COSIC

Events Archive - COSIC

There will be a second COSIC seminar this week: Hosam El Koulak (University of Namur) will talk about "Secure Transport Protocols". You're welcome to join us on campus: www.esat.kuleuven.be/cosic/?post_...

Events Archive - COSIC

This week in COSIC... Tomorrow we have a seminar by Alireza Aghabagherloo about "When AI Leaves the Lab: Security, Robustness, and Trust in Modern AI Systems". Check our calendar on www.esat.kuleuven.be/cosic/?post_...

Pablo Sánchez Serrano is visiting us from the University of Málaga. His PhD focuses on Privacy and AI, with two primary goals: leveraging AI techniques as privacy-enhancing technologies, and protecting sensitive information throughout the AI training lifecycle.
#choosecosic

Welcome to our new intern, Neeranuch Jitkhajornwanich! She will be researching "Dissymmetric Modes for Symmetric Cryptography: Leveraging Unbalanced Ends in IoT Protocols" during her stay here.
#choosecosic

Jonas Bertels successfully defended his PhD thesis today, congratulations! 🎓🎉🍾

Experts trekken voorstel online leeftijdscontrole in twijfel en verdedigen pseudoniemen Maatregelen die “niet effectief” en “disproportioneel” zijn, die gebaseerd zijn op “misverstanden” of “paternalistische bescherming": een aantal experts heeft dinsdag het nut van verplichte leeftijdscontrole in België voor toegang tot sociale media en een regeling rond het gebruik van pseudoniemen online ernstig in twijfel getrokken.

"Anonymity does not mean impunity." Professor Bart Preneel warns that ending online anonymity and imposing age checks on social media are ineffective, disproportionate, and dangerous - risking surveillance cultures, with no evidence they reduce harm.
www.hbvl.be/nieuws/exper...

Vincent Rijmen and Joan Daemen receive the #BVVA Foundation Frontiers of Knowledge Award
eng.kuleuven.be/en/news-cale...
#cosic #kuleuven #aes #rijndael

"Lessons from Integrating PQ Algorithms into the #Botan Open Source Library" by Amos Treiber at the #PQCSA workshop Open-Source #PQC Libraries and Implementations today in Brussels.
www.esat.kuleuven.be/cosic/events...
#quantum #postquantum #cosic #kuleuven

Simon Josefsson discussing #SSH and Post-Quantum Crypto at the #PQCSA workshop Open-Source #PQC Libraries and Implementations today.
www.esat.kuleuven.be/cosic/events...
#quantum #postquantum #cosic #kuleuven

Hanno Becker is teaching #mlkem/#mldsa-native at the #PQCSA workshop Open-Source #PQC Libraries and Implementations today in Brussels.
www.esat.kuleuven.be/cosic/events...
#quantum #postquantum #cosic #kuleuven

He Rongkuan giving a quick overview of #OpenHiTLS at the #PQCSA workshop Open-Source #PQC Libraries and Implementations today in Brussels.
www.esat.kuleuven.be/cosic/events...
#quantum #postquantum #cosic #kuleuven

Professor Bart Preneel introduces post-quantum cryptography to the audience at the #PQCSA workshop on Open-Source #PQC Libraries and Implementations, covering algorithms, standards and real-world deployments.
www.esat.kuleuven.be/cosic/events...
#quantum #postquantum #cosic #kuleuven

Great turnout at the #PQCSA workshop on Open-Source #PQC Libraries and Implementations in Brussels! The day kicked off with a welcome speech by organizer Aysajan Abidin.
#quantum #postquantum #cosic #kuleuven

"On the active security of the PEARL-SCALLOP group action" (Tako Boris Fouotsa, Marc Houben, Gioella Lorenzon, Ryan Rueger, Parsa Tasbihgou) is accepted at PQCrypto 2026.
pqcrypto2026.irisa.fr

Daemen y Rijmen, creadores del cifrado que protege internet, premiados por la Fundación BBVA Fronteras del Conocimiento Joan Daemen y Vincent Rijmen han ganado el Premio Fundación BBVA Fronteras del Conocimiento en Tecnologías de la Información y la Comunicación por el diseño del algoritmo criptográfico Rijndael, que s...

Daemen y Rijmen, creadores del cifrado que protege internet, premiados por la Fundación BBVA Fronteras del Conocimiento
www.antena3.com/noticias/soc...

El premio Fronteras reconoce a los artífices del sistema que protege la seguridad y la privacidad en internet La Fundación BBVA otorga a los ingenieros belgas Joan Daemen y Vincent Rijmen su galardón anual en la categoría de tecnología de la información

El premio Fronteras reconoce a los artífices del sistema que protege la seguridad y la privacidad en internet
elpais.com/tecnologia/2...

Joan Daemen and Vincent Rijmen, 18th Frontiers of Knowledge Award In the Information and Communication Technologies. For designing the cryptography system that protects the security of electronic devices and digital connections worldwide

📖Read more in the official press release: www.frontiersofknowledgeawards-fbbva.es/noticias/18t...

