[continued from previous message]
Large Language Models (LLMs) are widely employed for their ability to generate human-like text. However, service providers may deploy smaller models to reduce costs, potentially deceiving users. Zero-Knowledge Proofs (ZKPs) offer a solution by allowing
providers to prove LLM inference without compromising the privacy of model parameters. Existing solutions either do not support LLM architectures or suffer from significant inefficiency and tremendous overhead. To address this issue, this paper
introduces several new techniques. We propose new methods to efficiently prove linear and non-linear layers in LLMs, reducing computation overhead by orders of magnitude. To further enhance efficiency, we propose constraint fusion to reduce the overhead
of proving non-linear layers and circuit squeeze to improve parallelism. We implement our efficient protocol, specifically tailored for popular LLM architectures like GPT-2, and deploy optimizations to enhance performance. Experiments show that our
scheme can prove GPT-2 inference in less than 25 seconds. Compared with state-of-the-art systems such as Hao et al. (USENIX Security'24) and ZKML (Eurosys'24), our work achieves nearly $279\times$ and $185\times$ speedup, respectively.
## 2025/1185
* Title: From Worst-Case Hardness of $\mathsf{NP}$ to Quantum Cryptography via Quantum Indistinguishability Obfuscation
* Authors: Tomoyuki Morimae, Yuki Shirakawa, Takashi Yamakawa
* [Permalink](
https://eprint.iacr.org/2025/1185)
* [Download](
https://eprint.iacr.org/2025/1185.pdf)
### Abstract
Indistinguishability obfuscation (iO) has emerged as a powerful cryptographic primitive with many implications. While classical iO, combined with the infinitely-often worst-case hardness of $\mathsf{NP}$, is known to imply one-way functions (OWFs) and a
range of advanced cryptographic primitives, the cryptographic implications of quantum iO remain poorly understood. In this work, we initiate a study of the power of quantum iO. We define several natural variants of quantum iO, distinguished by whether
the obfuscation algorithm, evaluation algorithm, and description of obfuscated program are classical or quantum. For each variant, we identify quantum cryptographic primitives that can be constructed under the assumption of quantum iO and the infinitely-
often quantum worst-case hardness of $\mathsf{NP}$ (i.e., $\mathsf{NP}\not\subseteq \mathsf{i.o.BQP}$). In particular, we construct pseudorandom unitaries, QCCC quantum public-key encryption and (QCCC) quantum symmetric-key encryption, and several
primitives implied by them such as one-way state generators, (efficiently-verifiable) one-way puzzles, and EFI pairs, etc. While our main focus is on quantum iO, even in the classical setting, our techniques yield a new and arguably simpler construction
of OWFs from classical (imperfect) iO and the infinitely-often worst-case hardness of $\mathsf{NP}$.
## 2025/1186
* Title: Unconditional Individual Verifiability with Receipt Freeness via Post-Cast Isolation
* Authors: Janis Erdmanis
* [Permalink](
https://eprint.iacr.org/2025/1186)
* [Download](
https://eprint.iacr.org/2025/1186.pdf)
### Abstract
We introduce a trapdoorless tracker construction for electronic voting that fundamentally reimagines verifiability through information flow control. Unlike existing E2E verifiable systems where receipt-freeness compromises individual verifiability, our
approach achieves both simultaneously by requiring only temporary isolation of the voting calculator between ballot casting and verification—when voters enter unique challenges to compute trackers for locating their votes on the public tally board. Our
construction leverages perfectly hiding Pedersen commitments and a unique tracker challenge mechanism to simultaneously achieve unconditional individual verifiability, practical everlasting privacy, and receipt-freeness while relying only on standard
cryptographic assumptions. When verification failures occur, our system provides transparent accountability by precisely identifying whether the voting calculator or voting device is responsible. The system maintains security even with partial compliance
with isolation procedures and offers robust protection against various adversaries while requiring minimal trust assumptions.
## 2025/1187
* Title: Ligerito: A Small and Concretely Fast Polynomial Commitment Scheme
* Authors: Andrija Novakovic, Guillermo Angeris
* [Permalink](
https://eprint.iacr.org/2025/1187)
* [Download](
https://eprint.iacr.org/2025/1187.pdf)
### Abstract
In this note we present Ligerito, a small and practically fast polynomial commitment and inner product scheme. For the case of univariate and multilinear polynomial evaluations, the scheme has a proof size of $\sim \log(N)^2/\log\log(N)$ up to constants
and for a large enough field, where $N$ is the size of the input. Ligerito is also fast on consumer hardware: when run on an M1 MacBook Pro for a polynomial with $2^{24}$ coefficients over a 32-bit binary field, our Julia prover implementation has a
proving time of 1.3 seconds and a proof size of 255 KiB. Ligerito is also relatively flexible: any linear code for which the rows of the generator matrix can be efficiently evaluated can be used. Such codes include Reed–Solomon codes, Reed–Muller
codes, among others. This, in turn, allows for a high degree of flexibility on the choice of field and can likely give further efficiency gains in specific applications.
