<!DOCTYPE html> <html lang="en"> <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <link href="/css/dist/css/bootstrap.min.css" rel="stylesheet"> <title>Search results</title> <link rel="stylesheet" href="/css/eprint.css?v=10"> <link rel="shortcut icon" href="/favicon.ico" type="image/x-icon" /> <link rel="apple-touch-icon" href="/img/apple-touch-icon-180x180.png" /> <style> input { background-color: #e8e8e8 !important; } mark { font-weight: 600; padding: .2em 0px .2em 0px; color: black; } span.term { font-weight: 700 !important; font-family: var(--bs-font-monospace), monospace !important; } form { background-color:#fff; } @media (min-width: 768px) { form { position:sticky;top:6rem; } } </style> <meta name="description" content="Search the Cryptology ePrint Archive"> </head> <body> <noscript> <h1 class="text-center">What a lovely hat</h1> <h4 class="text-center">Is it made out of <a href="https://iacr.org/tinfoil.html">tin foil</a>?</h4> </noscript> <div class="fixed-top" id="topNavbar"> <nav class="navbar navbar-custom navbar-expand-lg"> <div class="container px-0 justify-content-between justify-content-lg-evenly"> <div class="order-0 align-items-center d-flex"> <button class="navbar-toggler btnNoOutline" type="button" data-bs-toggle="collapse" data-bs-target="#navbarContent" aria-controls="navbarContent" aria-expanded="false"> <span class="icon-bar top-bar"></span> <span class="icon-bar middle-bar"></span> <span class="icon-bar bottom-bar"></span> </button> <a class="d-none me-5 d-lg-inline" href="https://iacr.org/"><img class="iacrlogo" src="/img/iacrlogo_small.png" alt="IACR Logo" style="max-width:6rem;"></a> </div> <a class="ePrintname order-1" href="/"> <span class="longNavName">Cryptology ePrint Archive</span> </a> <div class="collapse navbar-collapse order-3" id="navbarContent"> <ul class="navbar-nav me-auto ms-2 mb-2 mb-lg-0 justify-content-end w-100"> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Papers </a> <ul class="dropdown-menu me-3" aria-labelledby="navbarDropdown"> <span class="text-dark mx-3" style="white-space:nowrap;">Updates from the last:</span> <li><a class="dropdown-item ps-custom" href="/days/7">7 days</a></li> <li><a class="dropdown-item ps-custom" href="/days/31">31 days</a></li> <li><a class="dropdown-item ps-custom" href="/days/183">6 months</a></li> <li><a class="dropdown-item ps-custom" href="/days/365">365 days</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/byyear">Listing by year</a></li> <li><a class="dropdown-item" href="/complete">All papers</a></li> <li><a class="dropdown-item" href="/complete/compact">Compact view</a></li> <li><a class="dropdown-item" href="https://www.iacr.org/news/subscribe">Subscribe</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/citation.html">How to cite</a></li> <li><hr class="dropdown-divider"></li> <li><a class="dropdown-item" href="/rss">Harvesting metadata</a></li> </ul> </li> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="submissionsDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> Submissions </a> <ul class="dropdown-menu me-3" aria-labelledby="submissionsDropdown"> <li><a class="dropdown-item" href="/submit">Submit a paper</a></li> <li><a class="dropdown-item" href="/revise">Revise or withdraw a paper</a></li> <li><a class="dropdown-item" href="/operations.html">Acceptance and publishing conditions</a></li> </ul> </li> <li class="ps-md-3 nav-item dropdown"> <a class="nav-link dropdown-toggle" href="#" id="aboutDropdown" role="button" data-bs-toggle="dropdown" aria-expanded="false"> About </a> <ul class="dropdown-menu me-3" aria-labelledby="aboutDropdown"> <li><a class="dropdown-item" href="/about.html">Goals and history</a></li> <li><a class="dropdown-item" href="/news.html">News</a></li> <li><a class="dropdown-item" href="/stats">Statistics</a></li> <li><a class="dropdown-item" href="/contact.html">Contact</a></li> </ul> </li> </ul> </div> <div class="dropdown ps-md-2 text-right order-2 order-lg-last"> <button class="btn btnNoOutline" type="button" id="dropdownMenuButton1" data-bs-toggle="dropdown" aria-expanded="false"> <img src="/img/search.svg" class="searchIcon" alt="Search Button"/> </button> <div id="searchDd" class="dropdown-menu dropdown-menu-end p-0" aria-labelledby="dropdownMenuButton1"> <form action="/search" method="GET"> <div class="input-group"> <input id="searchbox" name="q" type="search" class="form-control" autocomplete="off"> <button class="btn btn-secondary border input-group-append ml-2"> Search </button> </div> </form> <div class="ms-2 p-1 d-none"><a href="/search">Advanced search</a></div> </div> </div> </div> </nav> </div> <main id="eprintContent" class="container px-3 py-4 p-md-4"> <div class="row"> <div class="col-12 col-lg-4"> <form class="p-2 pt-md-4 align-items-end needs-validation" novalidate onsubmit="return validateForm()" method="GET" action="/search"> <label for="anything" class="mt-2 form-label">Match anything</label> <input type="text" name="q" class="form-control form-control-sm" id="anything" aria-label="Match anything" value=""> <label for="title" class="mt-4 form-label">Match title</label> <input type="text" name="title" class="form-control form-control-sm" id="title" aria-label="Match title" value=""> <label for="authors" class="mt-4 form-label">Match authors</label> <input type="text" name="authors" class="form-control form-control-sm" id="authors" aria-label="Match authors" value=""> <label for="category" class="mt-4 form-label">Category</label><br> <select class="form-select form-select-sm" id="category" name="category" aria-label="Category"> <option value="">All categories</option> <option value="APPLICATIONS" >Applications</option> <option value="PROTOCOLS" >Cryptographic protocols</option> <option value="FOUNDATIONS" >Foundations</option> <option value="IMPLEMENTATION" selected>Implementation</option> <option value="SECRETKEY" >Secret-key cryptography</option> <option value="PUBLICKEY" >Public-key cryptography</option> <option value="ATTACKS" >Attacks and cryptanalysis</option> </select> <div class="row d-none d-lg-flex"> <div class="col-6"> <label for="submittedafter" class="mt-4 form-label">Submitted after</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="submittedafter" name="submittedafter" aria-label="Submitted after" value="None" placeholder="Enter a year"> </div> <div class="col-6"> <label for="submittedbefore" class="mt-4 form-label">Submitted before</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="submittedbefore" name="submittedbefore" aria-label="Submitted before" value="None" placeholder="Enter a year"> <div class="invalid-feedback"> Dates are inconsistent </div> </div> </div> <div class="row d-none d-lg-flex"> <div class="col-6"> <label for="revisedafter" class="mt-4 form-label">Revised after</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="revisedafter" name="revisedafter" aria-label="Revised after" placeholder="Enter a year" value="None"> <div class="invalid-feedback"> Dates are inconsistent </div> </div> <div class="col-6"> <label for="revisedbefore" class="mt-4 form-label">Revised before</label><br> <input class="form-control form-control-sm" type="number" min="1996" id="revisedbefore" name="revisedbefore" aria-label="Revised before" value="None" placeholder="Enter a year"> </div> </div> <div class="d-none d-lg-flex mt-3"> <div class="form-check"> <input type="checkbox" id="relevance" name="relevance" > <label for="relevance" class="form-check-label ms-2">Sort by relevance</label> </div> </div> <div class="mt-3 d-flex"> <button class="btn btn-primary btn-sm" type="submit">Search</button> <button id="clearButton" class="btn btn-secondary btn-sm ms-2" type="button">Clear</button> <button id="helpButton" class="btn btn-info btn-sm ms-auto" type="button" data-bs-toggle="modal" data-bs-target="#helpModal">Help</button> </div> </form> <div class="modal" tabindex="-1" id="helpModal"> <div class="modal-dialog modal-lg"> <div class="modal-content"> <div class="modal-header"> <h4 class="modal-title">Search Help</h4> <button type="button" class="btn-close" data-bs-dismiss="modal" aria-label="Close"></button> </div> <div class="modal-body"> <p> You can search for a phrase by enclosing it in double quotes, e.g., <span class="term text-nowrap"><a href="/search?q=%22differential%20privacy%22">"differential privacy"</a></span>. </p> <p> You can require or exclude specific terms using + and -. For example, to search for papers that contain the term elliptic but not the term factoring, use <span class="term text-nowrap"><a href="/search?q=%2Belliptic%20-factoring">+elliptic -factoring</a></span> </p> <p> To search in a title or for author name, use <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20author%3Aboneh">title:isogeny author:boneh</a></span>. If you want to require both, you can use <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20AND%20author%3Aboneh">title:isogeny AND author:boneh</a></span> because it recognizes logical operators <span class="term">AND</span> and <span class="term">OR</span>. This is equivalent to <a href="/search?title=isogeny&authors=boneh">using the individual fields</a> for author and title. You can also use NOT to negate a condition, as with <span class="term text-nowrap"><a href="/search?q=title%3Aisogeny%20AND%20NOT%20author%3Aboneh">title:isogeny AND NOT author:boneh</a></span> to search for papers with an author other than Boneh. </p> <p> To find documents containing a term starting with the string <span class="term">differe</span>, use <span class="term"><a href="/search?q=differe%2A">differe*</a></span>. This will match the terms difference, different, and differential </p> <p> Note that search applies stemming, so that if you search for <span class="term">yield</span> it will also match terms <span class="term">yields</span> and <span class="term">yielding</span>. If you want to disable stemming, capitalize the term. A search for <span class="term">Adam</span> will not match the term 'Adams'. </p> <p> The system attempts to recognize possible misspellings. This is perhaps a source of amusement more than anything else. </p> <p> This currently searches the text in titles, authors, abstracts, and keywords, but does not search in the PDF or PS itself. </p> </div> <div class="modal-footer"> <button type="button" class="btn btn-secondary" data-bs-dismiss="modal">Close</button> </div> </div> </div> </div> <!-- Parsed query: Query((XCIMPLEMENTATION AND_MAYBE PostingSource(Xapian::ValueWeightPostingSource(slot=2)))) --> </div> <div class="col-12 col-lg-8" style="min-height:80vh"> <h4 class="mt-3 ms-4">2086 results sorted by ID</h5> <div class="ms-lg-4 mt-3 results"> <div class="mb-4"> <div class="d-flex"><a title="2025/523" class="paperlink" href="/2025/523">2025/523</a> <span class="ms-2"><a href="/2025/523.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Assembly optimised Curve25519 and Curve448 implementations for ARM Cortex-M4 and Cortex-M33</strong> <div class="mt-1"><span class="fst-italic">Emil Lenngren</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Since the introduction of TLS 1.3, which includes X25519 and X448 as key exchange algorithms, one could expect that high efficient implementations for these two algorithms become important as the need for power efficient and secure IoT devices increases. Assembly optimised X25519 implementations for low end processors such as Cortex-M4 have existed for some time but there has only been scarce progress on optimised X448 implementations for low end ARM processors such as Cortex-M4 and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/519" class="paperlink" href="/2025/519">2025/519</a> <span class="ms-2"><a href="/2025/519.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>mid-pSquare: Leveraging the Strong Side-Channel Security of Prime-Field Masking in Software</strong> <div class="mt-1"><span class="fst-italic">Brieuc Balon, Lorenzo Grassi, Pierrick Méaux, Thorben Moos, François-Xavier Standaert, Matthias Johann Steiner</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Efficiently protecting embedded software implementations of standard symmetric cryptographic primitives against side-channel attacks has been shown to be a considerable challenge in practice. This is, in part, due to the most natural countermeasure for such ciphers, namely Boolean masking, not amplifying security well in the absence of sufficient physical noise in the measurements. So-called prime-field masking has been demonstrated to provide improved theoretical guarantees in this context,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/512" class="paperlink" href="/2025/512">2025/512</a> <span class="ms-2"><a href="/2025/512.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Optimizing AES-GCM on ARM Cortex-M4: A Fixslicing and FACE-Based Approach</strong> <div class="mt-1"><span class="fst-italic">Hyunjun Kim, Hwajeong Seo</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The Advanced Encryption Standard (AES) in Galois/Counter Mode (GCM) delivers both confidentiality and integrity yet poses performance and security challenges on resource-limited microcontrollers. In this paper, we present an optimized AES-GCM implementation for the ARM Cortex-M4 that combines Fixslicing AES with the FACE (Fast AES-CTR Encryption) strategy, significantly reducing redundant computations in AES-CTR. We further examine two GHASH implementations—a 4-bit Table-based approach and a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/503" class="paperlink" href="/2025/503">2025/503</a> <span class="ms-2"><a href="/2025/503.