Michele Orrù
@tumbolia.bsky.social
A curious child. https://michele.orru.net
2025 K-pop edition with video lectures
October 17, 2025 at 8:36 AM
2025 K-pop edition with video lectures
Talk in just a few hours! 🗞️ eprint.iacr.org/2024/1552
Exciting to present it in the very same venue where I wrote a big chunk of it while attending @rightscon.org !
Exciting to present it in the very same venue where I wrote a big chunk of it while attending @rightscon.org !
October 14, 2025 at 12:02 AM
Talk in just a few hours! 🗞️ eprint.iacr.org/2024/1552
Exciting to present it in the very same venue where I wrote a big chunk of it while attending @rightscon.org !
Exciting to present it in the very same venue where I wrote a big chunk of it while attending @rightscon.org !
Would it be harder to believe Nicholas Bourbaki is a collective pseudonym or that Jean-Pierre Serre is a single person
September 27, 2025 at 5:40 AM
Would it be harder to believe Nicholas Bourbaki is a collective pseudonym or that Jean-Pierre Serre is a single person
A key takeaway: for 20 years, we’ve relied on a notion called indifferentiability to use random oracles over arbitrary-length spaces—but it’s not sufficient for knowledge soundness.
🗞️ eprint.iacr.org/2025/536
🗞️ eprint.iacr.org/2025/536
A Fiat–Shamir Transformation From Duplex Sponges
We analyze a variant of the Fiat–Shamir transformation based on an ideal permutation. The transformation relies on the popular duplex sponge paradigm, and minimizes the number of calls to the permutat...
eprint.iacr.org
August 30, 2025 at 6:39 PM
A key takeaway: for 20 years, we’ve relied on a notion called indifferentiability to use random oracles over arbitrary-length spaces—but it’s not sufficient for knowledge soundness.
🗞️ eprint.iacr.org/2025/536
🗞️ eprint.iacr.org/2025/536
at this conference everyone has 4+ coauthors except me lol
August 24, 2025 at 10:41 PM
at this conference everyone has 4+ coauthors except me lol
Sorry for the late reply! Finally part of the CFRG!
August 17, 2025 at 10:15 PM
Sorry for the late reply! Finally part of the CFRG!
hahahah i feel attacked
July 16, 2025 at 7:37 AM
hahahah i feel attacked
The paper is huge — it’s been a journey to nail down a proof.
I think it’s a solid step forward in narrowing down Fiat-Shamir attacks and characterizing the concrete security of ZKPs. It’s also been really helpful in shaping what a standard for Fiat-Shamir should look like.
I think it’s a solid step forward in narrowing down Fiat-Shamir attacks and characterizing the concrete security of ZKPs. It’s also been really helpful in shaping what a standard for Fiat-Shamir should look like.
July 15, 2025 at 6:08 AM
The paper is huge — it’s been a journey to nail down a proof.
I think it’s a solid step forward in narrowing down Fiat-Shamir attacks and characterizing the concrete security of ZKPs. It’s also been really helpful in shaping what a standard for Fiat-Shamir should look like.
I think it’s a solid step forward in narrowing down Fiat-Shamir attacks and characterizing the concrete security of ZKPs. It’s also been really helpful in shaping what a standard for Fiat-Shamir should look like.
Yes! Right. Secret signature or verification key (the latter I think is more common)
July 11, 2025 at 6:01 AM
Yes! Right. Secret signature or verification key (the latter I think is more common)
If the hash input is secret though you’ll be leaking some side channel information right? And the procedure is only terminating in expected time
July 9, 2025 at 11:49 PM
If the hash input is secret though you’ll be leaking some side channel information right? And the procedure is only terminating in expected time
ACM CCS ? and I do remember them even welcoming economical studies on malware — www.youtube.com/watch?v=5uAK...
ACM CCS 2017 - Economic Factors of Vulnerability Trade and Exploitation - Luca Allodi
YouTube video by Association of Computing Machinery 2017
www.youtube.com
July 2, 2025 at 2:33 PM
ACM CCS ? and I do remember them even welcoming economical studies on malware — www.youtube.com/watch?v=5uAK...
that's not always the case right? If I am making an OR proof, I generate the commitment and the response of the simulated branch before getting the challenge of the verifier
May 17, 2025 at 10:08 AM
that's not always the case right? If I am making an OR proof, I generate the commitment and the response of the simulated branch before getting the challenge of the verifier
In any case Nico was in the original discussions for this project and knows the door is open :)
May 17, 2025 at 5:58 AM
In any case Nico was in the original discussions for this project and knows the door is open :)