Papers

Inspired by [DILO22], we investigate what is the bare minimum we can achieve using the correlated OT functionality in actively secure two-party computation. We found that with the following two techniques block COT and compression idea of [DILO22] dual execution We can achieve constant (up to 5 bits per AND gate) overhead in terms of one-way communication compared to semi-honest half-gate [ZRE15]. One-way Communication The one-way communication result is published as Actively Secure Half-Gates with Minimum Overhead under Duplex Networks. In Advances in Cryptology–EUROCRYPT 2023: 42nd Annual International Conference on the Theory and Applications of Cryptographic Techniques, Lyon, France, April 23–27, 2023, Proceedings, Part II (pp. 35-67). Cham: Springer Nature Switzerland. PDF ...

The VOLE in the Head framework demonstrates very competetive performance as compared to the traditional MPC in the Head framework. This has been demonstrated in the FAEST signature scheme (Crypto 2023). One natural ideal is to utilize this framework to prove other OWF, e.g. LPN-based. In this work, we apply the sketching technique of [BGI16] to prove that the LPN noise consists of a series of unit vectors, and then apply QuickSilver to prove the validity of LPN witness. After transforming the proof system under the VOLE in the Head framework from designated verifier to public verifier, we get a signature scheme called ReSolveD. The scheme shows smaller signature size as compared to previous state-of-the-art SDitH (Eurocrypt 2023, Asiacrypt 2023) ...

This paper is about extending the classical [IKOS07] MPC in the Head framework to prove statements that are shared among multiple provers. This is somewhat dual to the distributed ZKP object. I gave a talk about this Crypto 2019 paper. Published as A Multi-Prover Zero-Knowledge Proof System. In European Symposium on Research in Computer Security (pp. 332-351). Springer, Cham. PDF

Hash-based signature is to be standardized by NIST. So it is a natural question to study whether the currently being standarized algorithm SPHINCS+ is indeed optimal. Towards this end, we discovered that the constant-sum encoding method that appear previously in the literature, is encoding-size-optimal among all tree-based one-time signature schemes. Moreover, by refuting a DAG-based construction [BM96] our scheme appears to be the optimal among all existing constructions. This work is published as Revisiting the Constant-Sum Winternitz One-Time Signature with Applications to and XMSS. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14085. Springer, Cham. PDF

In this paper we describe a simple GCZK protocol that works in the reverse order compared to [JKO16]. Here the prover is the garbler and the verifier use cut-and-choose to verify that the correct verification circuit is garbled. In this way, the protocol can be made public-coin. Published as A Simple Post-Quantum Non-interactive Zero-Knowledge Proof from Garbled Circuits. In International Conference on Information Security and Cryptology (pp. 269-280). Springer, Cham. PDF