[continued from previous message]
Our performance measurements constitute initial evidence that both the memory and performance characteristics of this approach are suitable for deployment in flight-computers currently in use. Prior to optimisation, performance measurements show a modest
memory requirement of under 400 KB of RAM, but employ a more substantial stack usage of just under 200 KB. Our most advanced redundant post-quantum cipher is five times slower than its non-redundant, pre-quantum counterpart.
## 2024/668
* Title: Blockchain Price vs. Quantity Controls
* Authors: Abdoulaye Ndiaye
* [Permalink](
https://eprint.iacr.org/2024/668)
* [Download](
https://eprint.iacr.org/2024/668.pdf)
### Abstract
This paper studies the optimal transaction fee mechanisms for blockchains, focusing on the distinction between price-based ($\mathcal{P}$) and quantity-based ($\mathcal{Q}$) controls. By analyzing factors such as demand uncertainty, validator costs,
cryptocurrency price fluctuations, price elasticity of demand, and levels of decentralization, we establish criteria that determine the selection of transaction fee mechanisms. We present a model framed around a Nash bargaining game, exploring how
blockchain designers and validators negotiate fee structures to balance network welfare with profitability. Our findings suggest that the choice between $\mathcal{P}$ and $\mathcal{Q}$ mechanisms depends critically on the blockchain’s specific
technical and economic features. The study concludes that no single mechanism suits all contexts and highlights the potential for hybrid approaches that adaptively combine features of both $\mathcal{P}$ and $\mathcal{Q}$ to meet varying demands and
market conditions.
## 2024/669
* Title: Mempool Privacy via Batched Threshold Encryption: Attacks and Defenses * Authors: Arka Rai Choudhuri, Sanjam Garg, Julien Piet, Guru-Vamsi Policharla * [Permalink](
https://eprint.iacr.org/2024/669)
* [Download](
https://eprint.iacr.org/2024/669.pdf)
### Abstract
With the rising popularity of DeFi applications it is important to implement protections for regular users of these DeFi platforms against large parties with massive amounts of resources allowing them to engage in market manipulation strategies such as
frontrunning/backrunning. Moreover, there are many situations (such as recovery of funds from vulnerable smart contracts) where a user may not want to reveal their transaction until it has been executed. As such, it is clear that preserving the privacy
of transactions in the mempool is an important goal.
In this work we focus on achieving mempool transaction privacy through a new primitive that we term batched-threshold encryption, which is a variant of threshold encryption with strict efficiency requirements to better model the needs of resource
constrained environments such as blockchains. Unlike the naive use of threshold encryption, which requires communication proportional to $O(nB)$ to decrypt $B$ transactions with a committee of $n$ parties, our batched-threshold encryption scheme only
needs $O(n)$ communication. We additionally discuss pitfalls in prior approaches that use (vanilla) threshold encryption for mempool privacy.
To show that our scheme is concretely efficient, we implement our scheme and find that transactions can be encrypted in under 6 ms, independent of committee size, and the communication required to decrypt an entire batch of $B$ transactions is 80 bytes
per party, independent of the number of transactions $B$, making it an attractive choice when communication is very expensive. If deployed on Ethereum, which processes close to 500 transaction per block, it takes close to 2.8 s for each committee member
to compute a partial decryption and under 3.5 s to decrypt all transactions for a block in single-threaded mode.
## 2024/670
* Title: Secure Implementation of SRAM PUF for Private Key Generation
* Authors: Raja Adhithan Radhakrishnan
* [Permalink](
https://eprint.iacr.org/2024/670)
* [Download](
https://eprint.iacr.org/2024/670.pdf)
### Abstract
This paper endeavors to securely implement a Physical Unclonable
Function (PUF) for private data generation within Field-Programmable
Gate Arrays (FPGAs). SRAM PUFs are commonly utilized due to their
use of memory devices for generating secret data, particularly in resource constrained devices. However, their reliance on memory access poses side-channel threats such as data remanence decay and memory-based attacks, and the time required to generate
secret data is significant. To address these issues, we propose implementing n cross-coupled inverters in Verilog to generate n secret bits, followed by syndrome for error correction hardcoded in the hardware itself. This approach improves side channel
security and reduces time consumption, albeit at the expense of additional area utilization
## 2024/671
* Title: Exploiting Internal Randomness for Privacy in Vertical Federated Learning
* Authors: Yulian Sun, Li Duan, Ricardo Mendes, Derui Zhu, Yue Xia, Yong Li, Asja Fischer
* [Permalink](
https://eprint.iacr.org/2024/671)
* [Download](
https://eprint.iacr.org/2024/671.pdf)
### Abstract
Vertical Federated Learning (VFL) is becoming a standard collaborative learning paradigm with various practical applications. Randomness is essential to enhancing privacy in VFL, but introducing too much external randomness often leads to an intolerable
performance loss. Instead, as it was demonstrated for other federated learning settings, leveraging internal randomness —as provided by variational autoencoders (VAEs) —can be beneficial. However, the resulting privacy has never been quantified so
far nor has the approach been investigated for VFL.
