Days:
previous day
next day
all days
| 10:30-10:54 |
On the necessity of pre-agreed secrets for thwarting last-minute coercion: vulnerabilities and lessons from the Loki e-voting protocol (abstract) 24 min
1 The University of Edinburgh
2 University of Glasgow
ABSTRACT. Coercion-resistance (CR) is a crucial security property in e-voting systems. It ensures that an attacker cannot compel a voter to vote in a specific way by using threats or rewards. The Loki e-voting protocol, proposed by Giustolisi \emph{et al.} at IEEE S\&P (2024), introduces a novel design that mitigates last-minute coercion through a re-voting mechanism. It also aims to address the usability issues of the seminal JCJ e-voting protocol, specifically: i) the requirement that voters can store and hide pre-agreed credentials, and ii) the ability of voters to convincingly lie while being coerced. In this work, we identify two vulnerabilities in Loki. The first is a brute-force attack that compromises the integrity of the evasion strategy. Specifically, this attack allows an adversary to cast a ballot on behalf of their victim in a way that the evasion strategy cannot defend against, rendering it ineffective. The second vulnerability is a forced abstention attack, which allows an adversary to detect when their victim has complied with their instruction not to vote. We generalise the integrity attack to reveal a fundamental dilemma: without pre-agreed secret credentials, it is not possible to prevent last-minute coercion. Finally, we show how reverting to pre-agreed secret credentials fixes the aforementioned vulnerabilities and discuss the trade-off between tallying efficiency and stronger trust assumptions. |
| 10:54-11:18 |
Setup Protocols for Sender Anonymity (abstract) 24 min
1 Tufts University
2 Rensselaer Polytechnic Institute
ABSTRACT. Anonymous communication is essential for secure and private interactions over public networks. Existing solutions that provide provable anonymity rely on the so-called simple I/O setting, where every participant sends and receives the same number of messages, masking their true communication pattern. The only known way to enforce this setting is through dialing protocols. Such protocols establish pairwise conversations, but each recipient inevitably learns who attempted to contact them, violating sender anonymity, the guaranty that even the recipient cannot determine who attempted to contact them. In this work, we introduce the notion of enhanced dialing protocols, a broad class of protocols that enforce the simple I/O setting. We also initiate the first formal study of such protocols with respect to sender anonymity. We introduce a framework that captures three key properties: security, correctness, and fairness. Within this framework, we present Fusion, a protocol that achieves perfect correctness and fairness while incurring only unavoidable leakage, and Fusion+, a differentially private variant that reduces this leakage at the cost of some correctness. Through theoretical analysis, we quantify the fundamental trade-off between privacy and correctness in Fusion+. |
| 11:18-11:42 |
Simultaneously Proving Privacy and Verifiability: A ProVerif Framework for Internet Voting (abstract) 24 min
1 University of Oxford
2 CNRS Nancy
3 INRIA Nancy
ABSTRACT. Electronic voting aims to guarantee the same security properties than traditional paper-based voting, namely vote privacy and verifiability. While the formal verification of security protocols is now a mature filed with several powerful tools such as ProVerif or Tamarin, verifying voting protocols still pushes existing tools at their limits. We present in this work a proof framework for ProVerif that models an extensible election setting with an unbounded number of concurrent elections, voters and votes. We also develop a library of lemmas to aid the automatic verification. Crucially, the framework allows to reuse the same protocol model for both privacy and verifiability proofs. We apply the framework to several protocols of the literature and industry, showing the flexibility and applicability of our framework. |
| 11:42-12:06 |
Beyond Blockchain Ballots: UC-Secure Layer-2 Voting and Governance (abstract) 24 min
1 None
2 Input Output
3 University of Edinburgh and Input Output
ABSTRACT. Maintaining a decentralized system requires a collective governance mechanism that allows the participants to agree on possible changes to the system. In particular, the governance mechanism should offer a voting functionality that allows the casting, collection, and tallying of votes in a confidential yet verifiable manner. Scaling this functionality for many millions of participants in a cost-effective manner is a critical requirement for permissionless blockchains that is currently still unmet. We put forward a ``layer-2'' approach to meet this requirement in the setting where a permissionless blockchain acts as the fall back ``layer-1'' mechanism. Specifically the key to our approach to scalability is that the protocol is realized in layer-2 fashion, i.e., the bulk part of the protocol is executed off-chain, but additionally secured on the blockchain with a minimal footprint. We prove our protocol secure in the universal composability (UC) framework. First, we formalize a governance ideal functionality $F_{L2Gov}$. Our definition offers high levels of confidentiality and verifiability. Moreover, in case of misbehavior, it is designed to allow attribution of faults so that appropriate action (such as slashing of on-chain funds) can be taken. Second, we demonstrate that our protocol UC-realizes the $F_{L2Gov}$ functionality based on a blockchain, an off-chain bulletin-board, a distributed homomorphic encryption functionality ($F_{DHE}$), and a number of other standard hybrids. To the best of our knowledge, this work presents the first blockchain layer-2 voting protocol with a rigorous security analysis. We also point out some challenges that arise when applying the UC framework to layer-2 protocols. |