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Max Bias Analysis: A New Approach on Computing the Entropy of Free Ring-Oscillator</strong> <div class="mt-1"><span class="fst-italic">Nicolas David, Eric Garrido</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work introduce a new approach called Max bias analysis for the entropy computation of structures of Free Ring Oscillator-based Physical Random Number Generator. It employs the stochastic model based on the well-established Wiener process, specifically adapted to only capture thermal noise contributions while accounting for potential non-zero bias in the duty cycle. Our analysis is versatile, applicable to combinations of multiple sampled Ring Oscillator (RO) filtering by any function....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/498" class="paperlink" href="/2025/498">2025/498</a> <span class="ms-2"><a href="/2025/498.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Scoop: An Optimizer for Profiling Attacks against Higher-Order Masking</strong> <div class="mt-1"><span class="fst-italic">Nathan Rousselot, Karine Heydemann, Loïc Masure, Vincent Migairou</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we provide new theoretical and empirical evidences that gradient-based deep learning profiling attacks (DL-SCA) suffer from masking schemes. This occurs through an initial stall of the learning process: the so-called plateau effect. To understand why, we derive an analytical expression of a DL-SCA model targeting simulated traces which enables us to study an analytical expression of the loss. By studying the loss landscape of this model, we show that not only do the magnitudes...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/497" class="paperlink" href="/2025/497">2025/497</a> <span class="ms-2"><a href="/2025/497.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Fast Scloud+: A Fast Hardware Implementation for the Unstructured LWE-based KEM - Scloud+</strong> <div class="mt-1"><span class="fst-italic">Jing Tian, Yaodong Wei, Dejun Xu, Kai Wang, Anyu Wang, Zhiyuan Qiu, Fu Yao, Guang Zeng</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Scloud+ is an unstructured LWE-based key encapsulation mechanism (KEM) with conservative quantum security, in which ternary secrets and lattice coding are incorporated for higher computational and communication efficiency. However, its efficiencies are still much inferior to those of the structured LWE-based KEM, like ML-KEM (standardized by NIST). In this paper, we present a configurable hardware architecture for Scloud+.KEM to improve the computational efficiency. Many algorithmic and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/487" class="paperlink" href="/2025/487">2025/487</a> <span class="ms-2"><a href="/2025/487.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>webSPDZ: Versatile MPC on the Web</strong> <div class="mt-1"><span class="fst-italic">Thomas Buchsteiner, Karl W. Koch, Dragos Rotaru, Christian Rechberger</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Multi-party computation (MPC) has become increasingly practical in the last two decades, solving privacy and security issues in various domains, such as healthcare, finance, and machine learning. One big caveat is that MPC sometimes lacks usability since the knowledge barrier for regular users can be high. Users have to deal with, e.g., various CLI tools, private networks, and sometimes even must install many dependencies, which are often hardware-dependent. A solution to improve the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/479" class="paperlink" href="/2025/479">2025/479</a> <span class="ms-2"><a href="/2025/479.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Post Quantum Migration of Tor</strong> <div class="mt-1"><span class="fst-italic">Denis Berger, Mouad Lemoudden, William J Buchanan</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Shor&#39;s and Grover&#39;s algorithms&#39; efficiency and the advancement of quantum computers imply that the cryptography used until now to protect one&#39;s privacy is potentially vulnerable to retrospective decryption, also known as harvest now, decrypt later attack in the near future. This dissertation proposes an overview of the cryptographic schemes used by Tor, highlighting the non-quantum-resistant ones and introducing theoretical performance assessment methods of a local Tor network. The...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/478" class="paperlink" href="/2025/478">2025/478</a> <span class="ms-2"><a href="/2025/478.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Attacking Single-Cycle Ciphers on Modern FPGAs featuring Explainable Deep Learning</strong> <div class="mt-1"><span class="fst-italic">Mustafa Khairallah, Trevor Yap</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we revisit the question of key recovery using side-channel analysis for unrolled, single-cycle block ciphers. In particular, we study the Princev2 cipher. While it has been shown vulnerable in multiple previous studies, those studies were performed on side-channel friendly ASICs or older FPGAs (e.g., Xilinx Virtex II on the SASEBO-G board), and using mostly expensive equipment. We start with the goal of exploiting a cheap modern FPGA and board using power traces from a cheap...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/467" class="paperlink" href="/2025/467">2025/467</a> <span class="ms-2"><a href="/2025/467.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>PMNS arithmetic for elliptic curve cryptography</strong> <div class="mt-1"><span class="fst-italic">Fangan Yssouf Dosso, Sylvain Duquesne, Nadia El Mrabet, Emma Gautier</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We show that using a polynomial representation of prime field elements (PMNS) can be relevant for real-world cryptographic applications even in terms of performance. More specifically, we consider elliptic curves for cryptography when pseudo-Mersenne primes cannot be used to define the base field (e.g. Brainpool standardized curves, JubJub curves in the zkSNARK context, pairing-friendly curves). All these primitives make massive use of the Montgomery reduction algorithm and well-known...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/464" class="paperlink" href="/2025/464">2025/464</a> <span class="ms-2"><a href="/2025/464.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SoK: Efficient Design and Implementation of Polynomial Hash Functions over Prime Fields</strong> <div class="mt-1"><span class="fst-italic">Jean Paul Degabriele, Jan Gilcher, Jérôme Govinden, Kenneth G. Paterson</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Poly1305 is a widely-deployed polynomial hash function. The rationale behind its design was laid out in a series of papers by Bernstein, the last of which dates back to 2005. As computer architectures evolved, some of its design features became less relevant, but implementers found new ways of exploiting these features to boost its performance. However, would we still converge to this same design if we started afresh with today&#39;s computer architectures and applications? To answer this...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/455" class="paperlink" href="/2025/455">2025/455</a> <span class="ms-2"><a href="/2025/455.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-11</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>StaMAC: Fault Protection via Stable-MAC Tags</strong> <div class="mt-1"><span class="fst-italic">Siemen Dhooghe, Artemii Ovchinnikov, Dilara Toprakhisar</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Fault attacks pose a significant threat to cryptographic implementations, motivating the development of countermeasures, primarily based on a combination of redundancy and masking techniques. Redundancy, in these countermeasures, is often implemented via duplication or linear codes. However, their inherent structure remains susceptible to strategic fault injections bypassing error checks. To address this, the CAPA countermeasure from CRYPTO 2018 leveraged information-theoretic MAC tags for...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/435" class="paperlink" href="/2025/435">2025/435</a> <span class="ms-2"><a href="/2025/435.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Constant-Time Code: The Pessimist Case</strong> <div class="mt-1"><span class="fst-italic">Thomas Pornin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This note discusses the problem of writing cryptographic implementations in software, free of timing-based side-channels, and many ways in which that endeavour can fail in practice. It is a pessimist view: it highlights why such failures are expected to become more common, and how constant-time coding is, or will soon become, infeasible in all generality.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/433" class="paperlink" href="/2025/433">2025/433</a> <span class="ms-2"><a href="/2025/433.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>MIDAS: an End-to-end CAD Framework for Automating Combinational Logic Locking</strong> <div class="mt-1"><span class="fst-italic">Akashdeep Saha, Siddhartha Chowdhury, Rajat Subhra Chakraborty, Debdeep Mukhopadhyay</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Logic locking has surfaced as a notable safeguard against diverse hazards that pose a risk to the integrated circuit (IC) supply chain. Existing literature on logic locking largely encompasses the art of proposing new constructions, on the one hand, and unearthing weaknesses in such algorithms on the other. Somehow, in this race of make and break, the stress on automation of adopting such techniques on real-life circuits has been rather limited. For the first time, we present a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/417" class="paperlink" href="/2025/417">2025/417</a> <span class="ms-2"><a href="/2025/417.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Evaluation of Privacy-aware Support Vector Machine (SVM) Learning using Homomorphic Encryption</strong> <div class="mt-1"><span class="fst-italic">William J Buchanan, Hisham Ali</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The requirement for privacy-aware machine learning increases as we continue to use PII (Personally Identifiable Information) within machine training. To overcome these privacy issues, we can apply Fully Homomorphic Encryption (FHE) to encrypt data before it is fed into a machine learning model. This involves creating a homomorphic encryption key pair, and where the associated public key will be used to encrypt the input data, and the private key will decrypt the output. But, there is often a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/366" class="paperlink" href="/2025/366">2025/366</a> <span class="ms-2"><a href="/2025/366.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-26</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Enabling Microarchitectural Agility: Taking ML-KEM &amp; ML-DSA from Cortex-M4 to M7 with SLOTHY</strong> <div class="mt-1"><span class="fst-italic">Amin Abdulrahman, Matthias J. Kannwischer, Thing-Han Lim</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Highly-optimized assembly is commonly used to achieve the best performance for popular cryptographic schemes such as the newly standardized ML-KEM and ML-DSA. The majority of implementations today rely on hand-optimized assembly for the core building blocks to achieve both security and performance. However, recent work by Abdulrahman et al. takes a new approach, writing a readable base assembly implementation first and leaving the bulk of the optimization work to a tool named SLOTHY based...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/338" class="paperlink" href="/2025/338">2025/338</a> <span class="ms-2"><a href="/2025/338.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>CT-LLVM: Automatic Large-Scale Constant-Time Analysis</strong> <div class="mt-1"><span class="fst-italic">Zhiyuan Zhang, Gilles Barthe</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Constant-time (CT) is a popular programming discipline to protect cryptographic libraries against micro-architectural timing attacks. One appeal of the CT discipline lies in its conceptual simplicity: a program is CT iff it has no secret-dependent data-flow, control-flow or variable-timing operation. Thanks to its simplicity, the CT discipline is supported by dozens of analysis tools. However, a recent user study demonstrates that these tools are seldom used due to poor usability and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/337" class="paperlink" href="/2025/337">2025/337</a> <span class="ms-2"><a href="/2025/337.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficient IP Masking with Generic Security Guarantees under Minimum Assumptions</strong> <div class="mt-1"><span class="fst-italic">Sebastian Faust, Loïc Masure, Elena Micheli, Hai Hoang Nguyen, Maximilian Orlt, François-Xavier Standaert</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Leakage-resilient secret sharing schemes are a fundamental building block for secure computation in the presence of leakage. As a result, there is a strong interest in building secret sharing schemes that combine resilience in practical leakage scenarios with potential for efficient computation. In this work, we revisit the inner-product framework, where a secret $y$ is encoded by two vectors $(\omega, y)$, such that their inner product is equal to $y$. So far, the most efficient...