to the finding of a square basis in such lattices.

## 2024/1149

* Title: Improved High-Order Masked Generation of Masking Vector and Rejection Sampling in Dilithium
* Authors: Jean-Sébastien Coron, François Gérard, Tancrède Lepoint, Matthias Trannoy, Rina Zeitoun
* [Permalink](https://eprint.iacr.org/2024/1149)
* [Download](https://eprint.iacr.org/2024/1149.pdf)

### Abstract

In this work, we introduce enhanced high-order masking techniques tailored for Dilithium, the post-quantum signature scheme recently standardized by NIST. We improve the masked generation of the masking vector $\vec{y}$, based on a fast Boolean-to-arithmetic conversion modulo $q$. We also describe an optimized gadget for the high-order masked rejection sampling, with a complexity independent from the size of the modulus $q$. We prove the security of our gadgets in the classical ISW $t$-probing model. Finally, we detail our open-source C implementation of these gadgets integrated into a fully masked Dilithium implementation, and provide an efficiency comparison with previous works.