## In this issue

1. [2023/795] Bit-Security Preserving Hardness Amplification
2. [2024/773] SQIPrime: A dimension 2 variant of SQISignHD with ...
3. [2024/876] Distributing Keys and Random Secrets with Constant ...
4. [2024/1438] Anamorphic Authenticated Key Exchange: Double Key ...
5. [2024/1439] Scabbard: An Exploratory Study on Hardware Aware ...
6. [2024/1440] Trojan Insertion versus Layout Defenses for Modern ...
7. [2024/1441] FlashSwift: A Configurable and More Efficient Range ...
8. [2024/1442] Design and Implementation of a Fast, Platform- ...
9. [2024/1443] 32-bit and 64-bit CDC-7-XPUF Implementation on a ...
10. [2024/1444] Attestation Proof of Association – provability that ....
11. [2024/1445] Another Walk for Monchi
12. [2024/1446] Updatable Private Set Intersection Revisited: ...
13. [2024/1447] Generic Differential Key Recovery Attacks and Beyond
14. [2024/1448] Randomness in Private Sequential Stateless Protocols
15. [2024/1449] Marian: An Open Source RISC-V Processor with Zvk ...
16. [2024/1450] TentLogiX: 5-bit Chaos-Driven S-Boxes for ...
17. [2024/1451] Traffic-aware Merkle Trees for Shortening ...
18. [2024/1452] On the Complexity of Cryptographic Groups and ...
19. [2024/1453] Breaking and Repairing SQIsign2D-East
20. [2024/1454] Interval Key-Encapsulation Mechanism
21. [2024/1455] Threshold PAKE with Security against Compromise of ...
22. [2024/1456] Crooked Indifferentiability of the Feistel Construction
23. [2024/1457] A Combined Design of 4-PLL-TRNG and 64-bit ...
24. [2024/1458] Providing Integrity for Authenticated Encryption in ...
25. [2024/1459] Verifiable Oblivious Pseudorandom Functions from ...
26. [2024/1460] PPSA: Polynomial Private Stream Aggregation for ...
27. [2024/1461] Detecting and Correcting Computationally Bounded ...
28. [2024/1462] Efficient Fuzzy Private Set Intersection from Fuzzy ...
29. [2024/1463] Asynchronous Verifiable Secret Sharing with Elastic ...
30. [2024/1464] SoK: Descriptive Statistics Under Local ...
31. [2024/1465] Linear approximations of the Flystel construction
32. [2024/1466] Dishonest Majority Constant-Round MPC with Linear ...
33. [2024/1467] P2C2T: Preserving the Privacy of Cross-Chain Transfer
34. [2024/1468] Dense and smooth lattices in any genus
35. [2024/1469] Password-Protected Threshold Signatures
36. [2024/1470] Quantum Pseudorandom Scramblers
37. [2024/1471] Communication Efficient Secure and Private Multi- ...
38. [2024/1472] Isogeny-Based Secure Voting Systems for Large-Scale ...
39. [2024/1473] A Note on Low-Communication Secure Multiparty ...
40. [2024/1474] Mystrium: Wide Block Encryption Efficient on Entry- ...
41. [2024/1475] On the Spinor Genus and the Distinguishing Lattice ...
42. [2024/1476] The Concrete Security of Two-Party Computation: ...
43. [2024/1477] Signature-based Witness Encryption with Compact ...
44. [2024/1478] Mind the Bad Norms: Revisiting Compressed Oracle- ...

## 2023/795

* Title: Bit-Security Preserving Hardness Amplification
* Authors: Shun Watanabe, Kenji Yasunaga
* [Permalink](https://eprint.iacr.org/2023/795)
* [Download](https://eprint.iacr.org/2023/795.pdf)

### Abstract

Hardness amplification is one of the important reduction techniques in cryptography, and it has been extensively studied in the literature. The standard XOR lemma known in the literature evaluates the hardness in terms of the probability of correct prediction; the hardness is amplified from mildly hard (close to $1$) to very hard $1/2 + \varepsilon$ by inducing $\varepsilon^2$ multiplicative decrease of the circuit size. Translating such a statement in terms of the bit-security framework introduced by Micciancio-Walter (EUROCRYPT 2018) and Watanabe-Yasunaga (ASIACRYPT 2021), it may cause a bit-security loss of $\log(1/\varepsilon)$. To resolve this issue, we derive a new variant of the XOR lemma in terms of the R\'enyi advantage, which directly characterizes the bit security. In the course of proving this result, we prove a new variant of the hardcore lemma in terms of the conditional squared advantage; our proof uses a boosting algorithm that may output the $\bot$ symbol in addition to $0$ and $1$, which may be of independent interest.