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/298" class="paperlink" href="/2025/298">2025/298</a> <span class="ms-2"><a href="/2025/298.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Stateless Hash-Based Signatures for Post-Quantum Security Keys</strong> <div class="mt-1"><span class="fst-italic">Ruben Gonzalez</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The U.S. National Institute of Standards and Technology recently standardized the first set of post-quantum cryptography algo- rithms. These algorithms address the quantum threat, but also present new challenges due to their larger memory and computational footprint. Three of the four standardized algorithms are lattice based, offering good performance but posing challenges due to complex implementation and intricate security assumptions. A more conservative choice for quantum- safe...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/273" class="paperlink" href="/2025/273">2025/273</a> <span class="ms-2"><a href="/2025/273.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Clustering Approach for Higher-Order Deterministic Masking</strong> <div class="mt-1"><span class="fst-italic">Vahid Jahandideh, Jan Schoone, Lejla Batina</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We present a novel scheme for securely computing the AND operation, without requiring additional online randomness. Building on the work of Nikova et al., our construction extends security beyond the first order while ensuring a uniform output distribution and resilience against glitches up to a specified threshold. This result addresses a longstanding open problem in side-channel-resistant masking schemes. Our approach is based on a new method of share clustering, inspired by finite affine...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/270" class="paperlink" href="/2025/270">2025/270</a> <span class="ms-2"><a href="/2025/270.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Decomposition Approach for Evaluating Security of Masking</strong> <div class="mt-1"><span class="fst-italic">Vahid Jahandideh, Bart Mennink, Lejla Batina</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Masking is a common countermeasure against side-channel attacks that encodes secrets into multiple shares, each of which may be subject to leakage. A key question is under what leakage conditions, and to what extent, does increasing the number of shares actually improve the security of these secrets. Although this question has been studied extensively in low-SNR regimes, scenarios where the adversary obtains substantial information—such as on low-noise processors or through static power...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/260" class="paperlink" href="/2025/260">2025/260</a> <span class="ms-2"><a href="/2025/260.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Quantum Security Evaluation of ASCON</strong> <div class="mt-1"><span class="fst-italic">Yujin Oh, Kyungbae Jang, Hwajeong Seo</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Grover&#39;s algorithm, which reduces the search complexity of symmetric-key ciphers and hash functions, poses a significant security challenge in cryptography. Recent research has focused on estimating Grover&#39;s search complexity and assessing post-quantum security. This paper analyzes a quantum circuit implementation of ASCON, including ASCON-AEAD, hash functions, and ASCON-80pq, in alignment with NIST’s lightweight cryptography standardization efforts. We place particular emphasis on circuit...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/255" class="paperlink" href="/2025/255">2025/255</a> <span class="ms-2"><a href="/2025/255.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Tighter Security Notions for a Modular Approach to Private Circuits</strong> <div class="mt-1"><span class="fst-italic">Bohan Wang, Juelin Zhang, Yu Yu, Weijia Wang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">To counteract side-channel attacks, a masking scheme splits each intermediate variable into $n$ shares and transforms each elementary operation (e.g., field addition and multiplication) to the masked correspondence called gadget, such that intrinsic noise in the leakages renders secret recovery infeasible in practice. A simple and efficient security notion is the probing model ensuring that any $n-1$ shares are independently distributed from the secret input. One requirement of the probing...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/252" class="paperlink" href="/2025/252">2025/252</a> <span class="ms-2"><a href="/2025/252.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Chiplet-Based Techniques for Scalable and Memory-Aware Multi-Scalar Multiplication</strong> <div class="mt-1"><span class="fst-italic">Florian Hirner, Florian Krieger, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper presents a high-performance architecture for accelerating Multi-Scalar Multiplication (MSM) on ASIC platforms, targeting cryptographic applications with high throughput demands. Unlike prior MSM accelerators that focus solely on efficient processing elements (PEs), our chiplet-based design optimally balances area, power, and computational throughput. We identify a mixed window configuration of 12- and 13-bit windows that enables an efficient multi-PE integration of 10 PEs per...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/249" class="paperlink" href="/2025/249">2025/249</a> <span class="ms-2"><a href="/2025/249.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>cuFalcon: An Adaptive Parallel GPU Implementation for High-Performance Falcon Acceleration</strong> <div class="mt-1"><span class="fst-italic">Wenqian Li, Hanyu Wei, Shiyu Shen, Hao Yang, Wangchen Dai, Yunlei Zhao</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The rapid advancement of quantum computing has ushered in a new era of post-quantum cryptography, urgently demanding quantum-resistant digital signatures to secure modern communications and transactions. Among NIST-standardized candidates, Falcon—a compact lattice-based signature scheme—stands out for its suitability in size-sensitive applications. In this paper, we present cuFalcon, a high-throughput GPU implementation of Falcon that addresses its computational bottlenecks through adaptive...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/214" class="paperlink" href="/2025/214">2025/214</a> <span class="ms-2"><a href="/2025/214.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Rejected Challenges Pose New Challenges: Key Recovery of CRYSTALS-Dilithium via Side-Channel Attacks</strong> <div class="mt-1"><span class="fst-italic">Yuanyuan Zhou, Weijia Wang, Yiteng Sun, Yu Yu</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Rejection sampling is a crucial security mechanism in lattice-based signature schemes that follow the Fiat-Shamir with aborts paradigm, such as ML-DSA/CRYSTALS-Dilithium. This technique transforms secret-dependent signature samples into ones that are statistically close to a secret-independent distribution (in the random oracle model). While many side-channel attacks have directly targeted sensitive data such as nonces, secret keys, and decomposed commitments, fewer studies have explored the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/212" class="paperlink" href="/2025/212">2025/212</a> <span class="ms-2"><a href="/2025/212.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-04</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Constructing Quantum Implementations with the Minimal T-depth or Minimal Width and Their Applications</strong> <div class="mt-1"><span class="fst-italic">Zhenyu Huang, Fuxin Zhang, Dongdai Lin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">With the rapid development of quantum computers, optimizing the quantum implementations of symmetric-key ciphers, which constitute the primary components of the quantum oracles used in quantum attacks based on Grover and Simon&#39;s algorithms, has become an active topic in the cryptography community. In this field, a challenge is to construct quantum circuits that require the least amount of quantum resources. In this work, we aim to address the problem of constructing quantum circuits with the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/196" class="paperlink" href="/2025/196">2025/196</a> <span class="ms-2"><a href="/2025/196.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-09</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Endomorphisms for Faster Cryptography on Elliptic Curves of Moderate CM Discriminants, II</strong> <div class="mt-1"><span class="fst-italic">Dimitri Koshelev, Antonio Sanso</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The present article is a natural extension of the previous one about the GLV method of accelerating a (multi-)scalar multiplication on elliptic curves of moderate CM discriminants $D &lt; 0$. In comparison with the first article, much greater magnitudes of $D$ (in absolute value) are achieved, although the base finite fields of the curves have to be pretty large. This becomes feasible by resorting to quite powerful algorithmic tools developed primarily in the context of lattice-based and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/193" class="paperlink" href="/2025/193">2025/193</a> <span class="ms-2"><a href="/2025/193.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On the Average Random Probing Model</strong> <div class="mt-1"><span class="fst-italic">Julien Béguinot, Loïc Masure</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We exhibit a gap between the average random probing model, as defined by Dziembowski et al. at Eurocrypt 2015, and the same model, as defined in the recent paper of Brian et al. at Eurocrypt 2024. Whereas any noisy leakage can be tightly reduced to the former one, we show in this paper that it cannot be tightly reduced to the latter one, unless requiring extra assumptions, e.g., if the noisy leakage is deterministic. As a consequence, the reduction from noisy leakages to random probings —...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/192" class="paperlink" href="/2025/192">2025/192</a> <span class="ms-2"><a href="/2025/192.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Practical Electromagnetic Fault Injection on Intel Neural Compute Stick 2</strong> <div class="mt-1"><span class="fst-italic">Shivam Bhasin, Dirmanto Jap, Marina Krček, Stjepan Picek, Prasanna Ravi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Machine learning (ML) has been widely deployed in various applications, with many applications being in critical infrastructures. One recent paradigm is edge ML, an implementation of ML on embedded devices for Internet-of-Things (IoT) applications. In this work, we have conducted a practical experiment on Intel Neural Compute Stick (NCS) 2, an edge ML device, with regard to fault injection (FI) attacks. More precisely, we have employed electromagnetic fault injection (EMFI) on NCS 2 to...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/179" class="paperlink" href="/2025/179">2025/179</a> <span class="ms-2"><a href="/2025/179.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Higher-Order Deterministic Masking with Application to Ascon</strong> <div class="mt-1"><span class="fst-italic">Vahid Jahandideh, Bart Mennink, Lejla Batina</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Side-channel attacks (SCAs) pose a significant threat to the implementations of lightweight ciphers, particularly in resource-constrained environments where masking—the primary countermeasure—is constrained by tight resource limitations. This makes it crucial to reduce the resource and randomness requirements of masking schemes. In this work, we investigate an approach to minimize the randomness complexity of masking algorithms. Specifically, we explore the theoretical foundations...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/172" class="paperlink" href="/2025/172">2025/172</a> <span class="ms-2"><a href="/2025/172.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SoK: Understanding zk-SNARKs: The Gap Between Research and Practice</strong> <div class="mt-1"><span class="fst-italic">Junkai Liang, Daqi Hu, Pengfei Wu, Yunbo Yang, Qingni Shen, Zhonghai Wu</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Zero-knowledge succinct non-interactive arguments of knowledge (zk-SNARKs) are a powerful tool for proving computation correctness, attracting significant interest from researchers, developers, and users. However, the complexity of zk-SNARKs has created gaps between these groups, hindering progress. Researchers focus on constructing efficient proving systems with stronger security and new properties, while developers and users prioritize toolchains, usability, and compatibility. In this...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/171" class="paperlink" href="/2025/171">2025/171</a> <span class="ms-2"><a href="/2025/171.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-07</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A light white-box masking scheme using Dummy Shuffled Secure Multiplication</strong> <div class="mt-1"><span class="fst-italic">Alex Charlès, Aleksei Udovenko</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In white-box cryptography, early encoding-based countermeasures have been broken by the DCA attack, leading to the utilization of masking schemes against a surge of automated attacks. The recent filtering attack from CHES 2024 broke the last viable masking scheme from CHES 2021 resisting both computational and algebraic attacks, raising the need for new countermeasures. In this work, we perform the first formal study of the combinations of existing countermeasures and demonstrate that...