Pinned
Reposted by siva
Excited to share eprint.iacr.org/2025/1905.pdf that re-envisions how to use folding/accumulation in succinct proof systems.
We provide a new framework to build folding-based SNARKs by eliminating the need to prove Fiat-Shamir inside circuits and by introducing a high-arity lattice folding scheme.
We provide a new framework to build folding-based SNARKs by eliminating the need to prove Fiat-Shamir inside circuits and by introducing a high-arity lattice folding scheme.
eprint.iacr.org
October 17, 2025 at 5:24 PM
Excited to share eprint.iacr.org/2025/1905.pdf that re-envisions how to use folding/accumulation in succinct proof systems.
We provide a new framework to build folding-based SNARKs by eliminating the need to prove Fiat-Shamir inside circuits and by introducing a high-arity lattice folding scheme.
We provide a new framework to build folding-based SNARKs by eliminating the need to prove Fiat-Shamir inside circuits and by introducing a high-arity lattice folding scheme.
Reposted by siva
Thrilled to finally share this ⚡𝙣𝙚𝙬 𝙥𝙖𝙥𝙚𝙧⚡ with my (now-graduated!) student Zachary Pepin, which will appear at TCC 2025.
We tackle a frequent inconvenience in BGV/BFV-style homomorphic encryption: getting the desired kind of "SIMD slots" for plaintext packing. 🧵
web.eecs.umich.edu/~cpeikert/pu...
We tackle a frequent inconvenience in BGV/BFV-style homomorphic encryption: getting the desired kind of "SIMD slots" for plaintext packing. 🧵
web.eecs.umich.edu/~cpeikert/pu...
September 26, 2025 at 2:28 PM
Thrilled to finally share this ⚡𝙣𝙚𝙬 𝙥𝙖𝙥𝙚𝙧⚡ with my (now-graduated!) student Zachary Pepin, which will appear at TCC 2025.
We tackle a frequent inconvenience in BGV/BFV-style homomorphic encryption: getting the desired kind of "SIMD slots" for plaintext packing. 🧵
web.eecs.umich.edu/~cpeikert/pu...
We tackle a frequent inconvenience in BGV/BFV-style homomorphic encryption: getting the desired kind of "SIMD slots" for plaintext packing. 🧵
web.eecs.umich.edu/~cpeikert/pu...
Reposted by siva
On the Impossibility of Actively Secure Distributed Samplers (Damiano Abram, Serge Fehr, Maciej Obremski, Peter Scholl) ia.cr/2025/1730
September 23, 2025 at 12:34 AM
On the Impossibility of Actively Secure Distributed Samplers (Damiano Abram, Serge Fehr, Maciej Obremski, Peter Scholl) ia.cr/2025/1730
Reposted by siva
The Syndrome-Space Lens: A Complete Resolution of Proximity Gaps for Reed-Solomon Codes (Russell Okamoto) ia.cr/2025/1712
![Abstract. We resolve the Correlated Agreement (CA) problem for Reed-Solomon codes up to the information-theoretic capacity limit by introducing a fundamental change of basis: from the traditional evaluation domain to the syndrome space. Viewed through this “Syndrome-Space Lens,” the problem of proximity testing transforms into a transparent question of linear-algebraic geometry: a single affine line of syndromes traversing a family of low-dimensional subspaces. This new perspective makes a sharp phase transition at the capacity boundary visible, allowing for a complete characterization of the problem’s behavior across all parameter regimes, yielding short, self-contained proofs.
Classification. We establish a precise trichotomy organized by the rank margin Δ := t − d. At the capacity boundary (Δ = 0), the CA premise is information-theoretically vacuous, and we prove that no rigidity can be concluded without imposing additional structure. One step beyond capacity (Δ = 1), the problem enters a “knife-edge” regime where unconditional rigidity does not hold; soundness is recovered either through a combinatorial witness (such as a repeated error support or a small union of supports) or by adding protocol-level structure (such as independent two-fold MCA checks, DEEP/STIR out-of-domain sampling, or a global error locator). For stricter gaps (Δ ≥ 2), unconditional rigidity holds under a simple algebraic condition ((r + 1)k < m + 1), with explicit quantitative bounds.
MCA and Practical Implications. Below capacity (δ < 1 − ρ), the strengthened mutual correlated agreement (MCA) problem reduces to ordinary correlated agreement. MCA holds under the same hypotheses as CA. When folds are generated with independent challenges (e.g., via domain-separated Fiat-Shamir), the per-round security margins add. The model-scoped soundness law is Pr [FA] ≤ q^(−(∑Δ_(i))s), providing a clear and complete rulebook for selecting safe and efficient parameters in FRI/STARK systems. This work bypasses the complex machinery of list-decoding algorithms entirely and resolves the long-standing open problem concerning the gap between the Johnson bound and capacity.](https://cdn.bsky.app/img/feed_thumbnail/plain/did:plc:fwa55bujvdrwlwlwgqmmxmuf/bafkreiaayrmiiifnmnoz3wcuadq7bvpsx5eqo3o2zdw5jtjsbe6weofg2e@jpeg)
September 21, 2025 at 12:28 AM
The Syndrome-Space Lens: A Complete Resolution of Proximity Gaps for Reed-Solomon Codes (Russell Okamoto) ia.cr/2025/1712
In polynomial commitments, evaluation proofs are nothing but a reduction from average case correctness of the pcs to worst case correctness of the pcs, isn't it, inspired from LDCs and LTCs.
