## In this issue

1. [2024/879] Consistency-or-Die: Consistency for Key Transparency
2. [2024/886] A New Security Evaluation Method Based on Resultant ...
3. [2024/1948] ARK: Adaptive Rotation Key Management for Fully ...
4. [2024/1949] Avenger Ensemble: Genetic Algorithm-Driven Ensemble ...
5. [2024/1950] Two-Round 2PC ECDSA at the Cost of 1 OLE
6. [2024/1951] Vote&Check: Secure Postal Voting with Reduced Trust ...
7. [2024/1952] Worst-Case Lattice Sampler with Truncated Gadgets ...
8. [2024/1953] Truncation Untangled: Scaling Fixed-Point ...
9. [2024/1954] A Complete Characterization of One-More Assumptions ...
10. [2024/1955] Gold OPRF: Post-Quantum Oblivious Power Residue PRF
11. [2024/1956] MultiReg-FE: Registered FE for Unbounded Inner- ...
12. [2024/1957] NICE-PAKE: On the Security of KEM-Based PAKE ...
13. [2024/1958] M-Sel: A Message Selection Functional Encryption ...
14. [2024/1959] SoK: Privacy-Preserving Transactions in Blockchains
15. [2024/1960] Share the MAYO: thresholdizing MAYO
16. [2024/1961] On the (Im)possibility of Game-Theoretically Fair ...
17. [2024/1962] uKNIT: Breaking Round-alignment for Cipher Design ...
18. [2024/1963] Proof of Time: A Method for Verifiable Temporal ...
19. [2024/1964] Lova: Lattice-Based Folding Scheme from ...
20. [2024/1965] Onion Franking: Abuse Reports for Mix-Based Private ...
21. [2024/1966] Efficient Succinct Zero-Knowledge Arguments in the ...
22. [2024/1967] Analysis of REDOG: The Pad Thai Attack
23. [2024/1968] SoK: Pseudorandom Generation for Masked ...
24. [2024/1969] SoK: Security of the Ascon Modes
25. [2024/1970] Scribe: Low-memory SNARKs via Read-Write Streaming
26. [2024/1971] Further Connections Between Isogenies of ...
27. [2024/1972] RoK, Paper, SISsors – Toolkit for Lattice-based ...

## 2024/879

* Title: Consistency-or-Die: Consistency for Key Transparency
* Authors: Joakim Brorsson, Elena Pagnin, Bernardo David, Paul Stankovski Wagner
* [Permalink](https://eprint.iacr.org/2024/879)
* [Download](https://eprint.iacr.org/2024/879.pdf)

### Abstract

This paper proposes a new consistency protocol that protects a key transparency log against split-view attacks and - contrary to all previous work - does not to rely on small committees of known external auditors, or out-of-band channels, or blockchains (full broadcast systems).

Our approach is to use a mechanism for cryptographically selecting a small committee of random and initially undisclosed users, which are then tasked to endorse the current view of the log. The name of our protocol, Consistency-or-Die (CoD), reflects that users are guaranteed to know if they are in a consistent state or not, and upon spotting an inconsistency in the key transparency log, users stop using this resource and become inactive (die). CoD relies on well-established cryptographic building blocks, such as verifiable random functions and key-evolving signatures, for which lightweight constructions exist. We provide a novel statistical analysis for identifying optimal quorum sizes (minimal number of endorsers for a view) for various security levels and percentages of malicious users.

Our experiments support that CoD is practical and can run in the background on mid-tier smart phones, for large-scale systems with billions of users.

## 2024/886

* Title: A New Security Evaluation Method Based on Resultant for Arithmetic-Oriented Algorithms
* Authors: Hong-Sen Yang, Qun-Xiong Zheng, Jing Yang, Quan-feng Liu, Deng Tang
* [Permalink](https://eprint.iacr.org/2024/886)
* [Download](https://eprint.iacr.org/2024/886.pdf)

### Abstract

The rapid development of advanced cryptographic applications like multi-party computation (MPC), fully homomorphic encryption (FHE), and zero-knowledge (ZK) proofs have motivated the designs of the so-called arithmetic-oriented (AO) primitives. Efficient AO primitives typically build over large fields and use large S-boxes. Such design philosophy brings difficulties in the cryptanalysis of these primitives as classical cryptanalysis methods do not apply well.. The generally recognized attacks against these primitives are algebraic attacks, especially Groebner basis attacks. Thus, the numbers of security rounds are usually derived through the complexity of solving the system of algebraic equations using Groebner bases. In this paper, we propose a novel framework for algebraic attacks against AO primitives. Instead of using Groebner basis, we use resultants to solve a system of multivariate equations that can better exploit the algebraic structures of AO primitives. We employ several techniques to reduce the dimensions of the resultants and avoid rapid increases in degrees, including meet-in-the-middle modeling, variable substitutions, and fast Lagrange interpolation. We apply our attack to three mainstream AO cryptographic primitives: Rescue-Prime, Anemoi, and Jarvis. For Rescue-Prime, we theoretically prove that the final univariate equation has a degree of at most a specific power of three and practically attack five rounds for the first time. We attack the full-round of Anemoi with complexity 2^110.10, which has been claimed to provide 127 bits of security. We also give the first practical attack against eight rounds of Anemoi over a 55-bit prime field. For Jarvis, we improve the existing practical attack by a factor of 100. Therefore, we point out that our analysis framework can be used as a new evaluation method for AO designs.