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/170" class="paperlink" href="/2025/170">2025/170</a> <span class="ms-2"><a href="/2025/170.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficient Error Detection Methods for the Number Theoretic Transforms in Lattice-Based Algorithms</strong> <div class="mt-1"><span class="fst-italic">Mohamed Abdelmonem, Lukas Holzbaur, Håvard Raddum, Alexander Zeh</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The Number Theoretic Transform (NTT) is a crucial component in many post-quantum cryptographic (PQC) algorithms, enabling efficient polynomial multiplication. However, the reliability of NTT computations is an important concern, especially for safety-critical applications. This work presents novel techniques to improve the fault tolerance of NTTs used in prominent PQC schemes such as Kyber, Dilithium, and Falcon. The work first establishes a theoretical framework for error detection in NTTs,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/163" class="paperlink" href="/2025/163">2025/163</a> <span class="ms-2"><a href="/2025/163.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Bootstrapping (T)FHE Ciphertexts via Automorphisms: Closing the Gap Between Binary and Gaussian Keys</strong> <div class="mt-1"><span class="fst-italic">Olivier Bernard, Marc Joye</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The GINX method in TFHE enables low-latency ciphertext bootstrapping with relatively small bootstrapping keys, but is limited to binary or ternary key distributions. In contrast, the AP method supports arbitrary key distributions, however at the cost of significantly large bootstrapping keys. Building on AP, automorphism-based methods (LMK⁺, EUROCRYPT 2023) achieve smaller keys, though each automorphism application necessitates a key switch, introducing computational overhead and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/145" class="paperlink" href="/2025/145">2025/145</a> <span class="ms-2"><a href="/2025/145.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Breaking RSA with Overclocking-induced GPU Faults</strong> <div class="mt-1"><span class="fst-italic">Reuven Yakar, Avishai Wool, Eyal Ronen</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Overclocking is a a supported functionality of Nvidia GPUs, and is a common performance enhancement practice. However, overclocking poses a danger for cryptographic applications. As the temperature in the overclocked GPU increases, spurious computation faults occur. Coupled with well known fault attacks against RSA implementations, one can expect such faults to allow compromising RSA private keys during decryption or signing. We first validate this hypothesis: We evaluate two...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/142" class="paperlink" href="/2025/142">2025/142</a> <span class="ms-2"><a href="/2025/142.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-17</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>hax: Verifying Security-Critical Rust Software using Multiple Provers</strong> <div class="mt-1"><span class="fst-italic">Karthikeyan Bhargavan, Maxime Buyse, Lucas Franceschino, Lasse Letager Hansen, Franziskus Kiefer, Jonas Schneider-Bensch, Bas Spitters</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We present hax, a verification toolchain for Rust targeted at security-critical software such as cryptographic libraries, protocol imple- mentations, authentication and authorization mechanisms, and parsing and sanitization code. The key idea behind hax is the pragmatic observation that different verification tools are better at handling different kinds of verification goals. Consequently, hax supports multiple proof backends, including domain-specific security analysis tools like ProVerif...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/137" class="paperlink" href="/2025/137">2025/137</a> <span class="ms-2"><a href="/2025/137.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>FINAL bootstrap acceleration on FPGA using DSP-free constant-multiplier NTTs</strong> <div class="mt-1"><span class="fst-italic">Jonas Bertels, Hilder V. L. Pereira, Ingrid Verbauwhede</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work showcases Quatorze-bis, a state-of-the-art Number Theoretic Transform circuit for TFHE-like cryptosystems on FPGAs. It contains a novel modular multiplication design for modular multiplication with a constant for a constant modulus. This modular multiplication design does not require any DSP units or any dedicated multiplier unit, nor does it require extra logic when compared to the state-of-the-art modular multipliers. Furthermore, we present an implementation of a constant...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/124" class="paperlink" href="/2025/124">2025/124</a> <span class="ms-2"><a href="/2025/124.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-04</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>GPU Implementations of Three Different Key-Switching Methods for Homomorphic Encryption Schemes</strong> <div class="mt-1"><span class="fst-italic">Ali Şah Özcan, Erkay Savaş</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this work, we report on the latest GPU implementations of the three well-known methods for the key switching operation, which is critical for Fully Homomorphic Encryption (FHE). Additionally, for the first time in the literature, we provide implementations of all three methods in GPU for leveled CKKS schemes. To ensure a fair comparison, we employ the most recent GPU implementation of the number-theoretic transform (NTT), which is the most time-consuming operation in key switching, and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/123" class="paperlink" href="/2025/123">2025/123</a> <span class="ms-2"><a href="/2025/123.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Falcon on ARM Cortex-M4: an Update</strong> <div class="mt-1"><span class="fst-italic">Thomas Pornin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This note reports new implementation results for the Falcon signature algorithm on an ARM Cortex-M4 microcontroller. Compared with our previous implementation (in 2019), runtime cost has been about halved.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/103" class="paperlink" href="/2025/103">2025/103</a> <span class="ms-2"><a href="/2025/103.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Technology-Dependent Synthesis and Optimization of Circuits for Small S-boxes</strong> <div class="mt-1"><span class="fst-italic">Zihao Wei, Siwei Sun, Fengmei Liu, Lei Hu, Zhiyu Zhang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Boolean formula minimization is a notoriously hard problem that is known to be $\varSigma_2^P$-complete. Circuit minimization, typically studied in the context of a much broader subject known as synthesis and optimization of circuits, introduces another layer of complexity since ultimately those technology-independent epresentations (e.g., Boolean formulas and truth tables) has to be transformed into a netlist of cells of the target technology library. To manage those complexities, the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/091" class="paperlink" href="/2025/091">2025/091</a> <span class="ms-2"><a href="/2025/091.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>poqeth: Efficient, post-quantum signature verification on Ethereum</strong> <div class="mt-1"><span class="fst-italic">Ruslan Kysil, István András Seres, Péter Kutas, Nándor Kelecsényi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This work explores the application and efficient deployment of (standardized) post-quantum (PQ) digital signature algorithms in the blockchain environment. Specifically, we implement and evaluate four PQ signatures in the Ethereum Virtual Machine: W-OTS$^{+}$, XMSS, SPHINCS+, and MAYO. We focus on optimizing the gas costs of the verification algorithms as that is the signature schemes&#39; only algorithm executed on-chain, thus incurring financial costs (transaction fees) for the users. Hence,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/086" class="paperlink" href="/2025/086">2025/086</a> <span class="ms-2"><a href="/2025/086.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Artificial Results From Hardware Synthesis</strong> <div class="mt-1"><span class="fst-italic">Ahmed Alharbi, Charles Bouillaguet</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we revisit venerable lower-bounds on the $AT$ or $AT^2$ performance metric of hardware circuits. A series of works started in the late 1970&#39;s has established that if a hardware circuit of area $A$ computes a function $f : \{0, 1\}^n \rightarrow \{0, 1\}^m$ in $T$ clock cycles, then $AT^2$ is asymptotically larger than (a form of) the communication complexity of $f$. These lower-bounds ignore the active component of the circuit such as the logic gates and only take into...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/075" class="paperlink" href="/2025/075">2025/075</a> <span class="ms-2"><a href="/2025/075.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Further Improvements in AES Execution over TFHE: Towards Breaking the 1 sec Barrier</strong> <div class="mt-1"><span class="fst-italic">Sonia Belaïd, Nicolas Bon, Aymen Boudguiga, Renaud Sirdey, Daphné Trama, Nicolas Ye</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Making the most of TFHE advanced capabilities such as programmable or circuit bootstrapping and their generalizations for manipulating data larger than the native plaintext domain of the scheme is a very active line of research. In this context, AES is a particularly interesting benchmark, as an example of a nontrivial algorithm which has eluded &#34;practical&#34; FHE execution performances for years, as well as the fact that it will most likely be selected by NIST as a flagship reference in its...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/048" class="paperlink" href="/2025/048">2025/048</a> <span class="ms-2"><a href="/2025/048.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>ABLE: Optimizing Mixed Arithmetic and Boolean Garbled Circuit</strong> <div class="mt-1"><span class="fst-italic">Jianqiao Cambridge Mo, Brandon Reagen</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Privacy and security have become critical priorities in many scenarios. Privacy-preserving computation (PPC) is a powerful solution that allows functions to be computed directly on encrypted data. Garbled circuit (GC) is a key PPC technology that enables secure, confidential computing. GC comes in two forms: Boolean GC supports all operations by expressing functions as logic circuits; arithmetic GC is a newer technique to efficiently compute a set of arithmetic operations like addition and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/027" class="paperlink" href="/2025/027">2025/027</a> <span class="ms-2"><a href="/2025/027.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-03</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Constant time lattice reduction in dimension 4 with application to SQIsign</strong> <div class="mt-1"><span class="fst-italic">Otto Hanyecz, Alexander Karenin, Elena Kirshanova, Péter Kutas, Sina Schaeffler</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we propose a constant time lattice reduction algorithm for integral dimension-4 lattices. Motivated by its application in the SQIsign post-quantum signature scheme, we provide for the first time a constant time LLL-like algorithm with guarantees on the length of the shortest output vector. We implemented our algorithm and ensured through various tools that it indeed operates in constant time. Our experiments suggest that in practice our implementation outputs a Minkowski...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2025/004" class="paperlink" href="/2025/004">2025/004</a> <span class="ms-2"><a href="/2025/004.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Smaug: Modular Augmentation of LLVM for MPC</strong> <div class="mt-1"><span class="fst-italic">Radhika Garg, Xiao Wang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Secure multi-party computation (MPC) is a crucial tool for privacy-preserving computation, but it is getting increasingly complicated due to recent advancements and optimizations. Programming tools for MPC allow programmers to develop MPC applications without mastering all cryptography. However, most existing MPC programming tools fail to attract real users due to the lack of documentation, maintenance, and the ability to compose with legacy codebases. In this work, we build Smaug, a modular...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/2093" class="paperlink" href="/2024/2093">2024/2093</a> <span class="ms-2"><a href="/2024/2093.