2025 EIMS-KMS International Workshop
on Cryptography
Ewha Institute of Mathematical Sciences (EIMS)
Korean Mathematical Society (KMS)
February 3 (Mon) - 4 (Tue) 2025, Ewha Womans University, Seoul
Ewha Institute of Mathematical Sciences (EIMS)
Korean Mathematical Society (KMS)
February 3 (Mon) - 4 (Tue) 2025, Ewha Womans University, Seoul
Xavier Bonnetain (Université de Lorraine, CNRS, Inria, LORIA, Nancy, France)
Improving Generic Attacks Using Exceptional Functions
In this talk we will see how the functional graph can be used in cryptanalysis, from simple collision algorithms to much more advanced attacks against the Duplex sponge mode and some hash combiners. These latter works are joint with Rachelle Heim-Boissier, Gaëtan Leurent and André Schrottenloher.
Wonseok Choi (Purdue University, USA)
Byzantine Broadcast with Unknown Participants
A sender (or a set of senders) wish to broadcast their input to whoever is around—and reachable on the communication network. Any number of nodes in the network, including possibly the sender(s), can be malicious, but everyone should hear/output the same value for each sender (Consistency), and this should be the sender’s input if he is honest (Validity). Importantly, no blockchain-like tricks are allowed, which masquerade assumptions about majority—of parties or resources, like hashing power, stake, etc. Does this sound familiar?
The above is an instance, in the unknown participants setting, of one of the core classical problems of fault-tolerant distributed computing, namely, Byzantine broadcast (BB) without honest majority. Surprisingly, despite four decades of intensive research on BB (including the resurgence of interest fueled by the blockchain revolution) all existing approaches fail to solve this problem as their termination inherently relies on the total number (and/or the identities) of participants, which is unknown. The challenge—which might make one conjecture that the above task is impossible in this unknown participants setting—is that malicious parties might be added to the protocol at any point during its execution which makes it challenging for other parties receiving this message to terminate without violating Consistency. In fact, even formally defining the problem turns out to be far from trivial and needs to deviate from classical BB approaches.
In this work, we provide the first definitions of Byzantine broadcast in the unknown participants setting (“UP Broadcast” for short) that incorporate both static and dynamic participation and corruption of parties. We then provide the strongest possible refutal of the above conjecture, by providing a polynomial-time deterministic UP Broadcast protocol. (In the process we also solve UP Interactive Consistency, which corresponds to the multi-sender version of the problem.) We next turn to the question of round complexity. We prove that our protocols achieve an optimal round complexity when the adversary can corrupt arbitrary many parties, where this optimality extends even to randomized (aka probabilistic-termination) protocols. Our constructions offer Consistency and Validity guarantees to every party who is around throughout the protocol execution. We then ask, what if parties join in the middle of the protocol? We provide best-possible security guarantees also to these parties, by presenting constructions that are also round optimal.
Jian Guo (Nanyang Technological University, Singapore)
A Realistic Summary and Projection of Cryptanalysis against Symmetric-Key Cryptography Primitives
In this talk, we will provide a realistic summary of the recent developments of cryptanalysis methodologies against symmetric-key cryptography primitives, including those by automated tools like SAT and MILP, and machine learning. Through these, a projection of further developments in the next decade or two is provided.
Miran Kim (Hanyang University, Korea)
Secure Transformer Inference with Homomorphic Encryption
Homomorphic encryption (HE) is a cryptographic method that enables arbitrary computation on encrypted data without decrypting them. It has emerged as a promising solution for addressing privacy and security concerns in outsourced computation on sensitive data. In this talk, I will discuss recent advancements in HE, highlighting key developments and progress in the field. I will then introduce a new approach to homomorphic matrix multiplication and conclude with benchmark results for a secure inference framework applied to transformer models on encrypted data.
Hyung Tae Lee (Chung-Ang University, Korea)
Private Set Intersection with Key Agreements: Advances and New Variants
Private Set Intersection (PSI) is a cryptographic technique that allows parties to compute the intersection of their datasets while revealing no additional information beyond the intersection. Recent PSI protocols are primarily designed using oblivious transfer (OT) and Diffie-Hellman (DH) key agreement protocols. In this talk, we focus on PSI protocols built on DH key agreement and its variants. For this purpose, we first review recent PSI protocols that leverage the DH key agreement and its variants. Then, we present a novel and efficient PSI protocol based on pairings with offline preprocessing.
Keewoo Lee (UC Berkeley, USA)
Oblivious Compression for Homomorphic Encryption and Its Applications
Homomorphic encryption (HE) enables secure computation on encrypted data, making it a powerful tool for privacy-preserving applications. However, an often-overlooked challenge in HE-based systems is the high *communication* cost, particularly in use cases involving large datasets. For instance, in private database query (PDQ) schemes, a server hosts a database, and users issue queries to retrieve specific records while keeping their queries private. A crucial step in PDQ protocols is _oblivious compression_, which compresses encrypted _sparse_ vectors encoding query results. Without this compression, the server’s response would be as large as the entire database, since the server cannot identify the specific data points intended for return.
In this talk, I will introduce techniques for oblivious compression tailored to HE. If time permits, I will also discuss specific applications, including oblivious message retrieval and private queries on vector databases (VectorDB).
Christian Majenz (Technical University of Denmark, Denmark)
Permutation Superposition Oracles for Quantum Query Lower Bounds
This talk is based on joint work with Giulio Malavolta and Michael Walter, eprint 2024/1140. Zhandry’s compressed oracle technique (Crypto ’19) has been extremely successful as a proof tool for analyzing quantum algorithms with (quantum) access to a random function. It has, however, turned out to be very difficult to generalize the technique to the case of random permutations. I will begin this talk by describing the compressed oracle technique on a high level, highlighting the properties of random functions it makes crucial use of. Then I will explain the difficulties that arise when trying to construct an analogue technique for permutations. Finally, I will describe how we tackle the challenges to get a first permutation superposition oracle that has a number of the nice properties which make the function version so useful.
Ryo Nishimaki (NTT, Japan)
Advanced Cryptography with Certified Deletion
I will briefly overview cryptography with certified deletion and explain functional encryption with certified deletion.