We therefore propose a novel differential privacy estimate, denoted as distance-based empirical local differential privacy (dELDP). It allows to empirically bound DP parameters of concrete components, quantifying the internal randomness with appropriate
distance and sensitivity metrics. We apply dELDP to investigate the DP of VAEs and observe values up to ε ≈ 6.4 and δ = 2−32. Moreover, to link the dELDP parameters to the privacy of full VAE-including VFL systems in practice, we conduct
comprehensive experiments on the robustness against state-of-the-art privacy attacks. The results illustrate that the VAE system is effective against feature reconstruction attacks and outperforms other privacy-enhancing methods for VFL, especially when
the adversary holds 75% of features in label inference attack.
## 2024/672
* Title: Secure Coded Distributed Computing
* Authors: Shanuja Sasi, Onur Gunlu
* [Permalink](
https://eprint.iacr.org/2024/672)
* [Download](
https://eprint.iacr.org/2024/672.pdf)
### Abstract
In this paper, we consider two critical aspects of security in the distributed computing (DC) model: secure data shuffling and secure coded computing. It is imperative that any external entity overhearing the transmissions does not gain any information
about the intermediate values (IVs) exchanged during the shuffling phase of the DC model. Our approach ensures IV confidentiality during data shuffling. Moreover, each node in the system must be able to recover the IVs necessary for computing its output
functions but must also remain oblivious to the IVs associated with output functions not assigned to it. We design secure DC methods and establish achievable limits on the tradeoffs between the communication and computation loads to contribute to the
advancement of secure data processing in distributed systems.
## 2024/673
* Title: Chocobo: Creating Homomorphic Circuit Operating with Functional Bootstrapping in basis B
* Authors: Pierre-Emmanuel Clet, Aymen Boudguiga, Renaud Sirdey
* [Permalink](
https://eprint.iacr.org/2024/673)
* [Download](
https://eprint.iacr.org/2024/673.pdf)
### Abstract
The TFHE cryptosystem only supports small plaintext space, up to 5 bits with usual parameters. However, one solution to circumvent this limitation is to decompose input messages into a basis B over multiple ciphertexts. In this work, we introduce B-gates,
an extension of logic gates to non binary bases, to compute base B logic circuit. The flexibility introduced by our approach improves the speed performance over previous approaches such as the so called tree-based method which requires an exponential
amount of operations in the number of inputs. We provide experimental results using sorting as a benchmark application and, additionally, we obtain a speed-up of ×3 in latency compared to state of the art BGV techniques for this application. As an
additional result, we introduce a keyswitching key specific to packing TLWE ciphertexts into TRLWE ciphertexts with redundancy, which is of interest in many functional bootstrapping scenarios.
## 2024/674
* Title: SigmaSuite: How to Minimize Foreign Arithmetic in ZKP Circuits While Keeping Succinct Final Verification.
* Authors: Wyatt Benno
* [Permalink](
https://eprint.iacr.org/2024/674)
* [Download](
https://eprint.iacr.org/2024/674.pdf)
### Abstract
Foreign field arithmetic often creates significant additional overheads in zero-knowledge proof circuits. Previous work has offloaded foreign arithmetic from proof circuits by using effective and often simple primitives such as Sigma protocols. While
these successfully move the foreign field work outside of the circuit, the costs for the Sigma protocol’s verifier still remains high. In use cases where the verifier is constrained computationally this poses a major challenge. One such use case would
be in proof composition where foreign arithmetic causes a blowup in the costs for the verifier circuit. In this work we show that by using folding scheme with Sigmabus and other such uniform verifier offloading techniques, we can remove foreign field
arithmetic from zero-knowledge proof circuits while achieving succinct final verification. We do this by applying prior techniques iteratively and accumulate the resulting verifier work into one folding proof of size O(|F|) group elements, where F is the
size of a single Sigma verifier’s computation. Then by using an existing zkSNARK we can further compress to a proof size of O(log |F|) which can be checked succinctly by a computationally constrained verifier.