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Exploring Large Integer Multiplication for Cryptography Targeting In-Memory Computing</strong> <div class="mt-1"><span class="fst-italic">Florian Krieger, Florian Hirner, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Emerging cryptographic systems such as Fully Homomorphic Encryption (FHE) and Zero-Knowledge Proofs (ZKP) are computation- and data-intensive. FHE and ZKP implementations in software and hardware largely rely on the von Neumann architecture, where a significant amount of energy is lost on data movements. A promising computing paradigm is computing in memory (CIM), which enables computations to occur directly within memory, thereby reducing data movements and energy consumption. However,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/2088" class="paperlink" href="/2024/2088">2024/2088</a> <span class="ms-2"><a href="/2024/2088.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-27</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>An Embedded Domain-Specific Language for Using One-Hot Vectors and Binary Matrices in Secure Computation Protocols</strong> <div class="mt-1"><span class="fst-italic">Andrei Lapets</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The use of secure computation protocols within production software systems and applications is complicated by the fact that such protocols sometimes rely upon -- or are most compatible with -- unusual or restricted models of computation. We employ the features of a contemporary and widely used programming language to create an embedded domain-specific language for working with user-defined functions as binary matrices that operate on one-hot vectors. At least when working with small finite...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/2056" class="paperlink" href="/2024/2056">2024/2056</a> <span class="ms-2"><a href="/2024/2056.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Exact Template Attacks with Spectral Computation</strong> <div class="mt-1"><span class="fst-italic">Meriem Mahar, Mammar Ouladj, Sylvain Guilley, Hacène Belbachir, Farid Mokrane</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The so-called Gaussian template attacks (TA) is one of the optimal Side-Channel Analyses (SCA) when the measurements are captured with normal noise. In the SCA literature, several optimizations of its implementation are introduced, such as coalescence and spectral computation. The coalescence consists of averaging traces corresponding to the same plaintext value, thereby coalescing (synonymous: compacting) the dataset. Spectral computation consists of sharing the computational workload...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/2040" class="paperlink" href="/2024/2040">2024/2040</a> <span class="ms-2"><a href="/2024/2040.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Verified Foundations for Differential Privacy</strong> <div class="mt-1"><span class="fst-italic">Markus de Medeiros, Muhammad Naveed, Tancrède Lepoint, Temesghen Kahsai, Tristan Ravitch, Stefan Zetzsche, Anjali Joshi, Joseph Tassarotti, Aws Albarghouthi, Jean-Baptiste Tristan</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Differential privacy (DP) has become the gold standard for privacy-preserving data analysis, but implementing it correctly has proven challenging. Prior work has focused on verifying DP at a high level, assuming the foundations are correct and a perfect source of randomness is available. However, the underlying theory of differential privacy can be very complex and subtle. Flaws in basic mechanisms and random number generation have been a critical source of vulnerabilities in real-world...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/2028" class="paperlink" href="/2024/2028">2024/2028</a> <span class="ms-2"><a href="/2024/2028.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Qubit Optimized Quantum Implementation of SLIM</strong> <div class="mt-1"><span class="fst-italic">Hasan Ozgur Cildiroglu, Oguz Yayla</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The advent of quantum computing has profound implications for current technologies, offering advancements in optimization while posing significant threats to cryptographic algorithms. Public-key cryptosystems relying on prime factorization or discrete logarithms are particularly vulnerable, whereas block ciphers (BCs) remain secure through increased key lengths. In this study, we introduce a novel quantum implementation of SLIM, a lightweight block cipher optimized for 32-bit plaintext and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1997" class="paperlink" href="/2024/1997">2024/1997</a> <span class="ms-2"><a href="/2024/1997.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-11</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>On format preserving encryption with nonce</strong> <div class="mt-1"><span class="fst-italic">Alexander Maximov, Jukka Ylitalo</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this short paper we consider a format preserving encryption when a nonce is available. The encryption itself mimics a stream cipher where the keystream is of a (non-binary) radix $R$. We give a few practical and efficient ways to generate such a keystream from a binary keystream generator.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1986" class="paperlink" href="/2024/1986">2024/1986</a> <span class="ms-2"><a href="/2024/1986.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Improved Quantum Analysis of ARIA</strong> <div class="mt-1"><span class="fst-italic">Yujin Oh, Kyungbae Jang, Hwajeong Seo</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">As advancements in quantum computing present potential threats to current cryptographic systems, it is necessary to reconsider and adapt existing cryptographic frameworks. Among these, Grover&#39;s algorithm reduces the attack complexity of symmetric-key encryption, making it crucial to evaluate the security strength of traditional symmetric-key systems. In this paper, we implement an efficient quantum circuit for the ARIA symmetric-key encryption and estimate the required quantum resources....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1985" class="paperlink" href="/2024/1985">2024/1985</a> <span class="ms-2"><a href="/2024/1985.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-02-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Endomorphisms for Faster Cryptography on Elliptic Curves of Moderate CM Discriminants</strong> <div class="mt-1"><span class="fst-italic">Dimitri Koshelev, Antonio Sanso</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This article generalizes the widely-used GLV decomposition for scalar multiplication to a broader range of elliptic curves with moderate CM discriminant \( D &lt; 0 \) (up to a few thousand in absolute value). Previously, it was commonly believed that this technique could only be applied efficiently for small \( D \) values (e.g., up to \( 100 \)). In practice, curves with \( j \)-invariant \( 0 \) are most frequently employed, as they have the smallest possible \( D = -3 \). This article...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1978" class="paperlink" href="/2024/1978">2024/1978</a> <span class="ms-2"><a href="/2024/1978.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>µLAM: A LLM-Powered Assistant for Real-Time Micro-architectural Attack Detection and Mitigation</strong> <div class="mt-1"><span class="fst-italic">Upasana Mandal, Shubhi Shukla, Ayushi Rastogi, Sarani Bhattacharya, Debdeep Mukhopadhyay</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The rise of microarchitectural attacks has necessitated robust detection and mitigation strategies to secure computing systems. Traditional tools, such as static and dynamic code analyzers and attack detectors, often fall short due to their reliance on predefined patterns and heuristics that lack the flexibility to adapt to new or evolving attack vectors. In this paper, we introduce for the first time a microarchitecture security assistant, built on OpenAI&#39;s GPT-3.5, which we refer to as...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1976" class="paperlink" href="/2024/1976">2024/1976</a> <span class="ms-2"><a href="/2024/1976.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-06</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>HI-CKKS: Is High-Throughput Neglected? Reimagining CKKS Efficiency with Parallelism</strong> <div class="mt-1"><span class="fst-italic">Fuyuan Chen, Jiankuo Dong, Xiaoyu Hu, Zhenjiang Dong, Wangchen Dai, Jingqiang Lin, Fu Xiao</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The proliferation of data outsourcing and cloud services has heightened privacy vulnerabilities. CKKS, among the most prominent homomorphic encryption schemes, allows computations on encrypted data, serving as a critical privacy safeguard. However, performance remains a central bottleneck, hindering widespread adoption. Existing optimization efforts often prioritize latency reduction over throughput performance. This paper presents HI-CKKS, a throughput-oriented High-performance...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1968" class="paperlink" href="/2024/1968">2024/1968</a> <span class="ms-2"><a href="/2024/1968.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SoK: Pseudorandom Generation for Masked Cryptographic Implementation</strong> <div class="mt-1"><span class="fst-italic">Rei Ueno, Naofumi Homma, Akiko Inoue, Kazuhiko Minematsu</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This paper investigates pseudorandom generation in the context of masked cryptographic implementation. Although masking and pseudorandom generators (PRGs) have been distinctly studied for a long time, little literature studies how the randomness in the masked implementation should be generated. The lack of analysis on mask-bits generators makes the practical security of masked cryptographic implementation unclear, and practitioners (e.g., designer, implementer, and evaluator) may be confused...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1948" class="paperlink" href="/2024/1948">2024/1948</a> <span class="ms-2"><a href="/2024/1948.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-02</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>ARK: Adaptive Rotation Key Management for Fully Homomorphic Encryption Targeting Memory Efficient Deep Learning Inference</strong> <div class="mt-1"><span class="fst-italic">Jia-Lin Chan, Wai-Kong Lee, Denis C.-K Wong, Wun-She Yap, Bok-Min Goi</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Advancements in deep learning (DL) not only revolutionized many aspects in our lives, but also introduced privacy concerns, because it processed vast amounts of information that was closely related to our daily life. Fully Homomorphic Encryption (FHE) is one of the promising solutions to this privacy issue, as it allows computations to be carried out directly on the encrypted data. However, FHE requires high computational cost, which is a huge barrier to its widespread adoption. Many prior...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1935" class="paperlink" href="/2024/1935">2024/1935</a> <span class="ms-2"><a href="/2024/1935.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-05</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>RevoLUT : Rust Efficient Versatile Oblivious Look-Up-Tables</strong> <div class="mt-1"><span class="fst-italic">Sofiane Azogagh, Zelma Aubin Birba, Marc-Olivier Killijian, Félix Larose-Gervais</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we present RevoLUT, a library implemented in Rust that reimagines the use of Look-Up-Tables (LUT) beyond their conventional role in function encoding, as commonly used in TFHE&#39;s programmable boostrapping. Instead, RevoLUT leverages LUTs as first class objects, enabling efficient oblivious operations such as array access, elements sorting and permutation directly within the table. This approach supports oblivious algortithm, providing a secure, privacy-preserving solution for...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1929" class="paperlink" href="/2024/1929">2024/1929</a> <span class="ms-2"><a href="/2024/1929.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>LightCROSS: A Secure and Memory Optimized Post-Quantum Digital Signature CROSS</strong> <div class="mt-1"><span class="fst-italic">Puja Mondal, Suparna Kundu, Supriya Adhikary, Angshuman Karmakar</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">CROSS is a code-based post-quantum digital signature scheme based on a zero-knowledge (ZK) framework. It is a second-round candidate of the National Institute of Standards and Technology’s additional call for standardizing post-quantum digital signatures. The memory footprint of this scheme is prohibitively large, especially for small embedded devices. In this work, we propose various techniques to reduce the memory footprint of the key generation, signature generation, and verification by...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1919" class="paperlink" href="/2024/1919">2024/1919</a> <span class="ms-2"><a href="/2024/1919.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-26</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>PASTA on Edge: Cryptoprocessor for Hybrid Homomorphic Encryption</strong> <div class="mt-1"><span class="fst-italic">Aikata Aikata, Daniel Sanz Sobrino, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Fully Homomorphic Encryption (FHE) enables privacy-preserving computation but imposes significant computational and communication overhead on the client for the public-key encryption. To alleviate this burden, previous works have introduced the Hybrid Homomorphic Encryption (HHE) paradigm, which combines symmetric encryption with homomorphic decryption to enhance performance for the FHE client. While early HHE schemes focused on binary data, modern versions now support integer prime fields,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1918" class="paperlink" href="/2024/1918">2024/1918</a> <span class="ms-2"><a href="/2024/1918.