## In this issue

1. [2024/49] CL-SCA: Leveraging Contrastive Learning for ...
2. [2024/50] Do You Need a Zero Knowledge Proof?
3. [2024/51] Limits on Authenticated Encryption Use in TLS
4. [2024/52] Simple Vs Vectorial: Exploiting Structural Symmetry ...
5. [2024/53] Anonymous Homomorphic IBE with Application to ...
6. [2024/54] FEASE: Fast and Expressive Asymmetric Searchable ...
7. [2024/55] Multi-Hop Fine-Grained Proxy Re-Encryption
8. [2024/56] Zero-Knowledge Proofs for SIDH variants with Masked ...
9. [2024/57] Elastic MSM: A Fast, Elastic and Modular ...
10. [2024/58] Constrained Pseudorandom Functions for Inner- ...
11. [2024/59] CrISA-X: Unleashing Performance Excellence in ...
12. [2024/60] The Insecurity of Masked Comparisons: SCAs on ML- ...
13. [2024/61] Partial Key Exposure Attack on Common Prime RSA
14. [2024/62] Double Difficulties, Defense in Depth A succinct ...
15. [2024/63] A Study of Soft Analytical Side-Channel Attacks on ...
16. [2024/64] Extreme Algebraic Attacks
17. [2024/65] Privacy-preserving Anti-Money Laundering using ...
18. [2024/66] Exploiting the Central Reduction in Lattice-Based ...
19. [2024/67] A Refined Hardness Estimation of LWE in Two-step Mode
20. [2024/68] Laconic Function Evaluation, Functional Encryption ...
21. [2024/69] SDitH in Hardware
22. [2024/70] Hints from Hertz: Dynamic Frequency Scaling Side- ...
23. [2024/71] Too Hot To Be True: Temperature Calibration for ...
24. [2024/72] 1/0 Shades of UC: Photonic Side-Channel Analysis of ...
25. [2024/73] A Comparative Examination of Network and Contract- ...
26. [2024/74] PRIDA: PRIvacy-preserving Data Aggregation with ...
27. [2024/75] Succinct Verification of Compressed Sigma Protocols ...
28. [2024/76] A provably masked implementation of BIKE Key ...
29. [2024/77] OBSCURE: Versatile Software Obfuscation from a ...
30. [2024/78] Formal Security Analysis of the OpenID FAPI 2.0: ...
31. [2024/79] On Modular Algorithms and Butterfly Operations in ...
32. [2024/80] Memory adds no cost to lattice sieving for ...
33. [2024/81] SuperFL: Privacy-Preserving Federated Learning with ...
34. [2024/82] Quantum State Obfuscation from Classical Oracles
35. [2024/83] Layout Graphs, Random Walks and the t-wise ...
36. [2024/84] Efficient Instances of Docked Double Decker With AES
37. [2024/85] Simultaneously simple universal and ...
38. [2024/86] On Hilbert-Poincaré series of affine semi-regular ...
39. [2024/87] Tree-based Lookup Table on Batched Encrypted ...
40. [2024/88] Enabling PERK on Resource-Constrained Devices
41. [2024/89] Two-party GOST in two parts: fruitless search and ...

## 2024/49

* Title: CL-SCA: Leveraging Contrastive Learning for Profiled Side-Channel Analysis
* Authors: Annv Liu, An Wang, Shaofei Sun, Congming Wei, Yaoling Ding, Yongjuan Wang, Liehuang Zhu
* [Permalink](https://eprint.iacr.org/2024/049)
* [Download](https://eprint.iacr.org/2024/049.pdf)

### Abstract

Side-channel analysis based on machine learning, especially neural networks, has gained significant attention in recent years. However, many existing methods still suffer from certain limitations. Despite the inherent capability of neural networks to extract features, there remains a risk of extracting irrelevant information. The heavy reliance on profiled traces makes it challenging to adapt to remote attack scenarios with limited profiled traces. Besides, attack traces also contain critical information that can be used in the training process to assist model learning. In this paper, we propose a side-channel analysis approach based on contrastive learning named CL-SCA to address these issues. We also leverage a stochastic data augmentation technique to assist model to effectively filter out irrelevant information from the profiled traces. Through experiments of different datasets from different platforms, we demonstrate that CL-SCA significantly outperforms various conventional machine learning side-channel analysis techniques. Moreover, by incorporating attack traces into the training process using our approach, known as CL-SCA+, it becomes possible to achieve even greater enhancements. This extension can further improve the effectiveness of key recovery, which is fully verified through experiments on different datasets.

## 2024/50

* Title: Do You Need a Zero Knowledge Proof?
* Authors: Jens Ernstberger, Stefanos Chaliasos, Liyi Zhou, Philipp Jovanovic, Arthur Gervais
* [Permalink](https://eprint.iacr.org/2024/050)
* [Download](https://eprint.iacr.org/2024/050.pdf)

### Abstract

Zero-Knowledge Proofs (ZKPs), a cryptographic tool known for decades, have gained significant attention in recent years due to advancements that have made them practically applicable in real-world scenarios. ZKPs can provide unique attributes, such as succinctness, non-interactivity, and the ability to prove knowledge without revealing the information itself, making them an attractive solution for a range of applications.