## 2024/675
* Title: Olympic Privacy-Preserving Blueprints: Faster Communication, Highly Functional, Stronger Security
* Authors: Scott Griffy, Markulf Kohlweiss, Anna Lysyanskaya, Meghna Sengupta
* [Permalink](
https://eprint.iacr.org/2024/675)
* [Download](
https://eprint.iacr.org/2024/675.pdf)
### Abstract
Introduced by Kohlweiss, Lysyanskaya, and Nguyen (Eurocrypt'23), an $f$-privacy-preserving blueprint (PPB) system allows an auditor with secret input $x$ to create a public encoding of the function $f(x,\cdot)$ that verifiably corresponds to a commitment
$C_x$ to $x$. The auditor will then be able to derive $f(x,y)$ from an escrow $Z$ computed by a user on input the user's private data $y$ corresponding to a commitment $C_y$. $Z$ verifiably corresponds to the commitment $C_y$ and reveals no other
information about $y$.
PPBs provide an abuse-resistant escrow mechanism: for example, if $f$ is the watchlist function where $f(x,y)$ outputs $y$ only in the event that $y$ is on the list $x$, then an $f$-PPB allows the auditor to trace watchlisted users in an otherwise
anonymous system. Yet, the auditor's $x$ must correspond to a publicly available (and potentially authorized by a transparent, lawful process) $C_x$, and the auditor will learn nothing except $f(x,y)$.
In this paper, we build on the original PPB results in three ways: (1) We define and satisfy a stronger notion of security where a malicious auditor cannot frame a user in a transaction to which this user was not a party. (2) We provide efficient schemes
for a bigger class of functions $f$; for example, for the first time, we show how to realize $f$ that would allow the auditor to trace e-cash transactions of a criminal suspect. (3) For the watchlist and related functions, we reduce the size of the
escrow $Z$ from linear in the size of the auditor's input $x$, to logarithmic.
## 2024/676
* Title: Composing Timed Cryptographic Protocols: Foundations and Applications * Authors: Karim Eldefrawy, Benjamin Terner, Moti Yung
* [Permalink](
https://eprint.iacr.org/2024/676)
* [Download](
https://eprint.iacr.org/2024/676.pdf)
### Abstract
Time-lock puzzles are unique cryptographic primitives that use computational complexity to keep information secret for some period of time, after which security expires. Unfortunately, current analysis techniques of time-lock primitives provide no sound
mechanism to build multi-party cryptographic protocols which use expiring security as a building block. We explain in this paper that all other attempts at this subtle problem lack either composability, a fully consistent analysis, or functionality. The
subtle flaws in the existing frameworks reduce to an impossibility by Mahmoody et al., who showed that time-lock puzzles with super-polynomial gaps (between committer and solver) cannot be constructed from random oracles alone; yet still the analyses of
algebraic puzzles today treat the solving process as if each step is a generic or random oracle.
This paper presents a new complexity theoretic based framework and new structural theorems to analyze timed primitives with full generality and in composition (which is the central modular protocol design tool). The framework includes a model of security
based on fine-grained circuit complexity which we call residual complexity, which accounts for possible leakage on timed primitives as they expire. Our definitions for multi-party computation protocols generalize the literature standards by accounting
for fine-grained polynomial circuit depth to model computational hardness which expires in feasible time. Our composition theorems incur degradation of (fine-grained) security as items are composed. In our framework, simulators are given a polynomial “
budget” for how much time they spend, and in composition these polynomials interact.
Finally, we demonstrate via a prototypical auction application how to apply our framework and theorems. For the first time, we show that it is possible to prove – in a way that is fully consistent, with falsifiable assumptions – properties of multi-
party applications based on leaky, temporarily secure components.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)