Emad Heydari Beni
LightNews LightNews
emadbeni.bsky.social
Emad Heydari Beni
@emadbeni.bsky.social
90 followers 73 following 27 posts
Nokia @BellLabs & @CosicBe
PhD in CS; Opinions are my own and 100% biased! http://heydari.be;
Distributed systems & applied cryptography
Posts Replies Media Videos
Reposted by Emad Heydari Beni
eprint.ing.bot
Multi-Verifier Keyed-Verification Anonymous Credentials (Jan Bobolz, Emad Heydari Beni, Anja Lehmann, Omid Mirzamohammadi, Cavit Özbay, Mahdi Sedaghat) ia.cr/2025/2156
Abstract. Keyed-Verification anonymous credentials (KVAC) enable privacy-preserving authentication and can be seen as the symmetric primitive of conventional anonymous credentials: issuance and verification of credentials requires a shared secret key. The core advantage of KVACs is that they can be realized without pairings, which still appears to be a significant bottleneck when it comes to real-world adoption. KVACs provide all the benefits from anonymous credentials, in particular multi-show unlinkability, but only work in the setting where the issuer and verifier are the same entity, limiting the applications they can be used in. In this work we extend the idea of keyed-verification credential to a setting where again multiple verifiers are supported, each sharing an individual secret key with the issuer. We formally introduce this as multi-verifier keyed-verification anonymous credentials (mKVACs). While users must now get verifier-specific credentials, each credential still provides multi-show unlinkability. In terms of security, mKVAC naturally strengthens the single-verifier variant, as it guarantees that corruption of any verifier does not impact unforgeability guarantees for other verifiers. The main challenge therein is to not trade this added flexibility for privacy, and hide the verifier’s identity in the credential issuance. We provide formal definitions of all desired security and privacy features and propose a provably secure and pairing-free construction. Along the way, we develop a new KVAC-like primitive that authenticates group elements and offers statistical privacy, solving the open problem of combining multi-verifier support and pairing-freeness. Finally, we demonstrate practicality of our protocol via implementation benchmarks. Image showing part 2 of abstract.
November 29, 2025 at 2:05 AM
emadbeni.bsky.social
Excited for our new paper on distributed proof generation of FRI-based SNARKs!
We believe this is the first horizontally scalable SNARK for general circuits that is both transparent and plausibly post-quantum (PQ) secure.
July 28, 2025 at 10:58 AM
Reposted by Emad Heydari Beni
eprint.ing.bot
FRIttata: Distributed Proof Generation of FRI-based SNARKs (Hua Xu, Mariana Gama, Emad Heydari Beni, Jiayi Kang) ia.cr/2025/1285
Abstract. We present the first horizontally scalable SNARK for general circuits that is both transparent and plausibly post-quantum (PQ) secure. This system adapts the distributed proof generation technique introduced in Pianist (IEEE S&P 2024), which achieves linear scalability by encoding witnesses using bivariate polynomials and committing to them using the KZG polynomial commitment scheme. While Pianist and other scalable SNARK systems offer strong performance profiles, they rely on trusted setup ceremonies and cryptographic assumptions that are not PQ secure, e.g., pairing-based primitives. In contrast, we present a bivariate polynomial commitment scheme based on FRI, achieving a transparent and plausibly PQ alternative. Distributed FRI has a high communication cost. Therefore, we introduce Fold-and-Batch, a customizable technique that applies partial folding locally before performing batched FRI centrally. We formally prove the security of our constructions and provide an implementation for three variants of distributed FRI with thorough performance evaluations. Our results show that Fold-and-Batch reduces communication overhead compared to existing distributed FRI approaches while preserving scalability and keeping proof sizes moderate. To our knowledge, this is the first horizontally scalable SNARK for general circuits that at the same time achieves transparency, plausible PQ security, with a tunable tradeoff between efficiency, verifier cost and communication. Image showing part 2 of abstract.
July 16, 2025 at 1:22 PM
emadbeni.bsky.social
A: "We have too many meetings. We can't get anything done."
