Finally, we extend the security model to several other scenarios and show that the security requirements only differ in the new abstraction of an authentication mechanism. We show that the well-designed protocol from Crypto’24 satisfies strong security bounds in these extensions.
Our more fine-grained modularization allows us to analyze the requirements of different authentication mechanisms.
We solve the open problem of handling adaptive corruptions by a slight modification of the previous scheme.
We build on the work of Backendal, Davis, Günther, Haller and Paterson (Crypto’24) which introduced a formal treatment of secure cloud storage and a concrete construction.
I am very excited that our work on secure cloud storage is now online. A big shoutout also to my co-author @jonasjanneck.bsky.social who will present the results at Eurocrypt’26!
📢📢📢 𝐌𝐚𝐆𝐈𝐂 𝟐𝟎𝟐𝟔
𝐌𝐚𝐫𝐜𝐡𝐞 𝐖𝐨𝐫𝐤𝐬𝐡𝐨𝐩 𝐨𝐧 𝐆𝐫𝐨𝐮𝐩 𝐀𝐜𝐭𝐢𝐨𝐧𝐬 𝐢𝐧 𝐂𝐫𝐲𝐩𝐭𝐨𝐠𝐫𝐚𝐩𝐡𝐲
In May 5-8, let's all gather together to speak about Group Actions!
Early registration until March 8!
Organized with Marco Baldi, @bsky.defeo.lu, @giacomoborin.bsky.social, @andreavbasso.bsky.social
magic-workshop.github.io
Happy to announce that Bird of Prey is accepted at EC’26 🛸✍️🎉
eprint.iacr.org/2025/1844
The paper presents three signature combiners for PQC migration preserving strong unforgeability. They capture all broadly used classical schemes and can be used with *any* PQ signature in a black-box way!
I am very happy to announce that thanks to the hard work of many people (The "MIKE Team"), we now have a working implementation in SageMath of MIKE (Module Isogeny Key Exchange).
📢 We have extended the deadline for our EC workshop to *Monday AoE*!
Submit your talk proposal on any topic related to cryptographic proofs and proof techniques 🤓
Take the opportunity to advertise your ongoing, submitted or published work, or to share other insights related to security proofs
Remember to submit your ProTeCS talk. The deadline is on Thursday!
The deadline is February 19 (one week after the Crypto deadline). Check out our call for presentations here: protecs-workshop.gitlab.io/call
There will be no proceedings, so you can talk about work in progress, submitted work or any other insights related to security proofs and techniques.
Planning your trip to Eurocrypt or looking for an excuse to still go? The reviewers did not appreciate your too involved or too elegant proofs?
Consider submitting a talk to ProTeCS (protecs-workshop.gitlab.io), an affiliated event of EC, where we celebrate proofs as independent objects of study!
New paper out! 🎉
We translate the algebraic group model to the (generic) isogeny setting, generalising previous results that were limited to oriented isogenies (we show that any result that holds in the AGAM also holds in the AIM).
Using this model, we obtain two important results:
Abstract. We introduce the Algebraic Isogeny Model (AIM): an algebraic model, akin to the Algebraic Group Model in the group setting, for isogenies and supersingular elliptic curves. This model is significantly more general than previous ones, such as the Algebraic Group Action Model: the AIM works with arbitrary isogenies over 𝔽_(p²), rather than being limited to oriented ones, which gives considerably more power to the adversary. Within this model, we obtain three results. First, we show that any result in the AGAM can be lifted to the AIM, strengthening previous results against more powerful adversaries. Then, we prove that the SQIsign identification protocol is ID-sound: in turn, this implies that SQIsign is EUF-CMA secure in the Quantum Random Oracle Model, resolving (in the AIM) a long-standing open problem. Lastly, we establish the equivalence of the DLOG and CDH problems for all SIDH-derived key exchanges, such as M-SIDH, binSIDH, and terSIDH.
