@error024.bsky.social
PhD candidate, Post-Quantum cryptography. https://error0024.github.io/
I made a video about my upcoming applied cryptography course: youtu.be/z6kK7rIbyB0
28.07.2025 08:51 β π 23 π 3 π¬ 3 π 0
26.07.2025 20:56 β π 2 π 0 π¬ 0 π 0
Crypto 2025 is just around the corner! Check out the full program here:
crypto.iacr.org/2025/program...
Join us on Monday for our talk where we explore the tradeoffs of hash-based signatures.
We then apply these findings to propose post-quantum Ethereum PoS signatures:
eprint.iacr.org/2025/1332
Abstract. In this note, we present a new instantiation of the hash-based multi-signature framework introduced by Drake, Khovratovich, Kudinov, and Wagner (CiC Vol 2 Issue 1, eprint 2025/055) for Ethereumβs consensus layer. Inspired by a recent work of Khovratovich, Kudinov, and Wagner (Crypto 2025, eprint 2025/889), we instantiate the framework with a novel incomparable encoding that improves the tradeoff between signature size and verification hashing. The purpose of this document is to make explicit how to use the ideas of the latter work within the framework of Drake, Khovratovich, Kudinov, and Wagner.
Technical Note: LeanSig for Post-Quantum Ethereum (Justin Drake, Dmitry Khovratovich, Mikhail Kudinov, Benedikt Wagner) ia.cr/2025/1332
22.07.2025 22:05 β π 2 π 1 π¬ 0 π 0I am rereading the comics. These are great an so many new ones came out :)
13.07.2025 07:28 β π 1 π 0 π¬ 0 π 0
This battle will keep playing out over and over again until they achieve something that their own citizens have made it clear they donβt want. www.techradar.com/vpn/vpn-priv...
05.07.2025 17:39 β π 96 π 44 π¬ 4 π 7You never asked π
29.06.2025 17:32 β π 1 π 0 π¬ 0 π 0
PewDiePieβs evolution into a tech geek is so cool! His recent video dives deep into privacy concerns and surveillance issues, while being still fun to watch. I think these are the topics that couldnβt be more relevant today. Highly recommend watching his take on it:
π youtu.be/u_Lxkt50xOg?...
Single author, fifteen pages, reduces the bit complexity of millenia-old UOV instances!!
19.06.2025 12:39 β π 14 π 3 π¬ 1 π 0A touchpad is also acceptable, but if you are using a mouse, why would you use Appleβs? :)
19.06.2025 17:32 β π 1 π 0 π¬ 0 π 0Apple announces that TLS client connections in version 26+ will be using hybrid PQ X25519MLKEM768 by default
support.apple.com/en-us/122756
A nice 127 pages read π₯²
23.05.2025 11:37 β π 2 π 0 π¬ 0 π 0
Abstract. Hash-based signatures have been studied for decades and have recently gained renewed attention due to their post-quantum security. At the core of the most prominent hash-based signature schemes, XMSS and SPHINCS+, lies a one-time signature scheme based on hash chains due to Winternitz. In this scheme, messages are encoded into vectors of positions (i.e., vertices in a hypercube) in the hash chains, and the signature contains the respective chain elements. The encoding process is crucial for the efficiency and security of this construction. In particular, it determines a tradeoff between signature size and computational costs. Researchers have been trying to improve this size-time tradeoff curve for decades, but all improvements have been arguably marginal. In this work, we revisit the encoding process with the goal of minimizing verification costs and signature sizes. As our first result, we present a novel lower bound for the verification cost given a fixed signature size. Our lower bound is the first to directly apply to general encodings including randomized, non-uniform, and non-injective ones. Then, we present new encodings and prove their security. Inspired by our lower bound, these encodings follow a counterintuitive approach: we map messages non-uniformly into the top layers of a much bigger hypercube than needed but the encoding itself has (hard to find) collisions. With this, we get a 20 % to 40 % improvement in the verification cost of the signature while keeping the same security level and the same size. Our constructions can be directly plugged into any signature scheme based on hash chains, which includes SPHINCS+ and XMSS.
Image showing part 2 of abstract.
At the Top of the Hypercube β Better Size-Time Tradeoffs for Hash-Based Signatures (Dmitry Khovratovich, Mikhail Kudinov, Benedikt Wagner) ia.cr/2025/889
19.05.2025 10:27 β π 5 π 2 π¬ 0 π 1Will there be a recording?
17.05.2025 14:44 β π 1 π 0 π¬ 1 π 0
Great initiative!
Saw some references for Go. Can I suggest a recent one: www.manning.com/books/hackin...