| 12:06-12:30 |
BlindReview: Anonymous and End-to-End Verifiable Peer Review (abstract) 24 min
1 INSA Centre Val de Loire, Inria
2 Lancaster University
3 Royal Holloway, University of London
ABSTRACT. We introduce BlindReview, an anonymous and end-to-end verifiable peer review system that cryptographically guarantees both privacy and auditability through-out the reviewing process. We formally define these security properties and provide rigorous proofs that BlindReview satisfies them. We also present an implementation demonstrating our protocol’s practicality. This work serves as a foundation for verifiable and privacy-preserving peer review, offering a concrete solution to enhance transparency and reduce bias in the academic peer review process. |
| 14:00-14:24 |
A Composable Game-Theoretic Framework for Blockchains (abstract) 24 min
1 TU Wien
2 TU Wien & Common Prefix
ABSTRACT. Blockchains rely on economic incentives to ensure secure and decentralised operation, making incentive compatibility a core design concern. However, protocols are rarely deployed in isolation. Applications interact with the underlying consensus and network layers, and multiple protocols may run concurrently on the same chain. These interactions give rise to complex incentive dynamics that traditional, isolated analyses often fail to capture. We propose the first compositional game-theoretic framework for blockchain protocols. Our model represents blockchain protocols as interacting games across the application, network, and consensus layers. It enables formal reasoning about incentive compatibility under composition by introducing two key abstractions: the cross-layer game, which models how strategies in one layer influence others, and cross-application composition, which captures how application protocols interact concurrently through shared infrastructure. We illustrate our framework through case studies on Hashed Timelock Contracts (HTLCs) and Layer-2 protocols showing how compositional analysis reveals new subtle incentive vulnerabilities and supports modular security proofs. Also, by introduction of a novel rational miner model, we derive new conditions for the robustness of timelocks to bribing attacks. |
| 14:24-14:48 |
NTRU with Hints: Secret Key Recovery under Partial Leakage on NTRU-based Signatures (abstract) 24 min
1 School of Cyber Science and Engineering, Nanjing University of Science and Technology, Nanjing 210094, China
2 Institute of Information Engineering, Chinese Academy of Sciences
3 the State Key Laboratory of Cyberspace Security Defense
4 and also with LTCI, Télécom Paris, Institut Polytechnique de Paris, Palaiseau 91120, France
5 the Institute of Information Engineering, Chinese Academy of Sciences, Beijing 100085, China
6 and the School of Cyber Security, University of Chinese Academy of Sciences, Beijing, China
ABSTRACT. Post-quantum cryptography has become pivotal for ensuring communication security in the quantum era. NTRU-based signature schemes have gained attention due to their computational efficiency and compact public keys and signatures, which reduce communication overheads. However, the algebraic structure of NTRU lattices introduces vulnerabilities in physical attack scenarios, where partial secret key leakage can severely undermine system security. In this paper, we propose the Dimension-and-Sample Reduced NTRU Attack (DSRNA). The core principle of DSRNA is to apply a dimension-reduction strategy that transforms the NTRU instance into a lower-dimensional NTRU instance with fewer samples, which is efficiently solvable via lattice basis reduction. Furthermore, we design a unified hint-embedding technique that jointly exploits side information from both secret keys f and g, thereby improving both attack efficiency and success rates. We evaluate the residual security of Falcon and its variants Hawk, under perfect, modular and approximate leakage models. Experimental results demonstrate security degradation. Compared to the method of May et al. at Asiacrypt 2023, DSRNA achieves speedups of 5.8X for Falcon-512 with 400 leaked coefficients and over 29.4X for Falcon-1024 with 905 coefficients. This study reveals the potential vulnerability of NTRU-based signature schemes to partial secret key leakage. |
| 14:48-15:12 |
Self-Guarding Arbitrary Cryptographic Primitives and 2PC Protocols (abstract) 24 min
1 Sapienza University of Rome
ABSTRACT. In IEEE CSF '18, Fischlin and Mazaheri introduced the notion of self-guarding cryptographic protocols as a countermeasure to algorithm substitution attacks. After a trusted initialization phase, a Self-Guarder wraps the user's cryptographic algorithm implementation and sanitizes it in a way that (1) prevents that an adversary can exploit the subverted implementation to exfiltrate user's data and (2) maintain the correctness of the genuine implementation. Whilst the proposed solutions in CSF '18 support a bounded number of executions before requiring a re-initialization phase, we show a universal self-guarder supporting an unbounded number of executions from a single trusted setup. Our self-guarder can be applied to any cryptographic primitive and any two-party computation protocol with the aid of a verifiable-computation-enabling compiler. |