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-26</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Orion&#39;s Ascent: Accelerating Hash-Based Zero Knowledge Proof on Hardware Platforms</strong> <div class="mt-1"><span class="fst-italic">Florian Hirner, Florian Krieger, Constantin Piber, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Zero-knowledge proofs (ZKPs) are cryptographic protocols that enable one party to prove the validity of a statement without revealing the underlying data. Such proofs have applications in privacy-preserving technologies and verifiable computations. However, slow proof generation poses a significant challenge in the wide-scale adoption of ZKP. Orion is a recent ZKP scheme with linear prover time. It leverages coding theory, expander graphs, and Merkle hash trees to improve computational...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1917" class="paperlink" href="/2024/1917">2024/1917</a> <span class="ms-2"><a href="/2024/1917.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-30</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Decentralized FHE Computer</strong> <div class="mt-1"><span class="fst-italic">Gurgen Arakelov, Sergey Gomenyuk, Hovsep Papoyan</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The concept of a decentralized computer is a powerful and transformative idea that has proven its significance in enabling trustless, distributed computations. However, its application has been severely constrained by an inability to handle private data due to the inherent transparency of blockchain systems. This limitation restricts the scope of use cases, particularly in domains where confidentiality is critical. In this work, we introduce a model for a Fully Homomorphic Encryption...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1905" class="paperlink" href="/2024/1905">2024/1905</a> <span class="ms-2"><a href="/2024/1905.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>OPL4GPT: An Application Space Exploration of Optimal Programming Language for Hardware Design by LLM</strong> <div class="mt-1"><span class="fst-italic">Kimia Tasnia, Sazadur Rahman</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Despite the emergence of Large Language Models (LLMs) as potential tools for automating hardware design, the optimal programming language to describe hardware functions remains unknown. Prior works extensively explored optimizing Verilog-based HDL design, which often overlooked the potential capabilities of alternative programming languages for hardware designs. This paper investigates the efficacy of C++ and Verilog as input languages in extensive application space exploration, tasking an...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1890" class="paperlink" href="/2024/1890">2024/1890</a> <span class="ms-2"><a href="/2024/1890.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-29</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficient Modular Multiplication Hardware for Number Theoretic Transform on FPGA</strong> <div class="mt-1"><span class="fst-italic">Tolun Tosun, Selim Kırbıyık, Emre Koçer, Erkay Savaş, Ersin Alaybeyoğlu</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper, we present a comprehensive analysis of various modular multiplication methods for Number Theoretic Transform (NTT) on FPGA. NTT is a critical and time-intensive component of Fully Homomorphic Encryption (FHE) applications while modular multiplication consumes a significant portion of the design resources in an NTT implementation. We study the existing modular reduction approaches from the literature, and implement particular methods on FPGA. Specifically Word-Level Montgomery...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1880" class="paperlink" href="/2024/1880">2024/1880</a> <span class="ms-2"><a href="/2024/1880.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Cryptography Experiments In Lean 4: SHA-3 Implementation</strong> <div class="mt-1"><span class="fst-italic">Gérald Doussot</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this paper we explain how we implemented the Secure Hash Algorithm-3 (SHA-3) family of functions in Lean 4, a functional programming language and theorem prover. We describe how we used several Lean facilities including type classes, dependent types, macros, and formal verification, and then refined the design to provide a simple one-shot and streaming API for hashing, and Extendable-output functions (XOFs), to reduce potential for misuse by users, and formally prove properties about the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1875" class="paperlink" href="/2024/1875">2024/1875</a> <span class="ms-2"><a href="/2024/1875.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-16</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>mUOV: Masking the Unbalanced Oil and Vinegar Digital Sigital Signature Scheme at First- and Higher-Order</strong> <div class="mt-1"><span class="fst-italic">Suparna Kundu, Quinten Norga, Uttam Kumar Ojha, Anindya Ganguly, Angshuman Karmakar, Ingrid Verbauwhede</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The National Institute for Standards and Technology (NIST) initiated a standardization procedure for additional digital signatures and recently announced round-2 candidates for the PQ additional digital signature schemes. The multivariate digital signature scheme Unbalanced Oil and Vinegar (UOV) is one of the oldest post-quantum schemes and has been selected by NIST for Round 2. Although UOV is mathematically secure, several side-channel attacks (SCA) have been shown on the UOV or UOV-based...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1862" class="paperlink" href="/2024/1862">2024/1862</a> <span class="ms-2"><a href="/2024/1862.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-14</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>BatchZK: A Fully Pipelined GPU-Accelerated System for Batch Generation of Zero-Knowledge Proofs</strong> <div class="mt-1"><span class="fst-italic">Tao Lu, Yuxun Chen, Zonghui Wang, Xiaohang Wang, Wenzhi Chen, Jiaheng Zhang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Zero-knowledge proof (ZKP) is a cryptographic primitive that enables one party to prove the validity of a statement to other parties without disclosing any secret information. With its widespread adoption in applications such as blockchain and verifiable machine learning, the demand for generating zero-knowledge proofs has increased dramatically. In recent years, considerable efforts have been directed toward developing GPU-accelerated systems for proof generation. However, these previous...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1846" class="paperlink" href="/2024/1846">2024/1846</a> <span class="ms-2"><a href="/2024/1846.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>The LaZer Library: Lattice-Based Zero Knowledge and Succinct Proofs for Quantum-Safe Privacy</strong> <div class="mt-1"><span class="fst-italic">Vadim Lyubashevsky, Gregor Seiler, Patrick Steuer</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The hardness of lattice problems offers one of the most promising security foundations for quantum-safe cryptography. Basic schemes for public key encryption and digital signatures are already close to standardization at NIST and several other standardization bodies, and the research frontier has moved on to building primitives with more advanced privacy features. At the core of many such primi- tives are zero-knowledge proofs. In recent years, zero-knowledge proofs for (and using)...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1834" class="paperlink" href="/2024/1834">2024/1834</a> <span class="ms-2"><a href="/2024/1834.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-25</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Scutum: Temporal Verification for Cross-Rollup Bridges via Goal-Driven Reduction</strong> <div class="mt-1"><span class="fst-italic">Yanju Chen, Juson Xia, Bo Wen, Kyle Charbonnet, Hongbo Wen, Hanzhi Liu, Luke Pearson, Yu Feng</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Scalability remains a key challenge for blockchain adoption. Rollups—especially zero-knowledge (ZK) and optimistic rollups—address this by processing transactions off-chain while maintaining Ethereum’s security, thus reducing gas fees and improving speeds. Cross-rollup bridges like Orbiter Finance enable seamless asset transfers across various Layer 2 (L2) rollups and between L2 and Layer 1 (L1) chains. However, the increasing reliance on these bridges raises significant security concerns,...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1828" class="paperlink" href="/2024/1828">2024/1828</a> <span class="ms-2"><a href="/2024/1828.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-08</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Classic McEliece Hardware Implementation with Enhanced Side-Channel and Fault Resistance</strong> <div class="mt-1"><span class="fst-italic">Peizhou Gan, Prasanna Ravi, Kamal Raj, Anubhab Baksi, Anupam Chattopadhyay</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In this work, we propose the first hardware implementation of Classic McEliece protected with countermeasures against Side-Channel Attacks (SCA) and Fault Injection Attacks (FIA). Classic Mceliece is one of the leading candidates for Key Encapsulation Mechanisms (KEMs) in the ongoing round 4 of the NIST standardization process for post-quantum cryptography. In particular, we implement a range of generic countermeasures against SCA and FIA, particularly protected the vulnerable operations...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1827" class="paperlink" href="/2024/1827">2024/1827</a> <span class="ms-2"><a href="/2024/1827.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-07</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>OPTIMSM: FPGA hardware accelerator for Zero-Knowledge MSM</strong> <div class="mt-1"><span class="fst-italic">Xander Pottier, Thomas de Ruijter, Jonas Bertels, Wouter Legiest, Michiel Van Beirendonck, Ingrid Verbauwhede</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The Multi-Scalar Multiplication (MSM) is the main barrier to accelerating Zero-Knowledge applications. In recent years, hardware acceleration of this algorithm on both FPGA and GPU has become a popular research topic and the subject of a multi-million dollar prize competition (ZPrize). This work presents OPTIMSM: Optimized Processing Through Iterative Multi-Scalar Multiplication. This novel accelerator focuses on the acceleration of the MSM algorithm for any Elliptic Curve (EC) by improving...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1817" class="paperlink" href="/2024/1817">2024/1817</a> <span class="ms-2"><a href="/2024/1817.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-12</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Improved ML-DSA Hardware Implementation With First Order Masking Countermeasure</strong> <div class="mt-1"><span class="fst-italic">Kamal Raj, Prasanna Ravi, Tee Kiah Chia, Anupam Chattopadhyay</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We present the protected hardware implementation of the Module-Lattice-Based Digital Signature Standard (ML-DSA). ML-DSA is an extension of Dilithium 3.1, which is the winner of the Post Quantum Cryptography (PQC) competition in the digital signature category. The proposed design is based on the existing high-performance Dilithium 3.1 design. We implemented existing Dilithium masking gadgets in hardware, which were only implemented in software. The masking gadgets are integrated with the...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1796" class="paperlink" href="/2024/1796">2024/1796</a> <span class="ms-2"><a href="/2024/1796.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-12-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Isogeny interpolation and the computation of isogenies from higher dimensional representations</strong> <div class="mt-1"><span class="fst-italic">David Jao, Jeanne Laflamme</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The Supersingular Isogeny Diffie-Hellman (SIDH) scheme is a public key cryptosystem that was submitted to the National Institute of Standards and Technology&#39;s competition for the standardization of post-quantum cryptography protocols. The private key in SIDH consists of an isogeny whose degree is a prime power. In July 2022, Castryck and Decru discovered an attack that completely breaks the scheme by recovering Bob&#39;s secret key, using isogenies between higher dimensional abelian varieties to...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1792" class="paperlink" href="/2024/1792">2024/1792</a> <span class="ms-2"><a href="/2024/1792.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-02</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Towards Explainable Side-Channel Leakage: Unveiling the Secrets of Microarchitecture</strong> <div class="mt-1"><span class="fst-italic">Ischa Stork, Vipul Arora, Łukasz Chmielewski, Ileana Buhan</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We explore the use of microbenchmarks, small assembly code snippets, to detect microarchitectural side-channel leakage in CPU implementations. Specifically, we investigate the effectiveness of microbenchmarks in diagnosing the predisposition to side-channel leaks in two commonly used RISC-V cores: Picorv32 and Ibex. We propose a new framework that involves diagnosing side-channel leaks, identifying leakage points, and constructing leakage profiles to understand the underlying causes. We...