B: "You are right. Let's discuss this tomorrow. Does 10am work for you? "
A: 😐
July 15, 2025 at 2:07 PM
emadbeni.bsky.social
Double-blind peer review is such a bullshit process in the cryptography community. Papers are all on eprint.
July 3, 2025 at 8:37 PM
Reposted by Emad Heydari Beni
mfesgin.bsky.social
Our work on multi-message multi-recipient public key encryption is out! We build on Kyber (ML-KEM) and get great efficiency. Kudos to Hongxiao Wang for leading this work!
eprint.ing.bot ePrint Updates @eprint.ing.bot · Jun 2
Post-Quantum Multi-Message Public Key Encryption from Extended Reproducible PKE (Hongxiao Wang, Ron Steinfeld, Markku-Juhani O. Saarinen, Muhammed F. Esgin, Siu-Ming Yiu) ia.cr/2025/1000
Abstract. A multi-message multi-recipient Public Key Encryption (mmPKE) enables batch encryption of multiple messages for multiple independent recipients in one go, significantly reducing costs, particularly bandwidth, compared to the trivial solution of encrypting each message individually. This capability is especially critical in the post-quantum setting, where ciphertext length is typically significantly larger than the corresponding plaintext. In this work, we first observe that the generic construction of mmPKE from reproducible PKE proposed by Bellare et al. (PKC ’03) does not apply in the lattice-based setting because existing lattice-based PKE schemes do not fit the notion of reproducible PKE. To this end, we first extend their construction by proposing a new variant of PKE, named extended reproducible PKE (XR-PKE), which enables the reproduction of ciphertexts via additional hints. However, standard lattice-based PKE schemes, such as Kyber (EuroS&P ’18), do not readily satisfy the XR PKE requirements. To construct XR-PKE from lattices, we introduce a novel technique for precisely estimating the impact of such hints on the ciphertext security while also establishing suitable parameters. This enables us to instantiate the first CPA-secure mmPKE and Multi-Key Encapsulation Mechanism (mmKEM) from the standard Module Learning with Errors (MLWE) lattice assumption, named mmCipher-PKE and mmCipher-KEM, respectively. We then extend our works to the identity-based setting and construct the first mmIBE and mmIB-KEM schemes. As a bonus contribution, we explore generic constructions of adaptively secure mmPKE, achieving security against adaptive corruption and chosen-ciphertext attacks. We also provide an efficient implementation and thorough evaluation of the practical performance of our mmCipher. Our results show that mmCipher provides significant bandwidth and computational savings in practice, compared to the state-of-the-art. For example, for 1024 recipients, our mmCipher-KEM achieves a 23~45 times reduction in bandwidth overhead, reaching within 4~9% of the plaintext length (near optimal bandwidth), while also offering a 3~5 times reduction in computational cost. Image showing part 2 of abstract. Image showing part 3 of abstract.
June 2, 2025 at 9:18 PM
Reposted by Emad Heydari Beni
eprint.ing.bot
Attacking Poseidon via Graeffe-Based Root-Finding over NTT-Friendly Fields (Antonio Sanso, Giuseppe Vitto) ia.cr/2025/937
Abstract. This paper explores the algebraic structure of the Poseidon and Poseidon2 permutations over NTT-friendly finite fields, with a focus on preimage recovery via root-finding techniques. We introduce an algorithm for efficiently identifying single roots of high-degree univariate polynomials that emerge from these constructions, based on the Graeffe transform and the tangent Graeffe method. Our approach is evaluated on reduced-round bounty instances of these permutations at various security levels, as proposed by the Ethereum Foundation, demonstrating practical effectiveness. These results yield new insights into the security of permutation-based cryptographic primitives instantiated over NTT-friendly prime fields.
May 23, 2025 at 11:44 AM
Reposted by Emad Heydari Beni
josephhall.org
Matt Blaze's recent Congressional testimony on the prodigious attack surface of modern telecoms, and the role of end-to-end encryption in mitigating creaky infrastructure is REQUIRED READING oversight.house.gov/wp-content/u...
oversight.house.gov
April 10, 2025 at 1:57 AM
Reposted by Emad Heydari Beni
smartcryptology.bsky.social
FHE.org have a great virtual MeetUp tomorrow with one of the OG's of lattice based crypto: Daniele Micciancio.

