## In this issue

1. [2023/1678] BumbleBee: Secure Two-party Inference Framework for ...
2. [2023/1679] Plug Your Volt: Protecting Intel Processors against ...
3. [2023/1680] On the cryptographic properties of weightwise ...
4. [2023/1681] The Need for MORE: Unsupervised Side-channel ...
5. [2023/1682] Selective Opening Security in the Quantum Random ...
6. [2023/1683] Nibbling MAYO: Optimized Implementations for AVX2 ...
7. [2023/1684] Privacy-preserving Cosine Similarity Computation ...
8. [2023/1685] MPC in the head using the subfield bilinear ...
9. [2023/1686] The Quantum Decoding Problem
10. [2023/1687] Admissible Parameter Sets and Complexity Estimation ...
11. [2023/1688] Faster Complete Formulas for the GLS254 Binary Curve
12. [2023/1689] Revisiting the Boomerang Attack from a Perspective ...
13. [2023/1690] Efficient VOLE based Multi-Party PSI with Lower ...
14. [2023/1691] Some Results on Related Key-IV Pairs of Espresso
15. [2023/1692] Traitor Tracing Revisited: New Attackers, Stronger ...
16. [2023/1693] Elementary Remarks on Some Quadratic Based Identity ...
17. [2023/1694] Predicate Aggregate Signatures and Applications
18. [2023/1695] Implementing Arbitrary Maps over Small Finite ...
19. [2023/1696] A note on ``a novel authentication and key ...
20. [2023/1697] Full Round Distinguishing and Key-Recovery Attacks ...
21. [2023/1698] Another Look at Side-Channel Resistant Encoding Schemes
22. [2023/1699] Oblivious Homomorphic Encryption
23. [2023/1700] Scalable Mixed-Mode MPC
24. [2023/1701] Improved Search for Integral, Impossible- ...
25. [2023/1702] On Quantum Simulation-Soundness
26. [2023/1703] Memory Checking for Parallel RAMs
27. [2023/1704] Fine-Tuning Ideal Worlds for the Xor of Two ...
28. [2023/1705] BaseFold: Efficient Field-Agnostic Polynomial ...
29. [2023/1706] Breaking two PSI-CA protocols in polynomial time
30. [2023/1707] Analysis of four protocols based on tropical ...
31. [2023/1708] Algebraic properties of the maps $\chi_n$
32. [2023/1709] Signal Leakage Attack Meets Depth First Search: an ...
33. [2023/1710] Malleable Commitments from Group Actions and Zero- ...
34. [2023/1711] Passive SSH Key Compromise via Lattices
35. [2023/1712] Beyond Volume Pattern: Storage-Efficient Boolean ...
36. [2023/1713] High-assurance zeroization
37. [2023/1714] On Parallel Repetition of PCPs

## 2023/1678

* Title: BumbleBee: Secure Two-party Inference Framework for Large Transformers
* Authors: Wen-jie Lu, Zhicong Huang, Zhen Gu, Jingyu Li, Jian Liu, Kui Ren, Cheng Hong, Tao Wei, WenGuang Chen
* [Permalink](https://eprint.iacr.org/2023/1678)
* [Download](https://eprint.iacr.org/2023/1678.pdf)

### Abstract

Large transformer-based models have realized state- of-the-art performance on lots of real-world tasks such as natural language processing and computer vision. However, with the increasing sensitivity of the data and tasks they handle, privacy has become a major concern during model deployment. In this work, we focus on private inference in two-party settings, where one party holds private inputs and the other holds the model. We introduce BumbleBee, a fast and communication-friendly two-party private transformer inference system. Our contributions are three-fold: Firstly, we present optimized homomorphic encryption-based proto- cols that enable the multiplication of large matrices with 80 – 90% less communication cost than existing methods. Secondly, we offer a general method for designing efficient and accurate protocols for non-linear activation functions in transformers. Our activation protocols have demonstrated speed and reduced the communication overhead by 80 – 95% over two existing methods. Finally, we conducted intensive benchmarks on several large transformer models. Results show that BumbleBee is more than one order of magnitude faster than Iron (NeurIPS22).