## 2024/1948

* Title: ARK: Adaptive Rotation Key Management for Fully Homomorphic Encryption Targeting Memory Efficient Deep Learning Inference
* Authors: Jia-Lin Chan, Wai-Kong Lee, Denis C.-K Wong, Wun-She Yap, Bok-Min Goi
* [Permalink](https://eprint.iacr.org/2024/1948)
* [Download](https://eprint.iacr.org/2024/1948.pdf)

### Abstract

Advancements in deep learning (DL) not only revolutionized many aspects in our lives, but also introduced privacy concerns, because it processed vast amounts of information that was closely related to our daily life. Fully Homomorphic Encryption (FHE) is one of the promising solutions to this privacy issue, as it allows computations to be carried out directly on the encrypted data. However, FHE requires high computational cost, which is a huge barrier to its widespread adoption. Many prior works proposed techniques to enhance the speed performance of FHE in the past decade, but they often impose significant memory requirements, which may be up to hundreds of gigabytes. Recently, focus has shifted from purely improving speed performance to managing FHE’s memory consumption as a critical challenge. Rovida and Leporati introduced a technique to minimize rotation key memory by retaining only essential keys, yet this technique is limited to cases with symmetric numerical patterns (e.g., -2 -1 0 1 2), constraining its broader utility. In this paper, a new technique, Adaptive Rotation Key (ARK), is proposed that minimizes rotation key memory consumption by exhaustively analyzing numerical patterns to produce a minimal subset of shared rotation keys. ARK also provides a dual-configuration option, enabling users to prioritize memory efficiency or computational speed. In memory-prioritized mode, ARK reduces rotation key memory consumption by 41.17% with a 12.57% increase in execution time. For speed-prioritized mode, it achieves a 24.62% rotation key memory reduction with only a 0.21% impact on execution time. This flexibility positions ARK as an effective solution for optimizing FHE across varied use cases, marking a significant advancement in optimization strategies for FHE-based privacy-preserving systems.

## 2024/1949

* Title: Avenger Ensemble: Genetic Algorithm-Driven Ensemble Selection for Deep Learning-based Side-Channel Analysis
* Authors: Zhao Minghui, Trevor Yap
* [Permalink](https://eprint.iacr.org/2024/1949)
* [Download](https://eprint.iacr.org/2024/1949.pdf)

### Abstract

Side-Channel Analysis (SCA) exploits physical vulnerabilities in systems to reveal secret keys. With the rise of Internet-of-Things, evaluating SCA attacks has become crucial. Profiling attacks, enhanced by Deep Learning-based Side-Channel Analysis (DLSCA), have shown significant improvements over classical techniques. Recent works demonstrate that ensemble methods outperform single neural networks. However, almost every existing ensemble selection method in SCA only picks the top few best-performing neural networks for the ensemble, which we coined as Greedily-Selected Method (GSM), which may not be optimal.
This work proposes Evolutionary Avenger Initiative (EAI), a genetic algorithm-driven ensemble selection algorithm, to create effective ensembles for DLSCA.. We investigate two fitness functions and evaluate EAI across four datasets, including \AES and \ascon implementations. We show that EAI outperforms GSM, recovering secrets with the least number of traces. Notably, EAI successfully recovers secret keys for \ascon datasets where GSM fails, demonstrating its effectiveness.

## 2024/1950

* Title: Two-Round 2PC ECDSA at the Cost of 1 OLE
* Authors: Michael Adjedj, Constantin Blokh, Geoffroy Couteau, Antoine Joux, Nikolaos Makriyannis
* [Permalink](https://eprint.iacr.org/2024/1950)
* [Download](https://eprint.iacr.org/2024/1950.pdf)

### Abstract

We present a novel protocol for two-party ECDSA that achieves two rounds (a single back-and-forth communication) at the cost of a single oblivious linear function evaluation (OLE). In comparison, the previous work of [DKLs18] (S&P 2018) achieves two rounds at the cost of three OLEs, while [BHL24] (Manuscript 2024) requires expensive zero-knowledge proofs on top of the OLE. We demonstrate this by proving that in the generic group model, any adversary capable of generating forgeries for our protocol can be transformed into an adversary that finds preimages for the ECDSA message digest function (e.g., the SHA family). Interestingly, our analysis is closely related to, and has ramifications for, the `presignatures' mode of operation—[CGGMP20] (CCS 2020), [GroSho22] (EUROCRYPT 2022).