@tumbolia.bsky.social
A curious child. https://michele.orru.net
2025 K-pop edition with video lectures
17.10.2025 08:36 — 👍 1 🔁 0 💬 0 📌 0
the new dragon book cover is incredible
17.10.2025 06:08 — 👍 7 🔁 0 💬 1 📌 0Talk in just a few hours! 🗞️ eprint.iacr.org/2024/1552
Exciting to present it in the very same venue where I wrote a big chunk of it while attending @rightscon.org !
Would it be harder to believe Nicholas Bourbaki is a collective pseudonym or that Jean-Pierre Serre is a single person
27.09.2025 05:40 — 👍 2 🔁 0 💬 0 📌 0
Got invited to @college-de-france.fr for a seminar about zero-knowledge and online anonymity! 🎉🎉🎉
www.college-de-france.fr/fr/agenda/se...
A key takeaway: for 20 years, we’ve relied on a notion called indifferentiability to use random oracles over arbitrary-length spaces—but it’s not sufficient for knowledge soundness.
🗞️ eprint.iacr.org/2025/536
Thrilled to announce that my latest paper with Alessandro Chiesa has been accepted to TCC, the IACR conference on the theory of cryptography!
30.08.2025 18:39 — 👍 6 🔁 0 💬 1 📌 0
at this conference everyone has 4+ coauthors except me lol
24.08.2025 22:41 — 👍 3 🔁 0 💬 0 📌 0
I'll present my latest paper on anonymous credentials and designated-verifier kzg at ACM CCS 2025 in Taipei!
24.08.2025 22:41 — 👍 12 🔁 1 💬 2 📌 0Sorry for the late reply! Finally part of the CFRG!
17.08.2025 22:15 — 👍 1 🔁 0 💬 0 📌 0Phrack #72 release reveals TTPs, backdoors and targets of a Chinese/North Korean state actor mimicking Kimsuky
A copy of his workstation is available for all researchers to analyze!
Article: data.ddosecrets.com/APT%20Down%2...
Data dump: ddosecrets.com/article/apt-...
With Tom Lehrer's passing, I suppose this is a moment to share the story of the prank he played on the National Security Agency, and how it went undiscovered for nearly 60 years.
27.07.2025 21:01 — 👍 8662 🔁 3616 💬 143 📌 717
Yesterday, @cathie.bsky.social gave a great talk at @ietf.org 123 on the importance of standardizing Sigma protocols and our ongoing work toward a standard for zero-knowledge proofs! You can watch the talk here:
26.07.2025 03:30 — 👍 7 🔁 1 💬 1 📌 0hahahah i feel attacked
16.07.2025 07:37 — 👍 2 🔁 0 💬 1 📌 0
16.07.2025 05:07 — 👍 7 🔁 0 💬 1 📌 0
The paper is huge — it’s been a journey to nail down a proof.
I think it’s a solid step forward in narrowing down Fiat-Shamir attacks and characterizing the concrete security of ZKPs. It’s also been really helpful in shaping what a standard for Fiat-Shamir should look like.
We updated our paper on Fiat-Shamir!
We now take a closer look at the gap between what symmetric cryptography has focused on for over 10 years (indifferentiability) and what is actually needed for the soundness of ZKPs and SNARKs (something stronger!).
eprint.iacr.org/2025/536
Yes! Right. Secret signature or verification key (the latter I think is more common)
11.07.2025 06:01 — 👍 1 🔁 0 💬 0 📌 0If the hash input is secret though you’ll be leaking some side channel information right? And the procedure is only terminating in expected time
09.07.2025 23:49 — 👍 0 🔁 0 💬 1 📌 0
ACM CCS ? and I do remember them even welcoming economical studies on malware — www.youtube.com/watch?v=5uAK...
02.07.2025 14:33 — 👍 0 🔁 0 💬 0 📌 0
Abstract. BBS/BBS+ signatures are the most promising solution to instantiate practical and lightweight anonymous credentials. They underlie standardization efforts by the W3C and the IRTF. Due to their potential for large scale deployment, it is paramount to understand their concrete security, but a number of questions have been left open by prior works. To this end, the security proofs by Au et al. (SCN ’06), Camenisch et al. (TRUST ’16), and Tessaro and Zhu (EUROCRYPT ’23) show reductions from q-SDH in groups of prime order p, where q is the number of issued signatures. However, these prior works left the possibility open that BBS/BBS+ is “even more secure” than what can be guaranteed by such proofs. Indeed, while the q-SDH assumption is subject to an attack that uses $O(\sqrt{p/q})$ group exponentiations (Cheon, EUROCRYPT ’06) for several choices of q, no attack with a similar complexity appears to affect either of BBS+ and “deterministic” BBS, for which the best known attacks amount to recovering the secret key by breaking the discrete logarithm problem. The assumption that this attack is best possible also seemingly justifies the choice of parameters in practice. Our result shows that this expectation is not true. We show new attacks against BBS+ and deterministic BBS which, after seeing q signatures, allow us to recover the secret key with the same complexity as solving the Θ(q)-Discrete Logarithm problem, which in turn is proportional to $O(\sqrt{p/q})$ for many choices of q. Further, we also extend the attack to a reduction showing that the security of BBS+ and deterministic BBS implies the Θ(q)-SDH assumption.
Image showing part 2 of abstract.
On the Concrete Security of BBS/BBS+ Signatures (Rutchathon Chairattana-Apirom, Stefano Tessaro) ia.cr/2025/1093
12.06.2025 12:26 — 👍 0 🔁 2 💬 0 📌 0lmao
25.05.2025 09:03 — 👍 4 🔁 0 💬 0 📌 0
I'm happy to finally open-source lattirust, a library for lattice-based zero-knowledge/succinct arguments! Lattirust is somewhat like arkworks, but for lattices; and like lattigo, but for arguments.
➔ github.com/lattirust
that's not always the case right? If I am making an OR proof, I generate the commitment and the response of the simulated branch before getting the challenge of the verifier
17.05.2025 10:08 — 👍 0 🔁 0 💬 0 📌 0In any case Nico was in the original discussions for this project and knows the door is open :)
17.05.2025 05:58 — 👍 0 🔁 0 💬 0 📌 0Im not sure what thus means, are you saying that if a prover message is generated at the round i, it should be sent in the round i?
17.05.2025 05:56 — 👍 0 🔁 0 💬 2 📌 0The narg proof string (the « transcript ») is serialized from the prover messages, I think that’s what you are asking?
16.05.2025 20:40 — 👍 0 🔁 0 💬 1 📌 0
so there's two nexus that do AI now, one is the world library and the other the world computer. here's the old one github.com/nexus-stc/stc
10.05.2025 20:42 — 👍 1 🔁 0 💬 0 📌 0are you excited about adult content restrictions?
03.05.2025 10:18 — 👍 2 🔁 0 💬 1 📌 0
Our paper "Beyond the Circuit" was accepted at IACR's Communications in Cryptology!
It contains a few simple protocols for simplifying foreign arithmetic in zero-knowledge proofs. Formally we introduce "Σ-reductions", a mix of "Σ-protocols" and "reductions of knowledge".
🗞️ cic.iacr.org/p/2/1/23/pdf
