Papers

Inspired by [DILO22], we investigate what is the bare minimum we can achieve using the correlated OT functionality in actively secure two-party computation. We found that with the following two techniques block COT and compression idea of [DILO22] dual execution We can achieve constant (up to 5 bits per AND gate) overhead in terms of one-way communication compared to semi-honest half-gate [ZRE15]. One-way Communication The one-way communication result is published as Actively Secure Half-Gates with Minimum Overhead under Duplex Networks....

The VOLE in the Head framework demonstrates very competetive performance as compared to the traditional MPC in the Head framework. This has been demonstrated in the FAEST signature scheme (Crypto 2023). One natural ideal is to utilize this framework to prove other OWF, e.g. LPN-based. In this work, we apply the sketching technique of [BGI16] to prove that the LPN noise consists of a series of unit vectors, and then apply QuickSilver to prove the validity of LPN witness....

This paper is about extending the classical [IKOS07] MPC in the Head framework to prove statements that are shared among multiple provers. This is somewhat dual to the distributed ZKP object. I gave a talk about this Crypto 2019 paper. Published as A Multi-Prover Zero-Knowledge Proof System. In European Symposium on Research in Computer Security (pp. 332-351). Springer, Cham. PDF

Hash-based signature is to be standardized by NIST. So it is a natural question to study whether the currently being standarized algorithm SPHINCS+ is indeed optimal. Towards this end, we discovered that the constant-sum encoding method that appear previously in the literature, is encoding-size-optimal among all tree-based one-time signature schemes. Moreover, by refuting a DAG-based construction [BM96] our scheme appears to be the optimal among all existing constructions. This work is published as Revisiting the Constant-Sum Winternitz One-Time Signature with Applications to and XMSS....

In this paper we describe a simple GCZK protocol that works in the reverse order compared to [JKO16]. Here the prover is the garbler and the verifier use cut-and-choose to verify that the correct verification circuit is garbled. In this way, the protocol can be made public-coin. Published as A Simple Post-Quantum Non-interactive Zero-Knowledge Proof from Garbled Circuits. In International Conference on Information Security and Cryptology (pp. 269-280). Springer, Cham. PDF