## In this issue

1. [2024/1267] Chrysalis Cipher Suite
2. [2024/1268] Improved YOSO Randomness Generation with Worst-Case ...
3. [2024/1269] Cryptographic Security through Kleene’s Theorem and ...
4. [2024/1270] Meet-in-the-Middle Attack on 4+4 Rounds of SCARF ...
5. [2024/1271] AES-based CCR Hash with High Security and Its ...
6. [2024/1272] An Improved Algorithm for Code Equivalence
7. [2024/1273] HyperPianist: Pianist with Linear-Time Prover via ...
8. [2024/1274] Generation of Authenticated Secret-Shared Scaled ...
9. [2024/1275] MIFARE Classic: exposing the static encrypted nonce ...
10. [2024/1276] A bound on the quantum value of all compiled ...
11. [2024/1277] Robust but Relaxed Probing Model
12. [2024/1278] Quantum Key Recovery Attacks on 4-round Iterated ...
13. [2024/1279] Improved Polynomial Division in Cryptography
14. [2024/1280] A Survey on SoC Security Verification Methods at ...
15. [2024/1281] Stackproofs: Private proofs of stack and contract ...
16. [2024/1282] $\mathsf{NTRU}\mathsf{+}\mathsf{PKE}$: Efficient ...
17. [2024/1283] Password-authenticated Cryptography from Consumable ...
18. [2024/1284] Plaintext-Ciphertext Matrix Multiplication and FHE ...
19. [2024/1285] Robust Multiparty Computation from Threshold ...
20. [2024/1286] Towards a Tightly Secure Signature in Multi-User ...
21. [2024/1287] Basic Lattice Cryptography: The concepts behind ...

## 2024/1267

* Title: Chrysalis Cipher Suite
* Authors: Ian Malloy, Dennis Hollenbeck
* [Permalink](https://eprint.iacr.org/2024/1267)
* [Download](https://eprint.iacr.org/2024/1267.pdf)

### Abstract

The formal verification of architectural strength in terms of computational complexity is achieved through reduction of the Non-Commutative Grothendieck problem in the form of a quadratic lattice. This multivariate form relies on equivalences derived from a k-clique problem within a multigraph. The proposed scheme reduces the k-clique problem as an input function, resulting in the generation of a quadratic used as parameters for the lattice. By Grothendieck’s inequality, the satisfiability of lattice constraints in terms of NP-Hard and NP-Complete bounds is provably congruent to a closest vector problem in the lattice. The base vectors of the resulting lattice are treated as a holomorphic vector bundle. From the resulting bilinear matrices, the tight hardness reduction of the closest vector problem as the shortest vector problem is introduced within the system. The derivation of the closest vector problem requires that the lattice is necessarily generated by a <0|1>-Matrix expressed as a quadratic. This vector bundle is denoted as
the unit ball with congruent topology to the Riemann sphere, symbolized as 𝒪. For the Grothendieck constraints, the relative vector norms necessarily result in satisfaction of NP-Hard requirements for shortest vector problems in the lattice.

## 2024/1268

* Title: Improved YOSO Randomness Generation with Worst-Case Corruptions
* Authors: Chen-Da Liu-Zhang, Elisaweta Masserova, João Ribeiro, Pratik Soni, Sri AravindaKrishnan Thyagarajan
* [Permalink](https://eprint.iacr.org/2024/1268)
* [Download](https://eprint.iacr.org/2024/1268.pdf)

### Abstract

We study the problem of generating public unbiased randomness in a distributed manner within the recent You Only Speak Once (YOSO) framework for stateless multiparty computation, introduced by Gentry et al. in CRYPTO 2021. Such protocols are resilient to adaptive denial-of-service attacks and are, by their stateless nature, especially attractive in permissionless environments. While most works in the YOSO setting focus on independent random corruptions, we consider YOSO protocols with worst-case corruptions, a model introduced by Nielsen et al. in CRYPTO 2022.

Prior work on YOSO public randomness generation with worst-case corruptions designed information-theoretic protocols for $t$ corruptions with either $n=6t+1$ or $n=5t$ roles, depending on the adversarial network model. However, a major drawback of these protocols is that their communication and computational complexities scale exponentially with $t$. In this work, we complement prior inefficient results by presenting and analyzing simple and efficient protocols for YOSO public randomness generation secure against worst-case corruptions in the computational setting. Our first protocol is based on publicly verifiable secret sharing and uses $n=3t+2$ roles. Since this first protocol requires setup and somewhat heavy cryptographic machinery, we also provide a second lighter protocol based on ElGamal commitments and verifiable secret sharing which uses $n=5t+4$ or $n=4t+4$ roles depending on the underlying network model. We demonstrate the practicality of our second protocol by showing experimental evaluations, significantly improving over prior proposed solutions for worst-case corruptions, especially in terms of transmitted data size.