September 6, 2025 at 5:37 AM
In polynomial commitments, evaluation proofs are nothing but a reduction from average case correctness of the pcs to worst case correctness of the pcs, isn't it, inspired from LDCs and LTCs.
Witness extended emulatable snarks/ polynomial commitments are secure under self composition, but need not be UC secure, as witness extended emulation involves rewinding, am I right here?
August 4, 2025 at 1:37 PM
Witness extended emulatable snarks/ polynomial commitments are secure under self composition, but need not be UC secure, as witness extended emulation involves rewinding, am I right here?
Reposted by siva
Limits on the Power of Constrained PRFs and Identity-based Cryptography (Roman Langrehr) ia.cr/2025/1338
July 23, 2025 at 8:36 PM
Limits on the Power of Constrained PRFs and Identity-based Cryptography (Roman Langrehr) ia.cr/2025/1338
Reposted by siva
We updated our paper on Fiat-Shamir!
We now take a closer look at the gap between what symmetric cryptography has focused on for over 10 years (indifferentiability) and what is actually needed for the soundness of ZKPs and SNARKs (something stronger!).
eprint.iacr.org/2025/536
We now take a closer look at the gap between what symmetric cryptography has focused on for over 10 years (indifferentiability) and what is actually needed for the soundness of ZKPs and SNARKs (something stronger!).
eprint.iacr.org/2025/536
A Fiat–Shamir Transformation From Duplex Sponges
We analyze a variant of the Fiat–Shamir transformation based on an ideal permutation. The transformation relies on the popular duplex sponge paradigm, and minimizes the number of calls to the permutat...
eprint.iacr.org
July 15, 2025 at 6:08 AM
We updated our paper on Fiat-Shamir!
We now take a closer look at the gap between what symmetric cryptography has focused on for over 10 years (indifferentiability) and what is actually needed for the soundness of ZKPs and SNARKs (something stronger!).
eprint.iacr.org/2025/536
We now take a closer look at the gap between what symmetric cryptography has focused on for over 10 years (indifferentiability) and what is actually needed for the soundness of ZKPs and SNARKs (something stronger!).
eprint.iacr.org/2025/536
Reposted by siva
Linear Prover IOPs in Log Star Rounds (Noor Athamnah, Noga Ron-Zewi, Ron D. Rothblum) ia.cr/2025/1269
July 11, 2025 at 11:16 PM
Linear Prover IOPs in Log Star Rounds (Noor Athamnah, Noga Ron-Zewi, Ron D. Rothblum) ia.cr/2025/1269
Reposted by siva
Tree PCPs (Tamer Mour, Alon Rosen, Ron Rothblum) ia.cr/2025/1252
July 11, 2025 at 10:59 PM
Tree PCPs (Tamer Mour, Alon Rosen, Ron Rothblum) ia.cr/2025/1252
Reposted by siva
There are days when math feels scary and confusing.
There are other days when it brings order and peace to a grateful universe.
There are other days when it brings order and peace to a grateful universe.
July 3, 2025 at 7:33 AM
There are days when math feels scary and confusing.
There are other days when it brings order and peace to a grateful universe.
There are other days when it brings order and peace to a grateful universe.
Reposted by siva
Limits on the Power of Private Constrained PRFs (Mengda Bi, Chenxin Dai, Yaohua Ma) ia.cr/2025/1196
June 30, 2025 at 6:54 AM
Limits on the Power of Private Constrained PRFs (Mengda Bi, Chenxin Dai, Yaohua Ma) ia.cr/2025/1196
Reposted by siva
Recently came across this fantastic talk by @ccanonne.github.io on deterministic amplification via expander graphs—elegant ideas, crystal-clear exposition. A real gem!
www.youtube.com/watch?v=3AAU...
www.youtube.com/watch?v=3AAU...
Clément Canonne: What is deterministic amplification?
YouTube video by Sydney Mathematical Research Institute - SMRI
www.youtube.com
June 27, 2025 at 10:45 AM
Recently came across this fantastic talk by @ccanonne.github.io on deterministic amplification via expander graphs—elegant ideas, crystal-clear exposition. A real gem!
www.youtube.com/watch?v=3AAU...
www.youtube.com/watch?v=3AAU...
Does anyone know what is the maximum size of the subgroup where discrete log is polytime computable in the group of units of the following galois ring
Z_{p}[X]/(X^{2^{k}}+1)
Or any pointers are also fine.
Thanks in advance.
Z_{p}[X]/(X^{2^{k}}+1)
Or any pointers are also fine.
Thanks in advance.
June 25, 2025 at 8:21 PM
Does anyone know what is the maximum size of the subgroup where discrete log is polytime computable in the group of units of the following galois ring
Z_{p}[X]/(X^{2^{k}}+1)
Or any pointers are also fine.
Thanks in advance.
