home.social
Sign in Create account

#eprint — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #eprint, aggregated by home.social.

  1. The Shufflecake Project @shufflecake ·

    💥 ❤️ 📣 New updated revision of the research paper 📣 ❤️ 💥 available on eprint.iacr.org/2023/1529 and arxiv.org/abs/2310.04589 (still not out, scheduled next Monday) which tracks changes up to software v0.4.5 and clarifies that the described scheme is the `Legacy' version of Shufflecake, and that future versions might deviate from the paper (*ah-ehm*... Lite *cough*). Also typo fixes and language improvements.

    #shufflecake #iacr #eprint #arxiv
  2. Aleksei Udovenko @[email protected] ·

    #whitebox #crypto #paper

    Some advertisement for our TCHES 2024 paper (joint work with Alex Charlès, who will present it):

    "White-box filtering attacks breaking SEL masking: from exponential to polynomial time" ( #eprint ia.cr/2024/691 )

    SEL masking scheme (TCHES 2021) is a nonlinear Boolean masking scheme representing a secret s as

    s = x_1 x_2 ... x_d + y_1 + y_2 + ... + y_ell

    How to break this scheme efficiently in a white-box setting only using computational traces? Standard approaches are exponenitan in the degree d (algebraic attack), number of linear shares ell (combinatorial attacks), or window size w (LPN, see my previous tweets).

    In this paper we uncover a critical weakness of the scheme: the multiplicative variables are too sensitive to be exposed in clear. To exploit this, guess the location of one of these shares inside the window, and filter traces by keeping those where it is equal to 0. In this restriction, the multiplicative shares are all nullified and we can apply a plain linear algebraic (LDA) attack. This only costs O(w^4) irrespectively of d and ell!

    The conclusion is that the multiplicative shares must also be splitted into linear shares or some other representation, which would prevent this kind of attack.

    The paper also offers other LDA-related optimizations and higher-order attack variants, so I invite everyone to have a look and/or attend the talk at CHES in September.

    #eprint #paper #crypto #whitebox
  3. stf @[email protected] ·

    amazing, NXP is working on ISA extensions for RISC-V to make the number theoretic transform (NTT) more efficient: eprint.iacr.org/2023/1505

    this makes #dilithium and #kyber more performant by reducing the cycle count by more than 80%.

    #crypto #eprint

    #dilithium #kyber #crypto #eprint