-
ZODA: Zero-Overhead Data Availability
ePrint Report: ZODA: Zero-Overhead Data Availability Alex Evans, Nicolas Mohnblatt, Guillermo Angeris We introduce ZODA, short for ‘zero-overhead data availability,’ which is a protocol for proving that symbols received from an encoding (for tensor codes) were correctly constructed. ZODA has optimal overhead for both the encoder and the samplers. Concretely, the ZODA scheme incurs essentially…
-
Long Paper: All-You-Can-Compute: Packed Secret Sharing for Combined Resilience
ePrint Report: Long Paper: All-You-Can-Compute: Packed Secret Sharing for Combined Resilience Sebastian Faust, Maximilian Orlt, Kathrin Wirschem, Liang Zhao Unprotected cryptographic implementations are vulnerable to implementation attacks, such as passive side-channel attacks and active fault injection attacks. Recently, countermeasures like polynomial masking and duplicated masking have been introduced to protect implementations against combined attacks that…
-
Scalable Post-Quantum Oblivious Transfers for Resource-Constrained Receivers
ePrint Report: Scalable Post-Quantum Oblivious Transfers for Resource-Constrained Receivers Aydin Abadi, Yvo Desmedt It is imperative to modernize traditional core cryptographic primitives, such as Oblivious Transfer (OT), to address the demands of the new digital era, where privacy-preserving computations are executed on low-power devices. This modernization is not merely an enhancement but a necessity to…
-
Round-Optimal Compiler for Semi-Honest to Malicious Oblivious Transfer via CIH
ePrint Report: Round-Optimal Compiler for Semi-Honest to Malicious Oblivious Transfer via CIH Varun Madathil, Alessandra Scafuro, Tanner Verber A central question in the theory of cryptography is whether we can build protocols that achieve stronger security guarantees, e.g., security against malicious adversaries, by combining building blocks that achieve much weaker security guarantees, e.g., security only…
-
A New Paradigm for Server-Aided MPC
ePrint Report: A New Paradigm for Server-Aided MPC Alessandra Scafuro, Tanner Verber The server-aided model for multiparty computation (MPC) was introduced to capture a real-world scenario where clients wish to off-load the heavy computation of MPC protocols to dedicated servers. A rich body of work has studied various trade-offs between security guarantees (e.g., semi-honest vs…
-
Parametrizing Maximal Orders Along Supersingular $ell$-Isogeny Paths
ePrint Report: Parametrizing Maximal Orders Along Supersingular $ell$-Isogeny Paths Laia Amorós, James Clements, Chloe Martindale Suppose you have a supersingular $ell$-isogeny graph with vertices given by $j$-invariants defined over $mathbb{F}_{p^2}$, where $p = 4 cdot f cdot ell^e – 1$ and $ell equiv 3 pmod{4}$. We give an explicit parametrization of the maximal orders in…
-
Ivanti Releases Security Updates for Connect Secure, Policy Secure, and ZTA Gateways
Ivanti released security updates to address vulnerabilities (CVE-2025-0282, CVE-2025-0283) in Ivanti Connect Secure, Policy Secure, and ZTA Gateways. A cyber threat actor could exploit CVE-2025-0282 to take control of an affected system. CISA has added CVE-2025-0282 to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CISA urges organizations to hunt for any malicious…
-
CISA Adds One Vulnerability to the KEV Catalog
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2025-0282 Ivanti Connect Secure Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. CISA urges organizations to apply mitigations as set forth in the CISA instructions linked…
-
Research that builds detections
Note: You can view the full content of the blog here. Introduction Detection engineering is becoming increasingly important in surfacing new malicious activity. Threat actors might take advantage of previously unknown malware families – but a successful detection of certain methodologies or artifacts can help expose the entire infection chain. In previous blog posts, we…
-
Hidden Weaknesses in Secure Elements and Enclaves
Secure elements (SE) on Android and secure enclaves on iOS have emerged as trusted hardware-backed solutions for storing and protecting sensitive information, such as cryptographic keys. They are often touted as tamper-resistant, isolated, and secure environments with the highest certifications (e.g., AVA_VAN.5 under Common Criteria). However, while the hardware is robust, the software layers above it introduce significant…