Z_{p}[X]/(X^{2^{k}}+1)
Or any pointers are also fine.
Thanks in advance.
Reposted by siva
Cryptography meets worst-case complexity: Optimal security and more from iO and worst-case assumptions (Rahul Ilango, Alex Lombardi) ia.cr/2025/1087
June 10, 2025 at 2:53 PM
Cryptography meets worst-case complexity: Optimal security and more from iO and worst-case assumptions (Rahul Ilango, Alex Lombardi) ia.cr/2025/1087
I'm trying to understand bootstrapping and its use in evaluating arbitrary circuits in the BGV encryption scheme for RLWE.
Here the bootstrapping key is the encryption of binary decomposition of the secret key s, s and s_i \in R_q = Z_q[x]/(x^n+1), and the plain text space is R_p = Z_p[x]/(x^n + 1)
Here the bootstrapping key is the encryption of binary decomposition of the secret key s, s and s_i \in R_q = Z_q[x]/(x^n+1), and the plain text space is R_p = Z_p[x]/(x^n + 1)
June 8, 2025 at 1:23 PM
I'm trying to understand bootstrapping and its use in evaluating arbitrary circuits in the BGV encryption scheme for RLWE.
Here the bootstrapping key is the encryption of binary decomposition of the secret key s, s and s_i \in R_q = Z_q[x]/(x^n+1), and the plain text space is R_p = Z_p[x]/(x^n + 1)
Here the bootstrapping key is the encryption of binary decomposition of the secret key s, s and s_i \in R_q = Z_q[x]/(x^n+1), and the plain text space is R_p = Z_p[x]/(x^n + 1)
Reposted by siva
How to Trace Viral Content in End-to-End Encrypted Messaging (Pedro Branco, Matthew Green, Aditya Hegde, Abhishek Jain, Gabriel Kaptchuk) ia.cr/2025/1052
June 6, 2025 at 3:23 AM
How to Trace Viral Content in End-to-End Encrypted Messaging (Pedro Branco, Matthew Green, Aditya Hegde, Abhishek Jain, Gabriel Kaptchuk) ia.cr/2025/1052
Reposted by siva
Parallel Repetition for Post-Quantum Arguments (Andrew Huang, Yael Tauman Kalai) ia.cr/2025/1027
June 3, 2025 at 8:15 PM
Parallel Repetition for Post-Quantum Arguments (Andrew Huang, Yael Tauman Kalai) ia.cr/2025/1027
Reposted by siva
Malicious Security in Collaborative zk-SNARKs: More than Meets the Eye (Sanjam Garg, Aarushi Goel, Abhishek Jain, Bhaskar Roberts, Sruthi Sekar) ia.cr/2025/1026
June 3, 2025 at 8:15 PM
Malicious Security in Collaborative zk-SNARKs: More than Meets the Eye (Sanjam Garg, Aarushi Goel, Abhishek Jain, Bhaskar Roberts, Sruthi Sekar) ia.cr/2025/1026
Reposted by siva
Diving Deep Into UC: Uncovering and Resolving Issues in Universal Composability (Céline Chevalier, Éric Sageloli) ia.cr/2025/934
May 23, 2025 at 2:58 AM
Diving Deep Into UC: Uncovering and Resolving Issues in Universal Composability (Céline Chevalier, Éric Sageloli) ia.cr/2025/934
Reposted by siva
Quantum Rewinding for IOP-Based Succinct Arguments (Alessandro Chiesa, Marcel Dall'Agnol, Zijing Di, Ziyi Guan, Nicholas Spooner) ia.cr/2025/947
May 26, 2025 at 5:36 PM
Quantum Rewinding for IOP-Based Succinct Arguments (Alessandro Chiesa, Marcel Dall'Agnol, Zijing Di, Ziyi Guan, Nicholas Spooner) ia.cr/2025/947
Reposted by siva
Obfuscation of Unitary Quantum Programs (Mi-Ying (Miryam) Huang, Er-Cheng Tang) ia.cr/2025/891
May 19, 2025 at 10:27 AM
Obfuscation of Unitary Quantum Programs (Mi-Ying (Miryam) Huang, Er-Cheng Tang) ia.cr/2025/891
Reposted by siva
Rerandomizable Garbling, Revisited (Raphael Heitjohann, Jonas von der Heyden, Tibor Jager) ia.cr/2025/843
May 16, 2025 at 4:01 AM
Rerandomizable Garbling, Revisited (Raphael Heitjohann, Jonas von der Heyden, Tibor Jager) ia.cr/2025/843
Reposted by siva
Post-Quantum PKE from Unstructured Noisy Linear Algebraic Assumptions: Beyond LWE and Alekhnovich’s LPN (Riddhi Ghosal, Aayush Jain, Paul Lou, Amit Sahai, Neekon Vafa) ia.cr/2025/844
May 16, 2025 at 12:32 PM
Post-Quantum PKE from Unstructured Noisy Linear Algebraic Assumptions: Beyond LWE and Alekhnovich’s LPN (Riddhi Ghosal, Aayush Jain, Paul Lou, Amit Sahai, Neekon Vafa) ia.cr/2025/844