The Algebraic Isogeny Model: A General Model with Applications to SQIsign and Key Exchanges (Marius A. Aardal, Andrea Basso, Doreen Riepel) ia.cr/2026/032
Abstract. Since attribute-based encryption (ABE) was proposed in 2005, it has established itself as a valuable tool in the enforcement of access control. For practice, it is important that ABE satisfies many desirable properties such as multi-authority and negations support. Nowadays, we can attain these properties simultaneously, but none of these schemes have been implemented. Furthermore, although simpler schemes have been optimized extensively on a structural level, there is still much room for improvement for these more advanced schemes. However, even if we had schemes with such structural improvements, we would not have a way to benchmark and compare them fairly to measure the effect of such improvements. The only framework that aims to achieve this goal, ABE Squared (TCHES ’22), was designed with simpler schemes in mind. In this work, we propose the ABE Cubed framework, which provides advanced benchmarking extensions for ABE Squared. To motivate our framework, we first apply structural improvements to the decentralized ciphertext-policy ABE scheme supporting negations presented by Riepel, Venema and Verma (ACM CCS ‘24), which results in five new schemes with the same properties. We use these schemes to uncover and bridge the gaps in the ABE Squared framework. In particular, we observe that advanced schemes depend on more “variables” that affect the schemes’ efficiency in different dimensions. Whereas ABE Squared only considered one dimension (as was sufficient for the schemes considered there), we devise a benchmarking strategy that allows us to analyze the schemes in multiple dimensions. As a result, we obtain a more complete overview on the computational efficiency of the schemes, and ultimately, this allows us to make better-founded choices about which schemes provide the best efficiency trade-offs for practice.
Image showing part 2 of abstract.
ABE Cubed: Advanced Benchmarking Extensions for ABE Squared (Sven Argo, Marloes Venema, Doreen Riepel, Tim Güneysu, Diego F. Aranha) ia.cr/2025/1230
The SQIparty starts on Monday, but it's still time to register!
We prepared an exciting program for you with a balanced mix of talks, coding sprints, skillshares and other activities!
www.cig.udl.cat/SQIparty2025...
See you in Lleida!
Really excited to share the Decrypting Diversity Summit happening in Montpellier, France from 17-20 June! The goal of the summit is to promote diversity, inclusivity, and gender equality within the cryptography community. For more info: decryptingdiversity.com
Interested in formal verification for cryptography? But not sure where to start?
If you are coming to Eurocrypt, consider joining us for CAPS, the workshop on Computer-Aided Proofs of Security!
caps-workshop.com
We have extended the submission deadline for the International Workshop on Foundations and Applications of Privacy-Enhancing Cryptography (PrivCrypt) by two weeks to April 4, 2025, AoE. Please help spread the word and consider submitting your work to join us in Munich in Summer 😎
Join our Applied Crypto group at FAU in Nürnberg as a PhD student or spread the word: we're hiring.
Our work covers many topics in real-world crypto, especially provable security and privacy of modern messaging protocols 🔐✉️
www.jobs.fau.de/jobs/7-phd-p...
Abstract. Updatable Public-Key Encryption (UPKE) augments the security of PKE with Forward Secrecy properties. While requiring more coordination between parties, UPKE enables much more efficient constructions than full-fledged Forward-Secret PKE. Alwen, Fuchsbauer and Mularczyk (AFM, Eurocrypt’24) presented the strongest security notion to date. It is the first to meet the needs of UPKE’s most important applications: Secure Group Messaging and Continuous Group Key Agreement. The authors provide a very efficient construction meeting their notion with classic security based on the Computational Diffie-Hellman (CDH) assumption in the Random Oracle Model (ROM). In this work we present the first post-quantum secure UPKE construction meeting (a slight relaxation of) the AFM security notion. Based on the Module LWE assumption, our construction is practically efficient. Moreover, public key sizes are about 1/2 and ciphertext sizes around 2/3 of those of the state-of-the-art lattice-based UPKE scheme in the ROM by Abou Haidar, Passelègue and Stehlé – despite only being shown to satisfy a significantly weaker security notion. As the AFM proofs relies on random self-reducibility of CDH, which has no analogue for lattices, we develop a new proof technique for strong UPKE, identifying the core properties required from the underlying (lattice-based) encryption scheme.
Image showing part 2 of abstract.
Lattice-Based Updatable Public-Key Encryption for Group Messaging (Joël Alwen, Georg Fuchsbauer, Marta Mularczyk, Doreen Riepel) ia.cr/2025/365
The list of accepted papers and the (preliminary) program for PKC 2025 are now available online:
pkc.iacr.org/2025/program...
We are also delighted to announce that Jesper Buus Nielsen has accepted our invitation to give an invited talk at PKC 2025!
See you at PKC 2025!
Come join us at the SPIQE workshop in Munich in June! spiqe-workshop.github.io - we are now open for paper submissions and talk proposals on all aspects of secure protocol implementation for the post-quantum era.