## 2023/1679

* Title: Plug Your Volt: Protecting Intel Processors against Dynamic Voltage Frequency Scaling based Fault Attacks
* Authors: Nimish Mishra, Rahul Arvind Mool, Anirban Chakraborty, Debdeep Mukhopadhyay
* [Permalink](https://eprint.iacr.org/2023/1679)
* [Download](https://eprint.iacr.org/2023/1679.pdf)

### Abstract

The need for energy optimizations in modern systems forces CPU vendors to provide Dynamic Voltage Frequency Scaling (DVFS) interfaces that allow software to control the voltage and frequency of CPU cores. In recent years, the accessibility of such DVFS interfaces to adversaries has amounted to a plethora of fault attack vectors. In response, the current countermeasures involve either restricting access to DVFS interfaces or including additional compiler-based checks that let the DVFS fault occur but prevent an adversary from weaponizing it. However, such countermeasures are overly restrictive because (1) they prevent benign, non-SGX processes from utilizing DVFS, and (2) rely upon a less practical threat model than what is acceptable for Intel SGX. In this work, we hence put forth a new countermeasure perspective. We reason that all DVFS fault attacks are helped by system design decisions that allow an adversary to search through the entire space of frequency/voltage pairs which lead to DVFS faults on the victim system. Using this observation, we classify such frequency/voltage pairs causing DVFS faults as unsafe system states. We then develop a kernel module level countermeasure (in non-SGX execution context) that polls core frequency/voltage pairs to detect when the system is in an unsafe state, and force it back into a safe state. Our countermeasure completely prevents DVFS faults on three Intel generation CPUs: Sky Lake, Kaby Lake R, and Comet Lake, while allowing accessibility of DVFS features to benign non-SGX executions (something which prior works fail to achieve). Additionally, we also put forth the notion of maximal safe state, allowing our countermeasure to be implemented both as microcode (on the micro-architecture level) and as model-specific register (on the hardware level), as opposed to prior countermeasures which can not be implemented at the hardware level. Finally, we evaluate the overhead of our kernel module's execution on SPEC2017, observing an minuscule overhead of 0.28%.

## 2023/1680

* Title: On the cryptographic properties of weightwise affine and weightwise quadratic functions
* Authors: Pierrick Méaux, Yassine Ozaim
* [Permalink](https://eprint.iacr.org/2023/1680)
* [Download](https://eprint.iacr.org/2023/1680.pdf)

### Abstract

Weightwise degree-d functions are Boolean functions that take the values of a function of degree at most d on each set of fixed Hamming weight. The class of weightwise affine functions encompasses both the symmetric functions and the Hidden Weight Bit Function (HWBF). The good cryptographic properties of the HWBF, except for the nonlinearity, motivates to investigate a larger class with functions that share the good properties and have a better nonlinearity. Additionally, the homomorphic friendliness of symmetric functions exhibited in the context of hybrid homomorphic encryption and the recent results on homomorphic evaluation of Boolean functions make this class of functions appealing for efficient privacy-preserving protocols.

In this article we realize the first study on weightwise degree-d functions, focusing on weightwise affine and weightwise quadratic functions. We show some properties on these new classes of functions, in particular on the subclass of cyclic weightwise functions. We provide balanced constructions and prove nonlinearity lower bounds for all cyclic weightwise affine functions and for a family of weightwise quadratic functions. We complement our work with experimental results, they show that other cyclic weightwise linear functions than the HWBF have better cryptographic parameters, and considering weightwise quadratic functions allows to reach higher algebraic immunity and substantially better nonlinearity.

## 2023/1681

* Title: The Need for MORE: Unsupervised Side-channel Analysis with Single Network Training and Multi-output Regression
* Authors: Ioana Savu, Marina Krček, Guilherme Perin, Lichao Wu, Stjepan Picek
* [Permalink](https://eprint.iacr.org/2023/1681)
* [Download](https://eprint.iacr.org/2023/1681.pdf)

### Abstract

Deep learning-based profiling side-channel analysis has gained widespread adoption in academia and industry due to its ability to uncover secrets protected by countermeasures. However, to exploit this capability, an adversary must have access to a clone of the targeted device to obtain profiling measurements and know secret information to label these measurements. Non-profiling attacks avoid these constraints by not relying on secret information for labeled data. Instead, they attempt all key guesses and select the most successful one. Deep learning approaches form the foundation of several non-profiling attacks, but these methods often suffer from high computational complexity and limited performance in practical applications.

This work explores the performance of multi-output regression (MOR) models in side-channel analysis. We start with the recently proposed multi-output regression (MOR) approach for non-profiling side-channel analysis. Then, we significantly improve its performance by updating the 1) loss function, 2) distinguisher, and 3) employing a novel concept of validation set to reduce overfitting. We denote our approach as MORE - Multi-Output Regression Enhanced, which emphasizes significantly better attack performance than MOR. Our results demonstrate that combining the MORE methodology, ensembles, and data augmentation presents a potent strategy for enhancing non-profiling side-channel attack performance and improving the reliability of distinguishing key candidates.