Enhanced Anonymous Credentials for E-Voting Systems

A simple and practical method for achieving everlasting privacy in e-voting systems, without relying on advanced cryptographic techniques, is to use anonymous voter credentials. The simplicity of this approach may, however, create some challenges, when combined with other security features, such ...

​​Securing critical infrastructure: Why Europe’s risk-based regulations matter

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

​​Securing critical infrastructure: Why Europe’s risk-based regulations matter

The Deputy CISO blog series is where Microsoft Deputy Chief Information Security Officers CISOs share their thoughts on what is most important in their respective domains. In this series, you will get practical advice, tactics to start and stop deploying, forward-looking commentary on where the...

A Meta-Complexity Characterization of Minimal Quantum Cryptography

We give a meta-complexity characterization of EFI pairs, which are considered the "minimal" primitive in quantum cryptography and are equivalent to quantum commitments. More precisely, we show that the existence of EFI pairs is equivalent to the following: there exists a non-uniformly samplable...

EUVD-2024-2851

Malicious code in bioql PyPI...

On the Limitations of Pseudorandom Unitaries

Pseudorandom unitaries PRUs, one of the key quantum pseudorandom notions, are efficiently computable unitaries that are computationally indistinguishable from Haar random unitaries. While there is evidence to believe that PRUs are weaker than one-way functions, so far its relationship with other...

Cryptographic Data Exchange for Nuclear Warheads

Nuclear arms control treaties have historically focused on strategic nuclear delivery systems, leaving nuclear warheads outside formal verification frameworks. This paper presents a cryptographic protocol for secure and verifiable warhead tracking, addressing challenges in nuclear warhead...

Evaluating the Critical Risks of Amazon'S Nova Premier under the Frontier Model Safety Framework

Nova Premier is Amazon's most capable multimodal foundation model and teacher for model distillation. It processes text, images, and video with a one-million-token context window, enabling analysis of large codebases, 400-page documents, and 90-minute videos in a single prompt. We present the fir...

ZKPROV: a Zero-Knowledge Approach to Dataset Provenance for Large Language Models

As the deployment of large language models LLMs grows in sensitive domains, ensuring the integrity of their computational provenance becomes a critical challenge, particularly in regulated sectors such as healthcare, where strict requirements are applied in dataset usage. We introduce ZKPROV, a...

On Immutable Memory Systems for Artificial Agents: a Blockchain-Indexed Automata-Theoretic Framework Using ECDH-Keyed Merkle Chains

This paper presents a formalized architecture for synthetic agents designed to retain immutable memory, verifiable reasoning, and constrained epistemic growth. Traditional AI systems rely on mutable, opaque statistical models prone to epistemic drift and historical revisionism. In contrast, we...

A Private Smart Wallet with Probabilistic Compliance

We propose a privacy-preserving smart wallet with a novel invitation-based private onboarding mechanism. The solution integrates two levels of compliance in concert with an authority party: a proof of innocence mechanism and an ancestral commitment tracking system using bloom filters for...

Robust and Verifiable MPC with Applications to Linear Machine Learning Inference

In this work, we present an efficient secure multi-party computation MPC protocol that provides strong security guarantees in settings with dishonest majority of participants who may behave arbitrarily. Unlike the popular MPC implementation known as SPDZ Crypto '12, which only ensures security wi...

CVE-2024-45039

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...

The Hardness of Learning Quantum Circuits and Its Cryptographic Applications

We show that concrete hardness assumptions about learning or cloning the output state of a random quantum circuit can be used as the foundation for secure quantum cryptography. In particular, under these assumptions we construct secure one-way state generators OWSGs, digital signature schemes,...

Quantum Pseudoresources Imply Cryptography

While one-way functions OWFs serve as the minimal assumption for computational cryptography in the classical setting, in quantum cryptography, we have even weaker cryptographic assumptions such as pseudo-random states, and EFI pairs, among others. Moreover, the minimal assumption for computationa...

Cosmos: Making transfer v2 channel unupgradable through the forwarding

The transfer v2 channel can become unupgradable through the forwarding functionality. The forwarding process can create packet commitments on a legitimate channel, which cannot be deleted due to the lack of acknowledgments from a malicious channel. This results in the legitimate channel being...

SUSE CVE-2024-45039

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...

gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property

This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...

GHSA-9XCG-3Q8V-7FQ6 gnark commitments to private witnesses in Groth16 as implemented break zero-knowledge property

This report concerns the Groth16 prover when used with commitments as in frontend.Committer. To simplify exposition of the issue, I will focus on the case of a single commitment, to only private witnesses. But the issue should be present whenever commitments are used that include private witnesse...

CVE-2024-45039

gnark is a fast zk-SNARK library that offers a high-level API to design circuits. Versions prior to 0.11.0 have a soundness issue - in case of multiple commitments used inside the circuit the prover is able to choose all but the last commitment. As gnark uses the commitments for optimized...