## In this issue

1. [2024/90] Starlit: Privacy-Preserving Federated Learning to ...
2. [2024/91] On historical Multivariate Cryptosystems and their ...
3. [2024/92] Call Me By My Name: Simple, Practical Private ...
4. [2024/93] Short Code-based One-out-of-Many Proofs and ...
5. [2024/94] Chosen-Ciphertext Secure Dual-Receiver Encryption ...
6. [2024/95] ConvKyber: Unleashing the Power of AI Accelerators ...
7. [2024/96] Revisiting the security analysis of SNOVA
8. [2024/97] Improved All-but-One Vector Commitment with ...
9. [2024/98] Theoretical differential fault attacks on FLIP and ...
10. [2024/99] Snarktor: A Decentralized Protocol for Scaling ...
11. [2024/100] FiveEyes: Cryptographic Biometric Authentication ...
12. [2024/101] Unconditional Security using (Random) Anonymous ...
13. [2024/102] Laconic Branching Programs from the Diffie-Hellman ...
14. [2024/103] ChaCha related 64 bit oriented ARX cipher
15. [2024/104] AnonPSI: An Anonymity Assessment Framework for PSI
16. [2024/105] Differential cryptanalysis with SAT, SMT, MILP, and ...
17. [2024/106] A Trust-based Recommender System over Arbitrarily ...
18. [2024/107] ELEKTRA: Efficient Lightweight multi-dEvice Key ...
19. [2024/108] Some Improvements for the PIOP for ZeroCheck
20. [2024/109] Simpler and Faster BFV Bootstrapping for Arbitrary ...
21. [2024/110] Cryptanalysis of the SNOVA signature scheme
22. [2024/111] A Novel Power Analysis Attack against CRYSTALS- ...
23. [2024/112] pqm4: Benchmarking NIST Additional Post-Quantum ...
24. [2024/113] Improved Linear Key Recovery Attacks on PRESENT

## 2024/90

* Title: Starlit: Privacy-Preserving Federated Learning to Enhance Financial Fraud Detection
* Authors: Aydin Abadi, Bradley Doyle, Francesco Gini, Kieron Guinamard, Sasi Kumar Murakonda, Jack Liddell, Paul Mellor, Steven J. Murdoch, Mohammad Naseri, Hector Page, George Theodorakopoulos, Suzanne Weller
* [Permalink](https://eprint.iacr.org/2024/090)
* [Download](https://eprint.iacr.org/2024/090.pdf)

### Abstract

Federated Learning (FL) is a data-minimization approach enabling collaborative model training across diverse clients with local data, avoiding direct data exchange. However, state-of-the-art FL solutions to identify fraudulent financial transactions exhibit a subset of the following limitations. They (1) lack a formal security definition and proof, (2) assume prior freezing of suspicious customers’ accounts by financial institutions (limiting the solutions’ adoption), (3) scale poorly, involving either $O(n^2)$ computationally expensive modular exponentiation (where $n$ is the total number of financial institutions) or highly inefficient fully homomorphic encryption, (4) assume the parties have already completed the identity alignment phase, hence excluding it from the implementation, performance evaluation, and security analysis, and (5) struggle to resist clients’ dropouts. This work introduces Starlit, a novel scalable privacy-preserving FL mechanism that overcomes these limitations. It has various applications, such as enhancing financial fraud detection, mitigating terrorism, and enhancing digital health. We implemented Starlit and conducted a thorough performance analysis using synthetic data from a key player in global financial transactions. The evaluation indicates Starlit’s scalability, efficiency, and accuracy.

## 2024/91

* Title: On historical Multivariate Cryptosystems and their restorations as instruments of Post-Quantum Cryptography
* Authors: Vasyl Ustimenko
* [Permalink](https://eprint.iacr.org/2024/091)
* [Download](https://eprint.iacr.org/2024/091.pdf)

### Abstract

The paper presents a short survey of the History of Multivariate Cryptography together with the usage of old broken multivariate digital signatures in the new protocol based cryptosystems constructed in terms of Noncommutative Cryptography. The general schemes of New cryptosystems is a combinations of Eulerian maps and quadratic maps with their trapdoor accelerators, which are pieces of information such than the knowledge of them allow to compute the reimages in a polynomial time. These schemes are illustrated by historical examples of Imai – Matsumoto multivariate digital signatures schemes and Unbalanced Oil and Vinegar Cryptosystems.