This paper aims to critically analyze the applicability of ZKPs in various scenarios. We categorize ZKPs into distinct types: SNARKs (Succinct Non-Interactive Arguments of Knowledge), Commit-then-Prove ZKPs, MPC-in-the-Head, and Sigma Protocols, each offering different trade-offs and benefits. We introduce a flowchart methodology to assist in determining the most suitable ZKP system, given a set of technical application requirements. Next, we conduct an in-depth investigation of three major use cases: Outsourcing Computation, Digital Self-Sovereign Identity, and ZKPs in networking. Additionally, we provide a high-level overview of other applications of ZKPs, exploring their broader implications and opportunities. This paper aims to demystify the decision-making process involved in choosing the right ZKP system, providing clarity on when and how these cryptographic tools can be effectively utilized in various domains — and when they are better to be avoided.

## 2024/51

* Title: Limits on Authenticated Encryption Use in TLS
* Authors: Atul Luykx, Kenneth G. Paterson
* [Permalink](https://eprint.iacr.org/2024/051)
* [Download](https://eprint.iacr.org/2024/051.pdf)

### Abstract

This technical note presents limits on the security (as a function of the number of plaintext bytes encrypted and the number of forgery attempts made by an adversary) for the main Authenticated Encryption schemes available in TLS 1..2 and the draft of TLS 1.3. These limits are derived from security proofs for the considered schemes available in the literature. Our intention is to provide considered technical input to on-going discussions in the TLS Working Group of the IETF concerning, amongst other things, the necessity of adding a key update feature to the TLS 1.3 specification.

## 2024/52

* Title: Simple Vs Vectorial: Exploiting Structural Symmetry to Beat the ZeroSum Distinguisher Applications to SHA3, Xoodyak and Bash
* Authors: SAHIBA SURYAWANSHI, Shibam Ghosh, Dhiman Saha, Prathamesh Ram
* [Permalink](https://eprint.iacr.org/2024/052)
* [Download](https://eprint.iacr.org/2024/052.pdf)

### Abstract

Higher order differential properties constitute a very insightful tool at the hands
of a cryptanalyst allowing for probing a cryptographic primitive from an algebraic perspective. In FSE 2017, Saha et al. reported SymSum (referred to as
SymSum_Vec in this paper), a new distinguisher based on higher order vectorial
Boolean derivatives of SHA-3, constituting one of the best distinguishers on the
latest cryptographic hash standard. SymSum_Vec exploits the difference in the
algebraic degree of highest degree monomials in the algebraic normal form of
SHA-3 with regards to their dependence on round constants. Later in Africacrypt
2020, Suryawanshi et al. extended SymSum_Vec using linearization techniques and
in SSS 2023 also applied it to NIST-LWC finalist Xoodyak. However, a major
limitation of SymSum_Vec is the maximum attainable derivative (MAD) which is
less than half of the widely studied ZeroSum distinguisher. This is attributed
to SymSum_Vec being dependent on m−fold vectorial derivatives while ZeroSum
relies on m−fold simple derivatives. In this work we overcome this limitation
of SymSum_Vec by developing and validating the theory of computing SymSum_Vec
with simple derivatives. This gives us a close to 100% improvement in the MAD
that can be computed. The new distinguisher reported in this work can also be combined with one/two-round linearization to penetrate more rounds. Moreover, we identify an issue with the two-round linearization claim made by Suryawanshi et al. which renders it invalid and also furnish an algebraic fix at the cost of some additional constraints.

Combining all results we report SymSum_Sim , a new variant of the SymSum_Vec
distinguisher based on m−fold simple derivatives that outperforms ZeroSum by
a factor of $2^{257}$, $2^{129}$ for 10-round SHA-3-384 and 9-round SHA-3-512 respectively while enjoying the same MAD as ZeroSum. For every other SHA-3 variant,
SymSum_Sim maintains an advantage of factor 2. Combined with one/two-round
linearization, SymSum_Sim improves upon all existing ZeroSum and SymSum_Vec
distinguishers on both SHA-3 and Xoodyak. As regards Keccak-p, the internal
permutation of SHA-3, we report the best 15-round distinguisher with a complexity of $2^{256}$ and the first better than birthday-bound 16-round distinguisher with
a complexity of $2^{512}$ (improving upon the 15/16-round results by Guo et al. in
Asiacrypt 2016). We also devise the best full-round distinguisher on the Xoodoo
internal permutation of Xoodyak with a practically verifiable complexity of $2^{32}$
and furnish the first third-party distinguishers on the Belarushian hash function
Bash. All distinguishers furnished in this work have been verified through implementations whenever practically viable. Overall, with the MAD barrier broken,
SymSum_Sim emerges as a better distinguisher than ZeroSum on all fronts and
adds to the state-of-the-art of cryptanalytic tools investigating non-randomness
of crypto primitives.