## 2024/1269

* Title: Cryptographic Security through Kleene’s Theorem and Automata Theory
* Authors: Mike Wa Nkongolo
* [Permalink](https://eprint.iacr.org/2024/1269)
* [Download](https://eprint.iacr.org/2024/1269.pdf)

### Abstract

This study addresses the challenge of strengthening cryptographic security measures in the face of evolving cyber threats. The aim is to apply Kleene's Theorem and automata theory to improve the modeling and analysis of cybersecurity scenarios, focusing on the CyberMoraba game. Representing the game's strategic moves as regular expressions and mapping them onto finite automata provides a solid framework for understanding the interactions between attackers and defenders. This approach helps in identifying optimal strategies and predicting potential outcomes, which contributes to the development of stronger cryptographic security protocols. The research advances the theoretical use of automata theory in cybersecurity while offering practical insights into enhancing defense mechanisms against complex cyber attacks. This work connects theoretical computer science with practical cybersecurity, demonstrating the importance of automata theory in cryptology.

## 2024/1270

* Title: Meet-in-the-Middle Attack on 4+4 Rounds of SCARF under Single-Tweak Setting
* Authors: Siwei Chen, Kai Hu, Guozhen Liu, Zhongfeng Niu, Quan Quan Tan, Shichang Wang
* [Permalink](https://eprint.iacr.org/2024/1270)
* [Download](https://eprint.iacr.org/2024/1270.pdf)

### Abstract

\scarf, an ultra low-latency tweakable block cipher, is the first cipher designed for cache randomization.
The block cipher design is significantly different from the other common tweakable block ciphers; with a block size of only 10 bits, and yet the input key size is a whopping $240$ bits. Notably, the majority of the round key in its round function is absorbed into the data path through AND operations, rather than the typical XOR operations.
In this paper, we present a key-recovery attack on a round-reduced version of SCARF with 4 + 4 rounds under the single-tweak setting. Our attack is essentially a Meet-in-the-Middle (MitM) attack, where the matching phase is represented by a system of linear equations. Unlike the cryptanalysis conducted by the designers, our attack is effective under both security requirements they have outlined. The data complexity of our attack is $2^{10}$ plaintexts, with a time complexity of approximately $2^{60.63}$ 4-round of SCARF encryptions. It is important to note that our attack does not threaten the overall security of SCARF.

## 2024/1271

* Title: AES-based CCR Hash with High Security and Its Application to Zero-Knowledge Proofs
* Authors: Hongrui Cui, Chun Guo, Xiao Wang, Chenkai Weng, Kang Yang, Yu Yu
* [Permalink](https://eprint.iacr.org/2024/1271)
* [Download](https://eprint.iacr.org/2024/1271.pdf)

### Abstract

The recent VOLE-based interactive zero-knowledge (VOLE-ZK) protocols along with non-interactive zero-knowledge (NIZK) proofs based on MPC-in-the-Head (MPCitH) and VOLE-in-the-Head (VOLEitH) extensively utilize the commitment schemes, which adopt a circular correlation robust (CCR) hash function as the core primitive. Nevertheless, the state-of-the-art CCR hash construction by Guo et al. (S&P'20), building from random permutations, can only provide 128-bit security, when it is instantiated from AES. This brings about a gap between AES-based CCR hash function and high security (beyond 128-bit security).

In this paper, we fill this gap by constructing a new CCR hash function from AES, supporting three security levels (i.e., 128, 192 and 256). Using the AES-based CCR hash function, we present an all-but-one vector commitment (AVC) scheme, which constitutes a computationally intensive part of the NIZK proofs from MPCitH and VOLEitH, where these NIZK proofs can in turn be transformed into the promising post-quantum signature candidates. Furthermore, we obtain an efficient VOLE-ZK protocol with security levels higher than 128 from the CCR hash function. Our benchmark results show that the AES-based CCR hash function has a comparable performance with CCR hash functions based on Rijndael with larger block sizes, which is not standardized and has a limited application range. In the AVC context, the expensive commitment component instantiated with our AES-based CCR hash function improves the running time by a factor of $7 \sim 30 \times$, compared to the SHA3-based instantiation used in the recent post-quantum signature algorithm FAEST.

## 2024/1272

* Title: An Improved Algorithm for Code Equivalence
* Authors: Julian Nowakowski
* [Permalink](https://eprint.iacr.org/2024/1272)
* [Download](https://eprint.iacr.org/2024/1272.pdf)