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1777" class="paperlink" href="/2024/1777">2024/1777</a> <span class="ms-2"><a href="/2024/1777.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-23</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Masking Gaussian Elimination at Arbitrary Order, with Application to Multivariate- and Code-Based PQC</strong> <div class="mt-1"><span class="fst-italic">Quinten Norga, Suparna Kundu, Uttam Kumar Ojha, Anindya Ganguly, Angshuman Karmakar, Ingrid Verbauwhede</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Digital signature schemes based on multivariate- and code-based hard problems are promising alternatives for lattice-based signature schemes, due to their small signature size. Gaussian Elimination (GE) is a critical operation in the signing procedure of these schemes. In this paper, we provide a masking scheme for GE with back substitution to defend against first- and higher-order attacks. To the best of our knowledge, this work is the first to analyze and propose masking techniques for...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1768" class="paperlink" href="/2024/1768">2024/1768</a> <span class="ms-2"><a href="/2024/1768.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Push-Button Verification for BitVM Implementations</strong> <div class="mt-1"><span class="fst-italic">Hanzhi Liu, Jingyu Ke, Hongbo Wen, Luke Pearson, Robin Linus, Lukas George, Manish Bista, Hakan Karakuş, Domo, Junrui Liu, Yanju Chen, Yu Feng</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Bitcoin, while being the most prominent blockchain with the largest market capitalization, suffers from scalability and throughput limitations that impede the development of ecosystem projects like Bitcoin Decentralized Finance (BTCFi). Recent advancements in BitVM propose a promising Layer 2 (L2) solution to enhance Bitcoin&#39;s scalability by enabling complex computations off-chain with on-chain verification. However, Bitcoin&#39;s constrained programming environment—characterized by its...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1754" class="paperlink" href="/2024/1754">2024/1754</a> <span class="ms-2"><a href="/2024/1754.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-01</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>PQNTRU: Acceleration of NTRU-based Schemes via Customized Post-Quantum Processor</strong> <div class="mt-1"><span class="fst-italic">Zewen Ye, Junhao Huang, Tianshun Huang, Yudan Bai, Jinze Li, Hao Zhang, Guangyan Li, Donglong Chen, Ray C.C. Cheung, Kejie Huang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Post-quantum cryptography (PQC) has rapidly evolved in response to the emergence of quantum computers, with the US National Institute of Standards and Technology (NIST) selecting four finalist algorithms for PQC standardization in 2022, including the Falcon digital signature scheme. The latest round of digital signature schemes introduced Hawk, both based on the NTRU lattice, offering compact signatures, fast generation, and verification suitable for deployment on resource-constrained...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1740" class="paperlink" href="/2024/1740">2024/1740</a> <span class="ms-2"><a href="/2024/1740.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-11-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>OpenNTT: An Automated Toolchain for Compiling High-Performance NTT Accelerators in FHE</strong> <div class="mt-1"><span class="fst-italic">Florian Krieger, Florian Hirner, Ahmet Can Mert, Sujoy Sinha Roy</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Modern cryptographic techniques such as fully homomorphic encryption (FHE) have recently gained broad attention. Most of these cryptosystems rely on lattice problems wherein polynomial multiplication forms the computational bottleneck. A popular method to accelerate these polynomial multiplications is the Number-Theoretic Transformation (NTT). Recent works aim to improve the practical deployability of NTT and propose toolchains supporting the NTT hardware accelerator design processes....</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1732" class="paperlink" href="/2024/1732">2024/1732</a> <span class="ms-2"><a href="/2024/1732.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-04</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Radical 2-isogenies and cryptographic hash functions in dimensions 1, 2 and 3</strong> <div class="mt-1"><span class="fst-italic">Sabrina Kunzweiler, Luciano Maino, Tomoki Moriya, Christophe Petit, Giacomo Pope, Damien Robert, Miha Stopar, Yan Bo Ti</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We provide explicit descriptions for radical 2-isogenies in dimensions one, two and three using theta coordinates. These formulas allow us to efficiently navigate in the corresponding isogeny graphs. As an application of this, we implement different versions of the CGL hash func- tion. Notably, the three-dimensional version is fastest, which demonstrates yet another potential of using higher dimensional isogeny graphs in cryptography.</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1729" class="paperlink" href="/2024/1729">2024/1729</a> <span class="ms-2"><a href="/2024/1729.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-22</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>cuTraNTT: A Novel Transposed Number Theoretic Transform Targeting Low Latency Homomorphic Encryption for IoT Applications</strong> <div class="mt-1"><span class="fst-italic">Supriya Adhikary, Wai Kong Lee, Angshuman Karmakar, Yongwoo Lee, Seong Oun Hwang, Ramachandra Achar</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Large polynomial multiplication is one of the computational bottlenecks in fully homomorphic encryption implementations. Usually, these multiplications are implemented using the number-theoretic transformation to speed up the computation. State-of-the-art GPU-based implementation of fully homomorphic encryption computes the number theoretic transformation in two different kernels, due to the necessary synchronization between GPU blocks to ensure correctness in computation. This can be a...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1718" class="paperlink" href="/2024/1718">2024/1718</a> <span class="ms-2"><a href="/2024/1718.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Drifting Towards Better Error Probabilities in Fully Homomorphic Encryption Schemes</strong> <div class="mt-1"><span class="fst-italic">Olivier Bernard, Marc Joye, Nigel P. Smart, Michael Walter</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">There are two security notions for FHE schemes the traditional notion of IND-CPA, and a more stringent notion of IND-CPA$^D$. The notions are equivalent if the FHE schemes are perfectly correct, however for schemes with negligible failure probability the FHE parameters needed to obtain IND-CPA$^D$ security can be much larger than those needed to obtain IND-CPA security. This paper uses the notion of ciphertext drift in order to understand the practical difference between IND-CPA and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1698" class="paperlink" href="/2024/1698">2024/1698</a> <span class="ms-2"><a href="/2024/1698.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-21</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Computational Analysis of Plausibly Post-Quantum-Secure Recursive Arguments of Knowledge</strong> <div class="mt-1"><span class="fst-italic">Dustin Ray, Paulo L. Barreto</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">With the recent standardization of post-quantum cryptographic algorithms, research efforts have largely remained centered on public key exchange and encryption schemes. Argument systems, which allow a party to efficiently argue the correctness of a computation, have received comparatively little attention regarding their quantum-resilient design. These computational integrity frameworks often rely on cryptographic assumptions, such as pairings or group operations, which are vulnerable to...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1667" class="paperlink" href="/2024/1667">2024/1667</a> <span class="ms-2"><a href="/2024/1667.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Overlapped Bootstrapping for FHEW/TFHE and Its Application to SHA3</strong> <div class="mt-1"><span class="fst-italic">Deokhwa Hong, Youngjin Choi, Yongwoo Lee, Young-Sik Kim</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Homomorphic Encryption (HE) enables operations on encrypted data without requiring decryption, thus allowing for secure handling of confidential data within smart contracts. Among the known HE schemes, FHEW and TFHE are particularly notable for use in smart contracts due to their lightweight nature and support for arbitrary logical gates. In contrast, other HE schemes often require several gigabytes of keys and are limited to supporting only addition and multiplication. As a result, there...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1649" class="paperlink" href="/2024/1649">2024/1649</a> <span class="ms-2"><a href="/2024/1649.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-13</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Multiplying Polynomials without Powerful Multiplication Instructions (Long Paper)</strong> <div class="mt-1"><span class="fst-italic">Vincent Hwang, YoungBeom Kim, Seog Chung Seo</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We improve the performance of lattice-based cryptosystems Dilithium on Cortex-M3 with expensive multiplications. Our contribution is two-fold: (i) We generalize Barrett multiplication and show that the resulting shape-independent modular multiplication performs comparably to long multiplication on some platforms without special hardware when precomputation is free. We call a modular multiplication “shape-independent” if its correctness and efficiency depend only on the magnitude of moduli...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1648" class="paperlink" href="/2024/1648">2024/1648</a> <span class="ms-2"><a href="/2024/1648.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-15</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>SIMD-style Sorting of Integer Sequence in RLWE Ciphertext</strong> <div class="mt-1"><span class="fst-italic">Zijing Li, Hongbo Li, Zhengyang Wang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">This article discusses fully homomorphic encryption and homomorphic sorting. Homomorphic encryption is a special encryption technique that allows all kinds of operations to be performed on ciphertext, and the result is still decryptable, such that when decrypted, the result is the same as that obtained by performing the same operation on the plaintext. Homomorphic sorting is an important problem in homomorphic encryption. Currently, there has been a volume of work on homomorphic sorting. In...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1633" class="paperlink" href="/2024/1633">2024/1633</a> <span class="ms-2"><a href="/2024/1633.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-11</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficient Boolean-to-Arithmetic Mask Conversion in Hardware</strong> <div class="mt-1"><span class="fst-italic">Aein Rezaei Shahmirzadi, Michael Hutter</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Masking schemes are key in thwarting side-channel attacks due to their robust theoretical foundation. Transitioning from Boolean to arithmetic (B2A) masking is a necessary step in various cryptography schemes, including hash functions, ARX-based ciphers, and lattice-based cryptography. While there exists a significant body of research focusing on B2A software implementations, studies pertaining to hardware implementations are quite limited, with the majority dedicated solely to creating...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1629" class="paperlink" href="/2024/1629">2024/1629</a> <span class="ms-2"><a href="/2024/1629.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-11</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Efficient Key-Switching for Word-Type FHE and GPU Acceleration</strong> <div class="mt-1"><span class="fst-italic">Shutong Jin, Zhen Gu, Guangyan Li, Donglong Chen, Çetin Kaya Koç, Ray C. C. Cheung, Wangchen Dai</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Speed efficiency, memory optimization, and quantum resistance are essential for safeguarding the performance and security of cloud computing environments. Fully Homomorphic Encryption (FHE) addresses this need by enabling computations on encrypted data without requiring decryption, thereby maintaining data privacy. Additionally, lattice-based FHE is quantum secure, providing defense against potential quantum computer attacks. However, the performance of current FHE schemes remains...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1623" class="paperlink" href="/2024/1623">2024/1623</a> <span class="ms-2"><a href="/2024/1623.