## 2025/1188
* Title: Depth-Optimized Quantum Implementation of CHAM
* Authors: Kyungbae Jang, Yujin Oh, Hwajeong Seo
* [Permalink](
https://eprint.iacr.org/2025/1188)
* [Download](
https://eprint.iacr.org/2025/1188.pdf)
### Abstract
Security weaknesses in the symmetric-key components of a cipher can compromise its overall security assurances. With the rapid progress in quantum computing in recent years, there is a growing focus on assessing the resilience of symmetric-key
cryptography against possible quantum attacks (e.g., Grover's algorithm).
This paper is dedicated to examining the quantum attack resistance of CHAM, a family of lightweight block ciphers developed by a Korean research group. We provide an optimized quantum circuit implementation of CHAM and evaluate its complexity metrics,
such as the number of qubits, gate count, and circuit depth, within the context of Grover's search algorithm.
For Grover's key search, minimizing the quantum circuit depth is the key optimization goal, particularly when parallel search capabilities are taken into account. Our approach enhances parallelism for a low-depth quantum circuit of the CHAM block cipher,
significantly reducing the full circuit depth compared to previous works. For example, in the case of CHAM-128/128, our implementation achieves a full depth of 14,772, compared to 37,768 depth in the best known prior work. This highlights the substantial
depth reduction enabled by our parallelism-oriented design, which facilitates more practical quantum attacks.
## 2025/1189
* Title: Performance and Privacy: A Low-Latency Secure Anonymous Authentication Protocol with OPRF
* Authors: Wenjv Hu, Yanping Ye, Yin Li
* [Permalink](
https://eprint.iacr.org/2025/1189)
* [Download](
https://eprint.iacr.org/2025/1189.pdf)
### Abstract
erforming privacy-preserving queries, particularly anonymous authentication, against large-scale datasets presents critical tradeoffs between security, latency, scalability. Existing cryptographic solutions often impose linear
computation or communication overheads. This paper introduces a novel, efficient protocol for secure anonymous authentication, uniquely combining matrix partitioning via hash prefixes with Oblivious Pseudorandom Functions in a
three-server semi-honest model. Crucially, compared to our previous work published at TrustCom 2024, this enhanced protocol eliminates the dependency on a
designated fully trusted server, achieving security when any single server is corrupted. Furthermore, our protocol demonstrates significant performance improvements over current state-of-the-art methods. It achieves sub-linear online
communication complexity. Evaluations show that for datasets of size 𝑚 ≈ 106
,
our protocol reduces online communication by at least 30% compared to other sub-linear schemes, while maintaining competitive online computation times. Security is proven via simulation, and comprehensive experiments confirm practicality for datasets up to 𝑚 = 10^8
## 2025/1190
* Title: Towards AI-driven Optimization of Robust Probing Model-compliant Masked Hardware Gadgets Using Evolutionary Algorithms
* Authors: David S. Koblah, Dev M. Mehta, Mohammad Hashemi, Fatemeh Ganji, Domenic Forte
* [Permalink](
https://eprint.iacr.org/2025/1190)
* [Download](
https://eprint.iacr.org/2025/1190.pdf)
### Abstract
Side-channel analysis (SCA) is a persistent threat to security-critical systems, enabling attackers to exploit information leakage. To mitigate its harmful impacts, masking serves as a provably secure countermeasure that performs computing on random
shares of secret values. As masking complexity, required effort, and cost increase dramatically with design complexity, recent techniques rely on designing and implementing smaller building blocks, so-called “gadgets.” Existing work on optimizing
gadgets has primarily focused on latency, area, and power as their objectives. To the best of our knowledge, the most up-to-date ASIC-specific masking gadget optimization frameworks require significant manual effort. This paper is inspired by previous
work introducing open-source academic tools to leverage aspects of artificial intelligence (AI) in electronic design automation (EDA) to attempt to optimize and enhance existing gadgets and overall designs. We concentrate on evolutionary algorithms (EA),
optimization techniques inspired by biological evolution and natural selection, to find optimal or near-optimal solutions. In this regard, our goal is to improve gadgets in terms of power and area metrics. The primary objective is to demonstrate the
effectiveness of our methods by integrating compatible gates from a technology library to generate an optimized and functional design without compromising security. Our results show a significant reduction in power consumption and promising area
improvements, with values reduced by 15% in some cases, compared to the naïve synthesis of masked designs. We evaluate our results using industry-standard synthesis and pre-silicon side-channel verification tools.