## 2024/773

* Title: SQIPrime: A dimension 2 variant of SQISignHD with non-smooth challenge isogenies
* Authors: Max Duparc, Tako Boris Fouotsa
* [Permalink](https://eprint.iacr.org/2024/773)
* [Download](https://eprint.iacr.org/2024/773.pdf)

### Abstract

We introduce SQIPrime, a post-quantum digital signature scheme based on the Deuring correspondence and Kani's Lemma.
Compared to its predecessors that are SQISign and especially SQISignHD, SQIPrime further expands the use of high dimensional isogenies, already in use in the verification in SQISignHD, to all its subroutines.
In doing so, it no longer relies on smooth degree isogenies (of dimension 1). Intriguingly, this includes the challenge isogeny which is also a non-smooth degree isogeny, but has an accessible kernel. The fact that the isogenies do not have rational kernel allows to fit more rational power 2 torsion points which are necessary when computing and representing the response isogeny.
SQIPrime operates with prime numbers of the form $p = 2^\alpha f-1$.

We describe two variants of SQIPrime. SQIPrime4D which incorporates the novelties described above and uses dimension 4 isogenies to represent the response isogeny. The runtime of higher dimensional isogeny computation is exponential in the dimension, hence the smaller the dimension the better for efficiency.. The second variant, SQIPrime2D, solely uses dimension 2 isogenies. This is achieved by setting the degree of the secret isogeny to be equal to that of the challenge isogeny and further exploiting Kani's Lemma. SQIPrime2D is more efficient compared to SQIPrime4D and to SQISignHD, at the cost of being comparatively less compact, but still very compact compared to non isogeny based post-quantum signatures.

## 2024/876

* Title: Distributing Keys and Random Secrets with Constant Complexity
* Authors: Benny Applebaum, Benny Pinkas
* [Permalink](https://eprint.iacr.org/2024/876)
* [Download](https://eprint.iacr.org/2024/876.pdf)

### Abstract

In the *Distributed Secret Sharing Generation* (DSG) problem $n$ parties wish to obliviously sample a secret-sharing of a random value $s$ taken from some finite field, without letting any of the parties learn $s$. *Distributed Key Generation* (DKG) is a closely related variant of the problem in which, in addition to their private shares, the parties also generate a public ``commitment'' $g^s$ to the secret. Both DSG and DKG are central primitives in the domain of secure multiparty computation and threshold cryptography.

In this paper, we study the communication complexity of DSG and DKG. Motivated by large-scale cryptocurrency and blockchain applications, we ask whether it is possible to obtain protocols in which the communication per party is a constant that does not grow with the number of parties. We answer this question to the affirmative in a model where broadcast communication is implemented via a public bulletin board (e.g., a ledger). Specifically, we present a constant-round DSG/DKG protocol in which the number of bits that each party sends/receives from the public bulletin board is a constant that depends only on the security parameter and the field size but does not grow with the number of parties $n$. In contrast, in all existing solutions at least some of the parties send $\Omega(n)$ bits.

Our protocol works in the near-threshold setting. Given arbitrary privacy/correctness parameters $0<\tau_p<\tau_c<1$, the protocol tolerates up to $\tau_p n$ actively corrupted parties and delivers shares of a random secret according to some $\tau_p n$-private $\tau_c n$-correct secret sharing scheme, such that the adversary cannot bias the secret or learn anything about it. The protocol is based on non-interactive zero-knowledge proofs, non-interactive commitments and a novel secret-sharing scheme with special robustness properties that is based on Low-Density Parity-Check codes. As a secondary contribution, we extend the formal MPC-based treatment of DKG/DSG, and study new aspects of Affine Secret Sharing Schemes.

## 2024/1438

* Title: Anamorphic Authenticated Key Exchange: Double Key Distribution under Surveillance
* Authors: Weihao Wang, Shuai Han, Shengli Liu
* [Permalink](https://eprint.iacr.org/2024/1438)
* [Download](https://eprint.iacr.org/2024/1438.pdf)

### Abstract

Anamorphic encryptions and anamorphic signatures assume a double key pre-shared between two parties so as to enable the transmission of covert messages. How to securely and efficiently distribute a double key under the dictator's surveillance is a central problem for anamorphic cryptography, especially when the users are forced to surrender their long-term secret keys or even the randomness used in the algorithms to the dictator.

In this paper, we propose Anamorphic Authentication Key Exchange (AM-AKE) to solve the problem. Similar to anamorphic encryption, AM-AKE contains a set of anamorphic algorithms besides the normal algorithms. With the help of the anamorphic algorithms in AM-AKE, the initiator and the responder are able to exchange not only a session key but also a double key. We define robustness and security notions for AM-AKE, and also prove some impossibility results on plain AM-AKE whose anamorphic key generation algorithm only outputs a key-pair. To bypass the impossibility results, we work on two sides.