| 15:12-15:36 |
Revisiting Beimel-Weinreb Weighted Threshold Secret Sharing Schemes (abstract) 24 min
1 Universitat Rovira i Virgili
ABSTRACT. A secret sharing scheme is a cryptographic primitive that allows a dealer to share a secret among a set of parties, so that only authorized subsets of them can recover it. The access structure of the scheme is the family of authorized subsets. In a weighted threshold secret sharing scheme, each party is assigned a weight according to its importance, and the authorized subsets are those in which the sum of their weights is at least the threshold value. For these access structures, Beimel and Weinreb [IPL 2006] presented the best general constructions: The scheme with computational security has a total share size polynomial in $n$, while the scheme with perfect security has a total share size $n^{O(\log n)}$. However, these constructions require the use of shallow monotone sorting networks, which limits their practical use. In this work, we revisit weighted threshold secret sharing from a circuit-based perspective. By considering alternative circuits and formulas that avoid monotone sorting networks, we obtain substantial improvements in two directions. First, in the computational setting, we provide a computational scheme that is feasible in practice. Assuming the existence of one-way functions with security parameter $\lambda$, we show that any weighted threshold access structure over $n$ parties with threshold $\sigma$ admits a computational secret sharing scheme with share size $\lambda$, public information of size $O(\lambda n^2 \log \sigma)$, and a reconstruction procedure in which any authorized subset needs to download only $O(\lambda n \log \sigma)$ bits of public information. Notably, for weight distributions that arise in the most widely deployed blockchain networks, our construction reduces the total share size ranging from $300\times$ to $6700\times$ compared to the best previously known schemes. Second, extending these techniques, we obtain improved information-theoretic ramp weighted threshold secret sharing schemes. For any weights, threshold $\sigma$, and $\epsilon < 1$, we construct a $(\sigma,(1+\epsilon)\sigma)$-ramp weighted threshold scheme with share size $O\left((n/\epsilon) \log n\right)$, reducing the share size with respect to the state-of-the-art solutions. |
| 15:36-16:00 |
Time-Lock Puzzles with Preprocessing: an Instantiation from Average-Case Hardness Assumptions on Graphs and Lattices (abstract) 24 min
1 Lombard International (part of Utmost Group)
ABSTRACT. Sequential functions are computable functions that admit no asymptotic speedup, even in the presence of massive parallel computational resources. Although extensively studied within complexity theory, they have received less attention in cryptographic applications. This situation changed with the recent introduction of \emph{verifiable delay functions}, which found practical use in decentralized cryptographic payment systems and renewed the practical interest in sequential functions. In particular, the closely-related notion of \emph{time-lock puzzles} (TLP), in which a secret can be recovered only after a prescribed amount of sequential computation, have re-emerged as a fundamental primitive. Post-quantum secure TLPs based solely on standard cryptographic assumptions are unknown. A relaxed variant -- TLPs with preprocessing, which allow for an expensive setup phase -- can be obtained using randomized encodings and the existence of worst-case non-parallelizing languages (NPL). In this work, we introduce a new post-quantum secure TLP with preprocessing. Our construction combines (i) cryptographic evaluation over encrypted data with (ii) a well-studied average-case hardness assumption in graph theory: refuting cliques in Erd\H{o}s--R\'enyi graphs using (resolution-based) proof systems. Sequentiality is proven by relating this task to the problem of deciding, in quasipolynomial time, whether an Erd\H{o}s--R\'enyi graph contains a planted clique of appropriate size. Building on a result of Atserias, Bonacina, de Rezende, Lauria, Nordstr\"om, and Razborov, which shows that clique refutation requires at least $n^{\Omega(k)}$ steps -- where $n$ denotes the number of vertices and $k$ is related to the clique size -- we identify clique refutation as a natural candidate for sequential computation. Moreover, such refutation proofs can be equivalently represented as read-once branching programs of comparable depth. Leveraging this correspondence, we construct a time-lock puzzle in which the clique refutation instance is not revealed in the clear, but instead encrypted using an \emph{attribute-based encryption} scheme. This approach securely encodes the graph structure while allowing holders of appropriate attribute-keys to evaluate the branching program. To ensure efficiency, we require attribute-based encryption schemes whose parameter growth is logarithmic in the size of the evaluated function; existing constructions are known to satisfy this requirement. |
| 16:30-16:54 |
Efficient Homomorphic Encryption-Based CNN Batch Inference Using Channel-Interleaved Packing with Small Rotation Key Set (abstract) 24 min