## 2025/1191
* Title: A Polynomial Public-Key Cryptosystem Based on Jacobian-Preserving Composition
* Authors: Saimon Ahmed
* [Permalink](
https://eprint.iacr.org/2025/1191)
* [Download](
https://eprint.iacr.org/2025/1191.pdf)
### Abstract
We propose a public-key cryptosystem based on Jacobian-preserving polynomial compositions, utilizing algebraically invertible polynomial maps with hard-to-invert composition. The construction utilizes polynomial maps over $\mathbb{Z}_p$, where $p$ is a
prime number, with Jacobian determinant equal to 1 to ensure invertibility. The public key function $H : \mathbb{Z}_p^n \to \mathbb{Z}_p^n$ is defined as the composition of invertible polynomial maps $f_1, f_2, \dots, f_k$, each with Jacobian determinant
1, while the private key consists of the individual components used in the composition. Although inverting the composition is possible, inverting without the knowledge of the factors is computationally infeasible. This system incorporates both triangular
and affine polynomial maps. We discuss the construction, provide formal correctness proofs, analyze hardness assumptions, and present a Python-based prototype with benchmark results.
## 2025/1192
* Title: PrivacyGo: Privacy-Preserving Ad Measurement with Multidimensional Intersection
* Authors: Jian Du, Haohao Qian, Shikun Zhang, Wen-jie Lu, Donghang Lu, Yongchuan Niu, Bo Jiang, Yongjun Zhao, Qiang Yan
* [Permalink](
https://eprint.iacr.org/2025/1192)
* [Download](
https://eprint.iacr.org/2025/1192.pdf)
### Abstract
In digital advertising, accurate measurement is essential for optimiz- ing ad performance, requiring collaboration between advertisers and publishers to compute aggregate statistics—such as total conver- sions—while preserving user privacy.
Traditional secure two-party computation methods allow joint computation on single-identifier data without revealing raw inputs, but they fall short when mul- tidimensional matching is needed and leak the intersection size, exposing sensitive information
to privacy attacks.
This paper tackles the challenging and practical problem of multi- identifier private user profile matching for privacy-preserving ad measurement, a cornerstone of modern advertising analytics. We introduce a comprehensive cryptographic framework
leveraging re- versed Oblivious Pseudorandom Functions (OPRF) and novel blind key rotation techniques to support secure matching across multiple identifiers. Our design prevents cross-identifier linkages and in- cludes a differentially private mechanism
to obfuscate intersection sizes, mitigating risks such as membership inference attacks.
We present a concrete construction of our protocol that achieves both strong privacy guarantees and high efficiency. It scales to large datasets, offering a practical and scalable solution for privacy- centric applications like secure ad conversion
tracking. By combin- ing rigorous cryptographic principles with differential privacy, our work addresses a critical need in the advertising industry, setting a new standard for privacy-preserving ad measurement frameworks.
## 2025/1193
* Title: Non-Homomorphic Key Blinding from Symmetric Primitives
* Authors: Thomas Bellebaum
* [Permalink](
https://eprint.iacr.org/2025/1193)
* [Download](
https://eprint.iacr.org/2025/1193.pdf)
### Abstract
Key Blinding Signature Schemes allow to derive so-called
blinded keys from public keys, which can be used to verify signatures
created with the secret key. At the same time, neither the blinded keys
nor their signatures disclose from which public key they were derived, effectively implementing pseudonyms for one’s identity.
In search of conservative schemes, we deviate from the homomorphism-
based re-randomization approach in favor of a novel proof of knowledge-
based approach. To authenticate a message, a signer proves that they
know an original keypair and a valid way to commit to the corresponding verification key to derive a given blinded key. We provide a framework
for such constructions and indicate how MPC-friendly block ciphers and
one-way functions may be used for efficient instantiations. While the
general framework’s security arguments are stated in the random oracle
model, we show a natural instantiation approach whose security can be
based on collision-resistance and pseudorandomness instead. The result
is the first standard model construction of key blinding.
Using our framework, we identify a shortcoming in the usual definition
of unlinkability for key blinding signature schemes, which we rectify by considering an additional notion called targeted unlinkability.
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)