Cryptography is the science and practice of designing computation and communication systems in the presence of adversaries. This session includes presentations on multiple aspects of state-of-the-art cryptography. On the one hand, it will cover mathematical advances on techniques underlying the design and cryptanalysis of cryptographic primitives and protocols. These techniques often rely on results from number theory, coding theory, algebraic geometry, and combinatorics. On the other hand, it will address problems and solutions that arise when applying these mathematical results to the real world, including protocol design, computationally hard problems, and provable security.
La criptografía es la ciencia que estudia la seguridad de la computación y de las comunicaciones en presencia de adversarios. Esta sesión incluye ponencias sobre múltiples aspectos de la criptografía actual. Por un lado, se tratarán avances matemáticos en técnicas que subyacen al diseño y criptoanálisis de primitivas y protocolos criptográficos. Estas técnicas frecuentemente se basan en resultados de teoría de números, teoría de códigos, geometría algebraica y combinatoria. Por otro lado, se plantearán problemas y soluciones que surgen al aplicar estos resultados matemáticos al mundo real, como el diseño de protocolos, los problemas computacionalmente difíciles, y la seguridad demostrable.
94-06
(primary)
94A15; 94A60; 94B05
(secondary)
1.A (0.6)
1.B (0.6)
1.C (0.6)
In this talk we present an alternative Unauthenticated Model, intended to build a security framework to cover protocols whose specifics may not concur with those of already existing models for authenticated exchanges. This new model is constructed from the notion of commitment schemes, employing ephemeral information, therefore avoiding the exchange of long-term cryptographic material. From this model, we propose a number of key exchange protocols, formalizing their security under this model.
Joint work with David Domingo Martín and Iván Blanco Chacón.
The construction of invertible low-multiplicative non-linear layers over $\mathbb{F}_p^n$ is crucial for the design of symmetric primitives targeting Multi Party Computation, Zero-Knowledge proofs and Fully Homomorphic Encryption. We generalize a construction recently studied by constructing a shift invariant lifting over finite fields via multiple local maps of degree $\leq2$. We prove that if $n \geq 3$, then $\mathcal{S}_{F_0,F_1}$ is never invertible unless it is a Type-II Feistel scheme.
Joint work with Lorenzo Grassi, Silvia Onofri and Marco Pedicini.
We study how to extend strong end-to-end security for data in transit to shared data at rest, such as for message backups and file sharing. We introduce Group Key Progression (GKP), a primitive which enables a (dynamic) group of users to agree on a persistent sequence of keys efficiently. Our construction Grappa satisfies post-compromise security and interval access control, a new notion that describes how group changes translate into access to keys in the sequence.
Joint work with Matilda Backendal and Miro Haller.
In weighted threshold access structures, each party has a weight, and subsets are authorized if their combined weight reaches a threshold. For these access structures, existing secret sharing schemes result in large shares that scale linearly with the weights. To improve efficiency, the access structure can be approximated. This talk focuses on balancing efficiency and accuracy in such approximations by using techniques based on the Chow parameters
Joint work with Oriol Farràs.
We prove lower bounds on the communication cost of maintaining a shared key among a group of users and consider primitives like multicast encryption (ME) and continuous group-key agreement (CGKA). These are round-based primitives in which users can be added or removed from the group and its members in a given round agree on a key that should not be possible to derive by non-members. We prove our results in a combinatorial model that also implies lower bounds in a symbolic model for ME and CGKA.
Joint work with Michael Anastos, Benedikt Auerbach, Mirza Ahad Baig, Matthew Kwan, Guillermo Pascual-Perez and Krzysztof Pietrzak.
Formal modeling uses computational logic to verify software systems. In the context of cryptographic protocols, it is used to determine whether an intruder can gain some knowledge from the exchange of information between participants by reasoning about the algebraic properties of their cryptographic primitives. In this talk, we will give an overview of how these models can be used to detect vulnerabilities in cryptographic protocols and how their analysis can be automated with Maude-NPA.
Joint work with Santiago Escobar.
Lattice-based cryptography is currently one of the most relevant fields of development in terms of public key cryptosystems. The security of these cryptosystems (like ML-KEM or Frodo-KEM) is based on the difficulty of solving hard lattice problems (LWE or SVP). The relationship between the parameters, the derived lattice problem and the security derived from these assumptions are the topics considered for this conference.
Threshold Homomorphic Encryption is a good fit for private federated average aggregation, a key operation in Federated Learning. Despite its potential, recent studies show that threshold schemes in mainstream HE libraries can introduce security vulnerabilities if an adversary has access to a restricted decryption oracle. We survey the use of threshold RLWE-based HE for federated average aggregation and examine the performance impact of using smudging noise with large variance as countermeasure.
We explore advancements in symmetric cryptography, focusing on Symmetric Techniques for Advanced Protocols (STAP). STAPs are ciphers designed for improving efficiency in cryptographic protocols such as ZK-proofs, FHE, and MPC. We evaluate the security of new STAPs against algebraic attacks, including a key recovery attack on the Rubato cipher family, and efficient Gröbner basis attacks for solving polynomial equations in primitives like Arion, Griffin, and Anemoi.
Following the attack on the DME scheme by D. Smith-Tone et al., we are working to determine whether it can be adapted to DME-minus, a variant of the DME where only the even-indexed components of the public key are available. The resulting system of equations for recovering an equivalent last round is similar to that of DME but with half the number of equations. This talk will focus on studying the complexity of solving such a system.
Joint work with I. Luengo and M. Avendaño.
We study some security notions of a McEliece cryptosystem based on convolutional codes: Indistinguishability under Chosen-Plaintext Attacks (IND-CPA), Indistinguishability under Adaptive Chosen-Ciphertext Attacks (IND-CCA2), Non-Malleability under Adaptive Chosen-Ciphertext Attacks (NM-CCA2), and Indistinguishability of Keys under Chosen-Plaintext Attacks (IK-CPA). We show that they are not satisfied. Thus, the cryptosystem should not be used in practice unless proper conversions are applied.
Joint work with Paulo Almeida and Diego Napp.