1 National Taiwan University
ABSTRACT. As privacy concerns rise, numerous laws require machine learning-based applications to comply with stringent privacy regulations. While Homomorphic Encryption (HE) allows computation directly on encrypted data, existing HE-based inference solutions suffer from significant computational and memory overhead for both single and multiple samples. Additionally, current methods require many rotation keys, which limits their practicality in a broader range of scenarios. To address these challenges, we propose channel-interleaved packing (CIP) to embed three-dimensional (3-D) data into 2-D ciphertexts, enabling 3-D HE convolution to be performed as a 2-D HE convolution combined with channel aggregations via ciphertext rotations, thereby significantly reducing the number of rotation keys required. To further improve the performance of CIP-based convolution, we introduce an efficient 2-D convolution that halves the number of HE multiplications. For computationally intensive inference tasks, we employ partial-kernel and mini-batch strategies that iteratively process sliced kernels and subsets of samples, aggregating the results to produce the final output. Experimental results demonstrate the superior efficiency of our method compared to the state-of-the-art HE-based approaches by Lee et al. (ICML’22) and Cheon et al. (IEEE TDSC’24) in both single-sample and multi-sample scenarios. Using ResNet18 and VGG16 with a batch size of 64, our solution achieves speedups of up to 2.9× and 4.6×, respectively. When processing a single test sample, the speedups increase to 4.4× and 27×. Moreover, our method requires only 29 rotation keys for evaluation, which is at least 35% fewer than previous works, resulting in an overall memory reduction of approximately 50%. |
| 16:54-17:18 |
Towards Strong Certified Defense with Universal Asymmetric Randomization (abstract) 24 min
1 University of Connecticut
2 Cisco
3 Illinois Institute of Technology
ABSTRACT. Randomized smoothing has become essential for achieving certified adversarial robustness in machine learning models. However, current methods primarily use isotropic noise distributions that are uniform across all data dimensions, such as image pixels, limiting the effectiveness of robustness certification by ignoring the heterogeneity of inputs and data dimensions. To address this limitation, we propose UCAN: a novel technique that \underline{U}niversally \underline{C}ertifies adversarial robustness with \underline{A}nisotropic \underline{N}oise. UCAN is designed to enhance any existing randomized smoothing method, transforming it from symmetric (isotropic) to asymmetric (anisotropic) noise distributions, thereby offering a more tailored defense against adversarial attacks. Our theoretical framework is versatile, supporting a wide array of noise distributions for certified robustness in different $\ell_p$-norms and applicable to any arbitrary classifier by guaranteeing the classifier's prediction over perturbed inputs with provable robustness bounds through tailored noise injection. Additionally, we develop a novel framework equipped with three exemplary noise parameter generators (NPGs) to optimally fine-tune the anisotropic noise parameters for different data dimensions, allowing for pursuing different levels of robustness enhancements in practice. |
| 17:18-17:42 |
LAP$_2$: Revisiting Laplace DP-SGD for High Dimensions via Majorization Theory (abstract) 24 min
1 Iowa State University
2 University of Connecticut
3 University of Kansas
ABSTRACT. Differentially Private Stochastic Gradient Descent (DP-SGD) is a cornerstone technique for ensuring privacy in deep learning, widely used in both training from scratch and fine-tuning large-scale language models. While DP-SGD predominantly relies on the Gaussian mechanism, the Laplace mechanism remains underutilized due to its reliance on $\ell_1$ norm clipping. This constraint severely limits its practicality in high-dimensional models because the $\ell_1$ norm of an $n$-dimensional gradient can be up to sqrt{n} times larger than its $\ell_2$ norm. As a result, the required noise scale—and thus the privacy loss—grows significantly with model size, leading to poor utility or untrainable models. In this work, we introduce LAP$_2$, a new solution that enables $\ell_2$ clipping for Laplace DP-SGD while preserving strong privacy guarantees. We overcome the dimensionality-driven clipping barrier, by computing coordinate-wise moment bounds and applying majorization theory to construct a tight, data-independent upper bound over the full model. By exploiting the Schur-convexity of the moment accountant function, we aggregate these bounds using a carefully designed majorization set that respects the $\ell_2$ clipping constraint. This yields a multivariate privacy accountant that scales gracefully with model dimension and enables the use of thousands of moments. Empirical evaluations demonstrate that our approach significantly improves the performance of Laplace DP-SGD, achieving results comparable to or better than Gaussian DP-SGD under strong privacy constraints. For instance, fine-tuning RoBERTa-base (125M parameters) on SST-2 achieves 87.88% accuracy at $\epsilon$ = 0.54, outperforming Gaussian (87.16%) and standard Laplace (48.97%) under the same budget. On image classification, a CNN on MNIST achieves 93.29% accuracy at $\epsilon$ = 0.88 with LAP$_2$, compared to 96.08% (Gaussian) and only 16.44% (Laplace). |