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-10</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>General Functional Bootstrapping using CKKS</strong> <div class="mt-1"><span class="fst-italic">Andreea Alexandru, Andrey Kim, Yuriy Polyakov</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The Ducas-Micciancio (DM/FHEW) and Chilotti-Gama-Georgieva-Izabachène (CGGI/TFHE) cryptosystems provide a general privacy-preserving computation capability. These fully homomorphic encryption (FHE) cryptosystems can evaluate an arbitrary function expressed as a general look-up table (LUT) via the method of functional bootstrapping (also known as programmable bootstrapping). The main limitation of DM/CGGI functional bootstrapping is its efficiency because this procedure has to bootstrap every...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1584" class="paperlink" href="/2024/1584">2024/1584</a> <span class="ms-2"><a href="/2024/1584.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-07</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Block Ciphers in Idealized Models: Automated Proofs and New Security Results</strong> <div class="mt-1"><span class="fst-italic">Miguel Ambrona, Pooya Farshim, Patrick Harasser</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We develop and implement AlgoROM, a tool to systematically analyze the security of a wide class of symmetric primitives in idealized models of computation. The schemes that we consider are those that can be expressed over an alphabet consisting of XOR and function symbols for hash functions, permutations, or block ciphers. We implement our framework in OCaml and apply it to a number of prominent constructions, which include the Luby–Rackoff (LR), key-alternating Feistel (KAF), and...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1561" class="paperlink" href="/2024/1561">2024/1561</a> <span class="ms-2"><a href="/2024/1561.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-07</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>FLUENT: A Tool for Efficient Mixed-Protocol Semi-Private Function Evaluation</strong> <div class="mt-1"><span class="fst-italic">Daniel Günther, Joachim Schmidt, Thomas Schneider, Hossein Yalame</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">In modern business to customer interactions, handling private or confidential data is essential. Private Function Evaluation (PFE) protocols ensure the privacy of both the customers&#39; input data and the business&#39; function evaluated on it which is often sensitive intellectual property (IP). However, fully hiding the function in PFE results in high performance overhead. Semi-Private Function Evaluation (SPFE) is a generalization of PFE to only partially hide the function, whereas specific...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1546" class="paperlink" href="/2024/1546">2024/1546</a> <span class="ms-2"><a href="/2024/1546.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-03</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Bit t-SNI Secure Multiplication Gadget for Inner Product Masking</strong> <div class="mt-1"><span class="fst-italic">John Gaspoz, Siemen Dhooghe</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Masking is a sound countermeasure to protect against differential power analysis. Since the work by Balasch et al. in ASIACRYPT 2012, inner product masking has been explored as an alternative to the well known Boolean masking. In CARDIS 2017, Poussier et al. showed that inner product masking achieves higher-order security versus Boolean masking, for the same shared size, in the bit-probing model. Wang et al. in TCHES 2020 verified the inner product masking&#39;s security order amplification in...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1543" class="paperlink" href="/2024/1543">2024/1543</a> <span class="ms-2"><a href="/2024/1543.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-10-02</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>HEonGPU: a GPU-based Fully Homomorphic Encryption Library 1.0</strong> <div class="mt-1"><span class="fst-italic">Ali Şah Özcan, Erkay Savaş</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">HEonGPU is a high-performance library designed to optimize Fully Homomorphic Encryption (FHE) operations on Graphics Processing Unit (GPU). By leveraging the parallel processing capac- ity of GPUs, HEonGPU significantly reduces the computational overhead typically associated with FHE by executing complex operation concurrently. This allows for faster execution of homomorphic computations on encrypted data, enabling real-time applications in privacy-preserving machine learn- ing and secure...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1521" class="paperlink" href="/2024/1521">2024/1521</a> <span class="ms-2"><a href="/2024/1521.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-03-20</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>The SMAesH dataset</strong> <div class="mt-1"><span class="fst-italic">Gaëtan Cassiers, Charles Momin</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Datasets of side-channel leakage measurements are widely used in research to develop and benchmark side-channel attack and evaluation methodologies. Compared to using custom and/or one-off datasets, widely-used and publicly available datasets improve research reproducibility and comparability. Further, performing high-quality measurements requires specific equipment and skills, while also taking a significant amount of time. Therefore, using publicly available datasets lowers the barriers...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1515" class="paperlink" href="/2024/1515">2024/1515</a> <span class="ms-2"><a href="/2024/1515.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-09-26</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Optimized Software Implementation of Keccak, Kyber, and Dilithium on RV{32,64}IM{B}{V}</strong> <div class="mt-1"><span class="fst-italic">Jipeng Zhang, Yuxing Yan, Junhao Huang, Çetin Kaya Koç</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">With the standardization of NIST post-quantum cryptographic (PQC) schemes, optimizing these PQC schemes across various platforms presents significant research value. While most existing software implementation efforts have concentrated on ARM platforms, research on PQC implementations utilizing various RISC-V instruction set architectures (ISAs) remains limited. In light of this gap, this paper proposes comprehensive and efficient optimizations of Keccak, Kyber, and Dilithium on...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1498" class="paperlink" href="/2024/1498">2024/1498</a> <span class="ms-2"><a href="/2024/1498.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-09-24</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Practical Implementation of Pairing-Based zkSNARK in Bitcoin Script</strong> <div class="mt-1"><span class="fst-italic">Federico Barbacovi, Enrique Larraia, Paul Germouty, Wei Zhang</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">Groth16 is a pairing-based zero-knowledge proof scheme that has a constant proof size and an efficient verification algorithm. Bitcoin Script is a stack-based low-level programming language that is used to lock and unlock bitcoins. In this paper, we present a practical implementation of the Groth16 verifier in Bitcoin Script deployable on the mainnet of a Bitcoin blockchain called BSV. Our result paves the way for a framework of verifiable computation on Bitcoin: a Groth16 proof is generated...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1457" class="paperlink" href="/2024/1457">2024/1457</a> <span class="ms-2"><a href="/2024/1457.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-09-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>A Combined Design of 4-PLL-TRNG and 64-bit CDC-7-XPUF on a Zynq-7020 SoC</strong> <div class="mt-1"><span class="fst-italic">Oğuz Yayla, Yunus Emre Yılmaz</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">True Random Number Generators (TRNGs) and Physically Unclonable Functions (PUFs) are critical hardware primitives for cryptographic systems, providing randomness and device-specific security. TRNGs require complete randomness, while PUFs rely on consistent, device-unique responses. In this work, both primitives are implemented on a System-on-Chip Field-Programmable Gate Array (SoC FPGA), leveraging the integrated Phase-Locked Loops (PLLs) for robust entropy generation in PLLbased TRNGs. A...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1449" class="paperlink" href="/2024/1449">2024/1449</a> <span class="ms-2"><a href="/2024/1449.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2024-09-18</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Marian: An Open Source RISC-V Processor with Zvk Vector Cryptography Extensions</strong> <div class="mt-1"><span class="fst-italic">Thomas Szymkowiak, Endrit Isufi, Markku-Juhani Saarinen</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">The RISC-V Vector Cryptography Extensions (Zvk) were ratified in 2023 and integrated into the main ISA manuals in 2024. These extensions support high-speed symmetric cryptography (AES, SHA2, SM3, SM4) operating on the vector register file and offer significant performance improvements over scalar cryptography extensions (Zk) due to data parallelism. As a ratified extension, Zvk is supported by compiler toolchains and is already being integrated into popular cryptographic middleware such as...</p> </div> </div> <div class="mb-4"> <div class="d-flex"><a title="2024/1444" class="paperlink" href="/2024/1444">2024/1444</a> <span class="ms-2"><a href="/2024/1444.pdf">(PDF)</a></span> <small class="ms-auto">Last updated: 2025-01-19</small> </div> <div class="ms-md-4"> <div class="d-flex flex-column flex-md-row justify-content-between"> <div> <strong>Attestation Proof of Association – provability that attestation keys are bound to the same hardware and person</strong> <div class="mt-1"><span class="fst-italic">Eric Verheul</span></div> </div> <div class="float-end mt-1 ms-md-3"> <small class="badge category category-IMPLEMENTATION">Implementation</small> </div> </div> <p class="mb-0 mt-1 search-abstract">We propose a wallet provider issued attestation called Wallet Trust Evidence (WTE) and three related specific instructions for the European Digital Identity (EUDI) Wallet cryptographic hardware, most notably the generation of a Proof of Association (PoA). These allow the EUDI Wallet providing verifiable assurance to third parties (issuers, relying parties) that attestation private keys are not only bound to conformant cryptographic hardware but also that they are bound to the same such...</p> </div> </div> <div class="w-75 mx-auto"> <ul class="pagination mt-5 mb-5"> <li class="page-item active"><span class="page-link">1</span></li> <li class="page-item"><a rel="nofollow" class="page-link" href="/search?category=IMPLEMENTATION&amp;offset=100">2</a></li> <li class="page-item"><span class="page-link">...</span></li> <li class="page-item"><a rel="nofollow" class="page-link" href="/search?category=IMPLEMENTATION&amp;offset=2000">21</a></li> <li class="page-item"> <a rel="nofollow" class="page-link" href="/search?category=IMPLEMENTATION&amp;offset=100">Next »</a> </li> </ul> </div> </div> </div> </div> <script> document.getElementById('clearButton').addEventListener('click', function(ev) { document.querySelectorAll('input').forEach(el => { el.value = ''; }); document.getElementById('category').selectedIndex = "0"; }); function validateForm() { // check that dates are compatible. let submittedAfter = document.getElementById('submittedafter'); let submittedBefore = document.getElementById('submittedbefore'); let revisedAfter = document.getElementById('revisedafter'); let revisedBefore = document.getElementById('revisedbefore'); if (submittedAfter.value && submittedBefore.value && submittedAfter.value > submittedBefore.value) { submittedAfter.classList.add('is-invalid'); submittedBefore.classList.add('is-invalid'); return false; } if (revisedAfter.value && revisedBefore.value && revisedAfter.value > revisedBefore.value) { revisedAfter.classList.add('is-invalid'); revisedBefore.classList.add('is-invalid'); return false; } if (revisedBefore.value && submittedAfter.value && revisedBefore.value < submittedAfter.value) { revisedBefore.classList.add('is-invalid'); submittedAfter.classList.add('is-invalid'); return false; } return true; } </script> <script src="/js/mark.min.js"></script> <script> var instance = new Mark("div.results"); let urlParams = new URLSearchParams(window.location.search); if (urlParams.get('q')) { instance.mark(urlParams.get('q')); } if (urlParams.get('title')) { instance.mark(urlParams.get('title')); } if (urlParams.get('authors')) { instance.mark(urlParams.get('authors')); } </script> <!-- --> </main> <div class="container-fluid mt-auto" id="eprintFooter"> <a href="https://iacr.org/"> <img id="iacrlogo" src="/img/iacrlogo_small.png" class="img-fluid d-block mx-auto" alt="IACR Logo"> </a> <div class="colorDiv"></div> <div class="alert alert-success w-75 mx-auto"> Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content. </div> </div> <script src="/css/bootstrap/js/bootstrap.bundle.min.js"></script> <script> var topNavbar = document.getElementById('topNavbar'); if (topNavbar) { document.addEventListener('scroll', function(e) { if (window.scrollY > 100) { topNavbar.classList.add('scrolled'); } else { topNavbar.classList.remove('scrolled'); } }) } </script> </body> </html>