📹Or watch the interview with Vincent Rijmen here: youtu.be/-t_5POYIz08

We are proud to announce that Prof. Vincent Rijmen (COSIC, KU Leuven) & Prof. Joan Daemen (Radboud University) have won the BBVA Frontiers of Knowledge Award for designing the #Rijndael algorithm (#AES), now securing billions of devices worldwide.

These preview submissions are currently being discussed at #MPTS 2026, the #NIST Workshop on Multi-Party Threshold Schemes, held fully online.
🗓️ Haystack talks: 28 January
🗓️ PiVer & PQarrots talks: 29 January
Registration is free.
Program: csrc.nist.gov/events/2026/...

COSIC Professor Nigel Smart has also contributed to the preview submission TFHE, ZHEnith, and Nexus: csrc.nist.gov/csrc/media/P...

PiVer - PiVer PiVer is a unified and extensible framework for constructing computationally secure Verifiable Secret Sharing (VSS) schemes in the synchronous communication model. Built on the Π protocol and its fami...

📌 #PiVer is authored by seven current and three recently graduated COSIC PhD members, highlighting sustained research feeding into standardisation efforts.
More info on PiVer: www.esat.kuleuven.be/cosic/sites/...

COSIC contributions include previews of:
- PiVer: Π Verifiable Secret Sharing Framework
- PQarrots: Macaw, Kea and Kakapo (Threshold primitives from (isogeny-based) group actions)
- Haystack: Threshold and Distributed Stateful Hash-Based Signatures
See csrc.nist.gov/Projects/thr...

📢 COSIC researchers have contributed to multiple preview submissions for upcoming responses to the #NIST Call for Multi-Party Threshold Schemes (1st round previews, Jan 2026).
csrc.nist.gov/Projects/thr...

How do governments shut down the internet, and could it happen in Belgium? In Knack, Bart Preneel explains how Iran disconnected 90 million people, why full blackouts are technically hard here, and where our real digital vulnerabilities lie. Buy Knack magazine to read interview.

Abstract. Post-quantum secure digital signatures based on the MPC-in-the-Head (MPCitH) paradigm, a zero-knowledge (ZK) proof-based construction, are becoming increasingly popular due to their small public key size. However, the development of techniques for protecting MPCitH-based schemes against side-channel attacks remains slow, despite them being critical for real-world deployment. In this work, we adapt the Hypercube-MPCitH framework exploiting its native use of additive secret sharing to enable inherent protection against first- and high-order differential power analysis (DPA). We first perform a sensitivity analysis of the Hypercube Syndrome Decoding in the Head (SDitH) digital signature scheme with respect to both simple and differential power analysis. Based on the insight into its side-channel sensitivity, we then propose a tweak to the signature scheme to increase its inherent resistance against DPAs by design, eliminating the need to explicitly mask large parts of the signing procedure. More specifically, this is achieved through the novel (k+1)-Hypercube ZK Protocol: the proposed tweak increases the number of hidden shares an adversary must probe to recover the secret key from one to k+1, thus achieving inherent masking order k. Typically, increasing the amount of hidden shares results in a degradation of soundness in the zero-knowledge proof and as a result increases the signature size to a point where the scheme becomes of limited practical interest. To address this, we propose a technique to select the hidden shares in a more structured and optimal fashion, by exploiting the GGM tree structure in the Hypercube-MPCitH framework. As a result, the amount of revealed seeds is reduced, thus resulting in a smaller signature size even compared to the original hypercube protocol. Finally, we implement and benchmark the proposed Hypercube-SDitH signature scheme, comparing it against the cost of traditional masking. We propose different parameter sets that explore a trade-off between computational overhead and signature size. For 3rd-order protection, our tweaked signature scheme only incurs a 35-50% overhead in computational cost, compared to an estimated overhead of 300% for a fully masked implementation, while the overhead in signature size stays relatively low (52%). Overall, we demonstrate that the proposed (k+1)-Hypercube ZK Protocol can be used to construct efficient, DPA-resistant MPCitH-based digital signatures.

Image showing part 2 of abstract.

Image showing part 3 of abstract.