He will talk about "Bit Security: Optimal Adversaries, Equivalence Results, and a Toolbox for Computational-statistical Security Analysis"

lu.ma/sahiap4q?tk=...

#cryptography
Fully Homomorphic Encryption
We are a community of researchers and developers interested in advancing homomorphic encryption and other secure computation techniques.
FHE.org
April 2, 2025 at 1:24 PM
Reposted by Emad Heydari Beni
cosic.bsky.social
Emad Heydari Beni from COSIC presented "Emad Heydari BeniQRYPT: End-to-End Encrypted Audio Calls via Blind Audio Mixing" at RWC 2025 in Sofia last week.
Here's a nice picture of (ex)cosix at #rwc2025.
rwc.iacr.org/2025/program...
March 31, 2025 at 8:54 AM
emadbeni.bsky.social
After a week of ZK, FHE, audio mixing and applied crypto, it's good to be back home and play with my little girls.
March 30, 2025 at 7:56 AM
emadbeni.bsky.social
Embrace for impact!!
#RealWorldCrypto
rwc.iacr.org Real World Crypto Symposium @rwc.iacr.org · Mar 25
Emad Heydari Ben showcases QRYPT: harnessing homomorphic encryption for secure group audio without missing a beat. Tune in without giving away your secrets at #RealWorldCrypto2025
March 26, 2025 at 7:37 AM
Reposted by Emad Heydari Beni
nadim.computer
Paper submitted to ePrint
March 25, 2025 at 5:10 PM
Reposted by Emad Heydari Beni
durumcrustulum.com
The GSMA RCS E2EE spec using MLS is only 90 pages! light reading 😁

www.gsma.com/solutions-an...
www.gsma.com
March 25, 2025 at 12:40 PM
emadbeni.bsky.social
Robin Geelen presents GBFV at FHE.org. GBFV is a SNARK friendly FHE scheme that supports the Goldilocks prime. We use it in our Blind zkSNARKs.
March 25, 2025 at 11:52 AM
Reposted by Emad Heydari Beni
smartcryptology.bsky.social
Me presenting about The Fellowship of the Galois Rings at Real World Multi-Party Computation in Sofia
March 25, 2025 at 10:33 AM
emadbeni.bsky.social
At #RealWorldCrypto2025, we plan to present how we do end-to-end encrypted audio calls.
Things we build at Nokia Bell Labs.
March 24, 2025 at 10:05 PM
emadbeni.bsky.social
Now Jannik is presenting our paper at @zkproof.org @cosic.bsky.social
March 24, 2025 at 9:53 AM
emadbeni.bsky.social
For some ZK folks, ZKProof is the event and RWC the side event. Learning new perspectives!
March 23, 2025 at 5:42 PM
Reposted by Emad Heydari Beni
malb.bsky.social
The list of accepted talk at @rwc.iacr.org is now available: rwc.iacr.org/2025/accepte... Early registration ends 26 February. CC: programme co-chair @nicksullivan.org
RWC 2025 accepted papers
Real World Crypto Symposium
rwc.iacr.org
February 2, 2025 at 12:14 PM
Reposted by Emad Heydari Beni
matthewdgreen.bsky.social
Things have been relatively quiet on the “crypto wars” front, which makes me think we’re going to see something dramatic soon. Maybe not here in the US, but probably from another US-allied country.
February 1, 2025 at 4:25 PM
emadbeni.bsky.social
The amount of ZKP cryptography being designed and deployed in the last few years is exciting and at the same time terrifying.

These protocols are currently supposed to secure our financial infrastructure.
July 19, 2023 at 5:44 PM
Reposted by Emad Heydari Beni
eprint.ing.bot
ZK-for-Z2K: MPC-in-the-Head Zero-Knowledge Proofs for ℤ_(2^(k))
(Lennart Braun, Cyprien Delpech de Saint Guilhem, Robin Jadoul, Emmanuela Orsini, Nigel P. Smart, Titouan Tanguy) ia.cr/2023/1057
Abstract. In this work, we extend the MPC-in-the-head framework, used in recent efficient zero-knowledge protocols, to work over the ring ℤ_(2^(k)), which is the primary operating domain for modern CPUs. The proposed schemes are compatible with any threshold linear secret sharing scheme and draw inspiration from MPC protocols adapted for ring operations. Additionally, we explore various batching methodologies, leveraging Shamir’s secret sharing schemes and Galois ring extensions, and show the applicability of our approach in RAM program verification. Finally, we analyse different options for instantiating the resulting ZK scheme over rings and compare their communication costs.
July 11, 2023 at 4:59 AM
Reposted by Emad Heydari Beni
malb.bsky.social
68 (UK affiliated) researchers working on security and privacy have raised alarms about provisions in the UK #OnlineSafetyBill: "our concern is that surveillance technologies are deployed in the spirit of providing online safety."

Read our letter here: https://haddadi.github.io/UKOSBOpenletter.pdf
July 5, 2023 at 11:34 AM
Reposted by Emad Heydari Beni
smartcryptology.bsky.social
Have a FAEST on post-quantum digital signatures based on the security of the AES function...

https://faest.info/

Great work from a team of Aalto, Aarhus, AIT, Bocconi, DTU, KU Leuven, and TU Graz authors.
July 6, 2023 at 10:34 AM