Excited to be heading to #Eurocrypt2025 in Madrid soon!
Iβll be speaking at Algebraic Hash Cryptanalysis Days on Security Requirements in the Context of Hash-Based Signatures.
Catch me at the affiliated events or during the main conference. Letβs connect! #Cryptography #Madrid
π€ My talk from #PQCrypto2025 is now live on YouTube!
I discussed rejection types in KEMs. Why they matter, how they impact security and which one should you choose.
Check it out & let me know your thoughts! π
πΊ youtu.be/W-gUd_qTUs4?...
#PostQuantum #Cryptography #KEMs
Did they discuss the applications?
25.04.2025 08:49 β π 0 π 0 π¬ 1 π 0That looks amazing!
23.04.2025 18:56 β π 1 π 0 π¬ 0 π 0And the announcement of the
2025 IACR Test-of-Time Award for Eurocrypt is completing the post and goes to: "On Ideal Lattices and Learning with Errors over Rings", by V. Lyubashevsky, C. Peikert & O. Regev. More info at: iacr.org/testoftime
Congratulations!
2/2 Pair this with Lyubashevskyβs latest primer on Kyber/Dilithium fundamentals (eprint.iacr.org/2024/1287) for a full picture of lattice cryptographyβs state-of-the-art!
23.04.2025 15:02 β π 2 π 0 π¬ 1 π 01/2 π Exciting read: "A Survey on the Security of Lattice-Based NIST Finalists" (eprint.iacr.org/2025/304.pdf) provides a clear overview of modern security analysis for Lattice-based schemes. It dives into structured vs. unstructured attacks on LWE/NTRU assumptions and reduction algorithms like BKZ.
23.04.2025 15:02 β π 2 π 0 π¬ 1 π 0Cool! Thanks. I will take a look
18.04.2025 17:01 β π 1 π 0 π¬ 0 π 0That is a nice discovery! Adding to my read list!
18.04.2025 10:09 β π 1 π 0 π¬ 1 π 0My Crypto Learning Journey: Helpful Resources
Iβve compiled a list of materials that helped me the most in my cryptography journey. The list will keep growingβfeel free to suggest your favorites!
error0024.github.io/posts/2025/0...
Abstract. In this paper, we present an improved framework for proving query bounds in the Quantum Random Oracle Model (QROM) for algorithms with both quantum and classical query interfaces, where the classical input is partially controlled by the adversary. By extending existing techniques, we develop a method to bound the progress an adversary can make with such partial-control classical queries. While this framework is applicable to different hash function properties, we decided to demonstrate the impact of the new techniques by giving an analysis of the multi-target extended target collision resistance property (m-eTCR). This new approach allows us to achieve an improved bound that significantly reduces the required function key size. Our proof is tight in terms of query complexity and has significant implications for cryptographic applications, especially for signature schemes in the hash & sign paradigm, enabling more efficient instantiations with reduced salt sizes and smaller signature lengths. For an example of multiple signatures aggregation, we achieve a signature size of 30 kB smaller.
Hybrid-query bounds with partial input control - framework and application to tight M-eTCR (Andreas HΓΌlsing, Mikhail Kudinov, Christian Majenz) ia.cr/2025/633
11.04.2025 07:13 β π 0 π 1 π¬ 0 π 0
Abstract. In this work we revisit the post-quantum security of KEM-based password-authenticated key exchange (PAKE), specifically that of (O)CAKE. So far, these schemes evaded a security proof considering quantum adversaries. We give a detailed analysis of why this is the case, determining the missing proof techniques. To this end, we first provide a proof of security in the post-quantum setting, up to a single gap. This proof already turns out to be technically involved, requiring advanced techniques to reason in the QROM, including the compressed oracle and the extractable QROM. To pave the way towards closing the gap, we then further identify an efficient simulator for the ideal cipher. This provides certain programming abilities as a necessary and sufficient condition to close the gap in the proof: we demonstrate that we can close the gap using the simulator, and give a meta-reduction based on KEM-anonymity that shows the impossibility of a non-programming reduction that covers a class of KEMs that includes Kyber / ML-KEM.
CAKE requires programming - On the provable post-quantum security of (O)CAKE (Kathrin HΓΆvelmanns, Andreas HΓΌlsing, Mikhail Kudinov, Silvia Ritsch) ia.cr/2025/458
12.03.2025 16:02 β π 4 π 1 π¬ 0 π 0ΠΠΎΠ±Π°Π²ΠΈΡΡ?:)
21.01.2025 11:38 β π 0 π 0 π¬ 1 π 0