HYPERSHIELD: Protecting the Hypercube MPC-in-the-Head Framework Against Differential Probing Adversaries without Masking (Linda Pirker, Quinten Norga, Suparna Kundu, Anindya Ganguly, Barry van Leeuwen, Angshuman Karmakar, Ingrid Verbauwhede) ia.cr/2026/081

Abstract. The block cipher (BC) mode for realizing a variable-input-length strong tweakable pseudorandom permutation (VIL-STPRP), also known as the accordion mode, is a rapidly growing research field driven by NIST’s standardization project, which considers AES as a primitive. Widely used VIL-STPRP modes, such as HCTR2, have birthday-bound security and provide only 64-bit security with AES. To provide higher security, NIST is considering two directions: to develop new modes with beyond-birthday-bound (BBB) security and to use Rijndael-256-256 with HCTR2. This paper pursues the first direction while maintaining compatibility with HCTR2. In particular, we provide two solutions to achieve BBB security for two different approaches: (i) general cases without any conditions on the tweak and (ii) under the condition that the same tweak is not repeated too often as adopted in bbb-ddd-AES recently presented at Eurocrypt 2025. For the first approach, we propose a new mode, CHCTR, that iterates HCTR2 with two independent keys, which achieves 2n/3-bit security in the multi-user (mu) setting and satisfies NIST’s requirements. For the second approach, we prove mu security of HCTR2, which allows us to apply the tweak-based key derivation (TwKD) to HCTR2 in a provable manner. When the number of BC calls processed by a single tweak is upper-bounded by 2^(n/3), HCTR2-TwKD achieves 2n/3-bit mu security. By benchmarking optimized software implementations, we show that CHCTR with AES-256 outperforms HCTR2 with Rijndael-256-256, in all the twelve processor models examined. Similarly, HCTR2-TwKD outperforms bbb-ddd-AES in general cases, and it is even comparable to bbb-ddd-AES rigorously optimized for tweak-repeating use cases using precomputation.

Image showing part 2 of abstract.

Beyond-Birthday-Bound Security with HCTR2: Cascaded Construction and Tweak-based Key Derivation (Yu Long Chen, Yukihito Hiraga, Nicky Mouha, Yusuke Naito, Yu Sasaki, Takeshi Sugawara) ia.cr/2026/085

Abstract. The ongoing transition to Post-Quantum Cryptography (PQC) has highlighted the need for cryptographic schemes that offer high security, strong performance, and fine-grained parameter selection. In lattice-based cryptography, particularly for the popular module variants of learning with errors (Module-LWE) and learning with rounding (Module-LWR) schemes based on power-of-two cyclotomics, existing constructions often force parameter choices that either overshoot or undershoot desired security levels due to structural constraints. In this work, we introduce a new class of techniques that are the best of both worlds: structured Module-LWE (or LWR) embeds more algebraic structure than a module such that it significantly improves performance, yet less structure than a power-of-two cyclotomic ring such that it still enables more flexible and efficient parameter selection. We present two concrete instances: a construction based on a radical extension of a two-power cyclotomic field denoted radical Ring-LWE (RR-LWE) or Ring-LWR (RR-LWR), and a cyclotomic block-ring module lattice approach (BRM-LWE or BRM-LWR). These new structured Module-LWE and LWR reduce the required number of uniformly random bytes in its matrix by a factor up to the module rank and allows efficient NTT implementations while enabling more granular security-performance trade-offs. We analyze the security of these constructions, provide practical parameter sets, and present implementation results demonstrating a performance improvement of up to 37% compared to an optimized implementation of ML-KEM. Our techniques apply to both key encapsulation mechanisms and digital signature schemes, offering a pathway to more adaptable and performant PQC standards.

Image showing part 2 of abstract.

Structured Module Lattice-based Cryptography (Joppe W. Bos, Joost Renes, Frederik Vercauteren, Peng Wang) ia.cr/2026/098

Abstract. Masking, the primary countermeasure against differential power attacks, guarantees formal security under abstract execution models that are violated in modern micro-architectures. Meanwhile, processors with out-of-order micro-architectures are increasingly used for high-assurance tasks, yet their physical side-channel leakage remains poorly characterized, hindering side-channel security on such platforms. In this work, we present the first empirical study of physical power side-channel leakage on out-of-order cores. Through practical lab experiments, we identify and validate multiple micro-architectural leakage sources that undermine software masking: register renaming reintroduces register overwrites beyond software control; forwarding leaks through the common data bus, with less impact on security order than in-order forwarding; and concurrent instructions leaks through coupling, with affected instructions determined at runtime. We demonstrate that runtime scheduling and dynamic resource allocation undermine software-only mitigations. To address this, we propose countermeasures that shift part of the responsibility to hardware and require security by design. We further demonstrate that these effects are exploitable in practice by breaking the security of a theoretically secure software-masked lattice-based post-quantum implementation on an out-of-order core. Finally, we find that clock frequency significantly affects leakage of software-masked implementations. This makes security unstable across frequencies and suggests that cryptographic software should be constrained to verified frequencies.

Image showing part 2 of abstract.

Masking Out of Order: Side-Channel Leaks from Software-Masked Cryptography on Out-of-Order Processors (Eden Desmet, Suparna Kundu, Ingrid Verbauwhede) ia.cr/2026/123

Catch up on COSIC news! Our December–January newsletter is now online: www.esat.kuleuven.be/cosic/sites/...

We have a new PhD student! Félix Incerti did an internship with us last year, working on intrusion detection for CAN-BUS systems, and he is now back with us to continue his research journey as a PhD student. Welcome!
#choosecosic