## 2024/92

* Title: Call Me By My Name: Simple, Practical Private Information Retrieval for Keyword Queries
* Authors: Sofía Celi, Alex Davidson
* [Permalink](https://eprint.iacr.org/2024/092)
* [Download](https://eprint.iacr.org/2024/092.pdf)

### Abstract

We introduce $\mathsf{ChalametPIR}$: a single-server Private Information Retrieval (PIR) scheme supporting fast, low-bandwidth keyword queries, with a conceptually very simple design. In particular, we develop a generic framework for converting PIR schemes for index queries over flat arrays (based on the Learning With Errors problem) into keyword PIR. This involves representing a key-value map using any probabilistic filter that permits reconstruction of elements from inclusion queries (e.g. Cuckoo filters). In particular, we make use of recently developed Binary Fuse filters to construct $\mathsf{ChalametPIR}$, with minimal efficiency blow-up compared with state-of-the-art index-based schemes (all costs bounded by a factor of \(\leq 1.08\)). Furthermore, we show that $\mathsf{ChalametPIR}$ achieves runtimes and financial costs that are factors of between \(6\times\)-\(11\times\) and \(3.75\times\)-\(11.4\times\) more efficient, respectively, than state-of-the-art keyword PIR approaches, for varying database configurations. Bandwidth costs are additionally reduced or remain competitive, depending on the configuration. Finally, we believe that our application of Binary Fuse filters in the cryptography setting may bring immediate independent value towards developing efficient variants of other related primitives that benefit from using such filters.

## 2024/93

* Title: Short Code-based One-out-of-Many Proofs and Applications
* Authors: Xindong Liu, Li-Ping Wang
* [Permalink](https://eprint.iacr.org/2024/093)
* [Download](https://eprint.iacr.org/2024/093.pdf)

### Abstract

In this work, we propose two novel succinct one-out-of-many proofs from coding theory, which can be seen as extensions of the Stern's framework and Veron's framework from proving knowledge of a preimage to proving knowledge of a preimage for one element in a set, respectively. The size of each proof is short and scales better with the size of the public set than the code-based accumulator in \cite{nguyen2019new}. Based on our new constructions, we further present a logarithmic-size ring signature scheme and a logarithmic-size group signature scheme. Our schemes feature a short signature size, especially our group signature. To our best knowledge, it is the most compact code-based group signature scheme so far. At 128-bit security level, our group signature size is about 144 KB for a group with $2^{20}$ members while the group signature size of the previously most compact code-based group signature constructed by the above accumulator exceeds 3200 KB.

## 2024/94

* Title: Chosen-Ciphertext Secure Dual-Receiver Encryption in the Standard Model Based on Post-Quantum Assumptions
* Authors: Laurin Benz, Wasilij Beskorovajnov, Sarai Eilebrecht, Roland Gröll, Maximilian Müller, Jörn Müller-Quade
* [Permalink](https://eprint.iacr.org/2024/094)
* [Download](https://eprint.iacr.org/2024/094.pdf)

### Abstract

Dual-receiver encryption (DRE) is a special form of public key encryption (PKE) that allows a sender to encrypt a message for two recipients. Without further properties, the difference between DRE and PKE is only syntactical. One such important property is soundness, which requires that no ciphertext can be constructed such that the recipients decrypt to different plaintexts. Many applications rely on this property in order to realize more complex protocols or primitives. In addition, many of these applications explicitly avoid the usage of the random oracle, which poses an additional requirement on a DRE construction. We show that all of the IND-CCA2 secure standard model DRE constructions based on post-quantum assumptions fall short of augmenting the constructions with soundness and describe attacks thereon.
We then give an overview over all applications of IND-CCA2 secure DRE, group them into generic (i. e., applications using DRE as black-box) and non-generic applications and demonstrate that all generic ones require either soundness or public verifiability.
Conclusively, we identify the gap of sound and IND-CCA2 secure DRE constructions based on post-quantum assumptions in the standard Model.
In order to fill this gap we provide two IND-CCA2 secure DRE constructions based on the standard post-quantum assumptions, Normal Form Learning With Errors (NLWE) and Learning Parity with Noise (LPN).

## 2024/95

* Title: ConvKyber: Unleashing the Power of AI Accelerators for Faster Kyber with Novel Iteration-based Approaches
* Authors: Tian Zhou, Fangyu Zheng, Guang Fan, Lipeng Wan, Wenxu Tang, Yixuan Song, Yi Bian, Jingqiang Lin
* [Permalink](https://eprint.iacr.org/2024/095)
* [Download](https://eprint.iacr.org/2024/095.pdf)

### Abstract

The remarkable performance capabilities of AI accelerators offer promising opportunities for accelerating cryptographic algorithms, particularly in the context of lattice-based cryptography. However, current approaches to leveraging AI accelerators often remain at a rudimentary level of implementation, overlooking the intricate internal mechanisms of these devices. Consequently, a significant number of computational resources is underutilized.