Finally, we're thinking about high-assurance. We're working on a formally verified constant-time implementation of client-side FHE operations (in Jasmin+EasyCrypt), and we're exploring how to best use high-assurance tools (hax/hacspec, Jasmin, Lean) for lattirust. Stay tuned!
20.05.2025 14:55 β π 2 π 0 π¬ 0 π 0
At the moment we're relying on existing lattice estimators to set concrete parameters, but Xavier Marchon did a semester project to write a SIS-specific, Rust lattice estimator, which will be directly integrated in lattirust.
20.05.2025 14:55 β π 0 π 0 π¬ 1 π 0
What's next? Emile Hreich already explored GPU acceleration in a semester project, based on @ingonyama.com's Icicle, since lattice crypto is basically linear algebra over rings. We have promising results, with more coming up soon.
20.05.2025 14:55 β π 1 π 1 π¬ 1 π 0
Lattirust implements LaBRADOR and Lova, and we'll soon have implementations for the Greyhound PCS. I'll also upstream Nethermind's Latticefold implementation (which actually started from a fork of an early version of lattirust). We're working on some new schemes too π
20.05.2025 14:55 β π 0 π 0 π¬ 1 π 0
Lattirust implements fast (arkworks-compatible!) arithmetic for rings and polynomial rings, various challenge spaces, linear algebra and norms, and interfaces with spongefish for effortless FiatβShamir. It also has nice interfaces for relations and interactive reductions.
20.05.2025 14:55 β π 0 π 0 π¬ 1 π 0
lattirust
Lattice zero-knowledge/succinct arguments, and more - lattirust
I'm happy to finally open-source lattirust, a library for lattice-based zero-knowledge/succinct arguments! Lattirust is somewhat like arkworks, but for lattices; and like lattigo, but for arguments.
β github.com/lattirust
20.05.2025 14:55 β π 32 π 16 π¬ 2 π 0
Finally, an open problem:
Lova is very algebraic but uses plain SIS, Latticefold uses MSIS but relies on sumcheck, which is a powerful tool (too powerful?). Can we get a scheme that uses MSIS and barely does more than a single random linear combination? (7/8)
09.12.2024 09:46 β π 5 π 0 π¬ 1 π 0
Lova vs Latticefold
In a concurrent work, @danboneh
and @charles_chen533
build a lattice folding scheme from MSIS. It's not implemented yet, but we can expect Latticefold to be more concretely efficient. Weβll have to see how they compare on recursion-friendliness. (6/8)
09.12.2024 09:46 β π 5 π 0 π¬ 1 π 0
However, since Lova uses the unstructured SIS assumption, and because weβre constrained to a small challenge set, we need to amplify soundness quite a bit, leading to large-ish proofs (dozens of MB) and proving times >10 minutes. (5/8)
09.12.2024 09:46 β π 1 π 0 π¬ 1 π 0
Is Lova concretely efficient?
Lova has some nice features: it is very algebraic (great for prover parallelism!) and only requires a single challenge matrix, which makes it recursion-friendly. We also use the modulus q=2^64 and get rid of modular reduction. (4/8)
09.12.2024 09:46 β π 1 π 0 π¬ 1 π 0
One thing Iβm proud of in this paper is the notation: while lattice crypto papers are typically heavy notationally, we use matrix notation throughout which leads to a very concise (and imho elegant) notation. Hereβs the entire protocol for our core folding step! (3/8)
09.12.2024 09:46 β π 2 π 0 π¬ 1 π 0
Lattice folding schemes face two issues: witness norm growth (completeness), and norm growth when extracting (non-relaxed knowledge soundness). We use a split-and-fold technique to get around #1, and we use witness cross-terms (which we also fold) for #2. (2/8)
09.12.2024 09:46 β π 1 π 0 π¬ 1 π 0
Lova π (aka lattice Nova): Duc Tu Pham, @giacomofenzi.bsky.social, Ngoc Khanh Nguyen
and I built a folding scheme from (unstructured) lattice assumptions, which will be presented at Asiacrypt this week! (1/8)
09.12.2024 09:46 β π 7 π 1 π¬ 1 π 1
Redefining Hardware Acceleration for High-Speed Cryptography, from Software to Silicon π§
Start here: dev.ingonyama.com
Apnoetauchen im RΓΆstigraben.
postdoc @ Hasso-Plattner-Institute, phd from EPFL
applied cryptography and implementations
cmct.ch
researcher studying privacy, security, reliability, and broader social implications of algorithmic systems Β· fake doctor working at a real hospital
website: https://kulyny.ch
Lecturer @MonashUni. Interested in various aspects of crypto(graphy): privacy-enhancing, quantum-safe, lattice-based, zero-knowledge, blockchain, β¦ technologies
Website: https://mfesgin.github.io
navigating the library of babel
Cryptography researcher, developer of Zcash
Postdoc at Texas A&M, previously Purdue/Georgia Tech, PhD from EPFL in cryptography
https://dcol.me
PhD student @ UCSD working on applied cryptography
https://mirohaller.com
recent @uwcse phd grad. digital security, privacy, safety, and how all of the above are sociotechical. she/they.
security & privacy researcher, postdoctoral fellow at Georgetown University
https://lucyq.in
Professor of political science at the University of Zurich β’ digital technology, AI & politics β’ resting bitch face β’ https://fabriziogilardi.org/
Swiss Investigative Tech Journalist.
Awards 2018, 2020, 2021, 2023, 2024
Investigative Tech Reporterin.
Republik.ch & Techjournalismus-Blog DNIP.ch.
Eigener Blog: Techjournalismus.ch
#Privacy, #DigitaleEthik, #Cybersecurity, #Surveillance, #Cloud
Journalist NZZ | Cyber security | Technology | Disinformation
