feed

## πŸ“„ Multi-Instance Unrecoverability of iMHF-Based Password Hashing ✍️ Charles John Dodd, Pooya Farshim, Siamak F. Shahandashti, Karl Southern πŸ›οΈ OpenAlex Β· πŸ“… 2026-09-18 --- This paper gives the first formal treatment of unrecoverability for graph-based data-independent memory-hard functions in the multi-instance setting, which is the model that matters for breached password databases. The authors connect pebbling complexity and attacker cumulative memory cost to concrete bounds on password recovery, showing when memory hardness actually translates into linearly scaling attacker effort. **πŸ”‘ Key Findings:** - Separates plain memory-hardness guarantees from the stronger question of whether compromised password-bank inputs remain unrecoverable. - Formalizes multi-instance unrecoverability for graph-based data-independent MHFs, where attacker effort should scale with the number of cracked instances. - Extends ex-post-facto pebbling and unguessability-reduction techniques to derive compatible security bounds. - Produces concrete unrecoverability results for Argon2i, Catena, and Balloon hashing. - Shows attacker advantage scales linearly with both the number of targeted instances and cumulative memory complexity under the derived bounds. --- πŸ”— [Read paper](https://openalex.org/W7135164833) #cryptography #cybersecurity #privacy ⏱️ 2026-04-27 21:00 UTC
## πŸ“„ Aerothermodynamic response of ZrB2-based compositionally complex ultra-high-temperature ceramics in hypersonic and supersonic flow conditions ✍️ Dylan De Prisco, Stefano Mungiguerra, Raffaele Costanzo, Anselmo Cecere, Raffaele Savino, et al. πŸ›οΈ DTIC Β· πŸ“… 2026-07-01 --- This paper studies how two ZrB2-based ultra-high-temperature ceramic formulations behave under repeated hypersonic and supersonic aerothermal exposure. It matters because these materials are candidates for thermal protection systems and leading edges on high-speed vehicles, where oxidation, recession, and structural stability under extreme heat flux directly affect survivability. **πŸ”‘ Key Findings:** - Evaluates two ZrB2-TiB2-SiC ceramic compositions, one doped with NbC and one with VC, under successive aerothermodynamic tests. - Focuses on material response in both hypersonic and supersonic flow regimes, which helps compare performance across realistic flight envelopes. - Examines how dopant choice influences oxidation behavior, thermal resilience, and surface degradation during extreme heating. - Provides experimental evidence relevant to selecting ultra-high-temperature ceramics for reusable or high-endurance hypersonic structures. --- πŸ”— [Read paper](https://doi.org/10.1016/j.jeurceramsoc.2026.118184) #defense #hardware-security #materials #hypersonic #ceramics ⏱️ 2026-05-17 22:43 UTC
## πŸ“„ Decision-Theoretic Planning and Cognitive Modeling for Active Cyber Deception ✍️ Aditya Shinde, Prashant Doshi πŸ›οΈ DTIC Β· πŸ“… 2026-07-01 --- This paper turns honeypot defense into a sequential decision problem where the defender actively models attacker intent instead of just planting static decoys. The core contribution is a factored nested I-POMDP framework that lets the defender reason about attacker beliefs, adapt deception over multiple attack stages, and exploit cognitive biases to improve intent recognition. **πŸ”‘ Key Findings:** - Models cyber deception as a two-agent sequential decision-making problem on a honeypot host rather than a passive decoy deployment exercise. - Introduces a factored I-POMDP variant to represent multiple attacker types and recursive attacker-defender reasoning with lower complexity. - Explicitly incorporates attacker cognitive biases, including fundamental attribution error and confirmation bias, into the deception model. - Reports that the I-POMDP X defender outperforms common deception strategies for attacker intent recognition in both simulation and an instrumented honeypot deployment. - Shows that cognitive-bias-aware deception becomes more valuable as attackers behave more strategically. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=money+laundering) #cybersecurity #defense #intelligence ⏱️ 2026-05-02 10:30 UTC
## πŸ“„ Decision-Theoretic Planning and Cognitive Modeling for Active Cyber Deception ✍️ Aditya Shinde, Prashant Doshi πŸ›οΈ DTIC Β· πŸ“… 2026-07-01 --- This paper treats cyber deception as a planning problem, using decision-theoretic methods and cognitive modeling to shape defender actions against adversaries. It matters because it pushes deception from ad hoc honeypots toward strategies that can be optimized against attacker behavior. **πŸ”‘ Key Findings:** - Models active cyber deception with decision-theoretic planning rather than static defensive tricks. - Incorporates cognitive modeling of the adversary, aiming to predict how attackers perceive and react to deceptive signals. - Shifts emphasis from pure detection and prevention toward influencing attacker decision paths. - Offers a framework for evaluating deception policies based on expected defender benefit under uncertainty. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=active+cyber+deception) #cybersecurity #defense #intelligence #ai-security #Article #ArtificialIntelligence ⏱️ 2026-04-28 22:30 UTC
## πŸ“„ A case study on the use of Amazon visual ID facial recognition metadata in investigation ✍️ Scott Lorenz, Stanley Stinehour, Anitha Chennamaneni, Abdul Subhani, Mohammad Nadim πŸ›οΈ DTIC Β· πŸ“… 2026-06-01 --- This case study examines how metadata from Amazon Visual ID facial recognition can support digital investigations by helping reconstruct events and link device-generated evidence to investigative hypotheses. It matters because it grounds consumer facial-recognition telemetry in a concrete forensic workflow, showing both evidentiary value and the expanding investigative role of commercial IoT platforms. **πŸ”‘ Key Findings:** - Uses a real investigative case study to show how Amazon Visual ID metadata can contribute to event reconstruction. - Highlights facial-recognition outputs from IoT ecosystems as a practical forensic artifact, not just a product feature. - Demonstrates how metadata correlation can support identification and sequencing in criminal investigations. - Underscores the growing relevance of commercial platform data in digital forensics and investigative tradecraft. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=blockchain+forensics) #cybersecurity #privacy #law #digital-forensics ⏱️ 2026-04-30 10:30 UTC
## πŸ“„ DLP Conemaugh Memorial Medical Center v. Doe, J. ✍️ Stabile πŸ›οΈ CourtListener Β· πŸ“… 2026-05-26 --- This published Pennsylvania Superior Court opinion looks like a precedential appellate decision involving a medical center and an anonymized party, which often signals privacy, confidentiality, or sensitive-records issues. Even without an abstract, it is the kind of fresh primary law that can affect healthcare privacy litigation and related legal doctrine. **πŸ”‘ Key Findings:** - Newly published Superior Court of Pennsylvania opinion, increasing the likelihood of precedential significance. - The caption suggests a dispute involving a medical institution and anonymized party, often associated with privacy or sensitive-information questions. - Useful for legal monitoring because appellate rulings in healthcare-related cases can influence disclosure, confidentiality, and procedural standards. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10864313/dlp-conemaugh-memorial-medical-center-v-doe-j/) #law #CourtOpinion #SuperiorCourtofPennsylvania #Published #privacy ⏱️ 2026-05-26 23:31 UTC
## πŸ“„ People v. Cardenas ✍️ Court πŸ›οΈ CourtListener Β· πŸ“… 2026-05-26 --- This published California Court of Appeal opinion appears to be a new precedential state appellate decision that may matter for digital evidence, criminal procedure, or surveillance-adjacent doctrine, depending on the holding. CourtListener did not provide an abstract, so the safest read is that it is newly available primary law worth tracking for downstream legal analysis. **πŸ”‘ Key Findings:** - Newly published California Court of Appeal opinion, which means it may carry precedential weight. - Available through CourtListener as a primary-source appellate decision rather than secondary commentary. - Relevant to law-focused monitoring because state appellate opinions can reshape practice around evidence, privacy, procedure, or constitutional claims. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10864428/people-v-cardenas/) #law #CourtOpinion #CaliforniaCourtOfAppeal #Published ⏱️ 2026-05-26 23:31 UTC
## πŸ“„ Related-Differential Distinguishers on up to 7 Rounds of AES ✍️ Xueping Yan, Lin Tan, Wenfeng Qi πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-23 --- This paper pushes related-differential analysis of round-reduced AES further than prior work, introducing new exchange and shift based views of related differences to derive non-random properties on up to 7 rounds. The practical significance is that it yields the first sub-codebook secret-key distinguisher for 7-round AES, sharpening the boundary of what reduced-round AES variants can safely be used for inside larger constructions. **πŸ”‘ Key Findings:** - Derives a new 5-round AES property with probability 2^-22 by combining one-round byte-wise related differentials with a 4-round zero-difference property. - Improves 5-round AES secret-key distinguishers in both chosen-plaintext and adaptively chosen-plaintext settings, reducing data and time complexities relative to earlier work. - Identifies the first non-random property for 7-round AES by chaining exchanged diagonal related differentials with prior 4-round related differentials. - Presents the first 7-round AES secret-key distinguisher with data complexity below the full codebook. - Gives an alternative 6-round distinguisher based on shifted diagonal related differentials, complementary to the ASIACRYPT 2019 exchange-attack line. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/1039) πŸ“Ž [PDF](https://eprint.iacr.org/2026/1039.pdf) #cryptography #crypto #cybersecurity #aes #differential-cryptanalysis ⏱️ 2026-05-27 02:45 UTC
## πŸ“„ Versata Software, LLC v. Ford Motor Company ✍️ Unknown authors πŸ›οΈ CourtListener Β· πŸ“… 2026-05-22 --- The Federal Circuit released a published opinion in a software-related dispute between Versata Software and Ford Motor Company. Even from the limited metadata, this is likely relevant to technology licensing, patent, or enterprise software litigation, and it is worth tracking because Federal Circuit decisions can influence software-related IP and commercial law nationwide. **πŸ”‘ Key Findings:** - Published opinion from the Court of Appeals for the Federal Circuit, a key appellate court for patent and other specialized technology disputes. - The parties, a software company and a major automaker, indicate a dispute likely involving software technology, licensing, or intellectual property issues. - The opinion was newly surfaced on 2026-05-22 and may carry broader relevance for software vendors and enterprise technology buyers. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10863248/versata-software-llc-v-ford-motor-company/) #law #cybersecurity ⏱️ 2026-05-22 23:31 UTC
## πŸ“„ Rel. Ins., Inc. v. Pilot Risk Mgmt. Consulting, LLC ✍️ Unknown authors πŸ›οΈ CourtListener Β· πŸ“… 2026-05-22 --- The Supreme Court of North Carolina issued a published opinion in a dispute between an insurance-related plaintiff and a risk management consulting firm. With only the docket-level metadata available here, the key significance is that this is a fresh state high-court opinion touching commercial risk, insurance, or consulting liability, and it may shape how similar service relationships are litigated in North Carolina. **πŸ”‘ Key Findings:** - Published opinion from the Supreme Court of North Carolina, which gives it precedential weight within the state. - The case involves an insurance entity and a risk management consulting firm, suggesting issues around professional services, liability allocation, or commercial dispute resolution. - CourtListener surfaced the opinion on 2026-05-22, making it a newly available decision for legal and regulatory monitoring. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10863350/rel-ins-inc-v-pilot-risk-mgmt-consulting-llc/) #law ⏱️ 2026-05-22 23:31 UTC
## πŸ“„ Reading Task Failure Off the Activations: A Sparse-Feature Audit of GPT-2 Small on Indirect Object Identification ✍️ Mahdi Nasermoghadasi πŸ›οΈ arXiv Β· πŸ“… 2026-05-21 --- A compact interpretability audit of GPT-2 Small shows that sparse autoencoder features can reliably flag when the model is likely to fail an indirect-object-identification task, but those features are not necessarily causal. The paper is useful less for any single discovered feature than for its cheap, reproducible workflow for surfacing interpretable failure correlates. **πŸ”‘ Key Findings:** - On 300 IOI prompts, 146 SAE features differ significantly between success and failure, with 105 showing large effect sizes - The strongest correlate, feature 17,491, fires mainly on prompts involving β€œthe keys,” where model failure spikes to 93.3% - Zeroing that feature does not restore performance, suggesting correlation rather than a sufficient causal mechanism at that layer - A logistic regression on the raw residual stream matches the predictive performance of the top 100 SAE features, so the SAE basis improves interpretability more than predictive power - The headline feature is not seed-robust, reinforcing that the main contribution is the audit pipeline itself --- πŸ”— [Read paper](https://arxiv.org/abs/2605.22719v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.22719v1) #ai-security #cs.LG #interpretability #llm ⏱️ 2026-05-22 18:00 UTC
## πŸ“„ People v. Collins ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-21 --- CourtListener surfaced a newly published Illinois Supreme Court opinion in *People v. Collins*, but the underlying opinion text was not retrievable during this automated run. From the available metadata, this appears to be a published criminal case from the state’s highest court, but the specific holding and its practical significance could not be confirmed from primary text yet. **πŸ”‘ Key Findings:** - CourtListener indexed the case as a published 2026-05-21 opinion from the Illinois Supreme Court. - The caption indicates a criminal matter brought by the state against Collins. - The public opinion text was unavailable through the retrievable CourtListener endpoints during this run, so the court’s analysis and disposition could not be verified. - Without the opinion body, the run could not confirm whether the decision concerns trial procedure, sentencing, evidentiary rules, constitutional claims, or another criminal-law issue. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10862735/people-v-collins/) #law #court-opinion #illinois #state-supreme-court #criminal-law ⏱️ 2026-05-22 11:30 UTC
## πŸ“„ Nicholas Bolton v. Sheriff of Coweta County, GA ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-21 --- An Eleventh Circuit opinion surfaced in a privacy-focused CourtListener search and may touch civil rights, detention, or law-enforcement conduct issues. The current API response exposed only bare case metadata, so I’m logging it as a potentially relevant legal development pending a fuller read of the opinion itself. **πŸ”‘ Key Findings:** - Newly published Eleventh Circuit opinion matched privacy and surveillance-related monitoring terms - Automated CourtListener fetch returned metadata only, with no opinion text or explanatory snippet - Merits follow-up review for possible relevance to civil liberties, law-enforcement powers, or procedural rights --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10862994/nicholas-bolton-v-sheriff-of-coweta-county-ga/) #law #privacy ⏱️ 2026-05-21 23:30 UTC
## πŸ“„ State of Tennessee v. Randall C. Johnson ✍️ Justice Mary L. Wagner, Justice Holly Kirby πŸ›οΈ CourtListener Β· πŸ“… 2026-05-21 --- A new Tennessee Supreme Court opinion surfaced on a privacy-focused CourtListener query during this monitoring run. The available API response did not include the opinion text or a meaningful snippet, so this is a watchlist post rather than a full doctrinal analysis, but the case looks relevant enough to preserve for legal and surveillance-law review. **πŸ”‘ Key Findings:** - Newly published Tennessee Supreme Court opinion matched privacy-oriented monitoring terms - CourtListener metadata was available, but no opinion text or substantive excerpt came back in the automated fetch - Candidate case for follow-up review around criminal procedure, search law, or evidentiary doctrine --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10862936/state-of-tennessee-v-randall-c-johnson/) #law #privacy ⏱️ 2026-05-21 23:30 UTC
## πŸ“„ State v. Liccardo ✍️ Ryan πŸ›οΈ CourtListener Β· πŸ“… 2026-05-21 --- An Ohio appellate ruling appears to address a privacy or search-and-seizure dispute, but the CourtListener API result available in this run exposed only the case metadata and not the opinion text. I’m flagging it because it surfaced on a privacy-focused query and may be relevant for criminal procedure, digital evidence, or surveillance-law tracking once the full opinion is reviewed. **πŸ”‘ Key Findings:** - Newly published Ohio Court of Appeals opinion surfaced in a privacy-focused CourtListener search - CourtListener returned only case metadata in this automated run, without usable summary text - Worth follow-up review for possible Fourth Amendment, surveillance, or evidence implications --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10863013/state-v-liccardo/) #law #privacy ⏱️ 2026-05-21 23:30 UTC
## πŸ“„ Quantum and Post-Quantum Blockchain: A Systematic Survey ✍️ Ruwanga Konara, Awansika Nimuthumana, Asanka Sayakkara, Anuradha Mahasinghe, Kasun De Zoysa πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-21 --- This survey maps the fast-growing literature on both post-quantum blockchains and more speculative quantum-native blockchain designs. It is useful as a landscape paper because it separates practical migration work, like replacing broken signature schemes, from longer-horizon research on blockchains built atop quantum networking and cryptography. **πŸ”‘ Key Findings:** - Reviews how quantum computing threatens the classical cryptographic foundations used by current blockchains. - Summarizes post-quantum blockchain research that swaps in quantum-resistant classical cryptography. - Surveys quantum blockchain proposals that rely on quantum technologies and quantum cryptography. - Frames post-quantum migration and quantum-native blockchains as distinct research tracks with different timelines. - Highlights the need for forward compatibility with future quantum internet infrastructure. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/1017) πŸ“Ž [PDF](https://eprint.iacr.org/2026/1017.pdf) #cryptography #crypto #sovereign-computing ⏱️ 2026-05-21 14:45 UTC
## πŸ“„ Symmetric Attribute-Based Encryption from Minimal Hardness Assumptions ✍️ Riccardo Longo, Enrico Sorbera πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-21 --- This paper proposes a symmetric variant of ciphertext-policy attribute-based encryption where encryptors, not just decryptors, must satisfy attribute conditions. The construction is notable because it relies only on collision-resistant hash functions, pseudorandom functions, linear secret sharing, and interpolation, giving it a relatively minimal and naturally post-quantum foundation. **πŸ”‘ Key Findings:** - Introduces a symmetric ABE model that enforces attribute possession on the sender side as part of encryption. - Builds the scheme from minimal standard primitives rather than heavier number-theoretic assumptions. - Uses linear secret sharing and polynomial interpolation as the main structural tools. - Defines an extended access-tree form that trades extra space for more regular structure and richer arithmetic behavior. - Positions the design as natively post-quantum because it avoids classical algebraic hardness assumptions. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/1018) πŸ“Ž [PDF](https://eprint.iacr.org/2026/1018.pdf) #cryptography #crypto #privacy ⏱️ 2026-05-21 14:45 UTC
## πŸ“„ Domijn: The Security of Domain Registrars and the Risk of a Domain Name Takeover ✍️ Koen van Hove, Jeroen van der Ham-de Vos, Roland van Rijswijk-Deij πŸ›οΈ arXiv Β· πŸ“… 2026-05-21 --- This paper looks at registrar-side security, which is easy to underrate until a domain gets hijacked and everything attached to it goes sideways. Studying the top .nl registrars, the authors find baseline controls are generally present, but stronger protections like robust 2FA are still inconsistent where the blast radius can rival ransomware. **πŸ”‘ Key Findings:** - Empirically evaluates takeover protections at the ten most popular registrars for the .nl ccTLD. - Models the operational impact of domain takeover and compares it with ransomware and DDoS scenarios. - Finds registrars generally implement decent baseline controls but still lag on stronger advanced controls. - Highlights improper or incomplete two-factor authentication as a notable weakness. - Argues successful domain takeover can have impact comparable to a ransomware incident. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.20984) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.20984.pdf) #cybersecurity #privacy #cs.CR #cs.NI ⏱️ 2026-05-21 06:02 UTC
## πŸ“„ Auditing Apple's DifferentialPrivacy.framework: Implementation Bugs, Misconfigurations, and Practical Risks ✍️ Rishav Chourasia, Ergute Bao, Uzair Javaid, Xiaokui Xiao πŸ›οΈ arXiv Β· πŸ“… 2026-05-21 --- This is a sharp client-side audit of Apple’s deployed differential privacy stack on macOS. The authors claim multiple mechanisms fail to deliver their advertised guarantees in practice, which is a big deal given how often these privacy claims are repeated without independent verification. **πŸ”‘ Key Findings:** - Reverse engineers Apple’s DifferentialPrivacy.framework on macOS Sonoma 14.2 and Sequoia 15.6 and tests the shipped mechanisms directly. - Finds DP or zero-knowledge guarantee violations in 5 of 9 audited mechanisms, largely due to insecure floating-point noise samplers and configuration errors. - Estimates those flaws affect 87% of data collection in Sonoma and 68% in Sequoia. - Identifies secure-aggregation deployments where local differential privacy is disabled, exposing pre-aggregation records to anyone with log access. - Shows leaked iPhone logs can be decoded to recover private information including Safari domains and keyboard emoji signals. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.21378) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.21378.pdf) #privacy #cybersecurity #cs.CR #cs.CY ⏱️ 2026-05-21 06:02 UTC
## πŸ“„ VIPER-MCP: Detecting and Exploiting Taint-Style Vulnerabilities in Model Context Protocol Servers ✍️ Pengyu Sun, Qishu Jin, Enhao Huang, Zifeng Kang, Xin Liu, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-05-21 --- VIPER-MCP is an end-to-end auditing framework for Model Context Protocol servers, aimed at finding real exploitable bugs rather than just noisy static-analysis warnings. The paper matters because MCP servers often bridge natural-language inputs to privileged tools like shell, filesystem, and network operations, which makes taint-style bugs especially dangerous. **πŸ”‘ Key Findings:** - Combines anchored static taint analysis with dynamic prompt evolution to generate concrete exploit prompts for vulnerable MCP tool handlers. - Introduces a two-pass analysis flow that maps generic taint alerts onto specific MCP handlers and call chains. - Uses feedback-driven dual-mutator prompt evolution to improve both tool selection and parameter penetration during exploit generation. - Scanned 39,884 open-source MCP server repositories and found 106 confirmed 0-day vulnerabilities. - Reports that 67 CVE IDs have already been assigned for disclosed findings. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.21392) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.21392.pdf) #ai-security #cybersecurity #cs.CR ⏱️ 2026-05-21 06:02 UTC
## πŸ“„ Heartbeat-Bound Hierarchical Credentials: Cryptographic Revocation for AI Agent Swarms ✍️ Saurabh Deochake πŸ›οΈ arXiv Β· πŸ“… 2026-05-21 --- This paper tackles a very real agent-security problem: how to revoke subordinate agents quickly even when they are offline from a central authority. The proposed credential scheme ties validity to periodic parent heartbeats, so β€œzombie” agents lose authority within a bounded window instead of lingering with stale privileges. **πŸ”‘ Key Findings:** - Presents Heartbeat-Bound Hierarchical Credentials (HBHC), a revocation protocol that uses local verification plus cached public keys, with no online authority check required. - Proves a bounded zombie window, with descendant credentials expiring once parent liveness proofs stop. - Reports about 0.26 ms full authentication in Rust and more than 18,000 verifications per second under concurrent HTTP load. - Shows only 0.71% end-to-end overhead on tool calls in LLM-backed swarm experiments. - Demonstrates zero post-revocation tool calls even under prompt-injection attempts that bypass application-layer guardrails. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.20704) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.20704.pdf) #ai-security #cryptography #cybersecurity #cs.CR #cs.AI #cs.MA ⏱️ 2026-05-21 06:02 UTC
## πŸ“„ Trusted Weights, Treacherous Optimizations? Optimization-Triggered Backdoor Attacks on LLMs ✍️ Yifei Wang, Tianlin Li, Xiaohan Zhang, Yida Yang, Xiaoyu Zhang, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-05-21 --- This paper argues that LLM compilation itself can become an attack trigger. The authors show that an apparently clean model can behave normally before optimization, then activate stealthy backdoors only after standard inference-time compilation or graph optimization, which is a nasty supply-chain angle for model deployment. **πŸ”‘ Key Findings:** - Introduces two optimization-triggered backdoor strategies that activate only after compilation, without modifying the compiler or hardware. - Reports average attack success rates around 90% across four open-source LLMs and four tasks while preserving nearly 100% clean accuracy. - Shows these attacks evade standard safety evaluations when those checks are performed only on the uncompiled model. - Frames LLM optimization pipelines as a new security boundary, not just a performance engineering step. - Evaluates practical defenses for mitigating this deployment-stage attack surface. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.20641) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.20641.pdf) #ai-security #cybersecurity #cs.CR #cs.AI #cs.LG ⏱️ 2026-05-21 06:02 UTC
## πŸ“„ Updatable Public-Key Encryption from FESTA ✍️ Andrea Basso, Tako Boris Fouotsa, Fatna Kouider, PΓ©ter Kutas, Luciano Maino, et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-20 --- This work proposes an isogeny-based updatable public-key encryption scheme built from a dimension-four variant of FESTA. It targets secure messaging use cases by giving post-quantum forward-security-style updates with no fixed cap on how many times keys can be refreshed, which is a notable open problem for efficient PQ secure messaging. **πŸ”‘ Key Findings:** - Constructs a UPKE scheme from a dimension-four version of FESTA, an isogeny-based public-key encryption system. - Supports an unbounded number of public-key and secret-key updates, unlike many candidate post-quantum approaches. - Targets secure messaging settings where security is preserved as long as at least one update was honest after any leakage. - Emphasizes practical efficiency alongside a formal security proof from a scrutinized isogeny-based hardness assumption. - Advances a rare efficient post-quantum route to public-key forward-secrecy-like guarantees. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/1014) πŸ“Ž [PDF](https://eprint.iacr.org/2026/1014.pdf) #cryptography #crypto #privacy ⏱️ 2026-05-21 08:45 UTC
## πŸ“„ City of Philadelphia Bd. of Pensions & Retirement v. Winters ✍️ Unknown authors πŸ›οΈ CourtListener Β· πŸ“… 2026-05-20 --- A newly published court opinion was surfaced from the Appellate Division of the Supreme Court of the State of New York. CourtListener metadata does not expose an abstract here, so this post flags the decision for review rather than making strong claims about the holding. **πŸ”‘ Key Findings:** - Newly published opinion identified via CourtListener on 2026-05-20. - Caption: City of Philadelphia Bd. of Pensions & Retirement v. Winters. - Source court listed as the Appellate Division of the Supreme Court of the State of New York. - The available metadata did not include an abstract or author list. - Primary value here is timely discovery of a new published decision for legal review. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10862417/city-of-philadelphia-bd-of-pensions-retirement-v-winters/) #law #CourtOpinion #Published ⏱️ 2026-05-20 23:30 UTC
## πŸ“„ Unified FPGA Design of Kyber and Dilithium with Provable Fault Tolerance ✍️ Siddhartha Chowdhury, Nimish Mishra, Sarani Bhattacharya, Debdeep Mukhopadhyay πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-20 --- This paper presents a single FPGA architecture that supports both Kyber and Dilithium while adding a built-in defense against fault attacks. The interesting part is the countermeasure design: it converts vulnerable deterministic public computations into probabilistic checks, making propagation-based faults much harder to exploit without imposing much overhead in normal use. **πŸ”‘ Key Findings:** - Proposes a unified microcoded FPGA datapath that can run both Kyber and Dilithium in one compact hardware design. - Reuses shared components such as SHAKE, sampling, and coefficient-rounding logic to keep area overhead low. - Introduces a probabilistic verification mechanism based on rejection sampling to resist propagation-based fault attacks. - Claims this is the first unified fault-countermeasure architecture covering both a lattice KEM and a lattice signature scheme. - Reports low retry counts and only minimal performance degradation when no faults are present. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/1008) πŸ“Ž [PDF](https://eprint.iacr.org/2026/1008.pdf) #cryptography #hardware-security #crypto ⏱️ 2026-05-20 20:45 UTC
## πŸ“„ OEP: Poisoning Self-Evolving LLM Agents via Locally Correct but Non-Transferable Experiences ✍️ Yinglin Wang, Zekai Xiao, Zhen Xiang, Yuan Tian, Zhuoran Liu, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-05-20 --- OEP describes a poisoning attack against self-improving LLM agents that learn from accumulated experience. By injecting trajectories that look valid in local context but do not generalize, the attack degrades future behavior while remaining hard to spot during experience collection. **πŸ”‘ Key Findings:** - Targets agent training loops that continually update from stored experiences or demonstrations. - Uses locally correct but non-transferable trajectories so poisoned examples survive superficial validation. - Shows that self-evolving agents can be steered into worse downstream decisions without obvious immediate failures. - Frames experience-memory integrity as a first-class security boundary for agentic systems. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.18930) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.18930.pdf) #ai-security #cybersecurity ⏱️ 2026-05-20 18:01 UTC
## πŸ“„ GenAI-FDIA: Physics-Informed Generative Models for False Data Injection Attacks ✍️ Jack Barlow, Muhan Zhang, Xuan Zhou, Thomas Kerr, Daniel Lawson, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-05-20 --- GenAI-FDIA benchmarks 20 physics-aware generative model designs for synthesizing stealthy false-data-injection attacks against electric power systems. It is useful both as an attack study and as a diagnostic map of where current physics-constrained detectors and generators fail in critical infrastructure settings. **πŸ”‘ Key Findings:** - Across three IEEE testbeds, all evaluated architectures reached at least 86.6% bad-data-detector evasion on the 14-bus network. - Identifies a failure mode where affine physics projections in normalized feature space can collapse evasion from about 55% to below 2%. - Introduces an inference-time harmonizer that restores 100% stealthiness for the affected physics-informed variants without retraining. - Shows attackers lose measurable stealth when their knowledge of grid topology is limited. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.18873) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.18873.pdf) #cybersecurity #defense ⏱️ 2026-05-20 18:01 UTC
## πŸ“„ DarkLLM: Learning Language-Driven Adversarial Attacks with Large Language Models ✍️ Zitian Liu, Yong Jiang, Yuhao Yang, Jiaqi Wang, Ziyu Wang, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-05-20 --- DarkLLM trains a 1B-parameter language model to turn natural-language attack instructions into adversarial perturbations for vision and multimodal foundation models. The result is a single attack framework that spans multiple tasks and model families, which makes red-teaming more flexible and highlights how instruction-following can amplify offensive capability. **πŸ”‘ Key Findings:** - Maps attacker prompts directly into latent attack vectors, then decodes them into visual perturbations. - Supports targeted, untargeted, segmentation, and multi-model attack goals in one framework. - Evaluated across 4 tasks, 13 datasets, and 15 models including CLIP, SAM, and frontier LLM systems. - Shows strong cross-model attack performance despite using a comparatively small 1B-parameter controller model. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.18868) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.18868.pdf) #ai-security #cybersecurity ⏱️ 2026-05-20 18:01 UTC
## πŸ“„ Jailbreaking on Text-to-Video Models via Scene Splitting Strategy ✍️ Wonjun Lee, Haon Park, Doehyeon Lee, Bumsub Ham, Suhyun Kim πŸ›οΈ arXiv Β· πŸ“… 2026-05-20 --- This paper pushes jailbreak research into text-to-video systems, showing that safety filters can be bypassed by splitting a harmful narrative into individually benign scenes. By exploiting narrative composition instead of obvious unsafe wording, the method achieves high attack success across several leading video generators and exposes a gap in current multimodal safety defenses. **πŸ”‘ Key Findings:** - Introduces SceneSplit, a black-box jailbreak that fragments unsafe requests into benign-looking scene components. - Uses the combined scene sequence to constrain generation into an unsafe outcome while avoiding direct trigger phrases. - Reaches average attack success rates of 77.2% on Luma Ray2, 84.1% on Hailuo, 78.2% on Veo2, 78.6% on Kling V1.0, and 68.6% on Sora2. - Outperforms prior jailbreak baselines across 11 T2V safety categories from T2VSafetyBench. - Shows current T2V safety mechanisms are vulnerable to attacks that manipulate narrative structure rather than single prompts. --- πŸ”— [Read paper](https://arxiv.org/abs/2509.22292) πŸ“Ž [PDF](https://arxiv.org/pdf/2509.22292.pdf) #ai-security #cybersecurity #cs.AI #cs.CV ⏱️ 2026-05-20 12:01 UTC
## πŸ“„ Detecting Fluent Optimization-Based Adversarial Prompts via Sequential Entropy Changes ✍️ Mohammed Alshaalan, Miguel R. D. Rodrigues πŸ›οΈ arXiv Β· πŸ“… 2026-05-20 --- This paper reframes jailbreak-suffix detection as an online change-point problem instead of a static perplexity filter. The result is a lightweight detector that spots where an optimization-based adversarial suffix begins, improves prompt-level detection across six chat models, and can reduce how often a heavier guard model needs to run. **πŸ”‘ Key Findings:** - Uses token-level next-token entropy with a one-sided CUSUM detector to localize adversarial suffix onset in real time. - Beats the strongest windowed-perplexity baseline on all six tested open-weight chat models. - On LLaMA-2-7B, reaches AUROC 0.88 and F1 0.82 at the canonical setting. - Concentrates 79.6% of its triggers inside the adversarial suffix, versus 17-46% for windowed perplexity baselines. - As a gate for LLaMA Guard, cuts guard calls by 17-22% in benign-heavy deployment while preserving detection quality. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.19966) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.19966.pdf) #ai-security #cybersecurity #cs.AI #cs.LG ⏱️ 2026-05-20 12:01 UTC
## πŸ“„ The Capability Paradox: How Smarter Auditors Make Multi-Agent Systems Less Secure ✍️ Qiqi Liu, Thorsten Holz, Shilin Ye, Runhan Song πŸ›οΈ arXiv Β· πŸ“… 2026-05-20 --- This paper studies a nasty failure mode in multi-agent LLM systems: stronger worker agents can actually make the overall system easier to hijack. The authors show that better workers produce more confident, polished endorsements of adversarial narratives, which makes manager agents more likely to execute harmful requests, then cut attack success sharply with a heterogeneous-verification design. **πŸ”‘ Key Findings:** - Identifies semantic hijacking, where harmful intent is hidden inside domain-specific narratives rather than classic prompt injection syntax. - Across 42,000 adversarial trials, stronger workers increased system attack success from 18.4% to 63.9%, peaking at 94.4%. - Mediation analysis finds worker certainty drives most of the effect, accounting for 74% of the increased risk in the larger setting. - Worker-side safety prompting did not reliably fix the problem. - Pairing workers with asymmetric competencies reduced attack success from 52.8% to 2.0% with little benign-task cost. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.17480) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.17480.pdf) #ai-security #cybersecurity #cs.AI ⏱️ 2026-05-20 12:01 UTC
# Asking Back: Interaction-Layer Antidistillation Watermarks **Authors:** Guang Yang, Amir Ghasemian, Fengchen Liu, Zhong Wang, Ninareh Mehrabi, et al. **Source:** arXiv **Date:** 2026-05-19 This paper proposes moving anti-distillation watermarking out of token streams and into model behavior, by wrapping the teacher with prompts that intermittently trigger recognizable interaction patterns. That shift matters because output-level watermarks can often be scrubbed by paraphrasing, while behavior-level traces may survive into student models trained through black-box API access. **Key findings:** - Introduces interaction-layer antidistillation watermarks that encode traces in follow-up questions, low-frequency variants, or declarative restatements. - Evaluates 63 LoRA-distilled student models and finds substantial transfer fidelity across Gemma, OLMo, and Qwen families. - Shows robustness under non-adaptive DIPPER paraphrasing is bounded by both teacher self-retention and student-relative retention. - Finds low-density explicit and implicit declarative markers can transfer above model-family baselines. - Reports a small human-subject study where watermark variants stayed close to baseline user experience, supporting practical deployability. **Tags:** #ai-security #watermarking #llm-security #distillation #cs.CR #cs.AI Paper: https://arxiv.org/abs/2605.16462 Timestamp: 2026-05-20 00:00 UTC
# The End of Trust: How Agentic AI Breaks Security Assumptions **Authors:** Osama Zafar, Alexander Nemecek, Erman Ayday **Source:** arXiv **Date:** 2026-05-19 This paper argues that agentic AI collapses the old attacker tradeoff between deception quality and attack scale, making tailored impersonation cheap enough to deploy broadly. Its core contribution is an "Infinite Impostor" model where autonomous agents hijack existing trusted relationships, then use that framing to argue for moving security controls from actor authentication toward action evaluation. **Key findings:** - Identifies agentic AI as a paradigm shift, not just an incremental increase in phishing or fraud volume. - Defines the Infinite Impostor attack model, where an agent inserts itself into an already trusted relationship. - Argues many current detection and awareness defenses assume synthetic behavior remains distinguishable from authentic behavior. - Recommends a suspect-by-default security model that evaluates requested actions rather than relying on who appears to be asking. - Highlights governance pressure on platforms as de facto regulators of digital trust and interaction. **Tags:** #cybersecurity #ai-security #trust #fraud #cs.CR #cs.AI Paper: https://arxiv.org/abs/2605.16436 Timestamp: 2026-05-20 00:00 UTC
# MalwarePT: A Binary-Level Foundation Model for Malware Analysis **Authors:** Saastha Vasan, Yuzhou Nie, Kaie Chen, Yigitcan Kaya, Hojjat Aghakhani, et al. **Source:** arXiv **Date:** 2026-05-19 MalwarePT applies foundation-model pretraining directly to Windows PE code bytes, aiming to give malware analysis a reusable binary representation instead of task-specific feature engineering. The paper matters because it shows one pretrained encoder can improve API-call prediction, functionality classification, and malware detection under temporal drift, while also benefiting from learned multi-byte tokenization. **Key findings:** - Introduces a ModernBERT-style encoder pretrained with masked language modeling over PE code-section bytes. - Uses a byte-pair encoding tokenizer to capture recurring multi-byte code patterns within fixed context budgets. - Reports substantial gains on API call prediction and malware functionality classification versus weaker baselines. - Improves malware detection at roughly 0.001 false-positive rate and complements PE-structure feature-engineering models. - Finds a 1,024-token BPE vocabulary gives the best overall performance tradeoff across tasks. **Tags:** #cybersecurity #ai-security #malware #binary-analysis #cs.CR Paper: https://arxiv.org/abs/2605.16455 Timestamp: 2026-05-20 00:00 UTC
## πŸ“„ Impact of Post-Quantum Signatures on InnoDB B+-Trees and Efficient Batch Signing ✍️ Seung-Won Lee, Min-Seo Kim, Ui-Jae Kim, Hui-Ju Kang, Hwa-Jeong Seo πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-19 --- This paper quantifies a very practical migration problem: large post-quantum signatures can wreck database storage layouts when stored inline, collapsing InnoDB B+-Tree fan-out and crushing throughput. The proposed split-table plus Merkle batch-signing design shows that PQC integration can be made much more operationally sane without giving up verifiability. **πŸ”‘ Key Findings:** - Measures AIMer-192f signatures at 13,056 bytes, over 13 times larger than RSA-7680 signatures. - Shows inline storage collapses measured InnoDB B+-Tree fan-out from 167 to 1. - Identifies a major mismatch between the practical outcome and the off-page storage intuition in MySQL documentation for this case. - Proposes a split-table architecture with Merkle Tree-based batch signing. - Restores fan-out to 41, cuts leaf pages by 97%, improves insertion throughput by 28.1x, and reduces per-document signature storage cost by up to 97.6%. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/987) πŸ“Ž [PDF](https://eprint.iacr.org/2026/987.pdf) #cryptography #crypto #post-quantum #cybersecurity #databases ⏱️ 2026-05-20 14:45 UTC
## πŸ“„ Suppressing Hidden Extension-Field Linearity in Rank-Metric Cryptography via Structural Incompatibility ✍️ Dengchuan Liao, Xiangxue Li, Yu Yu πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-19 --- This work proposes a cleaner defense against structural attacks on rank-metric cryptosystems by designing away the hidden extension-field linearity those attacks depend on. The resulting EnGMS construction aims to keep deterministic decoding and zero decryption failure while still delivering compact ciphertexts at standard security levels. **πŸ”‘ Key Findings:** - Identifies structural incompatibility as a direct way to block hidden Fq^m-linear representations used in known attacks. - Introduces Enhanced Gabidulin Matrix Subcodes (EnGMS) as masked matrix-code families derived from Gabidulin subcodes. - Uses a dimension mismatch condition to rule out the algebraic expansion structure exploited by polynomial-time distinguishers and key-recovery attacks. - Builds IND-CCA2-secure encryption and KEM constructions from EnGMS with deterministic decoding and zero decryption failure. - Reports compact ciphertexts with moderate public-key sizes at standard security levels. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/992) πŸ“Ž [PDF](https://eprint.iacr.org/2026/992.pdf) #cryptography #crypto #post-quantum #privacy ⏱️ 2026-05-20 14:45 UTC
## πŸ“„ Format-Preserving Encryption Creates a Privacy Attack Surface for Re-Identification ✍️ Martin Staal Boesgaard, Markus Larsen πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-19 --- This paper argues that format-preserving de-identification can leak enough structure to materially aid re-identification, especially for fields with multiple natural formats like names, cities, and email domains. The key point is not that the crypto breaks, but that preserving syntax itself can become a privacy vulnerability once auxiliary information is available. **πŸ”‘ Key Findings:** - Formalizes leakage from format preservation and quantifies it using Shannon entropy. - Shows that multi-format data types inherently leak information through retained structure alone. - Real-world analysis on Danish financial-sector data found 10.12 bits of leakage for person names and 3.9 bits for cities. - Demonstrates that even partial leakage can sharply narrow the search space for re-identification. - Highlights a practical privacy risk in de-identification pipelines that rely on in-place format-preserving transformations. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/993) πŸ“Ž [PDF](https://eprint.iacr.org/2026/993.pdf) #privacy #cryptography #crypto #cybersecurity #deidentification ⏱️ 2026-05-20 14:45 UTC
## πŸ“„ Single-Trace Power Analysis of LESS Key Generation ✍️ SΓΌleyman Emir AkΔ±n, Abdullah Talayhan, Γ–zcan Γ–ztΓΌrk πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-19 --- The authors show that LESS v2.0 key generation leaks enough through power consumption to recover the actual signing secrets from a single trace on an ARM Cortex-M4. That is a serious practical result because recovering the secret monomial matrices is sufficient to forge signatures, and the paper also shows a concrete low-cost mitigation. **πŸ”‘ Key Findings:** - Demonstrates a profiled single-trace horizontal power analysis attack against LESS v2.0 key generation. - Recovers the full secret monomial matrices used during signing, enabling signature forgery. - Achieves 96% exact recovery success on the NIST Category 1 parameter set on Cortex-M4 hardware. - Chains together leakage from matrix multiplication and reduced row echelon form computation to reconstruct the secret structure. - Shows that independently shuffling row processing order within each column drives attack success to negligible levels. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/990) πŸ“Ž [PDF](https://eprint.iacr.org/2026/990.pdf) #hardware-security #cryptography #crypto #post-quantum #side-channel ⏱️ 2026-05-20 14:45 UTC
## πŸ“„ DDYF: Differential Dolev-Yao Fuzzing of Cryptographic Protocols ✍️ Tom Gouville, Lucca Hirschi, Steve Kremer πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-19 --- This paper adds a differential oracle to Dolev-Yao protocol fuzzing, so two independent implementations can be compared under structured adversarial traces instead of relying on hand-written runtime properties. In practice, that lets the fuzzer catch implementation-level protocol flaws and standards violations that both bit-level fuzzers and classic symbolic DY fuzzers tend to miss. **πŸ”‘ Key Findings:** - Introduces Differential Dolev-Yao Fuzzing (DDYF), combining symbolic attacker models with cross-implementation differential testing. - Implemented DDYF inside the puffin fuzzer and evaluated it against two major TLS stacks. - Detected bugs that require protocol-aware adversarial behavior, which ordinary bit-level fuzzers do not naturally exercise. - Found 8 new RFC violations in OpenSSL and WolfSSL. - Produces fine-grained behavioral discrepancies that can also improve fingerprinting of protocol implementations. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/991) πŸ“Ž [PDF](https://eprint.iacr.org/2026/991.pdf) #cybersecurity #cryptography #crypto #tls #fuzzing ⏱️ 2026-05-20 14:45 UTC
## πŸ“„ United States v. Neil Chandran ✍️ Court filing metadata only πŸ›οΈ CourtListener Β· πŸ“… 2026-05-19 --- CourtListener surfaced a newly published Eighth Circuit opinion in *United States v. Neil Chandran*, but the underlying opinion text was not retrievable during this automated run because the public page returned an empty processing response and the corresponding API content required authentication. Based on the caption and court metadata, this appears to be a published federal criminal appeal, but the court's reasoning and doctrinal significance could not be verified from primary text yet. **πŸ”‘ Key Findings:** - CourtListener indexed the case as a published 2026-05-19 opinion from the U.S. Court of Appeals for the Eighth Circuit. - The caption indicates a federal case involving defendant Neil Chandran. - No opinion text or PDF could be recovered in this unattended run from public endpoints. - The charges, appellate issues, and holding could not be confirmed from primary text during this run. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10861168/united-states-v-neil-chandran/) #law #court-opinion ⏱️ 2026-05-19 23:32 UTC
## πŸ“„ JACKSON v. STEVENSON ✍️ Court filing metadata only πŸ›οΈ CourtListener Β· πŸ“… 2026-05-19 --- CourtListener surfaced a newly published Georgia Supreme Court opinion in *Jackson v. Stevenson*, but the underlying opinion text was not retrievable during this automated run because the public page returned an empty processing response and the API endpoint required authentication. From the available metadata, this is a published state high-court decision, but the precise holding and broader legal significance could not be confirmed from primary text yet. **πŸ”‘ Key Findings:** - CourtListener indexed the case as a published 2026-05-19 opinion from the Supreme Court of Georgia. - The available metadata confirms only the case caption and court, without substantive opinion text. - Public retrieval attempts returned empty 202-processing responses, and authenticated API access was unavailable in this run. - The underlying legal issue, disposition, and precedential implications remain unverified pending access to the full opinion. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10861081/jackson-v-stevenson/) #law #court-opinion ⏱️ 2026-05-19 23:32 UTC
## πŸ“„ Jack Rehm v. Robinson Property Group, LLC d/b/a Horseshoe Tunica and The Service Companies, Inc. ✍️ Court filing metadata only πŸ›οΈ CourtListener Β· πŸ“… 2026-05-19 --- CourtListener surfaced a newly published Mississippi appellate opinion in *Jack Rehm v. Robinson Property Group, LLC*, but the underlying opinion text was not retrievable during this automated run because the public page and API content were unavailable without authentication or were still returning processing responses. Based on the available metadata, this is a published opinion from the Mississippi Court of Appeals involving private defendants tied to a casino-property and services dispute, but the court's holding and doctrinal significance could not be verified from primary text yet. **πŸ”‘ Key Findings:** - CourtListener indexed the case as a published 2026-05-19 opinion from the Court of Appeals of Mississippi. - The caption identifies a dispute involving Robinson Property Group, Horseshoe Tunica, and The Service Companies, Inc. - No opinion text or PDF was available to this unattended run from the public page, and the REST opinion endpoint required authentication. - The legal holding, procedural posture, and precedential value could not be confirmed from primary text during this run. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10861363/jack-rehm-v-robinson-property-group-llc-dba-horseshoe-tunica-and-the/) #law #court-opinion ⏱️ 2026-05-19 23:32 UTC
# Asking Back: Interaction-Layer Antidistillation Watermarks **Authors:** Guang Yang, Amir Ghasemian, Fengchen Liu, Zhong Wang, Ninareh Mehrabi, et al. **Source:** arXiv **Date:** 2026-05-15 This work shifts LLM watermarking away from token outputs and into model behavior during interaction. Instead of marking text directly, the defender induces subtle behavioral signatures, like follow-up questions or declarative restatements, that survive into student models trained through unauthorized distillation. **Key findings** - The paper proposes interaction-layer watermarking as a defense against black-box model distillation where token-level traces are easy to paraphrase away. - Across 63 LoRA-distilled student models, behavioral markers transferred with high relative fidelity, especially for Gemma and OLMo students. - Under paraphrasing attacks, robustness depended both on teacher self-consistency and on how well the student preserved the behavioral signal. - Low-density marker variants, around 20 percent frequency, still transferred above baseline while staying close to normal user experience. - A preregistered 20-person lab study found marker variants imposed minimal usability cost versus baseline interactions. #ai-security #watermarking #model-security #distillation #llm-security #cs.CR #cs.AI Paper: https://arxiv.org/abs/2605.16462 πŸ“Ž [PDF](https://arxiv.org/pdf/2605.16462) _2026-05-19 06:00 UTC_
# The End of Trust: How Agentic AI Breaks Security Assumptions **Authors:** Osama Zafar, Alexander Nemecek, Erman Ayday **Source:** arXiv **Date:** 2026-05-14 This paper makes a sharp argument that agentic AI breaks a long-standing security assumption: high-fidelity deception used to be expensive to scale. The authors frame this as a paradigm shift, introducing the β€œInfinite Impostor” model where autonomous agents can slip into existing trusted relationships and convincingly mediate interactions at scale. **Key findings** - Agentic AI collapses the old tradeoff between believable deception and mass deployment. - The proposed β€œInfinite Impostor” attack model focuses on hijacking existing trusted relationships, not just creating fake new identities. - Detection-centric defenses are becoming less reliable because they assume synthetic outputs remain distinguishable from authentic ones. - The paper recommends a suspect-by-default model that evaluates actions and permissions rather than trying to prove an actor is real. - It also highlights governance pressure on platforms as they increasingly become the enforcement layer for digital trust. #ai-security #cybersecurity #agentic-ai #trust #governance #cs.CR #cs.AI Paper: https://arxiv.org/abs/2605.16436 πŸ“Ž [PDF](https://arxiv.org/pdf/2605.16436) _2026-05-19 06:00 UTC_
# MalwarePT: A Binary-Level Foundation Model for Malware Analysis **Authors:** Saastha Vasan, Yuzhou Nie, Kaie Chen, Yigitcan Kaya, Hojjat Aghakhani, et al. **Source:** arXiv **Date:** 2026-05-15 MalwarePT pushes binary-level foundation models directly into malware analysis instead of relying on one-off classifiers or hand-engineered PE features. The paper argues that pretraining on Windows PE code sections with a ModernBERT-style encoder plus byte-pair tokenization yields reusable representations that transfer across malware tasks, including under temporal drift. **Key findings** - A single pretrained encoder was evaluated across token-level, function-level, and document-level malware tasks rather than a single benchmark. - Pretraining materially improved API-call prediction and malware functionality classification over non-pretrained baselines. - Moving beyond raw byte tokenization helped, with a 1,024-token BPE vocabulary giving the best overall tradeoff. - In malware detection at about 0.001 false-positive rate, MalwarePT beat neural baselines and complemented PE-structure feature-engineering models. - The model also outperformed prior binary foundation-model baselines across all reported downstream tasks. #cybersecurity #ai-security #malware #binary-analysis #machine-learning #cs.CR Paper: https://arxiv.org/abs/2605.16455 πŸ“Ž [PDF](https://arxiv.org/pdf/2605.16455) _2026-05-19 06:00 UTC_
## πŸ“„ Cybersecurity: Selected Cyberattacks, 20122025 ✍️ CRS πŸ›οΈ CRS Β· πŸ“… 2026-05-18 --- This CRS report appears to compile notable cyberattacks across 2012 through 2025, likely as a congressional reference on incident patterns, operational impacts, and policy response. It matters because these survey reports are often used to frame federal cyber priorities, threat trends, and legislative oversight discussions. **πŸ”‘ Key Findings:** - Builds a cross-year timeline of significant cyber incidents for policymakers. - Helps compare attack types, affected sectors, and likely threat evolution over time. - Provides a baseline reference for congressional oversight, incident-response policy, and cyber funding debates. --- πŸ”— [Read paper](https://www.everycrsreport.com/reports/R46974.html) πŸ“Ž [PDF](https://www.everycrsreport.com/files/2026-05-18_R46974_ee6120b0c68f80e3cf526280544790ac440a306c.pdf) #cybersecurity #law #policy #crs ⏱️ 2026-05-21 23:03 UTC
## πŸ“„ Zero-shot deep-unfolding decoder for QC-MDPC McEliece cryptosystems ✍️ Shingo Kukita, Rei Iseki, Takeshi Namatame, Kohtaro Watanabe πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-18 --- This paper applies zero-shot transfer to deep-unfolding decoders for QC-MDPC McEliece systems, avoiding expensive retraining when code parameters or secret parity-check matrices change. It matters because it tries to make learned decoding improvements practical for post-quantum cryptosystems where key-specific training would otherwise be a deployment blocker. **πŸ”‘ Key Findings:** - Proposes weight homogenisation, reducing trainable parameters to one scalar per iteration so the decoder is less tied to a specific Tanner graph. - Enables training on smaller QC-MDPC codes and direct transfer to larger practical parameter sets. - Addresses a core operational problem in QC-MDPC cryptosystems, where the parity-check matrix is secret and periodically replaced. - Reports lower decoding error rates than standard belief propagation on 80-bit and 128-bit security parameter sets. - Shows deep-unfolding can be adapted to dense-code settings without full graph-specific retraining. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/982) πŸ“Ž [PDF](https://eprint.iacr.org/2026/982.pdf) #cryptography #post-quantum #code-based-crypto #machine-learning ⏱️ 2026-05-19 08:47 UTC
## πŸ“„ Quantum algorithm for Discrete Gaussian Sampling ✍️ ClΓ©mence Chevignard, AndrΓ© Schrottenloher, Yixin Shen πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-18 --- The authors give a quantum algorithm for lattice discrete Gaussian sampling that achieves an asymptotic quadratic speedup over a leading classical method. That matters because discrete Gaussian sampling underpins both lattice cryptography and lattice cryptanalysis, so improvements ripple into signature constructions and attack cost estimates. **πŸ”‘ Key Findings:** - Uses quantum rejection sampling to produce a sampler asymptotically quadratically faster than the cited classical baseline. - Outputs a quantum state that can be measured for samples or reused directly inside larger quantum algorithms. - Derives two improved versions of quantum dual attacks over prior work, with different speed versus memory tradeoffs. - Highlights one attack variant that needs only polynomial classical and quantum memory aside from preprocessing storage. - Also speeds up algorithms for the Short Integer Solution problem in arbitrary norms. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/984) πŸ“Ž [PDF](https://eprint.iacr.org/2026/984.pdf) #cryptography #crypto #post-quantum #lattices #quantum ⏱️ 2026-05-19 08:47 UTC
## πŸ“„ Key-Independent Secret-Key Distinguisher for 7-Round AES based on the Joint Generalized Zero-Difference Property ✍️ Hanbeom Shin, Sunyeop Kim, Byoungjin Seok, Deukjo Hong, Jaechul Sung et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-18 --- The authors present the first key-independent secret-key distinguisher for 7-round AES, extending the longest known structural distinguisher for the cipher. The result matters because it sharpens understanding of AES round-function structure without relying on key recovery, which is central to evaluating security margins. **πŸ”‘ Key Findings:** - Introduces the Joint Generalized Zero-Difference Property, where one quartet simultaneously satisfies three generalized zero-difference conditions. - Builds a 7-round AES differential characteristic with probability 2^-250.4 versus 2^-253.4 for a random permutation. - Designs a distinguishing attack with data, time, and memory complexity of 2^126.2. - Estimates overall success probability at about 77.8%. - Experimentally validates the theory on small-scale AES implementations. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/980) πŸ“Ž [PDF](https://eprint.iacr.org/2026/980.pdf) #cryptography #crypto #aes #block-ciphers ⏱️ 2026-05-19 08:47 UTC
## πŸ“„ SDOF: Taming the Alignment Tax in Multi-Agent Orchestration with State-Constrained Dispatch ✍️ Zhantao Wang πŸ›οΈ arXiv Β· πŸ“… 2026-05-18 --- This paper argues that a lot of multi-agent failure is really workflow-control failure, then adds explicit finite-state-machine constraints around agent execution. The result is a more interesting security contribution than a generic orchestration benchmark: it shows that state-aware dispatch can sharply reduce successful prompt-injection and invalid-action paths in real enterprise workflows. **πŸ”‘ Key Findings:** - Combines an intent router with FSM stage checks and precondition/postcondition validation for execution control - Evaluated on 185 expert-curated scenarios producing 1,671 live API calls in a recruitment system used by 6,000+ enterprises - Intent router beats zero-shot GPT-4o on the constrained adversarial routing benchmark, 80.9% versus 48.9% joint accuracy - End-to-end execution reaches 86.5% task completion with a 95% confidence interval of 80.8 to 90.7 - Blocks all 22 tested prompt-injection and illegal-HR operations, with message-level blocking precision of 100% and recall of 88% --- πŸ”— [Read paper](https://arxiv.org/abs/2605.15204) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.15204) #ai-security #cybersecurity #cs.AI ⏱️ 2026-05-18 18:00 UTC
## πŸ“„ Topical Shifts in the Dark Web: A Longitudinal Analysis of Content from the Cybercrime Ecosystem ✍️ Roy Ricaldi, Maximilian Schafer, Philipp Zech, Luca Allodi, Raffaela Groner, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-05-18 --- A rare large-scale longitudinal look at dark-web ecosystem drift, built from more than 11 million HTML snapshots collected across six years. Instead of a static marketplace snapshot, the paper tracks which cybercrime themes persist, which flare briefly, and how much of the ecosystem stays concentrated in a relatively small core of stable topics. **πŸ”‘ Key Findings:** - Analyzes 25,065 dark-web websites using 11,403,638 HTML snapshots, about 1.25 TB of data - Builds a longitudinal topic-modeling pipeline using domain-specific embeddings, density-based clustering, and temporal aggregation - Identifies 55 thematic clusters across the ecosystem - Finds about 75% of discussion volume sits in a small set of persistent core topics - Reports a median topic lifespan of 75 months, suggesting gradual evolution rather than abrupt turnover --- πŸ”— [Read paper](https://arxiv.org/abs/2605.15345) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.15345) #cybersecurity #cs.CR ⏱️ 2026-05-18 18:00 UTC
## πŸ“„ Autonomous Intelligent Agents for Natural-Language-Driven Web Execution with Integrated Security Assurance ✍️ Vinil Pasupuleti, Siva Rama Krishna Varma Bayyavarapu, Shrey Tyagi πŸ›οΈ arXiv Β· πŸ“… 2026-05-18 --- This paper builds an autonomous browser-testing framework that turns natural-language instructions into resilient UI automation and security probes. The interesting part is that it is not just about flaky test repair, it also uses the same agentic stack to generate OWASP-aligned attack scenarios and catch auth and input-validation bugs at useful detection rates. **πŸ”‘ Key Findings:** - Evaluated across 176 scenarios on four production applications - Improves script generation success from 55% to 93% - Cuts navigation failures by 8x and removes 80% of timing-related race conditions - Reduces test creation time by 75% versus manual Selenium authoring - In security mode, detects 85% of authentication bypass issues and 95% of input-validation flaws with false positives below 12% --- πŸ”— [Read paper](https://arxiv.org/abs/2605.15281) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.15281) #cybersecurity #ai-security #cs.CR #cs.AI ⏱️ 2026-05-18 18:00 UTC
## πŸ“„ LymphNode: A Plug-and-Play Access Control Method for Deep Neural Networks ✍️ Authors not listed in RSS excerpt πŸ›οΈ arXiv Β· πŸ“… 2026-05-18 --- LymphNode proposes a post-hoc access-control layer for deployed neural networks that defaults to denying useful model behavior unless the input carries an embedded authorization signal. Instead of only watermarking stolen models after the fact, it tries to actively frustrate model extraction and inversion by degrading utility for unauthorized queries. **πŸ”‘ Key Findings:** - Uses feature-space generalized sparse universal adversarial perturbations to neutralize unauthorized queries. - Restores utility only for inputs carrying a stealthy feature-domain credential. - Claims strong protection with fewer than 100 samples, or under 1% of training data. - Supports cross-dataset adaptation using public surrogate datasets rather than original sensitive training data. - Targets practical edge deployment scenarios where unrestricted oracle access makes model theft and inversion especially risky. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.16227) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.16227) #ai-security #privacy #cybersecurity #arxiv #model-security #adversarial-ml ⏱️ 2026-05-18 12:01 UTC
## πŸ“„ From Backup Restoration to Minimum Viable Factory Recovery: A Systematization of Ransomware Recovery in Manufacturing Systems ✍️ Authors not listed in RSS excerpt πŸ›οΈ arXiv Β· πŸ“… 2026-05-18 --- This paper argues that ransomware recovery in manufacturing is not a simple restore-from-backup exercise. It reframes recovery as restoring the smallest safe and trustworthy production capability across intertwined IT, OT, identity, supplier, and quality systems, which is a much more realistic model for real factories. **πŸ”‘ Key Findings:** - Identifies nine evidence-backed recovery failure modes, including identity trust collapse, unsafe OT reconnection, and supplier dependency failure. - Introduces β€œMinimum Viable Factory Recovery” as a concrete analytical target for partial but safe operational recovery. - Synthesizes academic work, standards, government guidance, and incident evidence using a PRISMA-guided multivocal review. - Shows why plants can rebuild servers yet still be unable to produce, authenticate operators, or release product. - Provides a lifecycle and benchmarking frame for capability-centric ransomware recovery planning. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.16167) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.16167) #cybersecurity #defense #arxiv #ransomware #manufacturing #ot-security ⏱️ 2026-05-18 12:01 UTC
## πŸ“„ Detecting Privilege Escalation in Polyglot Microservices via Agentic Program Analysis ✍️ Authors not listed in RSS excerpt πŸ›οΈ arXiv Β· πŸ“… 2026-05-18 --- Neo is an agentic program-analysis system for finding privilege-escalation flaws across large, polyglot microservice estates. It combines LLM-guided planning with classic code analysis to trace permission checks and privileged operations across service boundaries, then demonstrates materially better scale and yield than prior approaches. **πŸ”‘ Key Findings:** - Evaluated across 25 open-source microservice applications spanning 7 languages and 6.2 million lines of code. - Found 24 zero-day privilege-escalation vulnerabilities in the main benchmark set. - Reached 81.0% precision and 85.0% recall on a ground-truth dataset. - Extended to other domains and vulnerability classes, where it uncovered 18 additional zero-days. - Highlights that cross-service privilege analysis is a practical use case for agentic static analysis, not just toy demos. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.15569) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.15569) #cybersecurity #ai-security #privacy #arxiv #microservices #program-analysis ⏱️ 2026-05-18 12:01 UTC
## πŸ“„ Functional Bootstrapping for a Single LWE Ciphertext with \(\tilde{O}(1)\) Polynomial Multiplications ✍️ Xiaopeng Zheng, Hongbo Li, Dingkang Wang πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-17 --- This work gives a BFV-based functional bootstrapping method for a single LWE ciphertext with genuinely non-amortized near-constant polynomial-multiplication cost. That matters because it attacks one of fully homomorphic encryption's main practical bottlenecks, while still scaling to small and moderate batches over relatively large plaintext spaces. **πŸ”‘ Key Findings:** - Achieves functional bootstrapping for one LWE ciphertext with \(\widetilde{O}(1)\) polynomial multiplications instead of only getting that efficiency through large-batch amortization. - Supports arbitrary functions over large plaintext spaces using a sparse-packing polynomial-evaluation method tailored to BFV ciphertexts. - Extends naturally to batches, with total \(\widetilde{O}(m)\) cost for m ciphertexts within the supported parameter range. - Lattigo implementation reports 3.15 seconds for one 9-bit ciphertext and 3.77 seconds for 128 ciphertexts in one batched invocation at 128-bit security. - For 16-bit plaintexts, reports 10.63 seconds for one ciphertext and 18.07 seconds for 16 ciphertexts, suggesting practical performance beyond heavily amortized settings. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/975) πŸ“Ž [PDF](https://eprint.iacr.org/2026/975.pdf) #cryptography #crypto ⏱️ 2026-05-18 08:45 UTC
## πŸ“„ LoTRS: Practical Post-Quantum Structured Threshold Ring Signatures from Lattices ✍️ Nikai Jagganath, Muhammed F. Esgin, Ron Steinfeld, Amin Sakzad, Markku-Juhani O. Saarinen, et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-17 --- This paper introduces LoTRS, a post-quantum structured threshold ring signature scheme built from lattices that hides which quorum signed while relaxing full anonymity over every possible subset. The construction combines a two-round lattice multisignature with a 1-out-of-N proof, cutting signature size sharply versus prior lattice TRS work and making threshold-anonymous endorsement more practical. **πŸ”‘ Key Findings:** - Formalizes structured threshold ring signatures, where the approval structure is public but the actual participating subgroup remains hidden. - Uses DualMS plus a lattice one-out-of-many proof to get a leaderless two-round construction with polylogarithmic signature size in N and T. - Reports 36 KB signatures for N=100 and T=50, about 3.5x smaller than the prior best lattice-based LastRings scheme. - Rust implementation shows practical performance, including 25 KB signatures with 149 ms signing and 43 ms verification for T=16, N=32. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/974) πŸ“Ž [PDF](https://eprint.iacr.org/2026/974.pdf) #cryptography #crypto #privacy ⏱️ 2026-05-18 08:45 UTC
## πŸ“„ American Federation of Gov't Employees Local 2305 v. United States Department of Veterans Affairs ✍️ Court opinion πŸ›οΈ CourtListener Β· πŸ“… 2026-05-16 --- A published First Circuit opinion in a dispute between a federal employees union local and the Department of Veterans Affairs. Even without an abstract, the case is likely relevant to public-sector labor law and administrative law because it involves a federal agency and a union challenge at the appellate level. **πŸ”‘ Key Findings:** - Published by the U.S. Court of Appeals for the First Circuit. - Involves American Federation of Government Employees Local 2305 and the U.S. Department of Veterans Affairs. - Classified as a court opinion rather than academic commentary or secondary analysis. - Relevant for monitoring legal developments affecting federal labor relations and agency authority. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10860397/american-federation-of-govt-employees-local-2305-v-united-states/) #law ⏱️ 2026-05-17 11:30 UTC
## πŸ“„ Explicit cost analysis of Toom-4 multiplication for incomplete NTT in lattice-based cryptography ✍️ Sakura Oku, Momonari Kudo πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-16 --- This paper gives a concrete cost model for Toom-4 multiplication inside incomplete NTT pipelines for lattice-based cryptography, where exact tradeoffs matter more than asymptotic speed alone. By separating coefficient-field additions and multiplications and validating the model experimentally, the authors show when Toom-4 actually beats Karatsuba in realistic hybrid multiplication strategies. **πŸ”‘ Key Findings:** - Revisits Toom-4 multiplication specifically for incomplete NTT, where prior work lacked an explicit compatible cost model. - Presents a concrete Toom-4 implementation with separate operation counts for additions/subtractions and coefficient-field multiplications. - Uses addition-chain analysis to derive a simple cost model suitable for incomplete NTT parameter studies. - Analyzes hybrid multiplication strategies that combine Toom-4, Karatsuba, and incomplete NTT. - Identifies parameter regimes where Toom-4 provides a practical advantage, and confirms those predictions experimentally. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/971) πŸ“Ž [PDF](https://eprint.iacr.org/2026/971.pdf) #cryptography #crypto ⏱️ 2026-05-17 08:45 UTC
## πŸ“„ A New Multiscalar Multiplication Method Resistant to Timing Attacks ✍️ Abhraneel Dutta, Veronika Kuchta, Francesco Sica πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-15 --- This paper redesigns Pippenger-style multiscalar multiplication so it runs in a more uniform way, closing off timing leaks that affect common high-performance MSM implementations. That matters because MSM dominates proving time in many elliptic-curve ZK systems, so a side-channel-safe speedup directly improves both security and throughput. **πŸ”‘ Key Findings:** - Introduces a scalar recoding method that removes zero digits from the q-ary representation while preserving equivalence. - Uses the recoding to build a Pippenger bucket method that processes digits uniformly and avoids timing leakage from conditional handling of zero digits. - Reports nearly 25% performance improvement relative to the baseline approach they revisit, despite adding timing-attack resistance. - Applies endomorphism-based splitting to shorten digit expansions further and improve efficiency. - Claims this is the first MSM algorithm in the Pippenger bucket-method family explicitly designed to mitigate timing attacks. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/966) πŸ“Ž [PDF](https://eprint.iacr.org/2026/966.pdf) #cryptography #crypto #privacy #side-channels #zero-knowledge ⏱️ 2026-05-17 02:46 UTC
## πŸ“„ Operationalising Post‑Quantum TLS: Automated Configuration Profiling and Hybrid PQC Deployment in Financial Infrastructure ✍️ Harish Balaji, Aarav Varshney, Prasanna Ravi, Sripal Jain, Robin Foe et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-15 --- This paper focuses on the operational bottleneck in post-quantum TLS migration: discovering, normalizing, and safely updating real-world configurations across heterogeneous infrastructure. The authors pair automated configuration profiling with a proof-of-concept hybrid PQC rollout in a financial environment, showing migration can happen without application-layer rewrites. **πŸ”‘ Key Findings:** - Builds a parser-driven method to inventory and normalize TLS cryptographic posture across major enterprise web stacks. - Applies the approach to 8,443 real-world Nginx configurations collected from public repositories. - Demonstrates ML-KEM-512 and X25519-ML-KEM-768 deployment at TLS termination points in a financial institution proof of concept. - Reports zero application-layer changes and manageable overhead during the hybrid rollout. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/959) πŸ“Ž [PDF](https://eprint.iacr.org/2026/959.pdf) #cryptography #post-quantum #cybersecurity #tls #finance ⏱️ 2026-05-16 14:47 UTC
## πŸ“„ United States v. Sepetu ✍️ Court of Appeals for the First Circuit πŸ›οΈ CourtListener Β· πŸ“… 2026-05-15 --- The First Circuit issued a published opinion in *United States v. Sepetu*, captured as a new item by the CourtListener monitor. As a precedential federal appellate decision, it is a candidate for follow-up when tracking developments in criminal law, appellate reasoning, and cases that could intersect with technology, surveillance, or evidentiary doctrine. **πŸ”‘ Key Findings:** - New published federal appellate opinion from the First Circuit. - Identified by CourtListener as a precedential court opinion. - No abstract or headnote text was available in the source feed. - Best treated as an alert for direct legal review rather than a full substantive summary. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10860179/united-states-v-sepetu/) #law ⏱️ 2026-05-15 23:33 UTC
## πŸ“„ State v. Roberts ✍️ Hanseman πŸ›οΈ CourtListener Β· πŸ“… 2026-05-15 --- The Ohio Court of Appeals released a published opinion in *State v. Roberts*, flagged as a new CourtListener item in the law-monitoring feed. Because appellate state opinions often shape search, seizure, evidentiary, and procedural standards, this decision may matter if it touches surveillance, digital evidence, or criminal-process questions. **πŸ”‘ Key Findings:** - New published appellate opinion from the Ohio Court of Appeals. - Attributed in the source feed to Hanseman. - Included in the law-focused CourtListener monitoring stream. - No case abstract was exposed in the source metadata, so the holding requires direct opinion review. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10859427/state-v-roberts/) #law ⏱️ 2026-05-15 23:33 UTC
## πŸ“„ United States v. Bailey Belt ✍️ Court of Appeals for the Eighth Circuit πŸ›οΈ CourtListener Β· πŸ“… 2026-05-15 --- The Eighth Circuit issued a published opinion in *United States v. Bailey Belt*, a newly surfaced federal appellate criminal case from CourtListener. Court-level metadata indicates a precedential opinion, which makes it potentially relevant for tracking emerging doctrine in federal criminal procedure and related evidentiary or sentencing disputes. **πŸ”‘ Key Findings:** - New published federal appellate opinion from the Eighth Circuit. - Classified by CourtListener as a court opinion rather than an order or docket entry. - No abstract or summary text was available from the source feed at collection time. - Worth follow-up review for any implications in criminal law, procedure, or digital-evidence handling. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10859436/united-states-v-bailey-belt/) #law ⏱️ 2026-05-15 23:33 UTC
## πŸ“„ Efficient Bootstrapping in Fully Homomorphic Encryption for Matrix Arithmetic ✍️ Eric Crockett, Craig Gentry, Hyojun Kim, Yeongmin Lee, Yongwoo Lee πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-14 --- This work speeds up bootstrapping for a matrix-oriented FHE scheme by recasting slot-coefficient transforms as ciphertext-plaintext matrix multiplications that the scheme already handles well. The result shifts the main bottleneck away from linear transforms and materially reduces amortized transformation cost. **πŸ”‘ Key Findings:** - Introduces a bootstrapping method for the Gentry-Lee matrix FHE scheme using native matrix arithmetic for CtS and StC operations. - Generalizes the scheme to non-power-of-two matrix dimensions via a new trace definition over commutative rings. - Reduces linear transformations to 20.1% of total bootstrapping time, versus 54.9-71.7% in prior CKKS bootstrapping reports. - Shows amortized CtS runtime about 3Γ— faster than Lattigo despite lacking low-level optimization. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/956) πŸ“Ž [PDF](https://eprint.iacr.org/2026/956.pdf) #cryptography #fhe #privacy #implementation ⏱️ 2026-05-16 14:47 UTC
## πŸ“„ Threshold FHE with Short Decryption Shares without a Semi-trusted Server ✍️ Hiroki Okada, Tsuyoshi Takagi πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-14 --- The paper removes a risky trust assumption from recent threshold FHE designs by eliminating the semi-trusted rounding server. In its place, it introduces two serverless schemes with polynomially short decryption shares, improving deployability for threshold homomorphic systems. **πŸ”‘ Key Findings:** - Shows how parties can round decryption shares directly instead of depending on a semi-trusted server that could enable key recovery if it colludes. - Presents two serverless threshold FHE schemes with polynomially short decryption shares. - The first construction based on {0,1}-LSS strictly improves on Boneh et al. CRYPTO 2018. - The second construction based on Shamir sharing removes the O(N^4.3) share-size overhead of the first scheme. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/957) πŸ“Ž [PDF](https://eprint.iacr.org/2026/957.pdf) #cryptography #fhe #threshold-crypto #privacy ⏱️ 2026-05-16 14:47 UTC
## πŸ“„ From Text to Voice: A Reproducible and Verifiable Framework for Evaluating Tool Calling LLM Agents ✍️ Md Tahmid Rahman Laskar, Xue-Yong Fu, Seyyed Saeed Sarfjoo, Quinten McNamara, Jonas Robertson, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-05-14 --- This paper turns existing text-based tool-calling benchmarks into paired audio evaluations, letting researchers measure how well voice agents preserve tool-use accuracy under speech, speaker variation, and background noise. It matters because deployment failures in spoken agents often come from argument misunderstanding rather than tool-schema errors, and this framework gives a reproducible way to quantify that gap. **πŸ”‘ Key Findings:** - Converts verified text benchmark instances into speech-based tool-calling tests without re-annotating schemas or gold labels. - Across 7 omni-modal models, performance varied strongly by benchmark, with Gemini-3.1-Flash-Live leading on Confetti and GPT-Realtime-1.5 on When2Call. - Measured text-to-voice degradation ranged from 1.8 points for Qwen3-Omni to 4.8 points for GPT-Realtime-1.5 on Confetti. - Failure analysis found that the main regressions came from misunderstanding spoken argument values. - Open-source Qwen3 judge models at 8B+ parameters exceeded 80% agreement with proprietary judges, supporting privacy-preserving evaluation workflows. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.15104v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.15104v1) #ai-security #cs.CL ⏱️ 2026-05-15 18:00 UTC
## πŸ“„ Threshold PRISM Signature Schemes via Graph-Based Threshold Access Structures ✍️ Hyeonhak Kim, Won Kim, Changmin Lee πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-13 --- The paper introduces an isogeny-based threshold signature construction that keeps both public keys and signatures small enough to fit into a single unfragmented network packet. That is a meaningful systems result for post-quantum threshold deployments, where packet fragmentation and oversized artifacts are a recurring operational problem. **πŸ”‘ Key Findings:** - Presents Threshold PRISM, an isogeny-based post-quantum threshold signature scheme for arbitrary numbers of parties. - Introduces a graph-based threshold access structure tailored to the algebraic constraints of isogeny signatures. - Keeps both public keys and signatures within one unfragmented packet across NIST security levels I, III, and V. - Claims the smallest signature sizes among NIST MPTC round-1 submissions whose public keys fit in a single packet. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/945) πŸ“Ž [PDF](https://eprint.iacr.org/2026/945.pdf) #cryptography #post-quantum #signatures #isogenies ⏱️ 2026-05-16 14:47 UTC
## πŸ“„ Anamorphic Construction For The Winternitz OTS Scheme Family ✍️ Lucas Mayr, JoΓ£o Gabriel Feres, Bruno Bianchi Pagani, Ricardo CustΓ³dio πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-13 --- This paper brings anamorphic cryptography to Winternitz one-time signatures, showing how WOTS-family schemes can carry covert channels while remaining indistinguishable from standard deployments. It extends coercion-resistant cryptographic thinking into a hash-based signature family that underpins XMSS, LMS, and SPHINCS. **πŸ”‘ Key Findings:** - Presents the first anamorphic constructions for the WOTS family of signature schemes. - Proves the modified schemes are indistinguishable from traditional WOTS-style signatures under standard anamorphic assumptions. - Builds a game-based security framework for analyzing anamorphic indistinguishability in this setting. - Shows WOTS variants can support covert channels resilient to strong surveillance and key-disclosure pressure. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/948) πŸ“Ž [PDF](https://eprint.iacr.org/2026/948.pdf) #cryptography #post-quantum #privacy #signatures ⏱️ 2026-05-16 14:47 UTC
## πŸ“„ Formalizing Blockchain PQC Signature Transition: How to Outpace Quantum Adversaries ✍️ Kigen Fukuda, Shin’ichiro Matsuo πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-13 --- The authors formalize how a blockchain can migrate transaction signatures to post-quantum schemes before a quantum attacker can forge valid transitions. Their model derives a concrete threshold for tolerable adversary capability, giving protocol designers a way to reason about migration timing instead of relying on vague urgency. **πŸ”‘ Key Findings:** - Models signature migration and quantum adversaries inside the Bitcoin backbone framework. - Proves migration liveness holds if and only if the attacker needs at least a threshold number of rounds after a migration transaction is broadcast. - Expresses the threshold as a function of honest mining success probability and concentration quality. - Generalizes the framework to connect transition-process design with tolerable quantum attack capability. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/952) πŸ“Ž [PDF](https://eprint.iacr.org/2026/952.pdf) #cryptography #post-quantum #blockchain #crypto ⏱️ 2026-05-16 14:47 UTC
## πŸ“„ Tight Lattice-Based Signatures without Trapdoors from Search LWE ✍️ Rutchathon Chairattana-Apirom, Nico DΓΆttling, Julian Loss, Stefano Tessaro, Benedikt Wagner πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-13 --- This work gives the first efficient trapdoor-free lattice signature scheme with a tight reduction to search LWE rather than decisional LWE. That matters because it narrows the concrete-security gap in post-quantum signatures while avoiding the implementation fragility that often comes with trapdoor-based constructions. **πŸ”‘ Key Findings:** - Achieves a tight reduction to the hardness of search LWE in a Fiat-Shamir-style signature scheme. - Avoids using trapdoors in the scheme itself, relying on a trapdoor only inside the proof. - Can be seen as a lattice analogue of Chevallier-Mames signatures. - Introduces proof techniques to handle weak soundness in lattice-based interactive proofs. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/953) πŸ“Ž [PDF](https://eprint.iacr.org/2026/953.pdf) #cryptography #post-quantum #lattices #signatures ⏱️ 2026-05-16 14:47 UTC
## πŸ“„ Efficient SIMD Implementation of the BLS Signature Scheme Using Intel AVX-512 ✍️ Ganqin Liu, Hao Cheng, Georgios Fotiadis, Jipeng Zhang, Johann GroßschΓ€dl πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-13 --- The authors present a heavily vectorized AVX-512 implementation of BLS signatures on BLS12-381, extending SIMD optimization beyond pairings into the rest of the signing stack. For blockchain systems that rely on BLS aggregation, the result is a practical performance gain over the widely used blst library. **πŸ”‘ Key Findings:** - Uses AVX-512 and AVX-512IFMA to optimize finite-field arithmetic, scalar multiplication, and hash-to-curve. - Applies multiple vectorization granularities and formula choices across the BLS pipeline instead of optimizing pairings alone. - Benchmarks on Intel Ice Lake show at least 1.57Γ— speedup over an x64 assembly implementation in blst. - Targets BLS12-381, the curve used by Ethereum Proof-of-Stake and other aggregation-heavy protocols. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/947) πŸ“Ž [PDF](https://eprint.iacr.org/2026/947.pdf) #cryptography #crypto #blockchain #implementation ⏱️ 2026-05-16 14:47 UTC
## πŸ“„ Quantum Circuit Realization and Grover Cryptanalysis of the Hybrid ARX-SPN Cipher GFSPX ✍️ Ibrahim Ulgen, Hasan Ozgur Cildiroglu, Oğuz Yayla πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-13 --- This paper builds a full quantum implementation of the lightweight block cipher GFSPX and uses a parallelized Grover oracle to estimate the cost of key recovery. It gives a concrete post-quantum security picture for a hybrid ARX-SPN design, showing better resistance than some lightweight peers but still below the NIST Level 1 quantum threshold. **πŸ”‘ Key Findings:** - Implements GFSPX as a reversible quantum circuit using 209 qubits, quantum cost 32,498, and depth 7,617. - Constructs a Grover attack oracle using three plaintext-ciphertext pairs to suppress false positives. - Estimates total key-recovery cost at 1.12 Γ— 2^159 quantum gates. - Finds the design falls below the NIST Level 1 target of 2^170 while still outperforming several lightweight alternatives in quantum resistance. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/949) πŸ“Ž [PDF](https://eprint.iacr.org/2026/949.pdf) #cryptography #crypto #post-quantum #lightweight-crypto ⏱️ 2026-05-16 14:47 UTC
## πŸ“„ On MPC-friendly Softmax ✍️ Marcel Keller, Ke Sun πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-13 --- This paper tests the common shortcut of replacing softmax with cheaper ReLU-style alternatives in secure multi-party computation and finds the tradeoff is usually worse than hoped. It also introduces a more efficient secure exponentiation protocol, making accurate softmax more viable in MPC workloads. **πŸ”‘ Key Findings:** - Compares ReLU-based softmax replacements against true softmax for both inference outputs and backpropagation gradients in MPC settings. - Finds the replacement yields meaningful speedup only for a one-layer network while consistently reducing accuracy, sometimes sharply. - Argues that original softmax is often the better choice in secure computation despite its higher nominal cost. - Presents a new secure exponentiation protocol that cuts communication by up to 4Γ— while preserving softmax accuracy. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/944) πŸ“Ž [PDF](https://eprint.iacr.org/2026/944.pdf) #cryptography #privacy #mpc #ai-security ⏱️ 2026-05-16 14:47 UTC
## πŸ“„ State of Iowa v. Marqwane Smtih ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-13 --- Published Iowa appellate opinion newly surfaced via the CourtListener monitor. State criminal appeals can be useful early signals for shifts in local doctrine, appellate standards, or recurring issues in trial practice. **πŸ”‘ Key Findings:** - Published opinion from the Iowa Court of Appeals. - CourtListener indexed the case on 2026-05-13. - Adds to the current stream of newly available state appellate criminal decisions. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10858114/state-of-iowa-v-marqwane-smtih/) #law #CourtOpinion #IowaCourtOfAppeals #Published ⏱️ 2026-05-13 23:30 UTC
## πŸ“„ Fairstead Capital Management LLC v. Blodgett ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-13 --- New Delaware Chancery opinion detected by the CourtListener monitor. Chancery rulings often matter beyond the parties because they can influence corporate governance, fiduciary-duty disputes, deal litigation, and broader business-law doctrine. **πŸ”‘ Key Findings:** - Published opinion from the Delaware Court of Chancery. - Indexed by CourtListener on 2026-05-13. - Likely relevant for corporate-law and governance researchers because of the issuing court. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10858231/fairstead-capital-management-llc-v-blodgett/) #law #CourtOpinion #DelawareChancery #Published ⏱️ 2026-05-13 23:30 UTC
## πŸ“„ Speedy Mart, Inc., Etc. v. Florida Office of Financial Regulation ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-13 --- Fresh Florida appellate opinion involving the state Office of Financial Regulation. The agency party makes this especially relevant for researchers watching financial regulation, licensing, compliance enforcement, or administrative law at the state level. **πŸ”‘ Key Findings:** - Published opinion from a Florida District Court of Appeal. - Names the Florida Office of Financial Regulation as a party. - Potentially relevant to fincrime, financial-services compliance, or state administrative enforcement watchers. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10858019/speedy-mart-inc-etc-v-florida-office-of-financial-regulation/) #law #fincrime #CourtOpinion #FloridaDCA #Published ⏱️ 2026-05-13 23:30 UTC
## πŸ“„ United States v. Christopher Agbaje ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-13 --- New published federal appellate opinion from the Eighth Circuit surfaced through the CourtListener monitor. Even without extracted opinion text, the case is worth flagging because fresh circuit-level criminal decisions can shape charging, sentencing, or evidentiary practice across the circuit. **πŸ”‘ Key Findings:** - Published opinion from the U.S. Court of Appeals for the Eighth Circuit. - Indexed by CourtListener on 2026-05-13. - Federal appellate criminal cases can have immediate precedential value for district courts and litigants in the circuit. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10858160/united-states-v-christopher-agbaje/) #law #CourtOpinion #EighthCircuit #Published ⏱️ 2026-05-13 23:30 UTC
## πŸ“„ In re M.P. ✍️ Flagg Lanzinger πŸ›οΈ CourtListener Β· πŸ“… 2026-05-13 --- Published Ohio appellate opinion flagged from the CourtListener law monitor. The docket metadata indicates a state appellate decision with a public opinion now available for review, which may matter for practitioners tracking fresh state case law or procedural developments. **πŸ”‘ Key Findings:** - New published opinion from the Ohio Court of Appeals. - CourtListener indexed it on 2026-05-13. - Public opinion page is available for downstream legal review and citation tracking. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10858053/in-re-mp/) #law #CourtOpinion #OhioCourtOfAppeals #Published ⏱️ 2026-05-13 23:30 UTC
## πŸ“„ Efficient and Privacy-preserving Outsourced Training of Decision Tree Models Based on (Leveled) Fully Homomorphic Encryption ✍️ Tongyu Xu, Jun Wang, Honglian Liang, Shiwei Xu πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-12 --- This paper proposes an outsourced decision-tree training scheme that keeps both training data and the resulting model private under homomorphic encryption. It is notable because it aims at a more usable privacy-performance tradeoff than prior MPC- or lattice-HE-heavy approaches. **πŸ”‘ Key Findings:** - Uses symmetric homomorphic encryption to reduce training cost relative to heavier privacy-preserving approaches. - Introduces a Modified Gini Impurity Index so the training procedure works within integer-only homomorphic operations. - Applies SIMD packing to accelerate encrypted computation during tree construction. - Reports substantially lower execution time than related work while maintaining comparable, and for deeper trees sometimes better, accuracy. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/936) πŸ“Ž [PDF](https://eprint.iacr.org/2026/936.pdf) #cryptography #privacy #ai-security ⏱️ 2026-05-14 14:46 UTC
## πŸ“„ SoK: Private LLM Inference using Approximate Homomorphic Encryption ✍️ Ahmad Al Badawi, Andreea Alexandru, Yuriy Polyakov, Vinod Vaikuntanathan πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-12 --- This systematization maps the fast-growing literature on CKKS-based private LLM inference and introduces a reporting framework plus an open reference implementation. The key takeaway is that encrypted LLM inference is now technically feasible, but still far too slow for most human-facing deployments. **πŸ”‘ Key Findings:** - Surveys about 20 CKKS-based private LLM inference frameworks and organizes them across model-level and system-level design choices. - Finds only about 20% of surveyed systems are model-preserving, meaning they evaluate standard models without retraining or architectural substitutions. - Introduces the Private LLM Card System to normalize how researchers report configurations and results. - Presents POLARIS, an open-source reference framework supporting encrypted inference for BERT-Tiny and BERT-Mini with GPU acceleration. - Estimates an efficiency gap of roughly four orders of magnitude versus plaintext inference. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/935) πŸ“Ž [PDF](https://eprint.iacr.org/2026/935.pdf) #cryptography #privacy #ai-security #hardware-security #crypto ⏱️ 2026-05-14 14:46 UTC
## πŸ“„ Williams v. National Aeronautics and Space Administration ✍️ Judge Christopher R. Cooper πŸ›οΈ CourtListener Β· πŸ“… 2026-05-12 --- This published District of Columbia opinion appears to address a dispute involving NASA in federal court, but the CourtListener search result did not return an abstract or summary text. The item is still notable as a newly published court opinion tied to a federal agency, and the linked opinion is the primary source for anyone tracking law and government litigation. **πŸ”‘ Key Findings:** - Newly published federal district court opinion from the U.S. District Court for the District of Columbia. - Involves the National Aeronautics and Space Administration as a named party. - Authored by Judge Christopher R. Cooper. - Available as a primary-source court opinion via CourtListener. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10857536/williams-v-national-aeronautics-and-space-administration/) #law #court-opinion #district-court #published ⏱️ 2026-05-12 23:31 UTC
## πŸ“„ RUBEN: Rule-Based Explanations for Retrieval-Augmented LLM Systems ✍️ Joel Rorseth, Parke Godfrey, Lukasz Golab, Divesh Srivastava, Jarek Szlichta πŸ›οΈ arXiv Β· πŸ“… 2026-05-11 --- RUBEN is an interactive system for extracting minimal rules that explain the behavior of retrieval-augmented LLM applications. Beyond explainability, the paper positions those rules as a practical security tool for probing safety training resilience and testing adversarial prompt injection defenses. **πŸ”‘ Key Findings:** - Finds minimal subsuming rule sets that explain outputs of retrieval-augmented LLM pipelines more efficiently through new pruning strategies. - Treats rule extraction as a usable interface for understanding why a RAG system produced a given answer. - Demonstrates security-oriented uses, including testing robustness of safety tuning. - Uses the generated rules to examine effectiveness of adversarial prompt injection attacks against RAG systems. - Suggests interpretable rule mining can double as both an observability layer and a red-team aid for LLM deployments. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.10862v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.10862v1) #ai-security #cybersecurity #cs.CL ⏱️ 2026-05-12 18:00 UTC
## πŸ“„ RIC: Randomize Invalid Coefficients to Mitigate Side-Channel Assisted Chosen-Ciphertext Attacks on ML-KEM ✍️ Junichi Sakamoto, Kentaro Imafuku πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-11 --- This work proposes a lightweight countermeasure against side-channel-assisted chosen-ciphertext attacks on ML-KEM by randomizing invalid coefficients during decapsulation. It is practical because it targets a serious post-quantum deployment risk while adding only modest overhead. **πŸ”‘ Key Findings:** - Introduces RandInvalidCoeff, which injects probabilistic noise into side-channel observations during decapsulation. - Targets both plaintext-checking and decryption-failure oracle attack settings against ML-KEM implementations. - Argues strong resistance is achievable while keeping decryption failure around 2^-80. - Shows successful key recovery needs more than eight times as many observations, with only a few percent performance overhead. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/924) πŸ“Ž [PDF](https://eprint.iacr.org/2026/924.pdf) #cryptography #hardware-security ⏱️ 2026-05-14 14:46 UTC
## πŸ“„ LogVOLE: Succinct and Efficient Chosen-Input VOLE for ZK and Beyond ✍️ Lucien K. L. Ng, Peter Rindal, Akash Shah πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-11 --- LogVOLE gives a chosen-input VOLE protocol with polylogarithmic communication, directly targeting a persistent bottleneck in VOLE-backed zero-knowledge systems. That matters because it opens a path to concretely efficient VOLE-based ZK for arbitrary circuits with much smaller communication costs. **πŸ”‘ Key Findings:** - Builds chosen-input VOLE using a recursive shrink-expand construction under Ring-LWE. - Achieves polylogarithmic one-time setup and query communication instead of sending a linear-size derandomization vector. - Supports a public-key non-interactive mode for fixed Ξ”, enabling compact receiver messages. - Uses the construction to obtain a VOLE-based ZK protocol with polylogarithmic communication for arbitrary circuits. - Reports proving a 1024Γ—1024 matrix multiplication in about 4 seconds with 226 KB communication. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/925) πŸ“Ž [PDF](https://eprint.iacr.org/2026/925.pdf) #cryptography #crypto ⏱️ 2026-05-14 14:46 UTC
## πŸ“„ Zephyr: GPU-Efficient Homomorphic Encryption for Privacy-Preserving Transformer Inference ✍️ Sieun Seo, Chohong Min πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-11 --- Zephyr redesigns CKKS execution around 32-bit GPU arithmetic, aiming to make privacy-preserving transformer inference materially more practical on modern accelerators. The core idea is a grafting-based representation that decouples scale management from the modulus chain. **πŸ”‘ Key Findings:** - Replaces the usual 64-bit-oriented CKKS assumptions with a 32-bit-prime design better matched to GPU hardware. - Introduces grafting structures to handle scale management while preserving flexible rescaling. - Optimizes ciphertext-ciphertext matrix multiplication by removing redundant linear transforms and merging overlapping rotations. - Positions the design as a more practical GPU-oriented point in the CKKS performance-flexibility trade space. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/932) πŸ“Ž [PDF](https://eprint.iacr.org/2026/932.pdf) #cryptography #privacy #ai-security #hardware-security ⏱️ 2026-05-14 14:46 UTC
## πŸ“„ Fully Homomorphic Encryption on the Ring of Gaussian Periods ✍️ Yimeng He, San Ling, Yimin Shi, Benjamin Hong Meng Tan, Huaxiong Wang et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-11 --- This paper extends subring-based fully homomorphic encryption by moving to decomposition subrings built from rings of Gaussian periods. The payoff is better parameter flexibility and materially lower latency while still preserving enough structure for useful SIMD-style computation. **πŸ”‘ Key Findings:** - Generalizes prior GBFV-style subring approaches beyond the large-prime restrictions needed for degree-1 slots. - Builds encoding and decoding methods for decomposition subrings inside the larger decomposition ring. - Reduces the effective plaintext-ring dimension, improving efficiency while retaining security. - Reports up to a 5.06Γ— latency improvement in proof-of-concept experiments. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/927) πŸ“Ž [PDF](https://eprint.iacr.org/2026/927.pdf) #cryptography #privacy #crypto ⏱️ 2026-05-14 14:45 UTC
## πŸ“„ RUBEN: Rule-Based Explanations for Retrieval-Augmented LLM Systems ✍️ Joel Rorseth, Parke Godfrey, Lukasz Golab, Divesh Srivastava, Jarek Szlichta πŸ›οΈ arXiv Β· πŸ“… 2026-05-11 --- RUBEN is an interactive system for extracting minimal rules that explain the behavior of retrieval-augmented LLM applications. Beyond explainability, the paper positions those rules as a practical security tool for probing safety training resilience and testing adversarial prompt injection defenses. **πŸ”‘ Key Findings:** - Finds minimal subsuming rule sets that explain outputs of retrieval-augmented LLM pipelines more efficiently through new pruning strategies. - Treats rule extraction as a usable interface for understanding why a RAG system produced a given answer. - Demonstrates security-oriented uses, including testing robustness of safety tuning. - Uses the generated rules to examine effectiveness of adversarial prompt injection attacks against RAG systems. - Suggests interpretable rule mining can double as both an observability layer and a red-team aid for LLM deployments. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.10862v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.10862v1) #ai-security #cybersecurity #cs.CL ⏱️ 2026-05-12 18:00 UTC
## πŸ“„ BEACON: A Multimodal Dataset for Learning Behavioral Fingerprints from Gameplay Data ✍️ Ishpuneet Singh, Gursmeep Kaur, Uday Pratap Singh Atwal, Guramrit Singh, Gurjot Singh, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-05-11 --- BEACON introduces a large multimodal dataset for continuous authentication and behavioral biometrics built from competitive Valorant gameplay. The dataset is interesting for security work because it captures synchronized input, network, screen, and hardware signals under realistic stress, giving researchers a much harder benchmark than small or single-modality behavioral datasets. **πŸ”‘ Key Findings:** - Releases roughly 430 GB of synchronized gameplay telemetry across 79 sessions from 28 players, totaling about 102.5 hours of activity. - Includes mouse dynamics, keystrokes, packet captures, screen recordings, hardware metadata, and in-game configuration context. - Uses high-cognitive-load tactical shooter play as a realistic stress test for continuous authentication systems. - Supports research on behavioral profiling, user drift, multimodal representation learning, and robustness of biometric models. - Publishes dataset artifacts and code, which should help reproducible comparison of next-generation behavioral fingerprinting methods. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.10867v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.10867v1) #cybersecurity #privacy #cs.CR #cs.AI #cs.CV #cs.LG #cs.NI ⏱️ 2026-05-12 18:00 UTC
## πŸ“„ Local Private Information Retrieval: A New Privacy Perspective for Graph-Based Replicated Systems ✍️ Shreya Meel, Mohamed Nomeir, Sennur Ulukus πŸ›οΈ arXiv Β· πŸ“… 2026-05-11 --- This paper revisits private information retrieval for replicated graph-based storage systems and introduces a weaker but practically meaningful privacy notion called local user privacy. Instead of hiding the requested index from every server, the scheme only requires secrecy from servers that actually store the requested message, which opens up notably better communication efficiency. **πŸ”‘ Key Findings:** - Defines local PIR on graphs, where privacy requirements depend on the storage graph rather than applying uniformly to all servers. - Shows multiplicative communication-efficiency gains over canonical PIR for disjoint unions of identical component graphs. - Derives capacity lower bounds for connected edge-transitive and bipartite graphs that beat prior PIR bounds. - Provides exact local PIR capacity results for cyclic graphs and odd-length path graphs. - Frames privacy as a topology-aware systems property, which could matter for distributed storage and replicated infrastructure design. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.10872v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.10872v1) #privacy #cryptography #cs.IT #cs.CR #cs.NI #eess.SP ⏱️ 2026-05-12 18:00 UTC
## πŸ“„ From Controlled to the Wild: Evaluation of Pentesting Agents for the Real-World ✍️ Pedro Conde, Henrique Branquinho, Valerio Mazzone, Bruno Mendes, AndrΓ© Baptista, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-05-11 --- This paper argues that current benchmarks for AI pentesting agents overfit to constrained tasks like CTFs and exploit replay, which makes them a poor proxy for messy real-world security work. The authors introduce an evaluation protocol centered on validated vulnerability discovery across realistic targets, aiming to measure whether agents can actually find meaningful bugs under open-ended conditions. **πŸ”‘ Key Findings:** - Shifts evaluation away from synthetic task completion toward confirmed vulnerability discovery in multi-surface targets. - Combines expert ground truth with LLM-based semantic matching to score findings despite naming ambiguity and partial overlap. - Uses bipartite resolution and cumulative repeated testing to better reflect stochastic agent behavior and real operator concerns. - Adds efficiency metrics and reduced-suite selection so experiments stay reproducible and affordable over time. - Releases annotated ground truth and code alongside the protocol, which should make cross-agent comparison more credible. --- πŸ”— [Read paper](https://arxiv.org/abs/2605.10834v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2605.10834v1) #cybersecurity #ai-security #cs.AI #cs.CR ⏱️ 2026-05-12 18:00 UTC
## πŸ“„ General Motors LLC v. Alphons Iacobelli ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-11 --- A newly published Michigan Court of Appeals opinion in a dispute between General Motors LLC and Alphons Iacobelli. CourtListener surfaced the case as a published appellate decision, but the opinion text was not retrievable from the public page during this run, so the summary here is limited to the available metadata. **πŸ”‘ Key Findings:** - Published decision from the Michigan Court of Appeals. - Case title: General Motors LLC v. Alphons Iacobelli. - Opinion date listed as 2026-05-11. - Public CourtListener endpoint returned no readable opinion text during automated collection. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10857258/general-motors-llc-v-alphons-iacobelli/) #law #CourtOpinion #MichiganCourtOfAppeals #Published ⏱️ 2026-05-12 11:30 UTC
## πŸ“„ BPS Direct LLC v. ✍️ No authors listed πŸ›οΈ CourtListener Β· πŸ“… 2026-05-11 --- CourtListener surfaced a newly published opinion from the U.S. Court of Appeals for the Third Circuit in BPS Direct LLC v. The feed entry is truncated and does not include a case summary, but it is a new appellate opinion worth flagging for legal researchers following federal appeals activity. **πŸ”‘ Key Findings:** - Newly published court opinion identified via CourtListener on 2026-05-11 - Issued by the Court of Appeals for the Third Circuit - Case title appears truncated in the source feed - No abstract, syllabus, or author metadata was provided in the source feed --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10857025/bps-direct-llc-v/) #law #CourtOpinion #CourtofAppealsfortheThirdCircuit #Published ⏱️ 2026-05-11 23:31 UTC
## πŸ“„ CUBE: Partially Blind BBS Signatures for Unlinkable Decentralized Identity ✍️ Guohao Lai πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-10 --- CUBE combines partially blind BBS signatures with NIZK proofs to support unlinkable decentralized identity flows. The design is interesting because it tries to preserve auditability while reducing the on-chain privacy leakage and gas cost common in blockchain identity systems. **πŸ”‘ Key Findings:** - Moves heavier identity validation work off-chain while blinding identity-binding elements used on-chain. - Uses partially blind BBS signatures to support unlinkable credential presentations. - Adds a deterministic nullifier tied to soulbound tokens to resist Sybil attacks and credential transfer. - Analyzes existential unforgeability, signer-blindness, and zero-knowledge, then reports low on-chain gas usage. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/920) πŸ“Ž [PDF](https://eprint.iacr.org/2026/920.pdf) #cryptography #privacy #crypto ⏱️ 2026-05-14 14:46 UTC
## πŸ“„ Improved TensorPIR: Single-Server PIR with Lower Communication Cost ✍️ Yingchu Lv, Yanbin Pan, Huaxiong Wang πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-09 --- This paper revisits TensorPIR's index-encryption design to cut the real communication overhead of single-server lattice-based PIR, not just its asymptotic complexity. The result is a more practical PIR construction that materially lowers both query and answer sizes on very large databases while also reducing online runtime. **πŸ”‘ Key Findings:** - Reworks the encryption framework so the protocol needs fewer CRT moduli, reducing both communication and computation costs. - On 16 GB to 128 GB databases, total communication falls to as low as 45.5% of TensorPIR's practical cost. - The authors report theoretical reductions to 36.9% of TensorPIR's query size and 22.2% of its answer size as database size grows. - The scheme also outperforms HintlessPIR in large-database communication while cutting total online time to 28.9% to 56.1% of HintlessPIR's. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/912) πŸ“Ž [PDF](https://eprint.iacr.org/2026/912.pdf) #crypto #cryptography #privacy ⏱️ 2026-05-11 02:45 UTC
## πŸ“„ The Cybersecurity Information Sharing Act of 2015: Expiring Provisions ✍️ CRS πŸ›οΈ CRS Β· πŸ“… 2026-05-08 --- This CRS product focuses on which parts of the Cybersecurity Information Sharing Act of 2015 are set to expire and what that means for current public-private sharing arrangements. That is directly relevant to operators and policymakers because CISA authorities shape liability protections, data-sharing incentives, and the legal plumbing behind threat intelligence exchange. **πŸ”‘ Key Findings:** - Identifies the CISA 2015 provisions facing expiration and their timelines. - Highlights how expiring authorities could affect cyber threat sharing between government and industry. - Frames likely congressional choices around renewal, amendment, or replacement of current protections. --- πŸ”— [Read paper](https://www.everycrsreport.com/reports/IF12959.html) πŸ“Ž [PDF](https://www.everycrsreport.com/files/2026-05-08_IF12959_0f790d129bd47f4600bda68237c1152d7d0e060d.pdf) #cybersecurity #law #privacy #crs ⏱️ 2026-05-21 23:03 UTC
## πŸ“„ Tight Quantum Time-Space Tradeoffs for Permutation Inversion ✍️ Jan-Frederik Hansen, FranΓ§ois Le Gall, Shogo Muguruma πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper gives tighter bounds for quantum time-space tradeoffs in permutation inversion, a core problem tied to the cost of attacking structured cryptographic tasks with preprocessing. The contribution matters because sharper lower and upper bounds improve our understanding of what quantum attackers can realistically buy with memory, advice, and runtime when trying to invert hard permutations. **πŸ”‘ Key Findings:** - Analyzes permutation inversion in the quantum setting with preprocessed advice of size S and runtime T. - Derives tighter tradeoffs between time and space than previous bounds. - Clarifies the limits of quantum preprocessing for inversion-style attacks. - Improves the theoretical baseline for evaluating cryptographic resistance to quantum adversaries. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=post-quantum+cryptography) #cryptography #crypto #dtic ⏱️ 2026-05-20 10:30 UTC
## πŸ“„ On the Cryptographic Futility of Non-collapsing Measurements ✍️ Avgustin Hristov, Raghav Kulkarni, Rafael Pass, Abhishek Shelat πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper studies whether non-collapsing measurements can rescue stronger quantum analogues of collision-resistant cryptography, and finds important limits on that hope. It matters because it maps out where intuitive quantum extensions of classical hardness break down, which is exactly the kind of boundary-setting cryptography needs before building new primitives on shaky assumptions. **πŸ”‘ Key Findings:** - Investigates quantum versions of one-wayness and collision resistance under non-collapsing measurements. - Derives separations showing that stronger quantum measurement power does not automatically yield useful cryptographic primitives. - Identifies structural limits on building collision-resistant style assumptions in this model. - Provides negative results that narrow the viable design space for quantum cryptography. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=cryptography) #cryptography #crypto #dtic ⏱️ 2026-05-20 10:30 UTC
## πŸ“„ How to Copy-Protect Malleable-Puncturable Cryptographic Functionalities Under Arbitrary Challenge Distributions: A Unified Solution to Quantum Protection ✍️ Alper Γ‡akan, Vipul Goyal πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper tackles quantum copy-protection for a broad class of malleable-puncturable cryptographic functionalities, extending protection guarantees beyond narrower challenge models. The main significance is conceptual breadth: it offers a more unified route to quantum anti-piracy style protections where previous constructions often depended on restrictive assumptions about challenge distributions. **πŸ”‘ Key Findings:** - Proposes a unified copy-protection approach for malleable-puncturable functionalities. - Handles arbitrary challenge distributions rather than only narrowly structured ones. - Strengthens the theoretical foundation for quantum software and key anti-cloning protections. - Connects puncturing-based cryptographic machinery with stronger quantum protection goals. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=cryptography) #cryptography #crypto #dtic ⏱️ 2026-05-20 10:30 UTC
## πŸ“„ Parallel Spooky Pebbling Makes Regev Factoring More Practical ✍️ Noam Lifshitz, Or Sattath πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper sharpens the resource analysis behind Regev-style quantum factoring by using parallel spooky pebbling, a pebble-game technique for modeling partially sequential quantum computations. The result matters because it makes the practical cost envelope of these factoring circuits more concrete, which helps both quantum algorithm designers and post-quantum defenders reason about realistic attack budgets. **πŸ”‘ Key Findings:** - Uses spooky pebbling to study quantum circuit layouts for sequential factoring subroutines. - Shows improved parallel time-space tradeoffs for Regev factoring style constructions. - Translates abstract pebbling insights into more practical resource estimates for fault-tolerant quantum attacks. - Helps clarify which bottlenecks remain dominant when trying to speed up quantum factoring in practice. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=post-quantum+cryptography) #cryptography #crypto #dtic ⏱️ 2026-05-20 10:30 UTC
## πŸ“„ Tight Quantum Time-Space Tradeoffs for Permutation Inversion ✍️ Akshima, Tyler Besselman, Kai-Min Chung, Siyao Guo, Tzu-Yi Yang πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper tightens the known tradeoffs for permutation inversion when preprocessing advice is allowed, giving a cleaner picture of the quantum cost of inverting hard functions under bounded memory. That matters because permutation inversion sits close to the foundations of cryptography, so sharper time-space bounds help quantify both attack models and lower-bound intuition. **πŸ”‘ Key Findings:** - Derives tighter quantum time-space tradeoffs for permutation inversion with advice. - Improves the theoretical baseline for evaluating memory-bounded quantum attacks. - Connects inversion cost more precisely to core cryptographic hardness assumptions. - Supplies stronger quantitative guidance for researchers analyzing quantum resource efficiency. --- πŸ”— [Read paper](https://arxiv.org/pdf/2510.12112) #crypto #cryptography #quantum #dtic ⏱️ 2026-05-19 22:30 UTC
## πŸ“„ On the Cryptographic Futility of Non-collapsing Measurements ✍️ Alper Γ‡akan, Dakshita Khurana, Tomoyuki Morimae, Yuki Shirakawa, Kabir Tomer, et al. πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper studies whether non-collapsing measurements unlock stronger quantum cryptographic primitives and finds important limits on that hope. The result matters because it clarifies which exotic quantum measurement models actually buy security power, and which ones fail to deliver the collision-resistance style guarantees cryptographers might want. **πŸ”‘ Key Findings:** - Analyzes separations between quantum one-wayness and stronger collision-resistance-like notions. - Shows meaningful limits on what non-collapsing measurements can achieve for cryptographic construction. - Narrows the set of plausible routes to stronger quantum primitives by ruling out an appealing but weak direction. - Helps focus future quantum cryptography work on assumptions with more defensible security leverage. --- πŸ”— [Read paper](https://arxiv.org/pdf/2510.05055) #crypto #cryptography #quantum #dtic ⏱️ 2026-05-19 22:30 UTC
## πŸ“„ How to Copy-Protect Malleable-Puncturable Cryptographic Functionalities Under Arbitrary Challenge Distributions: A Unified Solution to Quantum Protection ✍️ Alper Γ‡akan, Vipul Goyal πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This work tackles quantum copy-protection for a broad class of malleable-puncturable cryptographic functionalities, even when challenge distributions are arbitrary rather than carefully restricted. It matters because copy-protection is one of the more ambitious quantum-native security goals, and a unified construction here pushes the theory closer to reusable anti-piracy and anti-cloning primitives. **πŸ”‘ Key Findings:** - Gives a unified construction for copy-protecting malleable-puncturable functionalities in the quantum setting. - Handles arbitrary challenge distributions, which removes an important limitation in prior formulations. - Strengthens the theoretical case for quantum states as unclonable carriers of cryptographic capability. - Extends the design space for anti-piracy and function-protection mechanisms built on quantum assumptions. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=post-quantum+cryptography) #crypto #cryptography #quantum #dtic ⏱️ 2026-05-19 22:30 UTC
## πŸ“„ Parallel Spooky Pebbling Makes Regev Factoring More Practical ✍️ Gregory D. Kahanamoku-Meyer, Seyoon Ragavan, Katherine Van Kirk πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper sharpens the resource analysis behind quantum attacks on integer factoring by improving parallel "spooky pebbling" strategies used in Regev-style circuits. The result matters because it makes a concrete class of quantum factoring attacks look more practical under realistic time-space constraints, which feeds directly into post-quantum migration planning. **πŸ”‘ Key Findings:** - Improves parallel pebbling constructions for sequential quantum computations used in Regev factoring. - Lowers practical resource costs for a quantum factoring approach that is already important in post-quantum threat modeling. - Gives tighter time-space tradeoff intuition for implementers estimating quantum attack feasibility. - Adds evidence that cryptanalytic practicality can shift meaningfully through circuit-level optimization, not just algorithmic breakthroughs. --- πŸ”— [Read paper](https://arxiv.org/pdf/2510.08432) #crypto #cryptography #post-quantum #dtic ⏱️ 2026-05-19 22:30 UTC
## πŸ“„ Tight Quantum Time-Space Tradeoffs for Permutation Inversion ✍️ Akshima, Tyler Besselman, Kai-Min Chung, Siyao Guo, Tzu-Yi Yang πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper gives tighter quantum time-space tradeoffs for permutation inversion, a core problem for understanding the limits of preprocessing and advice in quantum algorithms. Results like this matter because they refine the lower-bound picture behind cryptographic hardness assumptions and quantum attack costs. **πŸ”‘ Key Findings:** - Studies quantum permutation inversion with advice of size S and inversion time T. - Derives tighter bounds on the achievable time-space tradeoff than prior analyses. - Improves understanding of how much preprocessing helps quantum attackers on structured inversion problems. - Adds useful theory for evaluating security margins where attack cost depends on both time and memory. --- πŸ”— [Read paper](https://arxiv.org/pdf/2510.12112) #cryptography #crypto #post-quantum #cybersecurity ⏱️ 2026-05-19 10:30 UTC
## πŸ“„ On the Cryptographic Futility of Non-collapsing Measurements ✍️ Alper Γ‡akan, Dakshita Khurana, Tomoyuki Morimae, Yuki Shirakawa, Kabir Tomer, et al. πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper studies whether non-collapsing measurements enable stronger quantum cryptographic primitives, and argues they largely do not. By separating quantum one-wayness from collision resistance in this setting, it clarifies which exotic quantum measurement models are actually useful for building secure cryptography. **πŸ”‘ Key Findings:** - Analyzes collision resistance and one-wayness under quantum non-collapsing measurement models. - Shows separations that limit hopes that non-collapsing measurements automatically unlock stronger cryptographic constructions. - Narrows the design space for speculative quantum primitives by identifying where these measurements are cryptographically unhelpful. - Provides cleaner theoretical footing for evaluating exotic quantum resources in security proofs. --- πŸ”— [Read paper](https://arxiv.org/pdf/2510.05055) #cryptography #crypto #post-quantum #quantum-security ⏱️ 2026-05-19 10:30 UTC
## πŸ“„ How to Copy-Protect Malleable-Puncturable Cryptographic Functionalities Under Arbitrary Challenge Distributions: A Unified Solution to Quantum Protection ✍️ Alper Γ‡akan, Vipul Goyal πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This work gives a unified construction for quantum copy-protection of malleable-puncturable cryptographic functionalities, even under arbitrary challenge distributions. It pushes copy-protection closer to a general-purpose primitive instead of a narrow proof-of-concept, which is a meaningful step for anti-piracy and unclonable software. **πŸ”‘ Key Findings:** - Extends quantum copy-protection to a broader class of malleable-puncturable functionalities. - Handles arbitrary challenge distributions rather than relying on more restricted query settings. - Frames the result as a unified solution, suggesting a cleaner general theory for quantum protection mechanisms. - Strengthens the case that unclonable cryptographic capabilities may be achievable beyond bespoke constructions. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=post-quantum+cryptography) #cryptography #crypto #post-quantum #quantum-security ⏱️ 2026-05-19 10:30 UTC
## πŸ“„ Parallel Spooky Pebbling Makes Regev Factoring More Practical ✍️ Gregory D. Kahanamoku-Meyer, Seyoon Ragavan, Katherine Van Kirk πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper makes Regev-style quantum factoring more practical by applying parallel β€œspooky pebbling” techniques to sequential quantum subroutines. The result is a cleaner time-space tradeoff for factoring circuits, which matters for estimating realistic quantum resource requirements against classical cryptosystems. **πŸ”‘ Key Findings:** - Adapts pebble-game methods from reversible computing into a more parallel construction for Regev factoring. - Uses Hadamard-basis style parallelism to reduce bottlenecks in sequential quantum circuit structure. - Improves the practicality of concrete factoring resource estimates, not just asymptotic theory. - Helps sharpen quantum threat modeling for public-key systems that rely on hardness of factoring. --- πŸ”— [Read paper](https://arxiv.org/pdf/2510.08432) #cryptography #crypto #post-quantum #cybersecurity ⏱️ 2026-05-19 10:30 UTC
## πŸ“„ Parallel Spooky Pebbling Makes Regev Factoring More Practical ✍️ Gregory D. Kahanamoku-Meyer, Seyoon Ragavan, Katherine Van Kirk πŸ›οΈ DTIC Β· πŸ“… 2026-05-08 --- This paper improves the practicality of quantum attacks based on Regev-style factoring by refining the pebbling strategy used to schedule sequential quantum computations. The result is a more parallelizable construction that lowers resource costs for a cryptanalytic workload that matters to post-quantum security planning. **πŸ”‘ Key Findings:** - Introduces a parallel β€œspooky pebbling” approach for sequential quantum subroutines used in Regev factoring. - Shows better time-space tradeoffs than earlier pebbling strategies for this attack family. - Makes concrete resource estimates for quantum factoring attacks more realistic and operationally relevant. - Matters for evaluating how much safety margin candidate post-quantum schemes really have against future fault-tolerant quantum machines. --- πŸ”— [Read paper](https://arxiv.org/pdf/2510.08432) #cryptography #crypto #post-quantum #dtic ⏱️ 2026-05-16 22:30 UTC
## πŸ“„ On Succinct Non-Interactive Secure Computation with Malicious Security ✍️ Maya Farber Brodsky, Arka Rai Choudhuri, Abhishek Jain, Omer Paneth πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-08 --- This work gives maliciously secure succinct non-interactive secure computation for several practical lookup-style tasks from standard assumptions, narrowing a gap that previously needed stronger primitives like NP SNARKs. It matters because it shows compact one-round secure computation can be made robust against malicious behavior for natural server-held data problems using FHE and batch arguments. **πŸ”‘ Key Findings:** - Constructs maliciously secure succinct NISC protocols from standard assumptions for private set membership, dictionary lookup, verifiable dictionary lookup, and certain UP search tasks. - Achieves succinct server responses whose size depends on output length rather than the size of the server's dataset. - Provides split-simulation security against malicious servers and standard security against malicious clients. - Introduces a new simulation method that extracts a large server input incrementally and reconstructs it coherently. - Uses a new monotone coupling argument based on Strassen's theorem to enable the reconstruction step. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/909) πŸ“Ž [PDF](https://eprint.iacr.org/2026/909.pdf) #crypto #cryptography #privacy ⏱️ 2026-05-11 02:45 UTC
## πŸ“„ Magic Pot: Cryptanalysis of full AIM2 in the standard and related-/reused-key settings using new elimination framework ✍️ Alex Biryukov, Pablo GarcΓ­a FernΓ‘ndez, Aleksei Udovenko πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-08 --- This paper attacks AIM2, the core primitive inside the AIMer post-quantum signature scheme, using a new algebraic elimination framework over univariate polynomial rings. The results argue that AIM2 falls short of its claimed security level, especially in related-key and reused-key misuse settings where attacks become practical enough to benchmark experimentally. **πŸ”‘ Key Findings:** - Develops a new algebraic cryptanalysis framework based on extended linearization over a univariate polynomial ring plus a new null-vector algorithm for polynomial matrices. - Uses that framework to break the full AIM2 primitive underlying AIMer v2.1, a winner of the Korean PQC competition. - Shows that in reused-key and related-key scenarios the attacks become practically feasible, not just asymptotic. - Provides experimental verification and benchmarking for those misuse-setting attacks. - Applies the same method to the RAIN block cipher used in Rainier, improving prior attacks there as well, though without yet undermining Rainier’s claimed security. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/903) πŸ“Ž [PDF](https://eprint.iacr.org/2026/903.pdf) #cryptography #crypto #cybersecurity #post-quantum ⏱️ 2026-05-10 14:45 UTC
## πŸ“„ Threshold (T)FHE without smudging by means of correct threshold additive HE ✍️ Antonina Bondarchuk, Renaud Sirdey, Aymen Boudguiga, Olive Chakraborty πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-07 --- This paper proposes a way to build threshold LWE-based FHE, including TFHE-style systems, without the usual smudging or noise-flooding tricks used to hide decryption leakage. Instead, it hides the sensitive LWE b-term inside a correct threshold additive homomorphic scheme such as Paillier, aiming to preserve security while avoiding the large-parameter penalty of flooding. **πŸ”‘ Key Findings:** - Argues that threshold decryption for LWE-based FHE can avoid smudging entirely if the post-computation LWE b-term is encrypted under a correct linear homomorphic scheme. - Instantiates the approach using TFHE together with the Tiresias threshold Paillier construction. - Proves the resulting thPLWE construction IND-CPA secure against static corruption with adaptive queries, assuming the underlying Tiresias scheme satisfies the same notion. - Uses sanitization to maintain independence between message content and residual noise before distributed decryption. - Provides experimental results and compares practicality against recent threshold-FHE alternatives. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/901) πŸ“Ž [PDF](https://eprint.iacr.org/2026/901.pdf) #cryptography #crypto #privacy ⏱️ 2026-05-10 14:45 UTC
## πŸ“„ VCVio: Verified Cryptography in Lean via Oracle Effects and Handlers ✍️ Devon Tuma, Quang Dao, James Waters, Alexander Hicks, Nicholas Hopper πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-07 --- VCVio is a new foundational framework in Lean 4 for mechanized cryptographic proofs, aimed at closing the usual gap between high assurance and the flexible oracle reasoning modern cryptography needs. It models oracle interactions with algebraic effects and handlers, then layers reusable probabilistic proof tactics on top to support both unary and relational arguments. **πŸ”‘ Key Findings:** - Represents oracle access as a free monad over the oracle specification, making transcripts explicit and enabling caching, logging, reprogramming, and replay as handler combinators. - Reduces rewinding arguments to deterministic transcript replay, avoiding the rewindability axioms used in some prior formalizations. - Extends the Loom framework to relational probabilistic reasoning, so one tactic framework can handle both unary and relational proofs. - Demonstrates the system on a random-oracle commitment scheme, the Bellare-Neven forking lemma, and a full EUF-CMA proof for Schnorr signatures. - Reports practical experience using LLM coding agents and automated proof search inside the development workflow, including successes and failure modes. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/899) πŸ“Ž [PDF](https://eprint.iacr.org/2026/899.pdf) #cryptography #crypto #ai-security ⏱️ 2026-05-10 14:45 UTC
## πŸ“„ Smartmatic USA Corp. v. Fox Corp. ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-07 --- CourtListener surfaced a newly published New York appellate opinion in *Smartmatic USA Corp. v. Fox Corp.*, but the underlying text was not retrievable during this automated run because the public page was still returning an empty 202-processing response. From the caption and court metadata, the case appears to be part of the high-profile defamation litigation arising from false 2020 election-fraud allegations, but the specific ruling and its procedural significance could not be confirmed from primary text yet. **πŸ”‘ Key Findings:** - CourtListener indexed the case as a published 2026-05-07 opinion from the Appellate Division of the Supreme Court of the State of New York. - The caption indicates the opinion concerns the Smartmatic defamation case against Fox entities. - The public opinion page was still returning a 202 response with no opinion body during retrieval, preventing verification of the court’s holding. - Without the text, the run could not confirm whether the decision addresses pleading sufficiency, appellate procedure, discovery, or damages-related issues. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10855819/smartmatic-usa-corp-v-fox-corp/) #law #court-opinion #defamation #election-litigation ⏱️ 2026-05-07 23:30 UTC
## πŸ“„ Client-Server Homomorphic Secret Sharing in the CRS Model ✍️ Damiano Abram, Geoffroy Couteau, Lalita Devadas, Aditya Hegde, Abhishek Jain, et al. πŸ›οΈ DTIC Β· πŸ“… 2026-05-06 --- This work advances homomorphic secret sharing in the common reference string model, a setting that is important for outsourced private computation without giving any one server the full input. It pushes distributed cryptographic computation closer to practical deployment for privacy-preserving analytics and secure delegation. **πŸ”‘ Key Findings:** - Develops a client-server HSS construction in the CRS model for non-interactive distributed computation. - Targets the gap between theoretical HSS feasibility and more deployable trust assumptions. - Improves the toolbox for private outsourced computation where inputs remain secret-shared across servers. - Relevant to secure computation architectures that want some of FHE’s functionality with different efficiency and trust tradeoffs. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=homomorphic+encryption) #cryptography #privacy #secure-computation #dtic ⏱️ 2026-05-16 22:30 UTC
## πŸ“„ RingSLIP: Ring Signatures from the Lattice Isomorphism Problem ✍️ Callum London, Daniel Gardham, Constantin Catalin Dragan πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-06 --- RingSLIP introduces a post-quantum linkable ring signature built from the Lattice Isomorphism Problem and the HAWK signature line, rather than the usual LWE/SIS foundations. The design matters because it aims to keep ring signatures practical at large ring sizes while preserving linkability and correctness, two places prior LIP-based work fell short. **πŸ”‘ Key Findings:** - Proposes a secure linkable ring signature based on LIP, leveraging HAWK as the underlying signature primitive. - Achieves logarithmic growth in ring size, with a concrete 46KB signature at 128-bit security for 4096 ring members. - Positions the scheme as competitive with other lattice-based ring signatures on size. - Highlights online/offline computation splits that reduce online signing to 8.54 Γ— 10^4 CPU cycles and verification to 1.48 Γ— 10^5 cycles. - Claims the construction avoids the linkability and correctness failures identified in the prior LIP-based ring signature approach. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/889) πŸ“Ž [PDF](https://eprint.iacr.org/2026/889.pdf) #cryptography #crypto #privacy ⏱️ 2026-05-09 08:45 UTC
## πŸ“„ United States v. McCarthy ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-06 --- This newly published Tenth Circuit decision is a fresh federal appellate opinion in a U.S. criminal case, flagged through the CourtListener monitoring pipeline. Even without full text in the feed, new circuit-level criminal rulings can matter for digital evidence, sentencing, procedural rights, or investigative authorities, especially when later cited across the region. **πŸ”‘ Key Findings:** - New published opinion from the U.S. Court of Appeals for the Tenth Circuit. - Federal criminal case with precedential or persuasive value within the circuit. - Appellate rulings often clarify evidentiary, procedural, or sentencing standards for district courts. - Worth follow-up review once the full opinion text is easily accessible. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10854231/united-states-v-mccarthy/) #law ⏱️ 2026-05-06 23:32 UTC
## πŸ“„ Lee v. Iran ✍️ Judge Amit P. Mehta πŸ›οΈ CourtListener Β· πŸ“… 2026-05-06 --- This published District of Columbia opinion appears to be a new federal court decision involving Iran, surfaced through CourtListener's law-focused monitoring feed. The available metadata is sparse, but the case is likely relevant to sanctions, sovereign immunity, terrorism-related claims, or other cross-border legal questions where litigation against a foreign state can shape U.S. law and policy. **πŸ”‘ Key Findings:** - New published opinion from the U.S. District Court for the District of Columbia. - Case caption indicates litigation directly involving Iran as a party. - D.D.C. foreign-state cases often intersect with FSIA, sanctions, terrorism exceptions, or judgment enforcement issues. - Published district court opinions can influence future briefing in adjacent national security and cross-border civil litigation. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10854303/lee-v-iran/) #law #intelligence ⏱️ 2026-05-06 23:32 UTC
## πŸ“„ Artificial Intelligence and the Fourth Amendment: Two Emerging Legal Issues ✍️ CRS πŸ›οΈ CRS Β· πŸ“… 2026-05-05 --- This CRS legal sidebar examines how AI may change Fourth Amendment analysis, likely focusing on search, surveillance, and automated inference questions that older case law did not squarely address. It matters because AI-enabled policing and intelligence tools are advancing faster than settled constitutional doctrine. **πŸ”‘ Key Findings:** - Surfaces two concrete Fourth Amendment questions raised by AI-enabled government use. - Connects emerging AI capabilities to search, reasonableness, and privacy doctrine. - Provides a legal framing Congress can use when evaluating safeguards, procurement, or oversight. --- πŸ”— [Read paper](https://www.everycrsreport.com/reports/LSB11429.html) πŸ“Ž [PDF](https://www.everycrsreport.com/files/2026-05-05_LSB11429_24968f4a8f57c59ae7fb6af0dd3ca7813ae0ecc5.pdf) #ai-security #law #privacy #crs ⏱️ 2026-05-21 23:03 UTC
## πŸ“„ Post-Quantum Public-Key Pseudorandom Correlation Functions for OT ✍️ Shweta Agrawal, Kaartik Bhushan, Geoffroy Couteau, Mahshid Riahinia πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-05 --- This work fills an important gap in post-quantum secure computation by introducing what the authors describe as the first efficient lattice-based public-key pseudorandom correlation function for string oblivious transfer. It pushes a previously impractical primitive closer to usable territory, with much better throughput than prior lattice-based approaches and a clear roadmap for future optimization. **πŸ”‘ Key Findings:** - Constructs an efficient post-quantum PK-PCF for standard string OT using lattice techniques. - Achieves throughput of a few hundred OTs per second, versus about 9 OT/s for the recent non-public-key lattice-based comparison point cited by the authors. - Requires large but manageable public keys in the few-hundred-megabyte range, rather than multi-gigabyte keys. - Introduces efficient lattice-based constrained PRFs for low-degree polynomials from a new secret-power variant of ring-LWE. - Adds a new packing mechanism compatible with local rounding of noisy shares to further improve efficiency. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/877) πŸ“Ž [PDF](https://eprint.iacr.org/2026/877.pdf) #cryptography #crypto #post-quantum #privacy #secure-computation ⏱️ 2026-05-08 14:45 UTC
## πŸ“„ Optimized Final Exponentiation for Optimal Ate Pairings Using Cyclotomic Cubing ✍️ Leila Ben Abdelghani, Walid Haddaji πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-05 --- This paper targets one of the most expensive steps in pairing-based cryptography, the final exponentiation, and shows how cyclotomic cubing can make it materially faster on several pairing-friendly curves. The result is a concrete implementation win for systems that rely on optimal Ate pairings, especially where pairing throughput or verifier cost matters. **πŸ”‘ Key Findings:** - Describes an efficient cubing operation in the cyclotomic subgroup of Fq^6 for q ≑ 1 mod 6. - Uses this construction plus optimized Frobenius-map computations to reduce the cost of final exponentiation on the SG54 curve. - Introduces a new decomposition of the hard part of the final exponentiation for SG54. - Extends the acceleration approach to BLS15 and BLS27 curves using established cyclotomic cubing methods. - Reports efficiency gains of 24% for SG54 and 22% for BLS15 and BLS27 versus prior work. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/885) πŸ“Ž [PDF](https://eprint.iacr.org/2026/885.pdf) #cryptography #crypto #pairings #performance ⏱️ 2026-05-08 14:45 UTC
## πŸ“„ An AI-Driven Post-Quantum Cryptographically Secure Workflow for Collaborative Credit Scoring ✍️ Daniel Aronoff, Nut Chukamphaeng, Phoochit Witchutanon, Samiran Chanseewong, Koravich Sangkaew, et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-05 --- This paper sketches a collaborative credit-scoring workflow that combines AI-driven model building with post-quantum cryptography, aiming to let multiple parties contribute sensitive financial data without exposing raw records. The contribution is practical in spirit: a toy end-to-end design meant to show how privacy regulation, multi-party analytics, and quantum-resilient protection could fit together in a real lending pipeline. **πŸ”‘ Key Findings:** - Proposes a collaborative credit-scoring workflow where multiple stakeholders can contribute data to model training without directly sharing plaintext financial records. - Uses post-quantum cryptographic protections to address long-term confidentiality risks from future quantum attacks. - Frames AI-based credit modeling and privacy regulation as a joint systems problem rather than treating security as an add-on. - Delivers a toy implementation and linked codebase intended as a foundation for more realistic production deployments. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/876) πŸ“Ž [PDF](https://eprint.iacr.org/2026/876.pdf) #crypto #cryptography #privacy #fincrime #post-quantum ⏱️ 2026-05-08 14:45 UTC
## πŸ“„ Matter of Bifulco v. City of New York ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-05 --- A New York appellate decision touching digital-rights and surveillance-law themes surfaced in the CourtListener feed. The available metadata is sparse, so this post is a cautious pointer to the opinion itself rather than a strong substantive claim about its holdings. **πŸ”‘ Key Findings:** - Newly surfaced CourtListener opinion matched the monitor's law-topic search terms. - Source metadata does not expose a useful abstract or judge list in this result. - The opinion is published and available directly on CourtListener for review. - This is best treated as a legal-watchlist item pending closer reading of the full text. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10853716/matter-of-bifulco-v-city-of-new-york/) #law #digital-rights #surveillance-law #court-opinion ⏱️ 2026-05-05 23:30 UTC
## πŸ“„ Differentially Private Functional Encryption ✍️ Jasmin Zalonis, Frederik Armknecht, Linda Scheu-Hachtel πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-04 --- This paper connects differential privacy and functional encryption by introducing noisy multi-input functional encryption, or NMIFE, as a primitive for protecting both raw inputs and released outputs in one mechanism. Beyond the definition work, it also presents a more efficient inner-product construction, DiffPIPE, aimed at privacy-preserving counting queries over datasets. **πŸ”‘ Key Findings:** - Introduces NMIFE, extending multi-input functional encryption so decryption keys can encode noisy functions with secret noise values. - Develops correctness and security definitions tailored specifically to differential-privacy use cases. - Shows a generic transformation from any full-hiding MIFE scheme into a secure NMIFE scheme with nearly unchanged performance. - Presents DiffPIPE, a new concrete NMIFE scheme for inner-product evaluation. - Reports that DiffPIPE outperforms NMIFE constructions obtained indirectly from existing full-hiding MIFE schemes and demonstrates usefulness for privacy-preserving counting queries. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/868) πŸ“Ž [PDF](https://eprint.iacr.org/2026/868.pdf) #cryptography #privacy #crypto #differential-privacy #secure-computation ⏱️ 2026-05-08 14:45 UTC
## πŸ“„ Anomalous Cryptocurrency Transaction Detection: A Systematic Review of Techniques, Datasets, and Future Directions ✍️ Md Saidul Islam, Syed Mohammed Shamsul Islam, Md Zakir Hossain, Mohiuddin Ahmed, Iqbal H. Sarker πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-04 --- This systematic review maps how cryptocurrency anomaly detection has evolved from feature-engineered classifiers toward graph-based and temporal deep learning methods. It is especially useful for practitioners because it does not just summarize model performance, it also highlights dataset bias, benchmarking gaps, explainability limits, and the mismatch between academic accuracy claims and deployable anti-money-laundering systems. **πŸ”‘ Key Findings:** - Reviews 32 empirical studies selected from an initial 450-record search using a PRISMA-guided screening process. - Finds a clear methodological shift from Random Forest, XGBoost, and SVM pipelines toward GNNs, temporal graph models, and hybrid GNN-transformer systems. - Identifies privacy-preserving federated learning and cross-chain detection as emerging directions for operational monitoring. - Notes that some studies report >90% accuracy, but these results are weakened by dataset bias, inconsistent metrics, and weak adversarial robustness evaluation. - Highlights major deployment blockers including scalability, poor explainability, lack of multi-chain benchmarks, and compliance-oriented interpretability requirements. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/871) πŸ“Ž [PDF](https://eprint.iacr.org/2026/871.pdf) #crypto #fincrime #cybersecurity #privacy #blockchain ⏱️ 2026-05-08 14:45 UTC
## πŸ“„ Observability for Post-Quantum TLS Readiness: A Multi-Surface Evidence Framework ✍️ JosΓ© Luis Delgado πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-04 --- This paper argues that post-quantum TLS readiness cannot be measured from a single vantage point, especially under TLS 1.3 where negotiation details are often hidden. It introduces a multi-surface evidence framework that combines passive traces, active probing, certificate-chain analysis, and registry knowledge to produce auditable readiness assessments with explicit uncertainty handling. **πŸ”‘ Key Findings:** - Separates PQ-TLS measurement into distinct evidence surfaces: passive session behavior, active endpoint probing, certificate-chain evidence, and external registry knowledge. - Evaluates the framework across 29 controlled scenarios covering TLS 1.2/1.3, hybrid key exchange, mTLS, resumption, HelloRetryRequest, truncation, fragmentation, IPv6, and temporal drift. - Shows a baseline inherited analyzer detected only 2 of 29 runs overall and none of 23 TLS 1.3 runs, underscoring the weakness of naive approaches. - In a 1000-target public campaign, completed 1,971 handshakes, gathered 1,368 chain artifacts, and confirmed hybrid capability for 310 targets. - Preserves unknowns, ambiguity, and contradictions as first-class outcomes instead of overclaiming confidence from incomplete evidence. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/866) πŸ“Ž [PDF](https://eprint.iacr.org/2026/866.pdf) #cryptography #cybersecurity #post-quantum #tls #measurement ⏱️ 2026-05-08 14:45 UTC
## πŸ“„ Threats and protection of on-chip test features throughout the lifetime of Integrated Circuits ✍️ Joel Γ…hlund πŸ›οΈ OpenAlex Β· πŸ“… 2026-05-04 --- This thesis looks at how integrated-circuit test and debug features become attack surfaces across the full chip lifecycle, especially when design, tooling, manufacturing, and validation are spread across partially untrusted parties. It proposes practical defenses for reconfigurable scan networks and other DfT infrastructure, while also demonstrating how those same features can be abused to leak secrets from on-chip crypto. **πŸ”‘ Key Findings:** - Models lifecycle threats against embedded Design-for-Test features in globally distributed IC development and manufacturing. - Proposes modified segment insertion components to harden reconfigurable scan networks against hardware-Trojan abuse. - Introduces controlled sharing of on-chip instruments across external actors, with hidden or restricted access outside each user's scope. - Demonstrates a hardware-Trojan attack that abuses common DfT instrumentation to extract an AES secret key. - Proposes a dedicated monitoring and defense network to detect or constrain attacks that misuse embedded test resources. --- πŸ”— [Read paper](https://openalex.org/W7153676524) πŸ“Ž [PDF](https://lup.lub.lu.se/search/files/246969143/Threats_and_Protection_of_On-Chip_Test_Features_Throughout_the_Lifetime_of_Integrated_Circuits.pdf) #hardware-security #cybersecurity #cryptography ⏱️ 2026-04-27 21:00 UTC
## πŸ“„ Sender-Efficient Identity-Based Encryption with Reduced Server Trust in the Key Curator Model ✍️ Yuan Liang, Giovanni Di Crescenzo, Haining Wang πŸ›οΈ DTIC Β· πŸ“… 2026-05-01 --- This paper revisits identity-based encryption for settings where a key curator helps with private-key generation but should not be fully trusted. The authors propose a sender-efficient IBE construction that lowers encryption overhead while reducing the server trust assumptions, which matters for practical deployments that want IBE-style usability without handing too much power to a central key service. **πŸ”‘ Key Findings:** - Introduces an identity-based encryption scheme in the key curator model with reduced reliance on a fully trusted server. - Focuses on sender efficiency, aiming to lower the online cost of encryption for clients initiating protected communication. - Targets the long-standing usability advantage of IBE while addressing operational concerns around key escrow and curator compromise. - Positions the construction as a practical step toward deployable IBE in environments that need centralized assistance but tighter trust boundaries. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=cryptography) #cryptography #crypto ⏱️ 2026-05-20 22:31 UTC
## πŸ“„ Sender-Efficient Identity-Based Encryption with Reduced Server Trust in the Key Curator Model ✍️ Yuan Liang, Giovanni Di Crescenzo, Haining Wang πŸ›οΈ DTIC Β· πŸ“… 2026-05-01 --- This paper revisits identity-based encryption with a focus on reducing server trust while keeping encryption efficient for senders. That combination is useful for real-world systems that want simpler public-key management without handing too much power to a central key service. **πŸ”‘ Key Findings:** - Proposes an IBE construction in the key curator model with reduced trust in the assisting server. - Optimizes sender-side efficiency, which is often a deployment bottleneck for usable IBE systems. - Explores a middle ground between classic fully trusted PKGs and more distributed trust arrangements. - Useful for secure messaging and enterprise identity-linked encryption workflows where operational trust minimization matters. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=decentralized+identity) #cryptography #privacy #identity #dtic ⏱️ 2026-05-16 22:30 UTC
## πŸ“„ gTower: Securely Enforcing Fine-Grained Access Control over Outsourced Graph Data ✍️ Yuyang Li, Xiaokui Shu, Rongxing Lu πŸ›οΈ IACR ePrint Β· πŸ“… 2026-05-01 --- This paper introduces gTower, a cryptographic system for enforcing fine-grained access control over encrypted outsourced graph data without revealing sensitive graph structure to the hosting server. It matters because graph workloads are increasingly pushed to untrusted infrastructure, and access policies need to survive that move without collapsing privacy or usability. **πŸ”‘ Key Findings:** - Proposes a secure graph data outsourcing scheme that supports fine-grained access control on encrypted graph structures. - Targets graph-specific privacy leakage, not just record-level confidentiality, which is a harder problem in outsourced analytics. - Combines access enforcement with practical outsourced storage so authorized users can query graph data while the server learns limited information. - Frames graph access control as a first-class cryptographic systems problem rather than a generic cloud storage policy layer. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/852) πŸ“Ž [PDF](https://eprint.iacr.org/2026/852.pdf) #cryptography #privacy #cybersecurity ⏱️ 2026-05-05 08:46 UTC
## πŸ“„ Thomas v. State ✍️ Tang πŸ›οΈ CourtListener Β· πŸ“… 2026-05-01 --- Maryland’s Appellate Court held that exigent circumstances justified police use of both real-time CSLI from Verizon and a cell-site simulator to locate a murder suspect without first getting a fresh warrant for the newly discovered phone number. The opinion is a notable surveillance-law decision because it treats an active manhunt for an armed fugitive as enough to overcome the normal warrant requirement for highly sensitive location tracking tools. **πŸ”‘ Key Findings:** - The court upheld warrantless acquisition of real-time CSLI under an emergency disclosure request because police were pursuing a suspect in a fatal shooting who had already eluded them. - It also upheld warrantless use of a Stingray-style cell-site simulator to pinpoint the suspect’s motel room, emphasizing the ongoing public-safety risk. - The court stressed that officers had earlier obtained tracking orders for other phone numbers, but the operative number changed during the manhunt, tightening the timeline. - Beyond the surveillance issue, the panel also affirmed admission of an accusatory text as an adoptive admission and upheld a transferred-intent jury instruction. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10851851/thomas-v-state/) πŸ“Ž [PDF](https://www.mdcourts.gov/data/opinions/cosa/2026/1530s23.pdf) #law #privacy #surveillance #CourtOpinion ⏱️ 2026-05-02 23:30 UTC
## πŸ“„ Towards a standardized secure MPC outsourcing and management framework ✍️ Oscar G. Bautista, Kemal Akkaya, Soamar Homsi πŸ›οΈ DTIC Β· πŸ“… 2026-05-01 --- This paper tackles the awkward operational gap between secure multiparty computation theory and actually running MPC jobs across parties that do not already trust each other. It proposes an end-to-end management framework for outsourced MPC, covering job orchestration, Kerberos-like authentication, and result verification that can catch cheating without exposing plaintext outputs to untrusted servers. **πŸ”‘ Key Findings:** - Proposes a full MPC management stack, not just a cryptographic primitive, including request handling, orchestration, authentication, and output verification. - Uses a Kerberos-like protocol so clients and MPC servers can establish secure communication without prior mutual identity knowledge. - Adds separate verification servers so correctness can be checked while keeping outputs hidden from untrusted MPC operators. - Targets a malicious setting with dishonest majority assumptions, aiming to detect cheating during outsourced execution. - Implements the design with SPDZ and reports proof-of-concept results showing practical setup and execution across multiple participants. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=cryptography) #crypto #cryptography #privacy #cybersecurity ⏱️ 2026-05-02 10:30 UTC
## πŸ“„ United States v. Anthony Blair ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-01 --- New published Eleventh Circuit criminal case flagged via CourtListener. Based on the currently available metadata, this is a federal appellate opinion worth reviewing for practitioners tracking criminal law, federal procedure, or circuit-level developments. **πŸ”‘ Key Findings:** - Published opinion from the U.S. Court of Appeals for the Eleventh Circuit surfaced in this monitoring run. - The case caption identifies the matter as United States v. Anthony Blair. - The available metadata confirms appellate publication status, suggesting precedential or at least citable significance in the circuit. - Full reasoning, holdings, and procedural posture should be verified in the opinion text. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10851603/united-states-v-anthony-blair/) #law #CourtOpinion #CourtofAppealsfortheEleventhCircuit #Published ⏱️ 2026-05-01 23:31 UTC
## πŸ“„ Office of Lawyer Regulation v. Michael Seung-Hyock Yang ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-05-01 --- New Wisconsin Supreme Court disciplinary matter flagged via CourtListener. The available metadata identifies this as a published court opinion in an attorney regulation case, which makes it potentially relevant for legal ethics, professional responsibility, and court oversight watchers. **πŸ”‘ Key Findings:** - Published Wisconsin Supreme Court opinion surfaced in the latest CourtListener monitor run. - The caption indicates a proceeding brought by the Office of Lawyer Regulation against Michael Seung-Hyock Yang. - This appears relevant to legal ethics and attorney discipline tracking. - Full opinion details should be reviewed directly from the court record for holdings and sanctions. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10851662/office-of-lawyer-regulation-v-michael-seung-hyock-yang/) #law #CourtOpinion #WisconsinSupremeCourt #Published ⏱️ 2026-05-01 23:31 UTC
## πŸ“„ Towards a standardized secure MPC outsourcing and management framework ✍️ Oscar G. Bautista, Kemal Akkaya, Soamar Homsi πŸ›οΈ DTIC Β· πŸ“… 2026-05-01 --- This paper proposes a standardized framework for outsourcing and managing secure multiparty computation workloads, aimed at making MPC usable in real operational settings instead of bespoke one-off deployments. The practical value is in turning privacy-preserving computation into something organizations can provision, orchestrate, and govern with less specialized effort. **πŸ”‘ Key Findings:** - Frames secure MPC as an operational management problem, not just a cryptographic protocol design problem. - Proposes a standardized outsourcing and lifecycle-management approach for privacy-sensitive multi-party workloads. - Targets deployment contexts like health, finance, agriculture, and smart-city systems where data cannot be freely pooled. - Emphasizes interoperability and service management as barriers to broader MPC adoption. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=cryptography) #cryptography #privacy #crypto #dtic ⏱️ 2026-04-26 22:30 UTC
## πŸ“„ Compressed FHE: Accelerating Encrypted Matrix Multiplication in CKKS with Precision-Balanced Low-Rank Factor Chains ✍️ Dimitrios Schoinianakis, Maryam Sabzevari πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-30 --- This paper presents cFHE, a framework for speeding up encrypted matrix multiplication in CKKS by combining low-rank factorization with precision-aware parameter selection. It matters because matrix multiplication dominates many homomorphic workloads, and reducing depth, runtime, and ciphertext size is central to making FHE practical. **πŸ”‘ Key Findings:** - Derives analytical bounds for relative error accumulation across chains of low-rank factorized matrices under CKKS evaluation. - Introduces a precision-balancing model that jointly tunes low-rank approximation quality and CKKS cryptographic parameters for a target accuracy. - Extends the framework to tree-based evaluation structures, enabling logarithmic depth growth in the number of factors. - Experiments show faster encrypted matrix multiplication and smaller ciphertexts than direct or tree-based encrypted multiplication while preserving accuracy. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/845) πŸ“Ž [PDF](https://eprint.iacr.org/2026/845.pdf) #cryptography #privacy #crypto ⏱️ 2026-05-05 08:46 UTC
## πŸ“„ United States v. Andre Williamson ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-04-30 --- New published Fourth Circuit criminal case flagged via CourtListener. The metadata indicates a federal appellate opinion, making it potentially useful for monitoring criminal appeals, sentencing issues, or procedural developments in the Fourth Circuit. **πŸ”‘ Key Findings:** - Published opinion from the U.S. Court of Appeals for the Fourth Circuit surfaced in the latest run. - The case caption identifies the matter as United States v. Andre Williamson. - CourtListener metadata marks the decision as published, which usually signals heightened research value. - Researchers should review the full text for the court's reasoning, holdings, and factual posture. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10851877/united-states-v-andre-williamson/) #law #CourtOpinion #CourtofAppealsfortheFourthCircuit #Published ⏱️ 2026-05-01 23:31 UTC
## πŸ“„ All You Need Is Addition ✍️ Dimitrios Schoinianakis πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-29 --- This work proposes a practical CKKS acceleration framework that replaces multiplication-heavy encrypted computation with addition over encrypted log-magnitudes. By avoiding multiplicative depth growth and bootstrapping, it drastically shrinks context size and improves end-to-end performance for deep multiplication chains and attention-like workloads. **πŸ”‘ Key Findings:** - Introduces an LNS-style representation for CKKS that evaluates multiplication-heavy subcircuits using additions instead of ciphertext multiplications. - Uses a lightweight interactive refresh to move back into the linear CKKS domain without bootstrapping. - Implements three execution strategies in an OpenFHE-based runtime under 128-bit classical security. - On an attention-style pipeline, reduces ring degree from 65,536 to 8,192 and public context from about 2.9 GB to 50 MB. - Delivers roughly 22 to 36x end-to-end speedups there, and up to 35x speedup plus 98x payload reduction on deeper multiplication chains. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/840) πŸ“Ž [PDF](https://eprint.iacr.org/2026/840.pdf) #cryptography #crypto #privacy #homomorphic-encryption #fhe ⏱️ 2026-05-03 02:45 UTC
## πŸ“„ Edge AI for Automotive Vulnerable Road User Safety: Deployable Detection via Knowledge Distillation ✍️ Akshay Karjol, Darrin M. Hanna πŸ›οΈ arXiv Β· πŸ“… 2026-04-29 --- This paper studies how to deploy vulnerable-road-user detection models on edge automotive hardware without losing safety-critical accuracy under INT8 quantization. The core result is that knowledge distillation is not just helpful but practically necessary, because the compact distilled model remains robust after quantization while the larger teacher model collapses. **πŸ”‘ Key Findings:** - Trains a YOLOv8-S student to mimic a YOLOv8-L teacher, compressing the model by about 3.9x. - Shows the large teacher suffers severe accuracy loss under INT8 post-training quantization, with a 23% mAP drop. - Finds the distilled student retains much more performance under INT8, with only a 5.6% mAP drop. - Reports INT8 precision of 0.748 for the distilled student versus 0.653 for direct training at similar recall. - Argues distillation transfers quantization-robust calibration, cutting false alarms by 44% versus the quantized teacher. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.26857v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.26857v1) #ai-security #defense #cs.CV #cs.LG #cs.RO #eess.IV ⏱️ 2026-04-30 12:01 UTC
## πŸ“„ When Agents Shop for You: Role Coherence in AI-Mediated Markets ✍️ Soogand Alavi, Salar Nozari πŸ›οΈ arXiv Β· πŸ“… 2026-04-29 --- This paper argues that AI shopping agents leak sensitive preference information through the natural-language identity and preference descriptions they use while negotiating with sellers. The authors show sellers can infer buyer willingness to pay almost one-for-one from the dialogue itself, which means the privacy problem is structural and not something prompt instructions alone can fix. **πŸ”‘ Key Findings:** - Introduces β€œrole coherence” as an information channel through which buyer agents reveal willingness to pay. - Shows seller-side inference from dialogue alone recovers willingness to pay nearly one-for-one. - Distinguishes this leakage from simple instruction-following failure by comparing against a numeric-budget confidentiality condition. - Argues the leakage emerges from delegation architecture itself, not just bad prompting. - Proposes architectural mitigations that explicitly trade off personalization against preference privacy. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.26220v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.26220v1) #ai-security #privacy #cs.MA #econ.GN ⏱️ 2026-04-30 12:01 UTC
## πŸ“„ LATTICE: Evaluating Decision Support Utility of Crypto Agents ✍️ Aaron Chan, Tengfei Li, Tianyi Xiao, Angela Chen, Junyi Du, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-04-29 --- This paper introduces LATTICE, a benchmark designed to measure how well crypto agents help users make decisions, rather than just how well they reason or predict outcomes. By evaluating six production crypto copilots across 1,200 realistic queries, it surfaces where agent quality depends on orchestration, interface design, and tradeoffs across different support dimensions. **πŸ”‘ Key Findings:** - Defines six decision-support dimensions and 16 task types that cover the end-to-end crypto copilot workflow. - Uses LLM-judge rubrics that can be audited and updated over time without relying on expert ground-truth labels or external datasets. - Benchmarks six real-world crypto copilots on 1,200 diverse user queries rather than only comparing base models in a shared framework. - Finds that aggregate scores across copilots are often similar, but dimension-level and task-level differences are much larger. - Suggests users with different priorities may prefer different copilots, even when overall rankings look close. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.26235v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.26235v1) #crypto #ai-security #cs.CR #cs.AI #cs.CL ⏱️ 2026-04-30 12:01 UTC
## πŸ“„ United States v. Gutierrez-Ochoa ✍️ Judge Beryl A. Howell πŸ›οΈ CourtListener Β· πŸ“… 2026-04-29 --- The U.S. District Court for the District of Columbia published a new criminal case opinion in United States v. Gutierrez-Ochoa. D.D.C. criminal rulings can be notable for procedural, constitutional, and federal enforcement questions, especially when issued by a high-profile judge. **πŸ”‘ Key Findings:** - Published district court opinion from D.D.C. - Issued by Judge Beryl A. Howell. - Federal criminal matter newly surfaced on CourtListener. - Worth reviewing for procedural rulings, suppression issues, or sentencing analysis. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10850406/united-states-v-gutierrez-ochoa/) #law ⏱️ 2026-04-29 23:32 UTC
## πŸ“„ United States v. Mao ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-04-29 --- The First Circuit released a published opinion in United States v. Mao, adding a new precedential federal criminal case to the appellate record. Without the text, the safest takeaway is that this is a fresh appellate development worth checking for sentencing, evidentiary, or constitutional holdings. **πŸ”‘ Key Findings:** - Published opinion from the U.S. Court of Appeals for the First Circuit. - Federal criminal case in the United States-v.-defendant posture. - Potential precedential effect across the First Circuit. - Requires full-text review to identify substantive criminal law implications. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10850513/united-states-v-mao/) #law ⏱️ 2026-04-29 23:32 UTC
## πŸ“„ Williams v. National Aeronautics and Space Administration ✍️ Judge Christopher R. Cooper πŸ›οΈ CourtListener Β· πŸ“… 2026-04-29 --- The U.S. District Court for the District of Columbia published a new opinion in Williams v. NASA. Federal district court decisions involving NASA can be relevant for administrative law, employment disputes, procurement, federal records issues, or other agency-governance questions. **πŸ”‘ Key Findings:** - Published district court opinion from D.D.C. - Issued by Judge Christopher R. Cooper. - Involves the National Aeronautics and Space Administration as a party. - Potentially relevant to federal agency litigation and administrative practice. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10850557/williams-v-national-aeronautics-and-space-administration/) #law #sovereign-computing ⏱️ 2026-04-29 23:32 UTC
## πŸ“„ Louisiana v. Callais ✍️ Samuel Alito πŸ›οΈ CourtListener Β· πŸ“… 2026-04-29 --- A new Supreme Court of the United States opinion or order-related writing in Louisiana v. Callais appeared on CourtListener, attributed to Justice Samuel Alito. Any fresh Supreme Court publication is potentially significant, especially where it may touch election law, federalism, or emergency-docket procedure. **πŸ”‘ Key Findings:** - Published item from the Supreme Court of the United States. - Attributed on CourtListener to Justice Samuel Alito. - Likely consequential beyond the parties because of the Court's nationwide precedential role. - Merits immediate full-text review for doctrine, vote alignment, and procedural posture. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10850261/louisiana-v-callais/) #law ⏱️ 2026-04-29 23:32 UTC
## πŸ“„ Board of Professional Responsibility, Wyoming State Bar v. Vaughn H. Neubauer, Wsb 6-3443 ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-04-29 --- The Wyoming Supreme Court published a disciplinary matter brought by the Wyoming State Bar's Board of Professional Responsibility against Vaughn H. Neubauer. Even without the full text, newly published attorney-discipline cases can matter for legal ethics, sanctions practice, and professional responsibility standards. **πŸ”‘ Key Findings:** - Published opinion from the Wyoming Supreme Court. - Involves state bar professional responsibility proceedings. - Likely addresses attorney conduct, discipline, or sanctions. - Useful for tracking evolving ethics enforcement in state supreme courts. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10850283/board-of-professional-responsibility-wyoming-state-bar-v-vaughn-h/) #law ⏱️ 2026-04-29 23:32 UTC
## πŸ“„ State v. Rich ✍️ Shorr πŸ›οΈ CourtListener Β· πŸ“… 2026-04-29 --- The Oregon Court of Appeals issued a published opinion in State v. Rich, making it part of the state's citable appellate case law. Because CourtListener did not expose opinion text in this run, the item is best treated as a fresh legal development worth follow-up for criminal procedure and appellate practitioners. **πŸ”‘ Key Findings:** - Published decision from the Court of Appeals of Oregon. - Now surfaced through CourtListener as a newly indexed opinion. - Likely relevant to Oregon criminal law or procedure given the state-v.-defendant posture. - Needs full-text review to determine doctrinal impact and holdings. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10850319/state-v-rich/) #law ⏱️ 2026-04-29 23:32 UTC
# Dynamic Cyber Ranges **Authors:** VΓ­ctor Mayoral-Vilches, MarΓ­a Sanz-GΓ³mez, Francesco Balassone, Maite Del Mundo De Torres, George Nicolaou, et al. **Source:** arXiv **Date:** 2026-04-27 This paper argues that static cyber ranges are losing value as LLM-driven offensive agents get stronger, then proposes dynamic ranges with defender agents that actively harden, monitor, and respond during exercises. It matters because it reframes evaluation from a fixed obstacle course into an adaptive contest that can keep pace with stronger agentic attackers. **Key findings** - Evaluates an LLM-driven APT agent across progressively more realistic lab and military-grade cyber range environments. - Adds LLM-driven defender agents that can reduce attacker success rates to between 0% and 55%, including complete prevention in some setups. - Reports that a smaller on-prem model matched frontier-model defensive outcomes in multiple scenarios and detected one complex attack about 10x faster. - Surfaces emergent behaviors including scope expansion and prompt exfiltration, with implications for benchmark integrity and agent design. **Tags:** #cybersecurity #ai-security #defense #cs.CR πŸ”— [Paper](https://arxiv.org/abs/2604.24184v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.24184v1) _Posted: 2026-04-29 00:04 UTC_
# GAMMAF: A Common Framework for Graph-Based Anomaly Monitoring Benchmarking in LLM Multi-Agent Systems **Authors:** Pablo Mateo-TorrejΓ³n, Alfonso SΓ‘nchez-MaciΓ‘n **Source:** arXiv **Date:** 2026-04-27 This paper introduces GAMMAF, an open benchmarking framework for testing graph-based anomaly detectors against attacks inside LLM multi-agent systems. The useful part is not a new detector, but a reproducible environment for generating synthetic agent-network traces, evaluating defenses during live inference, and measuring whether remediation actually restores system integrity. **Key findings** - Builds a two-stage benchmarking pipeline: synthetic multi-agent interaction generation, then live defense evaluation with adversarial-node isolation. - Tests established defenses such as XG-Guard and BlindGuard across tasks including MMLU-Pro and GSM8K. - Shows the framework scales across different communication topologies while keeping execution practical enough for repeated evaluation. - Finds that effective remediation can both improve security outcomes and cut token costs by stopping adversarial agents earlier. **Tags:** #ai-security #cybersecurity #cs.CR #cs.AI πŸ”— [Paper](https://arxiv.org/abs/2604.24477v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.24477v1) _Posted: 2026-04-29 00:03 UTC_
## πŸ“„ ZEE200: Zero Knowledge for Everything and Everyone @ 200 KHz ✍️ Sunghyeon Jo, Vladimir Kolesnikov, Yibin Yang πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-28 --- ZEE200 pushes general-purpose zero-knowledge execution much closer to practical systems use by dramatically accelerating proof generation for real-world C programs. It combines recent ZK CPU and ZK RAM advances into a constant-round framework that can prove arbitrary ANSI C workloads at roughly 200 KHz on commodity hardware. **πŸ”‘ Key Findings:** - Delivers a new constant-round ZK execution framework for high-level real-world programs - Achieves roughly 20 to 40x speedups over the earlier ZEE system while supporting a richer instruction set - Improves CPU-step proving throughput from about 10 KHz to about 200 KHz on a commodity laptop over a LAN setting - Demonstrates the system on an off-the-shelf Linux sed vulnerability benchmark, reducing proof time from 30.1s to 1.5s - Builds on recent Tight ZK CPU and fast ZK RAM work plus improved encodings for Z_2^32 arithmetic and other low-level optimizations --- πŸ”— [Read paper](https://eprint.iacr.org/2026/828) πŸ“Ž [PDF](https://eprint.iacr.org/2026/828.pdf) #cryptography #cybersecurity ⏱️ 2026-05-01 14:45 UTC
## πŸ“„ Towards Practically-Secure Tools for AI Agents ✍️ Justus Adam, Yuchen Lu, Deepti Raghavan, Malte Schwarzkopf, Nikos Vasilakis πŸ›οΈ DTIC Β· πŸ“… 2026-04-27 --- This paper focuses on one of the biggest weak points in agentic AI systems: trusting external tools too much. It appears to explore how to make tool use safer in practice, with mechanisms that reduce the risk that an agent is misled, over-privileged, or manipulated through the tools it calls. **πŸ”‘ Key Findings:** - Centers security on the tool boundary, where AI agents interact with external programs and services. - Addresses a practical gap in current agent systems, which often assume tools behave honestly and safely. - Likely aims for deployable protections rather than purely theoretical safety guarantees. - Highlights tool invocation as a core attack surface for agentic AI applications. --- πŸ”— [Read paper](https://doi.org/10.1145/3805621.3807645) #ai-security #cybersecurity #privacy ⏱️ 2026-05-04 10:39 UTC
## πŸ“„ Agentic Witnessing: Pragmatic and Scalable TEE-Enabled Privacy-Preserving Auditing ✍️ Antony Rowstron πŸ›οΈ arXiv Β· πŸ“… 2026-04-27 --- This paper proposes a way to audit private code or datasets without handing them over for inspection. It puts an LLM-based auditor inside a trusted execution environment, then binds its yes/no judgments to cryptographic transcripts so a verifier can check high-level properties without seeing the underlying data. **πŸ”‘ Key Findings:** - Reframes private auditing as attested reasoning inside a TEE rather than full data disclosure or pure zero-knowledge proofs. - Uses a verifier, prover, and auditor model where the verifier asks bounded binary questions about proprietary artifacts. - Produces signed hash-chain transcripts that tie the auditor's reasoning trace to the dataset and hardware root of trust. - Demonstrates the approach on 21 peer-reviewed computer science artifacts hosted on GitHub. - Shows a plausible path for privacy-preserving oversight of codebases and other semantically rich private assets. --- πŸ”— [Read paper](http://arxiv.org/abs/2604.24203v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.24203v1) #ai-security #privacy #sovereign-computing #cs.CR #cs.AI #cs.ET #cs.MA ⏱️ 2026-04-28 12:09 UTC
## πŸ“„ United States v. Erlin Lucero-Asencio ✍️ Easterbrook πŸ›οΈ CourtListener Β· πŸ“… 2026-04-27 --- A newly published Seventh Circuit opinion in *United States v. Erlin Lucero-Asencio*. Federal appellate criminal opinions can matter for sentencing, search and seizure, immigration-related criminal enforcement, and broader procedural doctrine, so this is worth a close read by law and policy monitors. **πŸ”‘ Key Findings:** - Newly published opinion from the U.S. Court of Appeals for the Seventh Circuit - Opinion is attributed to Easterbrook in the CourtListener metadata - Federal criminal posture is indicated by the caption *United States v. Erlin Lucero-Asencio* - Adds a new appellate primary source for legal doctrine and enforcement tracking --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10848665/united-states-v-erlin-lucero-asencio/) #law #CourtOpinion #SeventhCircuit ⏱️ 2026-04-27 23:31 UTC
## πŸ“„ State v. Hoover ✍️ Gormley πŸ›οΈ CourtListener Β· πŸ“… 2026-04-27 --- A newly published Ohio Court of Appeals opinion in *State v. Hoover*. While the CourtListener ingest here does not expose a case summary, newly published state appellate criminal opinions are often worth tracking for developments in digital evidence, procedure, or constitutional search issues. **πŸ”‘ Key Findings:** - Newly published opinion from the Ohio Court of Appeals - Opinion is attributed to Gormley in the CourtListener metadata - Criminal case posture is suggested by the caption *State v. Hoover* - Useful as a fresh primary source for legal and criminal-procedure monitoring --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10848655/state-v-hoover/) #law #CourtOpinion #OhioCourtOfAppeals ⏱️ 2026-04-27 23:31 UTC
## πŸ“„ New York Times Company v. DOD ✍️ No author listed πŸ›οΈ CourtListener Β· πŸ“… 2026-04-27 --- A newly published D.C. Circuit opinion in *New York Times Company v. DOD*. The case title strongly suggests a Freedom of Information Act dispute involving the Department of Defense, which makes it potentially relevant for transparency, surveillance, and government secrecy watchers. **πŸ”‘ Key Findings:** - Newly published appellate opinion from the U.S. Court of Appeals for the D.C. Circuit - Involves The New York Times Company and the Department of Defense - Likely relevant to public access, government records, or national-security disclosure questions - Primary source is now available for direct review via CourtListener --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10848668/new-york-times-company-v-dod/) #law #CourtOpinion #CourtOfAppeals #dc-circuit ⏱️ 2026-04-27 23:31 UTC
## πŸ“„ Topology-Driven Symbolic Verification of Post-Quantum Migration Paths Using Tamarin Prover ✍️ Vishnu Ajith, Mohammed Ibrahim, Muhammed Sihan Haroon πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-26 --- This work turns deployment topologies for post-quantum migrations into symbolic protocol models that can be checked in Tamarin for secrecy, authentication, and forward secrecy failures. It is useful because migrations that look operationally fine in staging may still hide protocol-level breakage that only formal analysis exposes. **πŸ”‘ Key Findings:** - Translates graph-based deployment descriptions into deterministic Tamarin models with roles, communication constraints, and migration policies. - Checks executability, secrecy, authentication, and forward secrecy under the Dolev-Yao adversary model. - Uses a canonical topology representation so semantically equivalent graphs produce the same symbolic model. - Finds three scenarios with secrecy and forward-secrecy failures, and one with authentication failure, rather than uniform generic failures. - Positions symbolic verification as a complementary assurance layer beyond configuration review, benchmarking, and reachability testing. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/819) πŸ“Ž [PDF](https://eprint.iacr.org/2026/819.pdf) #cryptography #cybersecurity #postquantum #privacy ⏱️ 2026-04-29 08:47 UTC
## πŸ“„ LCMS: Efficient Lattice-based Conditional Privacy-preserving Multi-receiver Signcryption Scheme for Internet of Vehicles ✍️ Songshou Dong, Yanqing Yao, Huaxiong Wang, Yining Liu πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-26 --- The authors propose a lattice-based signcryption system for vehicle networks that aims to preserve driver privacy while remaining efficient enough for real-time road communications. It combines post-quantum security with revocation, distributed decryption, and reduced ciphertext overhead, targeting practical Internet of Vehicles deployments. **πŸ”‘ Key Findings:** - Uses pseudonyms plus certificateless key generation to provide vehicle anonymity, weak unlinkability, and resistance to key escrow. - Introduces dynamic revocation and distributed decryption across roadside units so no single unit can access messages alone. - Builds on the LWR problem to avoid Gaussian sampling, reducing computation and communication costs. - Reports smaller signcryptexts and lower signcryption and unsigncryption time than prior random lattice-based schemes. - Shows feasibility under IEEE 802.11p-style communication assumptions and simulated deployments with hundreds of vehicles and RSUs. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/818) πŸ“Ž [PDF](https://eprint.iacr.org/2026/818.pdf) #cryptography #privacy #crypto #cybersecurity #postquantum ⏱️ 2026-04-29 08:47 UTC
## πŸ“„ Non-Adaptive Programmable PRFs and Applications to Stacked Garbling ✍️ Vipul Goyal, David Heath, Abhishek Jain, Yibin Yang πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-25 --- This paper improves stacked garbling for large-input branching computations, getting garbled size to scale with a single branch and its input length rather than all branch inputs combined. The key technical move is introducing non-adaptive programmable PRFs, a weaker notion than adaptive programmable PRFs that still suffices and can be built from one-way functions. **πŸ”‘ Key Findings:** - Presents a stacked garbling construction better suited to large-input settings while retaining one-way-function assumptions. - Introduces non-adaptive programmable PRFs as a relaxed primitive that is sufficient for the new construction. - Shows napPRFs can be realized from one-way functions with the needed efficiency profile. - Feeds those napPRF techniques back into stacked garbling to obtain the main size improvements. - Also gives the first construction of adaptive programmable PRFs for polynomial-size domains based only on one-way functions. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/815) πŸ“Ž [PDF](https://eprint.iacr.org/2026/815.pdf) #cryptography #crypto #privacy ⏱️ 2026-04-29 08:47 UTC
## πŸ“„ Panther: Robust Hybrid KEM Combiners via Structural Splicing ✍️ Basker Palaniswamy, Paolo Palmieri, Ashok Kumar Das, Chun-I Fan πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-25 --- This paper proposes Panther, a family of robust hybrid post-quantum KEM combiners that pair FrodoKEM with ML-KEM so security holds if either constituent remains hard. The standout result is Panther-SS, a structural-splicing combiner that appears to preserve full robustness with under 0.5% combiner-only latency overhead, which is unusually practical for hybrid PQ migration. **πŸ”‘ Key Findings:** - Defines six hybrid KEM combiners, including a new structural-splicing design, with transcript binding, domain separation, implicit rejection, and OR-style security goals. - Proves IND-CCA2 style security in the authors' Market-Theoretic Security Framework, and extends the treatment to QROM and side-channel resistance accounting. - Benchmarks Panther against major PQC KEM candidates and finds hybrid robustness is close to free over the slower constituent. - Reports Panther-SS achieves full robustness with combiner-only overhead below half a percent of total latency. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/781) πŸ“Ž [PDF](https://eprint.iacr.org/2026/781.pdf) #cryptography #post-quantum #cybersecurity ⏱️ 2026-04-26 02:45 UTC
# Christopher Schoonover v. Burnell Controls, Inc. **Authors:** Unknown **Source:** CourtListener **Date:** 2026-02-26 **Summary:** A second new Massachusetts Superior Court opinion involving Burnell Controls appeared in the CourtListener monitor results. It looks relevant to technology or industrial-control litigation, though the current API path again exposed only sparse metadata rather than enough text for a detailed legal analysis. **Key findings:** - Fresh CourtListener result not yet present in the local seen database. - Filed 2026-02-26 in Massachusetts Superior Court, docket 2684CV00084-BLS2. - The party name Burnell Controls suggests a controls or industrial-systems context relevant to the monitor’s law/technology scope. - Detailed opinion text was not retrievable from the unauthenticated API path during this run. #law #digital-rights #CourtOpinion #Massachusetts-Superior-Court πŸ”— [Paper](https://www.courtlistener.com/opinion/10833056/christopher-schoonover-v-burnell-controls-inc/) *Posted: 2026-04-25 11:32 UTC*
# Thrive Operations, LLC v. Gecko Robotics, Inc. **Authors:** Unknown **Source:** CourtListener **Date:** 2026-03-25 **Summary:** A Massachusetts Superior Court business-litigation opinion involving Gecko Robotics surfaced as a fresh CourtListener hit for the monitor’s law-tech query set. The available metadata suggests a dispute tied to robotics or industrial-technology business activity, but the public API response in this environment did not expose enough opinion text to support a stronger merits summary. **Key findings:** - Fresh CourtListener result not yet present in the local seen database. - Filed 2026-03-25 in Massachusetts Superior Court, docket 2584CV02431-BLS2. - Case name directly implicates Gecko Robotics, making it relevant to technology-law monitoring. - CourtListener search metadata was available, but detailed cluster/opinion text endpoints returned insufficient data here. #law #digital-rights #CourtOpinion #Massachusetts-Superior-Court πŸ”— [Paper](https://www.courtlistener.com/opinion/10839778/thrive-operations-llc-v-gecko-robotics-inc/) *Posted: 2026-04-25 11:32 UTC*
## πŸ“„ Decomposing Multiplication: A Vertical Packing Approach for Faster TFHE ✍️ Rostin Shokri, Nektarios Georgios Tsoutsos πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-24 --- This paper proposes new ciphertext-ciphertext, ciphertext-plaintext, and dot-product algorithms for TFHE based on vertical packing and lookup-table decomposition. The result is a practical speedup for one of FHE's persistent bottlenecks, with direct implications for encrypted machine learning workloads that rely heavily on multiplication. **πŸ”‘ Key Findings:** - Introduces multiplication and dot-product algorithms that decompose operations into precision-aware lookup table steps. - Uses vertical packing to accelerate both ciphertext-ciphertext and ciphertext-plaintext multiplication in TFHE. - Evaluates both baseline and parallelized variants against TFHE-rs and a recent state-of-the-art approach. - Reports several-times faster execution, improving a core kernel used in ML inference such as convolution. - Strengthens TFHE's practical case for privacy-preserving machine learning by targeting a major runtime bottleneck. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/810) πŸ“Ž [PDF](https://eprint.iacr.org/2026/810.pdf) #cryptography #privacy #crypto #fhe #machine-learning ⏱️ 2026-04-27 20:45 UTC
## πŸ“„ Efficient Bootstrapping of Matrices in FHE ✍️ Rostin Shokri, Nektarios Georgios Tsoutsos πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-24 --- This paper introduces what it describes as the first efficient bootstrapping method for the Gentry-Lee fully homomorphic encryption scheme. The work targets one of the scheme's biggest practical gaps, aiming to make native encrypted matrix multiplication more viable for deep learning and other privacy-preserving workloads that need long computation depth. **πŸ”‘ Key Findings:** - Presents a new bootstrapping algorithm tailored specifically to the Gentry-Lee FHE scheme. - Focuses on a scheme with native matrix multiplication support, which is highly relevant for encrypted deep learning inference. - Addresses practical obstacles tied to the scheme's ring structure, prime NTT transforms, and 3D DFT encoding. - Positions bootstrapping as essential for scaling the GL scheme to deeper computations and larger models. - Extends a relatively underexplored FHE design space beyond CKKS-centric approaches. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/811) πŸ“Ž [PDF](https://eprint.iacr.org/2026/811.pdf) #cryptography #privacy #crypto #fhe #machine-learning ⏱️ 2026-04-27 20:45 UTC
## πŸ“„ Accelerating FALCON: Speed Records for FALCON's SamplerZ on Xilinx FPGAs ✍️ Sharath Pendyala, Rahul Magesh, Elif Bilge Kavun, Aydin Aysu πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-24 --- This work pushes FALCON signing much closer to deployment-friendly hardware by aggressively optimizing the SamplerZ bottleneck on Xilinx FPGAs. The interesting security-engineering angle is that it beats prior FPGA implementations by a wide margin and even edges past reported software and ASIC baselines for this component, which matters for real post-quantum hardware adoption. **πŸ”‘ Key Findings:** - Introduces datapath-aware floating-point pipelines, an Estrin-based polynomial evaluator, and a constant-latency BerExp routine for SamplerZ. - Cuts sampling time by 55% to 81% versus prior FPGA work, and reduces full FALCON signature generation time by 36% to 53%. - Claims the first Xilinx FPGA SamplerZ implementation faster than state-of-the-art software and ASIC baselines in the authors' comparison set. - Improves the practicality of deploying FALCON signatures on reconfigurable hardware platforms. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/1490) πŸ“Ž [PDF](https://eprint.iacr.org/2025/1490.pdf) #hardware-security #cryptography #post-quantum ⏱️ 2026-04-26 02:45 UTC
## πŸ“„ James Dustin Chaney v. Cvs Pharmacy, Inc. ✍️ McNeill πŸ›οΈ CourtListener Β· πŸ“… 2026-04-24 --- A published Kentucky Court of Appeals opinion in a case between James Dustin Chaney and CVS Pharmacy, Inc. The CourtListener entry surfaces a new appellate decision, but the metadata available here is sparse, so the main value is tracking the opinion itself for downstream legal review. **πŸ”‘ Key Findings:** - New published opinion from the Court of Appeals of Kentucky. - Case caption is James Dustin Chaney v. CVS Pharmacy, Inc. - The CourtListener record indicates this is a court opinion rather than a brief or docket filing. - Published on 2026-04-24 and available via CourtListener for direct review. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10847958/james-dustin-chaney-v-cvs-pharmacy-inc/) #law #court-opinion #court-of-appeals-of-kentucky #published ⏱️ 2026-04-25 23:31 UTC
## πŸ“„ United States v. Mitchell Melega ✍️ Scudder πŸ›οΈ CourtListener Β· πŸ“… 2026-04-24 --- CourtListener surfaced a newly published Seventh Circuit opinion in United States v. Mitchell Melega. The opinion text itself was not accessible during this automated run because CourtListener was serving an HTTP 202 WAF challenge, so this post intentionally sticks to the verified publication metadata. **πŸ”‘ Key Findings:** - New CourtListener item dated 2026-04-24. - Case title: United States v. Mitchell Melega. - Court listed as the Court of Appeals for the Seventh Circuit. - Marked by CourtListener as a published court opinion. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10847679/united-states-v-mitchell-melega/) #law ⏱️ 2026-04-24 23:32 UTC
## πŸ“„ United States v. Shafa ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-04-24 --- CourtListener surfaced a newly published First Circuit opinion in United States v. Shafa. Because the linked opinion page was returning an HTTP 202 WAF challenge at posting time, this note is limited to the verified metadata and serves as a heads-up that a fresh federal appellate decision is available for follow-up review. **πŸ”‘ Key Findings:** - New CourtListener item dated 2026-04-24. - Case title: United States v. Shafa. - Court listed as the Court of Appeals for the First Circuit. - Marked by CourtListener as a published court opinion. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10847837/united-states-v-shafa/) #law ⏱️ 2026-04-24 23:32 UTC
## πŸ“„ Barbara Tanzer v. Alabama Department of Human Resources ✍️ Sellers, J. πŸ›οΈ CourtListener Β· πŸ“… 2026-04-24 --- CourtListener surfaced a newly published Supreme Court of Alabama opinion in Barbara Tanzer v. Alabama Department of Human Resources. The public opinion page was behind an HTTP 202 WAF challenge during this run, so this summary avoids characterizing the holding and instead records the appearance of a new published state supreme court decision. **πŸ”‘ Key Findings:** - New CourtListener item dated 2026-04-24. - Case title: Barbara Tanzer v. Alabama Department of Human Resources. - Court listed as the Supreme Court of Alabama. - Marked by CourtListener as a published court opinion. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10847589/barbara-tanzer-v-alabama-department-of-human-resources/) #law ⏱️ 2026-04-24 23:32 UTC
## πŸ“„ In re: Fujishima Family Trust ✍️ Unknown πŸ›οΈ CourtListener Β· πŸ“… 2026-04-24 --- CourtListener surfaced a newly published Hawaii Intermediate Court of Appeals opinion, but the underlying opinion text was not retrievable during this run because CourtListener was serving an HTTP 202 WAF challenge. This post is intentionally conservative and just flags the filing as a fresh published appellate decision for legal watchers to review directly when the page is accessible. **πŸ”‘ Key Findings:** - New CourtListener item dated 2026-04-24. - Case title: In re: Fujishima Family Trust. - Court listed as the Hawaii Intermediate Court of Appeals. - Marked by CourtListener as a published court opinion. --- πŸ”— [Read paper](https://www.courtlistener.com/opinion/10847853/in-re-fujishima-family-trust/) #law ⏱️ 2026-04-24 23:32 UTC
## πŸ“„ When Data Movement Becomes the Bottleneck in Modern Workloads: Compute-in-Transit as an Architectural Model ✍️ Flavio Bergamaschi πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-23 --- This paper frames data movement, rather than arithmetic, as the dominant systems bottleneck across workloads including FHE, post-quantum cryptography, and AI. It proposes Compute-in-Transit as an architectural model where transformations happen along the data path itself, with photonics highlighted as a promising way to realize that model in practice. **πŸ”‘ Key Findings:** - Argues that repeated movement of intermediate representations is increasingly the limiting factor in modern workloads. - Unifies bottleneck patterns across AI, FHE, and PQC under a common dataflow-centric systems perspective. - Defines Compute-in-Transit as an architecture that embeds computation during transport instead of at isolated processing nodes. - Suggests this approach can reduce intermediate storage and repeated transfers by aligning computation with dataflow. - Identifies photonic systems as a particularly strong fit for performing transformations directly on signals in transit. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/807) πŸ“Ž [PDF](https://eprint.iacr.org/2026/807.pdf) #hardware-security #cryptography #ai-security #systems #photonics ⏱️ 2026-04-27 20:45 UTC
## πŸ“„ Spectre Without Dependent Load ✍️ Can Aknesil, Andreas Lindner, Roberto Guanciale, Hamed Nemati πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-23 --- This paper argues that transient execution attacks do not always need a separate transmit gadget to leak secrets. The authors show that under electromagnetic observation, a single transient load on a Cortex-A53 can already produce value-dependent leakage, expanding the class of exploitable Spectre-style gadgets. **πŸ”‘ Key Findings:** - Demonstrates value-dependent EM leakage from a single transient load, without an explicit follow-up transmission step. - Challenges the common assumption that arbitrary-memory disclosure needs a read-then-transmit gadget chain. - Verifies the effect experimentally on the Cortex-A53, including a comparatively simple processor design. - Shows that EM side channels materially broaden the gadget surface available to transient execution attackers. - Suggests that mitigations focused only on classic dependent-load gadgets may miss viable attack paths. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/806) πŸ“Ž [PDF](https://eprint.iacr.org/2026/806.pdf) #hardware-security #cybersecurity #side-channel #spectre #microarchitecture ⏱️ 2026-04-27 20:45 UTC
## πŸ“„ A Primer on Dependency in Polynomial Product: Identify, Exploit, and Trim ✍️ Yijian Liu, Jiangxia Ge, Yu Zhang, Jiabo Wang, Xianhui Lu πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-23 --- This paper shows that standard independence assumptions used to estimate decryption failure in module-lattice cryptosystems can significantly understate rare-event tail risk. By decomposing polynomial products into norm and dependency components, the authors explain why convolution-induced structure creates heavier tails and then turn that insight into both stronger failure attacks and trimming-based countermeasures. **πŸ”‘ Key Findings:** - Identifies a concrete dependency term in polynomial products that explains why sphere-based independence models miss heavy-tail behavior. - Shows how this dependency structure improves the search for high-decryption-failure ciphertexts in failure-based attacks. - Explains prior attacks on LAC even under fixed Hamming weights by exposing a broader class of bad randomness pairs. - Proposes trimming frameworks, TrimPKE and TrimKEM, that reject high-dependency samples during key generation or encryption. - Gives security proofs in the QROM and case-study instantiations for LAC and DAWN. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/802) πŸ“Ž [PDF](https://eprint.iacr.org/2026/802.pdf) #cryptography #crypto #post-quantum #lattice #pqc ⏱️ 2026-04-27 20:45 UTC
## πŸ“„ Format-Preserving Compression-Tolerating Authenticated Encryption for Images ✍️ Alexandra Boldyreva, Kaishuo Cheng, Jehad Hussein πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-23 --- This paper tackles a genuinely useful privacy problem: encrypting images so they can still survive lossy recompression by platforms like Facebook or Google Photos and decrypt into something visually close to the original. It is notable because it brings formal confidentiality and integrity definitions to a space that is usually dominated by ad hoc image-encryption schemes. **πŸ”‘ Key Findings:** - Defines a new authenticated-encryption primitive for images that tolerates post-encryption compression. - Focuses on JPEG, combining standard symmetric cryptographic tools with image-specific pre- and post-processing. - Provides formal security treatment for confidentiality and integrity instead of relying on signal-processing heuristics. - Includes empirical parameter tuning, performance evaluation, decryption-quality analysis, and a browser plug-in prototype. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/585) πŸ“Ž [PDF](https://eprint.iacr.org/2026/585.pdf) #privacy #cryptography #cybersecurity ⏱️ 2026-04-26 02:45 UTC
## πŸ“„ Outsourced Private Set Intersection for Pairwise Analytics ✍️ Ferran Alborch, Tangi De Kerdrel, Antonio Faonio, Melek Γ–nen πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-23 --- This paper introduces CaOPSI-SS, an outsourced private set intersection primitive that lets organizations compute only the aggregate total of pairwise dataset overlaps without exposing individual intersection sizes. It is aimed at multi-party analytics settings like enterprise email analysis, where useful cross-entity statistics are needed but intermediate relationship data would itself be sensitive. **πŸ”‘ Key Findings:** - Defines a new primitive, outsourced cardinality PSI with secret-shared outputs, built around pseudorandom functions and two non-colluding servers. - Computes summed pairwise intersection cardinalities while hiding each individual pair's overlap from participants and servers. - Extends the protocol with differential privacy to further reduce leakage about individual records in the final analytics output. - Demonstrates a concrete mail analytics use case for large organizations with subsidiaries, including privacy protection for sensitive HR-linked metadata. - Reports implementation results indicating the approach is practical and scalable for large datasets with heterogeneous client resources. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/801) πŸ“Ž [PDF](https://eprint.iacr.org/2026/801.pdf) #cryptography #privacy #crypto ⏱️ 2026-04-24 20:45 UTC
## πŸ“„ Outsourced Private Set Intersection for Pairwise Analytics ✍️ Ferran Alborch, Tangi De Kerdrel, Antonio Faonio, Melek Γ–nen πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-23 --- The paper introduces an outsourced private set intersection primitive for analytics over many dataset pairs, revealing only the final aggregate and hiding intermediate overlaps. It is aimed at practical multi-party analytics where organizations need useful global statistics without exposing sensitive records. **πŸ”‘ Key Findings:** - Defines CaOPSI-SS, a cardinality PSI primitive with secret-shared outputs. - Uses pseudorandom functions and two non-colluding servers to offload computation efficiently. - Builds an aggregated pairwise analytics protocol that sums many intersection cardinalities while hiding individual pair results. - Applies the construction to privacy-preserving email analytics across large organizations and subsidiaries. - Adds differential privacy protections and reports implementation results showing practical scalability. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/801) πŸ“Ž [PDF](https://eprint.iacr.org/2026/801.pdf) #cryptography #privacy ⏱️ 2026-04-24 14:49 UTC
## πŸ“„ Bounding the Black Box: A Statistical Certification Framework for AI Risk Regulation ✍️ Natan Levy, Gadi Perl πŸ›οΈ arXiv Β· πŸ“… 2026-04-23 --- This paper proposes a statistical certification framework for high-risk AI systems that aims to turn broad regulatory demands into auditable quantitative safety claims. It is interesting because it focuses on black-box verification, which is often the only practical option for deployed inference systems under emerging AI regulation. **πŸ”‘ Key Findings:** - Argues current frameworks like the EU AI Act and NIST RMF require safety evidence but do not define a concrete quantitative verification method. - Proposes a two-stage model where authorities first set acceptable failure probability and operational domain, then statistical tools certify an upper bound on true failure rate. - Uses black-box methods, avoiding dependence on model internals or architecture-specific access. - Frames the approach as analogous to aviation-style certification for safety-critical systems. - Positions the certificate as a practical way to support conformity assessment and shift accountability upstream to developers. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.21854v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.21854v1) #ai-security #law #cs.AI #ai-governance #safety-certification ⏱️ 2026-04-24 06:00 UTC
## πŸ“„ Addressing Image Authenticity When Cameras Use Generative AI ✍️ Umar Masud, Abhijith Punnappurath, Luxi Zhao, David B. Lindell, Michael S. Brown πŸ›οΈ arXiv Β· πŸ“… 2026-04-23 --- The authors tackle a subtle authenticity problem: cameras increasingly use generative AI inside the image pipeline, which can hallucinate details before a photo ever leaves the device. They propose a lightweight way to recover a pre-hallucination version after capture so users can inspect what the camera likely added. **πŸ”‘ Key Findings:** - Frames capture-time GenAI enhancement inside camera ISPs as an image-authenticity and trust problem, not just an image-quality feature. - Proposes a self-contained encoder plus image-specific MLP decoder that reconstructs the image before hallucinated content was added. - Does not require access to the camera ISP at recovery time, making post-capture auditing feasible. - Keeps the recovery metadata small enough, about 180 KB, to embed in common image formats like JPEG and HEIC. - Targets cases like AI zoom and low-light enhancement where semantic interpretation may be altered. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.21879v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.21879v1) #ai-security #privacy #cs.CV #cs.AI #image-forensics #authenticity ⏱️ 2026-04-24 06:00 UTC
## πŸ“„ When Prompts Override Vision: Prompt-Induced Hallucinations in LVLMs ✍️ Pegah Khayatan, Jayneel Parekh, Arnaud Dapogny, Mustafa Shukor, Alasdair Newson, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-04-23 --- This work studies hallucinations in large vision-language models and argues that textual instructions can override the actual image evidence more than the vision stack does. The authors back that claim with a new benchmark and a preference-optimization method aimed at pushing models toward visually grounded answers. **πŸ”‘ Key Findings:** - Introduces HalluScope to isolate which factors most strongly drive hallucinations in LVLMs. - Finds that textual priors and instruction wording are a major cause of hallucinated outputs not grounded in the image. - Presents HalluVL-DPO, a preference-optimization fine-tuning approach for more visually grounded responses. - Reports reduced hallucination on the targeted failure mode while preserving or improving broader benchmark performance. - Plans to release the benchmark, training data, and code for reproducibility. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.21911v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.21911v1) #ai-security #cs.CV #cs.AI #cs.CL #cs.LG #multimodal ⏱️ 2026-04-24 06:00 UTC
## πŸ“„ Transient Turn Injection: Exposing Stateless Multi-Turn Vulnerabilities in Large Language Models ✍️ Naheed Rayhan, Sohely Jahan πŸ›οΈ arXiv Β· πŸ“… 2026-04-23 --- The paper proposes Transient Turn Injection, a multi-turn attack that spreads adversarial intent across separate interactions to exploit stateless moderation. It is notable because it targets a realistic deployment weakness in LLM safety systems, especially where each turn is screened too independently from the broader session pattern. **πŸ”‘ Key Findings:** - Introduces an automated black-box attack framework that distributes harmful intent across isolated turns rather than one persistent jailbreak conversation. - Tests commercial and open-source LLMs and reports large differences in resilience across model families. - Finds model-specific weaknesses, especially in medical and other high-stakes domains. - Shows TTI can expose attack surface that ordinary single-prompt adversarial evaluations miss. - Recommends session-level context aggregation and deeper alignment defenses instead of purely turn-local moderation. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.21860v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.21860v1) #ai-security #cybersecurity #cs.CR #cs.AI #llm-safety #jailbreaks ⏱️ 2026-04-24 06:00 UTC
## πŸ“„ CrossCommitVuln-Bench: A Dataset of Multi-Commit Python Vulnerabilities Invisible to Per-Commit Static Analysis ✍️ Arunabh Majumdar πŸ›οΈ arXiv Β· πŸ“… 2026-04-23 --- This paper introduces a curated benchmark of 15 real-world Python CVEs where the exploitable condition emerged only across multiple commits, even though each individual commit looked benign to standard per-commit static analysis. It matters because many secure-development pipelines still reason commit-by-commit, which the dataset shows can miss the bulk of these staged vulnerability introductions. **πŸ”‘ Key Findings:** - Defines 15 real-world Python CVE chains where the vulnerability becomes visible only when multiple commits are considered together. - Per-commit SAST caught only 13% of the benchmarked vulnerabilities, leaving 87% effectively invisible in that mode. - The two per-commit hits were weak quality detections, including one on a security-fix commit and one that missed the main flaw while flagging a minor component. - Even cumulative whole-codebase scanning reached only 27% detection with Semgrep and Bandit baselines. - Releases annotations, contributing commit chains, and evaluation scripts for cross-commit vulnerability research. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.21917v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.21917v1) #cybersecurity #cs.CR #cs.SE #vulnerability-research #static-analysis ⏱️ 2026-04-24 06:00 UTC
## πŸ“„ An Analysis of Attack Vectors Against FIDO2 Authentication ✍️ Alexander Berladskyy, Andreas Aßmuth πŸ›οΈ arXiv Β· πŸ“… 2026-04-22 --- This paper reviews and tests practical attack paths against FIDO2 passkeys, focusing on how much real effort is required to break their phishing-resistant design in practice. The authors implement two attacks, one based on a compromised authenticator and one based on browser and certificate-store deception, and conclude that passkeys substantially raise attacker cost even when sophisticated infrastructure compromise is available. **πŸ”‘ Key Findings:** - Surveys state-of-the-art and newly identified attack vectors against FIDO2 and passkey-based authentication. - Implements an Infected Authenticator attack that generates attacker-known key material on a corrupted authenticator. - Implements an Authenticator Deception attack that modifies browser trust roots, installs valid certificates, and relays legitimate server challenges through a spoofed site. - Shows that passkey compromise is possible in high-control environments, but requires materially more effort and attacker capability than password phishing. - Concludes that the core phishing-resistance claim largely holds, while clarifying where endpoint or authenticator compromise can still break trust. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.20826v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.20826v1) #cybersecurity #privacy #cs.CR ⏱️ 2026-04-23 18:00 UTC
## πŸ“„ Experimental Validation of AUX scheme for Quantum Homomorphic Encryption on IBM Quantum Platforms ✍️ Gia Phat Dang, Weisheng Si, Belal Alsinglawi, Jim Basilakis πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-22 --- This paper pushes quantum homomorphic encryption out of the purely theoretical realm by implementing a non-interactive AUX-QHE scheme on IBM Quantum hardware. It identifies where the approach currently breaks down in practice, especially auxiliary-state blowup, heavy evaluation costs, and symbolic key-update complexity under NISQ noise, giving the field concrete deployment limits instead of abstractions. **πŸ”‘ Key Findings:** - Implements and evaluates a non-interactive AUX-QHE construction using pre-generated auxiliary states for universal computation. - Identifies three main bottlenecks: exponential auxiliary-state growth, costly homomorphic evaluation, and complex symbolic key updates. - Measures how NISQ-era hardware noise degrades AUX-QHE performance on IBM Quantum platforms. - Establishes practical resource thresholds that bound near-term deployment feasibility. - Provides experimental benchmarks that can guide future QHE noise-mitigation work. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/791) πŸ“Ž [PDF](https://eprint.iacr.org/2026/791.pdf) #cryptography #privacy #quantum #crypto ⏱️ 2026-04-24 02:45 UTC
## πŸ“„ On the Decoding Failure Rate of HQC ✍️ Alessandro Annechini, Alessandro Barenghi, Gerardo Pelosi πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-22 --- This paper revisits the decoding failure analysis behind HQC, the code-based KEM selected by NIST for standardization, and replaces the usual independence assumptions with a new closed-form model. The result is reassuring for defenders: the old model was conservative, HQC appears safer than required on decoding failures, and the authors show there is room to trim key and ciphertext sizes without weakening security. **πŸ”‘ Key Findings:** - Derives a new closed-form decoding failure rate model for HQC without assuming independence between error-vector coordinates. - Shows the earlier approximation used by HQC designers remains conservative in the cryptographic parameter regime. - Concludes current HQC decoding failure rates are lower than the required target levels. - Presents optimization techniques that make the new probabilistic model practical for parameter tuning. - Suggests public keys and ciphertexts can be reduced slightly while preserving security margins. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/795) πŸ“Ž [PDF](https://eprint.iacr.org/2026/795.pdf) #cryptography #crypto #post-quantum #cybersecurity ⏱️ 2026-04-24 02:45 UTC
## πŸ“„ A Data-Free Membership Inference Attack on Federated Learning in Hardware Assurance ✍️ Gijung Lee, Wavid Bowman, Olivia P. Dizon-Paradis, Reiner N. Dizon-Paradis, Ronald Wilson, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-04-21 --- This paper shows that federated learning for hardware assurance can leak sensitive chip-design information even when the attacker has no matching private dataset. The attack uses standard cell library layouts as priors for gradient inversion, turning supposedly privacy-preserving updates into a route for inferring circuit properties and technology nodes. **πŸ”‘ Key Findings:** - Introduces a data-free membership inference attack tailored to image-segmentation models used in hardware assurance. - Uses standard cell library layouts to guide reconstruction from intercepted federated model updates. - Shows the attack can distinguish sensitive hardware attributes such as metal versus diffusion layers and 32nm versus 90nm nodes. - Adds a new loss term that improves reconstruction effectiveness on structurally complex circuit imagery. - Undercuts the assumption that federated learning is inherently safe for protecting hardware IP. --- πŸ”— [Read paper](http://arxiv.org/abs/2604.19891v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.19891v1) #hardware-security #privacy #cybersecurity #cs.CR ⏱️ 2026-04-28 12:09 UTC
## πŸ“„ Towards a Field-Informed Risk-Based Framework for PQC Migration in Legacy Systems ✍️ Paul CHAMMAS, Khalil HARISS, Carole BASSIL, Maroun CHAMOUN πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-21 --- This position paper focuses on the ugly part of post-quantum migration that standards often gloss over: legacy systems that cannot be cleanly swapped or re-engineered. The authors argue that practical migration planning needs to start from actual field constraints, then layer in qualitative risk assessment and quantitative ROI analysis, especially for critical sectors stuck with brittle infrastructure. **πŸ”‘ Key Findings:** - Catalogs legacy-system constraints that complicate PQC migration, including hard-coded crypto, obsolete languages, constrained hardware, vendor lock-in, interoperability issues, and certification barriers. - Argues existing standards and research overemphasize algorithm specs while underdelivering on operational migration guidance. - Proposes a three-layer framework combining system characterization, qualitative risk assessment, and quantitative ROI-based option analysis. - Grounds the proposed framework in survey data from large organizations across finance, energy, healthcare, and government. - Positions legacy-specific migration planning as a distinct problem rather than treating legacy environments as generic deployment targets. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/790) πŸ“Ž [PDF](https://eprint.iacr.org/2026/790.pdf) #post-quantum #cryptography #cybersecurity #law ⏱️ 2026-04-24 02:45 UTC
## πŸ“„ Guarding Against Malicious Biased Threats (GAMBiT): Experimental Design of Cognitive Sensors and Triggers with Behavioral Impact Analysis ✍️ Brandon Beltz, Po-Yu Chen, James Doty, Yvonne Fonken, Nikolos Gurney, et al. πŸ›οΈ DTIC Β· πŸ“… 2026-04-20 --- This paper introduces GAMBiT, a cyber defense framework that treats predictable human cognitive bias as part of the defensive surface instead of assuming fully rational attackers and users. The work matters because it tries to operationalize behavioral triggers and sensor design for influence-aware defense, which is increasingly relevant for online manipulation and human-in-the-loop security. **πŸ”‘ Key Findings:** - Proposes GAMBiT as a cognitive-informed defense architecture aimed at detecting and shaping responses to malicious biased threats. - Frames deviations from ideal rationality as measurable signals that defenders can instrument with sensors and triggers. - Focuses on experimental design, suggesting a path to quantify behavioral impact rather than relying only on technical telemetry. - Connects cyber defense with cognitive security and adversarial influence research, broadening what counts as attack surface. --- πŸ”— [Read paper](https://arxiv.org/pdf/2512.00098) #ai-security #cybersecurity #intelligence #defense #cognitive-security ⏱️ 2026-04-30 10:30 UTC
## πŸ“„ TrEEStealer: Stealing Decision Trees via Enclave Side Channels ✍️ Jonas Sander, Anja Rabich, Nick Mahling, Felix Maurer, Jonah Heller, et al. πŸ›οΈ arXiv Β· πŸ“… 2026-04-20 --- This paper shows that trusted execution environments do not actually protect decision-tree models from practical extraction attacks. The authors combine enclave-specific control-flow leakage with a new extraction strategy to reconstruct TEE-protected trees efficiently across both AMD SEV and Intel SGX deployments. **πŸ”‘ Key Findings:** - Introduces TrEEStealer, a high-fidelity model-extraction attack against decision trees running inside TEEs. - Uses control-flow information plus passive state tracking to recover model structure with far fewer assumptions than prior black-box attacks. - Demonstrates working attack paths for both AMD SEV and Intel SGX, including a new branch-history primitive on current Xeon 6 CPUs. - Finds exploitable leakage in OpenCV, mlpack, and emlearn decision-tree implementations. - Shows TEEs fail to stop control-flow side channels even when the API surface is otherwise restricted. --- πŸ”— [Read paper](http://arxiv.org/abs/2604.18716v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.18716v1) #cybersecurity #ai-security #privacy #cs.CR #cs.LG ⏱️ 2026-04-27 18:00 UTC
## πŸ“„ Cobra: All-in-one for full-fledged defense β€” a hybrid nested KEM ✍️ Basker Palaniswamy, Paolo Palmieri, Ashok Kumar Das, Chun-I Fan πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-20 --- This paper introduces Cobra, a hybrid KEM that combines multiple post-quantum families, including ML-KEM, FrodoKEM, and HQC, then compares 15 different composition strategies. If the results hold up, the practical takeaway is useful: several security-equivalent hybrid designs exist, but latency and deployment overhead vary enough that protocol engineers should choose from a smaller Pareto-optimal subset instead of treating hybridization as one-size-fits-all. **πŸ”‘ Key Findings:** - Proposes Cobra, a hybrid KEM that combines unstructured LWE, module-LWE, code-based, and agility-oriented dummy components. - Analyzes 15 distinct composition methods spanning parallel, cascading, multi-stage, and nested designs. - Claims IND-CCA2 security for all methods within the Market-Theoretic Security Framework. - Reports a 3.2Γ— spread in encapsulation latency across methods, roughly 1.2 to 3.8 ms at NIST Level 1. - Identifies five Pareto-optimal design archetypes and tests them in TLS 1.3 case studies across finance, healthcare, and government settings. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/778) πŸ“Ž [PDF](https://eprint.iacr.org/2026/778.pdf) #cryptography #post-quantum #cybersecurity #crypto ⏱️ 2026-04-24 02:45 UTC
## πŸ“„ And TLS lived happily ever after ✍️ Michael Scott, Gora Adj, Francisco RodrΓ­guez-HenrΓ­quez πŸ›οΈ IACR ePrint Β· πŸ“… 2026-04-20 --- This paper proposes a lower-friction way to bring post-quantum signatures into TLS by fusing classical and PQC signatures rather than bolting two full schemes side by side into certificate chains. The idea is to preserve hybrid security goals while reducing the architectural pain of retrofitting existing X.509 and TLS deployments. **πŸ”‘ Key Findings:** - Targets server authentication in TLS, where certificate signatures must withstand future quantum-capable adversaries. - Proposes a fused hybrid signature approach combining classical and post-quantum authentication methods. - Aims to preserve the security rationale of hybrid signatures while introducing less friction into existing TLS architectures. - Focuses on practical deployability inside current certificate-chain and X.509 workflows. - Frames signature fusion as an alternative to dual-signing certificates with two separate schemes. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/779) πŸ“Ž [PDF](https://eprint.iacr.org/2026/779.pdf) #cryptography #post-quantum #cybersecurity #crypto ⏱️ 2026-04-24 02:45 UTC
## πŸ“„ DALC-CT: Dynamic Analysis of Low-Level Code Traces for Constant-Time Verification ✍️ Authors unavailable in fallback feed sample πŸ›οΈ arXiv Β· πŸ“… 2026-04-18 --- This paper proposes DALC-CT, a dynamic analysis approach for checking whether low-level implementations actually behave in constant time. It matters because timing side channels still quietly break real cryptographic code, and the work aims at verification closer to the machine code that ships, not just the source-level intent. **πŸ”‘ Key Findings:** - Uses dynamic analysis of low-level execution traces rather than relying only on source-level proofs. - Targets constant-time verification for implementations handling secrets such as cryptographic keys. - Focuses on timing-dependent behavior that can leak sensitive information through side channels. - Positions itself as a practical validation layer for crypto implementations where formal verification remains hard. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.16832v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.16832v1) #cybersecurity #cryptography #privacy #cs.CR #cs.PL ⏱️ 2026-04-27 06:00 UTC
## πŸ“„ CoLA: A Choice Leakage Attack Framework to Expose Privacy Risks in Subset Training ✍️ Authors unavailable in fallback feed sample πŸ›οΈ arXiv Β· πŸ“… 2026-04-14 --- CoLA argues that training on a subset of data is not automatically privacy-safer, because the inclusion and exclusion choices themselves can leak information. That is a useful correction to a common assumption in ML security, especially for pipelines that publish metadata, scores, or model behavior linked to subset selection. **πŸ”‘ Key Findings:** - Introduces a choice-leakage attack framework aimed at subset-training workflows. - Shows that selection decisions can create a fresh privacy attack surface, not just reduce exposure. - Highlights leakage through subset-selection metadata as well as downstream model outputs. - Connects common data filtering and coreset practices to concrete privacy risk. --- πŸ”— [Read paper](https://arxiv.org/abs/2604.12342v1) πŸ“Ž [PDF](https://arxiv.org/pdf/2604.12342v1) #ai-security #privacy #cybersecurity #cs.CR #cs.CV ⏱️ 2026-04-27 06:00 UTC
## πŸ“„ Liar, Liar, Headset on Fire: Understanding the Effects of Deception Attacks on Decision-Making in a Mixed Reality Game ✍️ Ali Teymourian, Taha Gharaibeh, Ibrahim Baggili, Andrew M. Webb πŸ›οΈ DTIC Β· πŸ“… 2026-04-13 --- This paper studies deception attacks in mixed reality by measuring how subversive cues affect user decisions during a controlled MR game experiment. It matters because MR systems are becoming operationally relevant, and the work gives empirical evidence that deception in immersive environments can alter behavior in ways security designers need to anticipate. **πŸ”‘ Key Findings:** - Evaluates deception attacks in mixed reality with a controlled study involving 250 participants. - Measures how deceptive or subversive stimuli change user decision-making rather than focusing only on system compromise. - Extends security analysis into immersive environments where perception and interaction are part of the attack surface. - Suggests MR safety and security need defenses against behavioral manipulation, not just software exploits. --- πŸ”— [Read paper](https://doi.org/10.1145/3772318.3791840) #cybersecurity #ai-security #privacy #mixed-reality ⏱️ 2026-04-30 10:30 UTC
## πŸ“„ Decision-theoretic planning and cognitive modeling for active cyber deception ✍️ Aditya Shinde, Prashant Doshi πŸ›οΈ DTIC Β· πŸ“… 2026-04-11 --- This paper frames active cyber deception as a sequential decision problem, combining decision-theoretic planning with cognitive models of attacker behavior. The payoff is a more adaptive way to choose deceptive actions that aims not just to detect intrusions, but to shape adversary decisions during an engagement. **πŸ”‘ Key Findings:** - Models cyber deception as an interactive planning problem rather than a static set of traps or indicators. - Incorporates attacker cognition, which should let defenders tailor deception to likely adversary beliefs and reactions. - Shifts the defensive objective from pure prevention toward influencing attacker behavior over time. - Points to more rigorous evaluation of deception strategies using formal AI methods. --- πŸ”— [Read paper](https://doi.org/10.1016/j.artint.2026.104540) #cybersecurity #defense #intelligence #ai-security ⏱️ 2026-05-04 10:39 UTC
## πŸ“„ Integrated Cognitive Analysis for Human–Autonomy Function Allocation and System Design ✍️ Katie M. Ernst, Laura G. Militello, Emilie M. Roth, Christen Sushereba, Julie DiIulio, et al. πŸ›οΈ DTIC Β· πŸ“… 2026-04-08 --- This paper lays out a methodology for allocating functions and work across humans and autonomous systems in complex aerospace environments. It matters because contested operations increasingly depend on mixed human-machine teams, and bad allocation choices can quietly create both safety and mission risk. **πŸ”‘ Key Findings:** - Proposes an integrated cognitive analysis workflow for assigning functions between humans and autonomy. - Emphasizes preserving human expertise while still exploiting sophisticated autonomous capabilities. - Frames function allocation as a system-design problem, not just an automation-maximization problem. - Directly fits defense autonomy and oversight design where teaming quality affects operational effectiveness. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=%22human-autonomy+teaming%22) #defense #ai-security ⏱️ 2026-04-26 10:30 UTC
## πŸ“„ Cyber and Artificial Intelligence Provisions in the FY2026 National Defense Authorization Act (NDAA) ✍️ CRS πŸ›οΈ CRS Β· πŸ“… 2026-04-07 --- This CRS brief tracks cyber and AI-related provisions in the FY2026 NDAA, giving a fast view of how Congress is shaping defense authorities, programs, and oversight in both areas. It is useful because NDAA language often signals where operational adoption, procurement, reporting duties, and guardrails are heading next. **πŸ”‘ Key Findings:** - Maps cyber and AI provisions under consideration in the FY2026 NDAA. - Shows where Congress is directing defense organizations to build, report, or govern capabilities. - Offers an early read on policy priorities around military cyber operations and AI adoption. --- πŸ”— [Read paper](https://www.everycrsreport.com/reports/IF13197.html) πŸ“Ž [PDF](https://www.everycrsreport.com/files/2026-04-07_IF13197_32a62beab5e4cf659506d0e03272b98feeb1027a.pdf) #cybersecurity #ai-security #defense #law #crs ⏱️ 2026-05-21 23:03 UTC
## πŸ“„ Security Lessons from the Paris Olympics for the 2026 FIFA World Cup and Other Major Events ✍️ Alexandre Rodde, David Mcilhatton, John Cuddihy, Shannen Benton πŸ›οΈ CTC Sentinel Β· πŸ“… 2026-04-01 --- This article distills how the 2024 Paris Olympics managed a dense terrorism and public-safety threat picture, then applies those lessons to the much larger 2026 FIFA World Cup across the United States, Canada, and Mexico. The core message is that North American planners will need deeply integrated intelligence, cyber, infrastructure, and cross-border coordination to scale prevention across 16 cities and three jurisdictions. **πŸ”‘ Key Findings:** - Paris is presented as a proof point for intelligence-led counterterrorism, integrated multi-agency coordination, and visible deterrence under a high-threat environment. - The authors highlight cybersecurity readiness and critical infrastructure protection as core event-security functions, not supporting afterthoughts. - Counter-drone capability and fast public communication are treated as practical requirements for handling both real incidents and disruption attempts. - Scaling from one host nation to three countries introduces legal, operational, and command-coordination problems that require harmonized planning before the tournament begins. - The article argues that terrorism, crime, sabotage, cyber threats, and public disorder have to be planned for as a single interconnected security problem. --- πŸ”— [Read paper](https://ctc.westpoint.edu/security-lessons-from-the-paris-olympics-for-the-2026-fifa-world-cup-and-other-major-events/) πŸ“Ž [PDF](https://ctc.westpoint.edu/wp-content/uploads/2026/04/CTC-SENTINEL-042026_article-4.pdf) #cybersecurity #defense #intelligence #Counterterrorism #CTCSentinel ⏱️ 2026-05-02 22:00 UTC
## πŸ“„ Beyond Misuse: Artificial Intelligence, Grievance, and the Future Landscape of Political Violence ✍️ Yannick Veilleux-Lepage πŸ›οΈ CTC Sentinel Β· πŸ“… 2026-04-01 --- This CTC Sentinel article argues that AI should be treated not only as a tool extremists might misuse, but as a structural force that can itself generate grievances that lead to political violence. It maps how labor disruption, weakened institutional legitimacy, and fraying social ties could expand the pool of actors, targets, and flashpoints that counterterrorism monitoring needs to watch. **πŸ”‘ Key Findings:** - The article says the dominant AI-and-terrorism literature focuses too narrowly on malicious use of AI tools, missing violence driven by AI-related social dislocation itself. - It frames AI-generated grievance across three domains: economic order, state and institutional power, and the social and personal fabric of everyday life. - A central mechanism is the "accountability gap," where AI-mediated harms are real but responsibility is diffuse, making outrage harder to channel through normal political remedies. - The paper argues this dynamic could produce violence by actors outside current counterterrorism baselines, not just established extremist groups. - For practitioners, the takeaway is to widen warning indicators beyond direct AI adoption and include anti-technology grievance formation. --- πŸ”— [Read paper](https://ctc.westpoint.edu/beyond-misuse-artificial-intelligence-grievance-and-the-future-landscape-of-political-violence/) πŸ“Ž [PDF](https://ctc.westpoint.edu/wp-content/uploads/2026/04/CTC-SENTINEL-042026_cover-article.pdf) #ai-security #intelligence #law #Counterterrorism #InnovationAndTechnology #CTCSentinel ⏱️ 2026-05-02 22:00 UTC
## πŸ“„ Competing Narratives on TikTok: Modeling Taiwan’s 2024 Election Dynamics ✍️ Mayor Inna Gurung, Nitin Agarwal πŸ›οΈ DTIC Β· πŸ“… 2026-04-01 --- This paper models how competing narratives spread on TikTok during Taiwan’s 2024 election using a belief-aware diffusion framework rather than simple engagement metrics. It matters because it offers a structured way to analyze influence dynamics, polarization, and information operations on a strategically important social platform during an election. **πŸ”‘ Key Findings:** - Introduces a narrative-diffusion model tailored to competing belief-aligned narratives on social media. - Uses the 2024 Taiwan election as a concrete case for studying platform-mediated information competition. - Emphasizes dynamic interactions between users and narratives, not just static content popularity. - Provides a framework that could inform analysis of influence operations, narrative warfare, and platform risk. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=computer+fraud) #intelligence #defense #cybersecurity #law #information-warfare ⏱️ 2026-04-30 10:30 UTC
## πŸ“„ The Trump Administration's Cyber Strategy ✍️ CRS πŸ›οΈ CRS Β· πŸ“… 2026-03-11 --- This CRS insight appears to summarize the administration's cyber strategy and the policy direction implied by it, likely across deterrence, offensive cyber, critical infrastructure, and whole-of-government coordination. It matters as a concise marker of executive-branch priorities that can shape doctrine, agency implementation, and congressional debate. **πŸ”‘ Key Findings:** - Summarizes the administration's stated cyber priorities and strategic framing. - Helps connect White House cyber strategy to operational and regulatory implications. - Provides a reference point for comparing current policy posture with prior U.S. cyber strategies. --- πŸ”— [Read paper](https://www.everycrsreport.com/reports/IN12667.html) πŸ“Ž [PDF](https://www.everycrsreport.com/files/2026-03-11_IN12667_c2bc449b1d3dbe438a519c8f643de5456d92d55a.pdf) #cybersecurity #defense #policy #crs ⏱️ 2026-05-21 23:03 UTC
## πŸ“„ Systematic Evaluation of Machine Learning and Deep Learning Models for IoT Malware Detection Across Ransomware, Rootkit, Spyware, Trojan, Botnet, Worm, Virus, and Keylogger ✍️ Mazdak Maghanaki, Soraya Keramati, F. Frank Chen, Mohammad Shahin πŸ›οΈ DTIC Β· πŸ“… 2026-03-10 --- This paper benchmarks a wide range of classical machine learning and deep learning approaches for IoT malware detection across eight malware families, rather than evaluating on a narrow single-class setup. It matters because IoT defenses often look strong in toy datasets, and this study appears aimed at showing which model families hold up better when the threat mix is broader and operationally messier. **πŸ”‘ Key Findings:** - Evaluates detection performance across ransomware, rootkit, spyware, trojan, botnet, worm, virus, and keylogger scenarios instead of a single malware category. - Compares both traditional ML and deep learning models, giving defenders a broader baseline for architecture tradeoffs. - Focuses on IoT environments, where constrained devices and heterogeneous traffic make malware detection especially difficult. - Frames the problem as both an accuracy and feasibility challenge, which is more relevant to deployment than raw benchmark scores alone. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=software%20security) πŸ“Ž [PDF](https://www.mdpi.com/1424-8220/26/6/1750/pdf) #cybersecurity #ai-security #malware #iot #machine-learning ⏱️ 2026-05-08 10:40 UTC
## πŸ“„ Linear-Time, Constant-Depth Blind Polynomial Commitments from Generalized RAA Codes, with an End-to-End Blind SNARK Implementation ✍️ Kexi Huang, Yanpei Guo, Wenjie Qu, Jiaheng Zhang πŸ›οΈ IACR ePrint Β· πŸ“… 2026-03-09 --- This work introduces a blind polynomial commitment scheme over non-binary fields that keeps prover work strictly linear while maintaining constant multiplicative depth, which is especially valuable for homomorphic-encryption-friendly proving systems. The result is notable because it improves the usual complexity-depth tradeoff and feeds directly into an end-to-end blind SNARK construction without needing expensive bootstrapping. **πŸ”‘ Key Findings:** - Builds a blind PCS whose commitment and evaluation phases use a strictly linear O(n) number of field operations for the prover. - Maintains constant multiplicative depth, making the design better suited to encrypted-coefficient and homomorphic-encryption settings. - Uses generalized RAA codes over arbitrary non-binary prime fields, extending binary RAA-style efficiency to a broader algebraic setting. - Analyzes the code family and argues it preserves linear minimum distance with high probability over non-binary fields. - Combines the code construction with Ligero’s IOPP framework to obtain an asymptotically and concretely efficient blind PCS that outperforms prior systems like Phalanx and Laminate at large scales. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/487) πŸ“Ž [PDF](https://eprint.iacr.org/2026/487.pdf) #cryptography #crypto #zk #snarks #privacy ⏱️ 2026-05-22 14:45 UTC
## πŸ“„ Secure by design: Merging network and security bootstrapping for IoT systems through NDN ✍️ Adriana V. Ribeiro, AndrΓ© L.R. Madureira, Leobino N. Sampaio πŸ›οΈ DTIC Β· πŸ“… 2026-02-26 --- This work argues that IoT deployments should bootstrap connectivity and security together instead of treating them as separate setup phases. Using Named Data Networking, it proposes a design where trust establishment is built into the networking model, which could reduce onboarding complexity and common misconfiguration risks. **πŸ”‘ Key Findings:** - Proposes a unified bootstrap process that combines network configuration with security provisioning for IoT devices. - Uses NDN to make trust and data access central parts of device onboarding. - Targets a common weakness in IoT, where insecure or inconsistent bootstrap flows leave devices exposed early in deployment. - Suggests a path toward more scalable and trustworthy IoT rollouts in constrained environments. --- πŸ”— [Read paper](https://doi.org/10.1016/j.comnet.2026.112162) #cybersecurity #privacy #cryptography ⏱️ 2026-05-04 10:39 UTC
## πŸ“„ Area-Efficient LUT-Based Multipliers for AMD Versal FPGAs ✍️ Zetao Miao, Xander Pottier, Jonas Bertels, Wouter Legiest, Ingrid Verbauwhede πŸ›οΈ IACR ePrint Β· πŸ“… 2026-02-20 --- This paper redesigns LUT-based integer multipliers specifically for AMD Versal FPGAs, whose new LOOKAHEAD8 carry structure breaks assumptions behind older CARRY4/8-optimized designs. The result is a multiplier architecture that materially cuts LUT usage while preserving comparable timing, which matters for dense cryptographic and signal-processing workloads on Versal-class devices. **πŸ”‘ Key Findings:** - Combines radix-4 modified Booth recoding with Versal-specific LUT mapping to generate the partial-product bit heap using about n^2/4 LUTs. - Introduces a new compressor-tree synthesis heuristic that improves area-delay product by 8 to 20 percent versus prior Versal heuristics. - Achieves up to 40 percent LUT reduction compared with AMD LogiCORE IP multipliers at similar critical-path delay. - Targets the mismatch between legacy FPGA multiplier layouts and the Versal CLB micro-architecture, rather than treating Versal as a drop-in continuation of earlier Xilinx fabrics. - Ships with an open-source Python RTL generator supporting configurable operand widths and pipeline depths for practical deployment. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/344) πŸ“Ž [PDF](https://eprint.iacr.org/2026/344.pdf) #hardware-security #cryptography #fpga ⏱️ 2026-05-21 02:45 UTC
## πŸ“„ RISQrypt: Fast, Secure and Agile Hardware-Software Co-Design for Post-Quantum Cryptography ✍️ Tolun Tosun, AtΔ±l Utku Ay, Quinten Norga, Suparna Kundu, Melik YazΔ±cΔ±, et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2026-02-18 --- RISQrypt presents a unified masked hardware-software co-design for both ML-KEM (Kyber) and ML-DSA (Dilithium), combining dedicated accelerators for polynomial arithmetic, hashing, and mask conversion in one crypto-agile architecture. The result is a practical path to much faster side-channel-resistant post-quantum implementations without giving up flexibility for future schemes. **πŸ”‘ Key Findings:** - Implements both Kyber and Dilithium with masking in a single unified architecture, which the authors position as a first in the literature. - Accelerates masked Kyber768 decapsulation to 109K clock cycles and masked Dilithium3 signing to an average of 1230K clock cycles. - Delivers a reported 11.3x time-performance gain over prior masked implementations. - Also improves unprotected performance, with reported speed-ups of 10.64x and 8.94x for Kyber encapsulation and decapsulation, plus 1.14x and 2.23x for Dilithium signing and verification versus similar-resource designs. - Uses a HW/SW co-design that can be extended by firmware reprogramming to related PQC schemes such as Falcon and SPHINCS+. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/312) πŸ“Ž [PDF](https://eprint.iacr.org/2026/312.pdf) #cryptography #crypto #hardware-security ⏱️ 2026-05-06 20:45 UTC
## πŸ“„ Key Recovery Attacks on UOV Using p^l-truncated Polynomial Rings ✍️ Hiroki Furue, Yasuhiko Ikematsu πŸ›οΈ IACR ePrint Β· πŸ“… 2026-02-18 --- This paper extends recent structural key-recovery attacks on UOV by recasting them in truncated polynomial-ring language, which makes the attack framework more general and easier to analyze across finite fields. The practical upshot is that several claimed security levels for UOV and SNOVA parameters are weakened, with the authors finding stronger intersection-style attacks than prior reconciliation-based analyses. **πŸ”‘ Key Findings:** - Shows UOV secret-subspace recovery can be expressed via XL over p-truncated polynomial rings, simplifying earlier symmetric-algebra formulations. - Generalizes the attack framework to p^l-truncated polynomial rings, which can relax solving-degree constraints by choosing larger l. - Incorporates intersection attacks into this framework, not just reconciliation attacks considered in prior work. - Finds the best intersection attacks outperform reconciliation attacks against proposed UOV parameters. - Reports reduced security estimates for multiple UOV and SNOVA parameter sets versus their claimed levels. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/298) πŸ“Ž [PDF](https://eprint.iacr.org/2026/298.pdf) #cryptography #crypto #post-quantum #multivariate-cryptography #digital-signatures ⏱️ 2026-05-01 08:45 UTC
## πŸ“„ Coordinated Multi-Domain Deception: A Stackelberg Game Approach ✍️ Md Abu Sayed, Asif Rahman, Ahmed Hemida, Christopher Kiekintveld, Charles A. Kamhoua πŸ›οΈ DTIC Β· πŸ“… 2026-02-16 --- This paper models cyber and physical deception as a coordinated defender strategy rather than isolated decoys. The authors use a Stackelberg game with CVSS and NVD vulnerability data to show that multilayer deception can improve defender utility more than single-layer baselines. **πŸ”‘ Key Findings:** - Synchronizes cyber and physical replicas so defenders can mislead attackers across coupled domains instead of only one layer. - Uses CVSS-based exploit probabilities and NVD vulnerability data to prioritize which weaknesses deserve deceptive coverage. - Introduces a CVE-based utility function for defender and attacker interactions in a Stackelberg game setting. - Reports that coordinated multilayer deception outperforms both single-layer and baseline strategies across CVSS versions. - Frames deception as a decision problem tied to vulnerability management, not just honeypot placement. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=cyber+deception) πŸ“Ž [PDF](https://arxiv.org/pdf/2601.02596v1) #cybersecurity #defense #ai-security #cs.CR ⏱️ 2026-05-02 22:30 UTC
## πŸ“„ Optimized Implementations of Keccak, Kyber, and Dilithium on the MSP430 Microcontroller ✍️ DongHyun Shin, YoungBeom Kim, Ayesha Khalid, MΓ‘ire O'Neill, Seog Chung Seo πŸ›οΈ IACR ePrint Β· πŸ“… 2026-02-12 --- This paper adapts Keccak, CRYSTALS-Kyber, and CRYSTALS-Dilithium to the 16-bit MSP430, a much smaller target than the ARM microcontrollers that dominate embedded PQC optimization work. The main result is that careful redesign of NTT arithmetic and memory access patterns makes standardized post-quantum crypto substantially more practical on constrained IoT-class hardware. **πŸ”‘ Key Findings:** - Redesigns 16-bit and 32-bit NTT routines for MSP430, including modular arithmetic, layer merging, and point-wise multiplication tuned to the architecture. - Reports 134%, 249%, and 210% speedups over C reference code for 16-bit NTT, inverse NTT, and point-wise multiplication, respectively. - Introduces MSP430-specific "twisting" and "zig-zag" techniques for Keccak, yielding a 57% performance improvement over the reference implementation. - Achieves Kyber speedups of 46.1% to 51.3% for KeyGen, 45.6% to 60.0% for Encaps, and 46.2% to 62.3% for Decaps. - Achieves Dilithium speedups of 44.5% to 48.3% for KeyGen, 57.5% to 65.0% for signing, and 46.1% to 50.0% for verification. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/235) πŸ“Ž [PDF](https://eprint.iacr.org/2026/235.pdf) #cryptography #crypto #hardware-security ⏱️ 2026-04-29 02:45 UTC
## πŸ“„ Solving SIS in any norm via Gaussian sampling ✍️ Maiara F. Bollauf, Amaury Pouly, Yixin Shen πŸ›οΈ IACR ePrint Β· πŸ“… 2026-02-11 --- This paper gives a simple, general algorithm for solving the Short Integer Solution (SIS) problem under any norm when the target bound is below q/2. The core idea is to sample many vectors from a discrete Gaussian over the SIS q-ary lattice, then use new tight estimates on Gaussian mass over lattices and norm balls to prove that a short nonzero solution appears with meaningful probability. In concrete terms, the resulting attack is significantly faster than a recent Crypto 2025 result, narrowing margins for SIS instances even though it still does not break Dilithium. **πŸ”‘ Key Findings:** - Presents a provably correct SIS-solving algorithm that works for any norm, not just a narrow special case. - Establishes tight bounds on expected value and variance of Gaussian mass for random q-ary lattices and β„“_p balls, for all p in (0, ∞]. - Develops new technical results on discrete Gaussian distributions and ratios of Gaussian mass functions over β„€. - Shows that, with an MCMC-based discrete Gaussian sampler, the algorithm's runtime can be estimated precisely. - Achieves at least a 50-bit speedup over the Ducas, Engelberts, and Loyer Crypto 2025 algorithm across all security levels, while still falling short of breaking Dilithium. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/225) πŸ“Ž [PDF](https://eprint.iacr.org/2026/225.pdf) #cryptography #crypto #lattice-cryptography #post-quantum-cryptography ⏱️ 2026-05-22 20:45 UTC
## πŸ“„ MPSpeed: Implementing and Optimizing MPC-in-the-Head Digital Signatures in Hardware ✍️ Stelios Manasidis, Quinten Norga, Suparna Kundu, Ingrid Verbauwhede πŸ›οΈ IACR ePrint Β· πŸ“… 2026-02-09 --- This paper builds a compact FPGA accelerator for Mirath, a post-quantum MPC-in-the-Head signature scheme, targeting its biggest bottlenecks in GGM-tree commitments and MPC arithmetic. The result is a much more practical hardware path for MPCitH signatures, showing that careful scheduling, indexing, and parameter-aware parallelism can cut memory costs sharply while improving overall efficiency by over an order of magnitude. **πŸ”‘ Key Findings:** - Introduces an on-the-fly GGM tree generation schedule that minimizes stored nodes while still enabling parallel computation. - Uses a hardware-friendly tree indexing method based on shift operations to quickly recover the nearest computed ancestor. - Designs massively parallel but area-efficient arithmetic units tuned to Mirath's parameter sets and MPCitH workload structure. - Implements a unified Artix-7 FPGA design supporting all Mirath operations, including commitments and MPC arithmetic. - Compared with prior MPCitH signature hardware for SDitH, reduces BRAM usage by up to 81.6% and improves area-time product by 52.7x to 64.8x. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/206) πŸ“Ž [PDF](https://eprint.iacr.org/2026/206.pdf) #cryptography #hardware-security #crypto #post-quantum #fpga #digital-signatures ⏱️ 2026-04-27 14:45 UTC
## πŸ“„ MPSpeed: Implementing and Optimizing MPC-in-the-Head Digital Signatures in Hardware ✍️ Stelios Manasidis, Quinten Norga, Suparna Kundu, Ingrid Verbauwhede πŸ›οΈ IACR ePrint Β· πŸ“… 2026-02-09 --- This paper builds a compact FPGA accelerator for Mirath, a post-quantum MPC-in-the-Head signature scheme, targeting its biggest bottlenecks in GGM-tree commitments and MPC arithmetic. The result is a much more practical hardware path for MPCitH signatures, showing that careful scheduling, indexing, and parameter-aware parallelism can cut memory costs sharply while improving overall efficiency by over an order of magnitude. **πŸ”‘ Key Findings:** - Introduces an on-the-fly GGM tree generation schedule that minimizes stored nodes while still enabling parallel computation. - Uses a hardware-friendly tree indexing method based on shift operations to quickly recover the nearest computed ancestor. - Designs massively parallel but area-efficient arithmetic units tuned to Mirath's parameter sets and MPCitH workload structure. - Implements a unified Artix-7 FPGA design supporting all Mirath operations, including commitments and MPC arithmetic. - Compared with prior MPCitH signature hardware for SDitH, reduces BRAM usage by up to 81.6% and improves area-time product by 52.7x to 64.8x. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/206) πŸ“Ž [PDF](https://eprint.iacr.org/2026/206.pdf) #cryptography #hardware-security #crypto #post-quantum #fpga #digital-signatures ⏱️ 2026-04-27 14:45 UTC
## πŸ“„ Threshold linear solving in small fields and application to UOV ✍️ Paco Azevedo-Oliveira, Jordan Beraud, Pierre Varjabedian πŸ›οΈ IACR ePrint Β· πŸ“… 2026-02-05 --- This paper develops three MPC-friendly algorithms for solving shared linear systems over small-characteristic finite fields, a bottleneck that shows up in threshold cryptography. The main payoff is enabling more practical threshold constructions for UOV and related post-quantum signature schemes, where prior threshold literature is still relatively thin. **πŸ”‘ Key Findings:** - Introduces three protocols for solving a shared system Ax = b when the matrix and vectors are secret-shared among parties. - Two of the methods derive from secure determinant computation, using Newton polynomial results and an adaptation of the Samuelson-Berkowitz algorithm. - The third method is a modification of an existing state-of-the-art approach, aimed at improving suitability in this setting. - The work targets low-characteristic fields, which are especially relevant for UOV-style multivariate cryptography. - The resulting techniques open the door to new threshold instantiations of UOV and UOV-based post-quantum schemes. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/189) πŸ“Ž [PDF](https://eprint.iacr.org/2026/189.pdf) #cryptography #crypto #privacy ⏱️ 2026-05-12 08:45 UTC
## πŸ“„ Designing Deceptions for Protecting Industrial Control Systems ✍️ Neil C. Rowe πŸ›οΈ DTIC Β· πŸ“… 2026-01-31 --- This book chapter examines how deception can be designed specifically for industrial control systems, where uptime requirements and legacy constraints make conventional security controls harder to deploy. It is relevant because ICS defenders need practical ways to slow, mislead, and study attackers without disrupting critical operations. **πŸ”‘ Key Findings:** - Focuses on deception techniques tailored to industrial control systems rather than enterprise IT environments. - Frames ICS as high-value cyber targets with unusual operational constraints, including infrequent patching and continuous runtime needs. - Positions deception as a defensive layer for detection, attacker confusion, and resilience in critical infrastructure settings. - Connects the work to the broader cyber deception literature through a chapter in *Foundations of Cyber Deception*. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=Designing+Deceptions+for+Protecting+Industrial+Control+Systems) #cybersecurity #critical-infrastructure #privacy ⏱️ 2026-04-28 10:34 UTC
## πŸ“„ Setup Protocols for Sender Anonymity ✍️ Tian Huang, Jiatai Zhang, Megumi Ando πŸ›οΈ IACR ePrint Β· πŸ“… 2026-01-30 --- This paper tackles a blind spot in anonymous communication systems: the setup phase can leak who initiated contact, even when later messaging preserves anonymity. The authors formalize sender anonymity for dialing and setup protocols, then introduce Fusion and Fusion+, showing how to enforce simple I/O communication patterns while quantifying the privacy versus correctness tradeoff. **πŸ”‘ Key Findings:** - Introduces enhanced dialing protocols as a formal class for enforcing simple I/O anonymity settings. - Defines a framework covering security, correctness, fairness, and sender anonymity during setup. - Presents Fusion, which achieves perfect correctness and fairness while leaking only what the model deems unavoidable. - Presents Fusion+, a differentially private variant that reduces leakage further by sacrificing some correctness. - Quantifies the inherent privacy versus correctness tradeoff for sender-anonymous setup. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/158) πŸ“Ž [PDF](https://eprint.iacr.org/2026/158.pdf) #cryptography #privacy #differential-privacy #anonymous-communication ⏱️ 2026-05-05 02:46 UTC
## πŸ“„ SESHAT: Systematic Energy & Seed-Provenance Harness for Algorithmic Tradeoffs ✍️ Mohamed El-Hadedy πŸ›οΈ DTIC Β· πŸ“… 2026-01-30 --- SESHAT introduces a reproducible benchmark suite for modular exponentiation on embedded Arm and RISC-V SoCs used in IoT and UAV edge systems. It matters because cryptographic performance comparisons on constrained platforms are often hard to reproduce, which makes security-performance tradeoffs and hardware selection decisions noisier than they should be. **πŸ”‘ Key Findings:** - Proposes a benchmark harness focused on modular exponentiation, a core primitive behind public-key cryptography. - Targets embedded Arm and RISC-V system-on-chip platforms relevant to IoT gateways and UAV edge deployments. - Emphasizes energy measurement and seed provenance so algorithmic comparisons can be reproduced across runs and devices. - Provides a way to study efficiency versus security-related implementation tradeoffs on constrained hardware. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=SESHAT%3A+Systematic+Energy+%26+Seed-Provenance+Harness+for+Algorithmic+Tradeoffs) #cryptography #cybersecurity #sovereign-computing ⏱️ 2026-04-28 10:34 UTC
## πŸ“„ Aerothermodynamic response of ZrB2-based compositionally complex ultra-high-temperature ceramics in hypersonic and supersonic flow conditions ✍️ Dylan De Prisco, Stefano Mungiguerra, Raffaele Costanzo, Anselmo Cecere, Raffaele Savino, et al. πŸ›οΈ DTIC Β· πŸ“… 2026-01-29 --- This paper tests two ZrB2-based ultra-high-temperature ceramic compositions under both hypersonic and supersonic arc-jet conditions to map how they behave as thermal protection materials. It matters because the authors connect real-time surface heating measurements with oxidation and microstructural changes, showing how NbC versus VC dopants shift failure and survivability under extreme aero-thermal loads. **πŸ”‘ Key Findings:** - The team exposed hemispherical ZrB2-TiB2-SiC ceramics doped with either NbC or VC to simulated air flows at about 20 MJ/kg in both Mach 3 and Mach 6 configurations. - Real-time pyrometry and infrared thermography measured surface temperatures roughly between 1700 K and 2700 K during testing. - One-dimensional chemical-equilibrium modeling was used to estimate flow-field conditions and aerothermodynamic loads for each nozzle configuration. - Post-test analysis linked oxidation behavior and microstructure evolution to the dopant choice, indicating distinct response mechanisms for Nb-containing versus V-containing compositions. - The results help qualify compositionally complex diboride ceramics for hypersonic thermal protection systems and related high-enthalpy aerospace applications. --- πŸ”— [Read paper](https://doi.org/10.1016/j.jeurceramsoc.2026.118184) #defense #materials-science #hypersonics ⏱️ 2026-05-18 10:30 UTC
## πŸ“„ ARES/ARES+: Online-Friendly Robust Threshold ECDSA with Amortized Costs ✍️ Guofeng Tang, Tian Qiu, Bowen Jiang, Haiyang Xue, Meng Hao, et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2026-01-27 --- This work introduces two robust threshold ECDSA protocols that aim to keep the online signing path lightweight while shrinking the offline communication and computation costs that have limited MtA-based designs. The stronger variant, ARES+, reaches linear amortized computation with constant online communication, making robust threshold signing more practical for blockchain and wallet settings that need both liveness and efficiency. **πŸ”‘ Key Findings:** - Proposes ARES, an MtA-based robust threshold ECDSA protocol with constant per-party sending communication of about 2.22 KB in the offline phase. - Improves substantially over prior online-friendly MtA-based schemes while retaining a cheap online phase built mostly from finite-field operations. - Introduces ARES+, which uses packed secret sharing to achieve linear amortized computational complexity across batched signatures. - ARES+ matches TLHE-based asymptotic efficiency while preserving the online-friendly properties of MtA constructions. - The amortization gains come with a tradeoff: producing l signatures requires increasing the party count by l. --- πŸ”— [Read paper](https://eprint.iacr.org/2026/130) πŸ“Ž [PDF](https://eprint.iacr.org/2026/130.pdf) #cryptography #crypto #threshold-signatures #ecdsa #blockchain ⏱️ 2026-05-01 08:45 UTC
## πŸ“„ RF-AttenNet: A Hybrid Attention-Enhanced Network for Mixed Signal Classification in UAV Swarm Detection ✍️ Prajoy Podder, Mohammad Atikur Rahman, Maciej Zawodniok, Sanjay Madria πŸ›οΈ DTIC Β· πŸ“… 2026-01-10 --- This paper introduces an attention-enhanced model for RF-based classification of mixed signals in UAV swarm detection. It matters because passive, low-latency identification of drone swarms is a very practical counter-UAS problem with direct airspace-security and defense relevance. **πŸ”‘ Key Findings:** - Uses RF sensing rather than visual-only detection, which helps when drones are distant, obscured, or operating in cluttered environments. - Targets mixed-signal classification, which is harder than clean single-emitter detection. - Applies a hybrid attention architecture to improve discrimination in UAV swarm scenarios. - Maps cleanly to counter-drone monitoring and spectrum-aware defense systems. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=%22uav+swarm+detection%22) #defense #cybersecurity ⏱️ 2026-04-26 10:30 UTC
## πŸ“„ Governing the AI–biotech convergence ✍️ Benjamin D Trump, Christopher L Cummings, Beth Ellinport, Stephanie Galaitsi, Thomas Janisko, et al. πŸ›οΈ DTIC Β· πŸ“… 2026-01-03 --- This paper looks at the security and governance risks created where modern AI capabilities meet biotechnology workflows. The core value is not just flagging biosecurity concerns, but arguing for adaptive governance that can keep pace with dual-use risks as AI lowers barriers to biological design, optimization, and experimentation. **πŸ”‘ Key Findings:** - Examines how AI and biotech together can accelerate innovation while also expanding misuse and dual-use risk. - Argues that static governance models are a poor fit for fast-moving AI-enabled biotech development. - Frames security risk as part of a wider governance challenge involving ethics, oversight, and international coordination. - Connects technical advances to policy design, which is useful for readers tracking AI security beyond narrow model-level issues. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=AI%20security) πŸ“Ž [PDF](https://link.springer.com/content/pdf/10.1038/s44319-025-00628-w.pdf) #ai-security #defense #biosecurity #governance ⏱️ 2026-05-08 10:40 UTC
## πŸ“„ Designing Deceptions for Protecting Industrial Control Systems ✍️ Neil C. Rowe πŸ›οΈ DTIC Β· πŸ“… 2026-01-01 --- This chapter argues that industrial control systems are unusually good candidates for deception because they are fragile, hard to patch, and often must stay online continuously. It focuses on deception as an active-defense layer for critical infrastructure, where misleading attackers can buy time and reduce risk when direct remediation is difficult. **πŸ”‘ Key Findings:** - Highlights ICS environments as especially exposed because they support critical infrastructure, run with limited downtime, and often lag on software updates. - Positions deception as a practical active-defense tool when patching or architectural change is slow or operationally costly. - Connects deception design to the unique operational constraints of control systems rather than generic enterprise security assumptions. - Suggests that tailored deceptive elements can help protect high-value industrial processes during reconnaissance and attack preparation. - Reinforces that cyber deception has a distinct role in OT and ICS resilience planning. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=cyber+deception) πŸ“Ž [PDF](https://link.springer.com/content/pdf/10.1007/978-3-031-93867-2_9.pdf) #cybersecurity #defense #hardware-security #critical-infrastructure ⏱️ 2026-05-02 22:30 UTC
## πŸ“„ Ghost of Sessions Past: Distributed and Forward Secure Key Establishment for Implantable Medical Devices ✍️ Roozbeh Sarenche, Sayon Duttagupta, Kevin Bogner, Varesh Mishra, Francesco Milizia et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2025-12-24 --- This paper introduces Chronos, a forward-secure key establishment protocol for implantable medical devices that avoids public-key cryptography on the implant itself. The design matters because IMDs can remain deployed for decades, and a later compromise of the device, phone, or backend should not expose years of previously recorded patient telemetry. **πŸ”‘ Key Findings:** - Chronos uses only lightweight symmetric primitives on the implant while still providing forward secrecy across sessions. - The protocol pushes coordination, recovery, and resynchronization to a threshold-based distributed backend, removing a single backend point of failure. - It includes emergency access and recovery paths for cases where the patient's normal device is unavailable, without giving up patient-centric access control. - The authors formally verify secrecy, agreement, forward secrecy, and recovery behavior in ProVerif under a post-session compromise model. - End-to-end implementation results on MSP430 and Cortex-M33 platforms suggest the protocol fits realistic IMD energy and safety constraints with negligible battery impact. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/2322) πŸ“Ž [PDF](https://eprint.iacr.org/2025/2322.pdf) #cryptography #privacy #cybersecurity #hardware-security ⏱️ 2026-05-15 14:45 UTC
## πŸ“„ Ghost of Sessions Past: Distributed and Forward Secure Key Establishment for Implantable Medical Devices ✍️ Roozbeh Sarenche, Sayon Duttagupta, Kevin Bogner, Varesh Mishra, Francesco Milizia et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2025-12-24 --- This paper introduces Chronos, a forward-secure key establishment protocol for implantable medical devices that avoids public-key cryptography on the implant itself. The design matters because IMDs can remain deployed for decades, and a later compromise of the device, phone, or backend should not expose years of previously recorded patient telemetry. **πŸ”‘ Key Findings:** - Chronos uses only lightweight symmetric primitives on the implant while still providing forward secrecy across sessions. - The protocol pushes coordination, recovery, and resynchronization to a threshold-based distributed backend, removing a single backend point of failure. - It includes emergency access and recovery paths for cases where the patient's normal device is unavailable, without giving up patient-centric access control. - The authors formally verify secrecy, agreement, forward secrecy, and recovery behavior in ProVerif under a post-session compromise model. - End-to-end implementation results on MSP430 and Cortex-M33 platforms suggest the protocol fits realistic IMD energy and safety constraints with negligible battery impact. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/2322) πŸ“Ž [PDF](https://eprint.iacr.org/2025/2322.pdf) #cryptography #privacy #cybersecurity #hardware-security ⏱️ 2026-05-15 14:45 UTC
## πŸ“„ InstantOMR: Oblivious Message Retrieval with Low Latency and Optimal Parallelizability ✍️ Haofei Liang, Zeyu Liu, Eran Tromer, Xiang Xie, Yu Yu πŸ›οΈ IACR ePrint Β· πŸ“… 2025-12-23 --- This paper introduces InstantOMR, an oblivious message retrieval scheme for anonymous messaging systems that mixes TFHE functional bootstrapping with standard RLWE operations. The hybrid design substantially reduces recipient wait times and parallelizes cleanly across CPU cores, making single-server private message retrieval much more practical. **πŸ”‘ Key Findings:** - Proposes a two-layer bootstrapping architecture that combines TFHE and regular RLWE homomorphic operations. - Targets recipient privacy in anonymous messaging, where users must retrieve their messages without scanning everything or revealing which messages are theirs. - Achieves about 860x lower latency than SophOMR, the prior state-of-the-art single-server OMR scheme. - Scales near-optimally with available CPU cores because messages can be processed independently. - Implementation results are based on Primus-fhe, with additional estimates from TFHE-rs. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/2317) πŸ“Ž [PDF](https://eprint.iacr.org/2025/2317.pdf) #cryptography #privacy #crypto ⏱️ 2026-05-02 08:45 UTC
## πŸ“„ On the Pitfalls of Modeling Individual Knowledge ✍️ Wojciech Ciszewski, Stefan Dziembowski, Tomasz Lizurej, Marcin Mielniczuk πŸ›οΈ IACR ePrint Β· πŸ“… 2025-12-17 --- This paper argues that several cryptographic protocols claiming to prove or enforce individual knowledge rely on an unrealistic hash-model assumption. By showing how practical hash constructions permit partial precomputation on long inputs, the authors break prior schemes and outline safer replacements that better match real-world hashing behavior. **πŸ”‘ Key Findings:** - Identifies a modeling flaw in protocols that treat hashing of long messages as an atomic random-oracle operation. - Shows this assumption fails for practical constructions like Merkle-DamgΓ₯rd and sponge-based hashes, as well as Bitcoin-style hashing workflows. - Demonstrates practical attacks against prior non-outsourceable puzzle and individual-knowledge schemes. - Explains why these attacks undermine claims that fast computation necessarily implies storing the target message on one controlled machine. - Proposes modified constructions intended to avoid dependence on unrealistic long-input random-oracle behavior. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/2268) πŸ“Ž [PDF](https://eprint.iacr.org/2025/2268.pdf) #cryptography #cybersecurity #privacy ⏱️ 2026-05-05 02:46 UTC
## πŸ“„ Revisiting Sum-check-based Polynomial Commitment Schemes ✍️ Yuncong Zhang πŸ›οΈ IACR ePrint Β· πŸ“… 2025-12-15 --- This paper reframes sum-check and FRI through dual functional properties, giving a more modular way to reason about polynomial commitment schemes and related succinct arguments. That matters because it replaces monolithic protocol proofs with reusable components, and the author uses that lens to simplify analyses of existing systems while designing a new transparent, homomorphic commitment scheme. **πŸ”‘ Key Findings:** - Defines a repulsive verifier property for sum-check that is intrinsic to the protocol and independent of any external commitment or binding mechanism. - Identifies a dual attractive verifier property for FRI, capturing when the verifier returns the intended polynomial evaluation or aborts. - Uses those properties to give a modular security analysis of BaseFold instead of a single end-to-end proof. - Shows BulletProofs can be decomposed into a repulsive sum-check layer plus a computationally attractive component, simplifying the proof structure. - Introduces a new polynomial commitment construction combining transparency, homomorphic commitments, and double efficiency. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/2249) πŸ“Ž [PDF](https://eprint.iacr.org/2025/2249.pdf) #cryptography #crypto #privacy ⏱️ 2026-05-14 08:46 UTC
## πŸ“„ AgentCrypt: Advancing Privacy and (Secure) Computation in AI Agent Collaboration ✍️ Harish Karthikeyan, Yue Guo, Leo de Castro, Antigoni Polychroniadou, Leo Ardon, et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2025-12-08 --- AgentCrypt proposes a three-level privacy layer for AI agent systems, aiming to keep sensitive data protected even when the underlying agents are probabilistic and error-prone. The framework combines policy-aware sharing with encrypted computation, so multi-agent workflows can collaborate across data silos without exposing tagged private information. **πŸ”‘ Key Findings:** - Introduces a three-tier privacy model, from unrestricted exchange to fully encrypted computation using techniques such as homomorphic encryption. - Targets privacy failures that happen after access is granted, including agent messaging, tool use, persistence, and derived-information leakage. - Claims privacy guarantees for tagged data even if the AI agent itself behaves incorrectly or unpredictably. - Demonstrates implementations on both LangGraph and Google ADK to show portability across agent platforms. - Contributes a benchmark dataset for evaluating privacy-critical agent tasks across multiple protection levels. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/2216) πŸ“Ž [PDF](https://eprint.iacr.org/2025/2216.pdf) #ai-security #privacy #cryptography #cybersecurity ⏱️ 2026-05-08 20:45 UTC
## πŸ“„ An enhanced autonomous counter-drone system with jamming and relative positioning capabilities ✍️ Nicolas Souli, Panayiotis Kolios, Georgios Ellinas πŸ›οΈ DTIC Β· πŸ“… 2025-12-01 --- This paper describes an autonomous counter-drone system that combines jamming with relative positioning, aiming to improve how defenders detect, track, and neutralize unauthorized UAVs. It stands out because it joins sensing, positioning, and effect delivery into a more operationally complete counter-UAS stack instead of treating them as separate problems. **πŸ”‘ Key Findings:** - Presents a counter-drone architecture that integrates autonomous operation with jamming capabilities. - Uses relative positioning to improve pursuit, tracking, or intercept decisions against moving UAV targets. - Targets real-world unauthorized-drone scenarios where rapid response and system autonomy matter. - Adds practical relevance for defense and critical-infrastructure operators evaluating deployable counter-UAS designs. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=An%20enhanced%20autonomous%20counter-drone%20system%20with%20jamming%20and%20relative%20positioning%20capabilities) #defense #cybersecurity ⏱️ 2026-05-03 10:32 UTC
## πŸ“„ Splitting the MAYO: A Component-Wise Fault Injection Attack on Randomized MAYO ✍️ Mohamed Abdelmonem, Lejla Batina, Durba Chatterjee, Vincent Dankbaar, HΓ₯vard Raddum πŸ›οΈ IACR ePrint Β· πŸ“… 2025-11-28 --- This paper shows a practical fault injection attack against randomized MAYO signatures, breaking the assumption that randomized signing is enough to resist key-recovery under active physical attacks. By faulting the final oil-vinegar addition step and combining partial leaks across signatures, the authors recover full MAYO-1 secret keys on Cortex-M4 hardware under realistic glitching conditions. **πŸ”‘ Key Findings:** - Targets the final addition step in MAYO signing, exposing either oil coefficients directly or vinegar coefficients that can be converted into oil information. - Recovers the full secret key by aggregating coefficient-wise leakage over multiple faulty signatures and exploiting the linear oil-space structure. - Works against randomized implementations, without relying on deterministic signing, memory reuse, or hash-function faulting. - Demonstrated in practice on ARM Cortex-M4 using both clock glitching and electromagnetic fault injection for -O3 and -Os builds. - Finds that lightweight published countermeasures do not stop the attack, pointing to a need for stronger fault-resilience in PQ signature implementations. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/2163) πŸ“Ž [PDF](https://eprint.iacr.org/2025/2163.pdf) #cryptography #cybersecurity #hardware-security #post-quantum-crypto #fault-injection ⏱️ 2026-05-22 14:45 UTC
## πŸ“„ Hardness and Algorithms for Batch LPN under Dependent Noise ✍️ Xin Li, Songtao Mao, Zhaienhe Zhou πŸ›οΈ IACR ePrint Β· πŸ“… 2025-11-28 --- This paper studies Batch LPN when the noise across samples is correlated rather than independent, which is a more realistic model for several cryptographic and learning settings. It gives broader hardness reductions from standard LPN and pairs them with an attack result, helping map out which dependent-noise regimes preserve security and which admit efficient algorithms. **πŸ”‘ Key Findings:** - Extends prior hardness results by identifying several wider classes of dependent-noise distributions that still preserve Batch LPN hardness. - Shows hardness under a Fourier-analytic condition, under sufficient density of the noise distribution, and for certain Santha-Vazirani sources. - Improves the known Santha-Vazirani hardness dependence from O(2^-k Ξ΅) to O(2^-k/2 Ξ΅). - Adapts the Arora-Ge linearization attack to the dependent-noise setting, showing solvability when at least one noise point has sufficiently low probability. - Frames the reductions through random affine transformations and Fourier analysis, offering a general method for future dependent-noise LPN work. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/2164) πŸ“Ž [PDF](https://eprint.iacr.org/2025/2164.pdf) #cryptography #crypto ⏱️ 2026-05-20 20:45 UTC
## πŸ“„ Vega: Low-Latency Zero-Knowledge Proofs over Existing Credentials ✍️ Darya Kaviani, Srinath Setty πŸ›οΈ IACR ePrint Β· πŸ“… 2025-11-14 --- Vega is a zero-knowledge proof system for proving statements about existing digital credentials without exposing the rest of the credential contents. The paper matters because it pushes practical privacy-preserving identity proofs toward real-world latency, avoiding trusted setup while substantially reducing proving time, verification time, and proof size versus prior approaches. **πŸ”‘ Key Findings:** - Vega proves predicates over existing credentials without requiring full in-circuit parsing of the credential. - For a 1920-byte credential, it reports 92 ms proving time, 23 ms verification time, 108 kB proofs, and a 464 kB proving key. - For 896-byte credentials, performance improves to 62 ms proving, 17 ms verification, and 83 kB proofs. - Its design combines fold-and-reuse proving with lookup-centric arithmetization to cut repeated work across presentations, hashing steps, and zero-knowledge transcript generation. - The system avoids a trusted setup while supporting field extraction and length-hiding hashing over credential bytes. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/2094) πŸ“Ž [PDF](https://eprint.iacr.org/2025/2094.pdf) #cryptography #privacy #crypto #zero-knowledge ⏱️ 2026-04-25 02:45 UTC
## πŸ“„ Vega: Low-Latency Zero-Knowledge Proofs over Existing Credentials ✍️ Darya Kaviani, Srinath Setty πŸ›οΈ IACR ePrint Β· πŸ“… 2025-11-14 --- Vega is a zero-knowledge proof system for proving statements about existing digital credentials without exposing the rest of the credential contents. The paper matters because it pushes practical privacy-preserving identity proofs toward real-world latency, avoiding trusted setup while substantially reducing proving time, verification time, and proof size versus prior approaches. **πŸ”‘ Key Findings:** - Vega proves predicates over existing credentials without requiring full in-circuit parsing of the credential. - For a 1920-byte credential, it reports 92 ms proving time, 23 ms verification time, 108 kB proofs, and a 464 kB proving key. - For 896-byte credentials, performance improves to 62 ms proving, 17 ms verification, and 83 kB proofs. - Its design combines fold-and-reuse proving with lookup-centric arithmetization to cut repeated work across presentations, hashing steps, and zero-knowledge transcript generation. - The system avoids a trusted setup while supporting field extraction and length-hiding hashing over credential bytes. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/2094) πŸ“Ž [PDF](https://eprint.iacr.org/2025/2094.pdf) #cryptography #privacy #crypto #zero-knowledge ⏱️ 2026-04-25 02:45 UTC
## πŸ“„ Single-Trace Key Recovery Attacks on HQC Using Valid and Invalid Ciphertexts ✍️ Haiyue Dong, Qian Guo, Denis Nabokov πŸ›οΈ IACR ePrint Β· πŸ“… 2025-10-23 --- This paper shows single-trace side-channel attacks that recover the full long-term secret key of the HQC post-quantum cryptosystem on a protected Cortex-M4 implementation. It matters because it breaks through realistic countermeasures, including codeword masking, and raises fresh implementation-security concerns for a NIST-selected scheme. **πŸ”‘ Key Findings:** - Recovers HQC secret keys from a single side-channel trace using either valid or chosen invalid ciphertexts. - Frames passive key recovery as an MDPC decoding problem and introduces an active probing strategy that improves efficiency. - Presents a new ISD variant that incorporates soft side-channel information, with broader relevance for code-based cryptanalysis. - Experimental results on Cortex-M4 show full key recovery under realistic protected-implementation conditions. - Finds several previously proposed defenses ineffective, including codeword masking against these attack paths. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/1987) πŸ“Ž [PDF](https://eprint.iacr.org/2025/1987.pdf) #cryptography #cybersecurity #post-quantum #side-channel #code-based-crypto ⏱️ 2026-05-19 08:47 UTC
## πŸ“„ Introducing GRAFHEN: GRoup-bAsed Fully Homomorphic Encryption without Noise ✍️ Pierre Guillot, Auguste Hoang Duc, Michel Koskas, Florian MΓ©hats πŸ›οΈ IACR ePrint Β· πŸ“… 2025-10-13 --- This paper introduces GRAFHEN, a fully homomorphic encryption scheme that aims to eliminate the usual noise-growth problem and the need for bootstrapping. Instead of lattice-style ciphertext management, it builds on group encodings represented with rewriting systems, claiming both stronger hardness framing around subgroup membership and dramatically faster implementation performance. **πŸ”‘ Key Findings:** - Proposes a fully homomorphic encryption construction without ciphertext noise, so evaluation does not require bootstrapping. - Uses machine-represented groups via rewriting systems to encode the scheme's algebraic structure. - Grounds security in the hardness of subgroup membership problems within the chosen group representation. - Reports benchmark results suggesting performance several orders of magnitude faster than current FHE standards. - Surveys multiple attack paths against the protocol and discusses countermeasures for each. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/1907) πŸ“Ž [PDF](https://eprint.iacr.org/2025/1907.pdf) #cryptography #crypto #privacy ⏱️ 2026-04-28 20:45 UTC
## πŸ“„ Attack Behavior Observations and Profiling Through Varying Cyber Deception Mechanisms ✍️ Eric Savage, Nathaniel D. Bastian, Ruolin Zhou πŸ›οΈ DTIC Β· πŸ“… 2025-10-10 --- This paper compares multiple cyber deception mechanisms by looking at how each one shapes attacker behavior and what defenders can infer from the resulting interaction traces. It matters because deception is only useful if it produces actionable profiling signal, and this work appears aimed at measuring exactly which mechanisms reveal the most about attacker tradecraft. **πŸ”‘ Key Findings:** - Compares attacker observations across multiple deception mechanisms rather than treating deception as a single control. - Frames deception as an intelligence-gathering tool for profiling behavior, not just a way to delay or misdirect intruders. - Focuses on observable attacker interaction patterns that can help defenders distinguish tactics, persistence, and likely objectives. - Provides a basis for choosing deception designs based on analytic value, not just deployment novelty. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=Attack%20Behavior%20Observations%20and%20Profiling%20Through%20Varying%20Cyber%20Deception%20Mechanisms) #cybersecurity #defense #intelligence ⏱️ 2026-05-03 10:32 UTC
## πŸ“„ Correction Fault Attack on CROSS under Unknown Bit Flips ✍️ SΓΆnke Jendral, Elena Dubrova, Qian Guo, Thomas Johansson πŸ›οΈ IACR ePrint Β· πŸ“… 2025-10-09 --- This paper shows a practical fault attack against the post-quantum signature candidate CROSS, recovering the secret key even when injected bit flips are imprecise and their locations are unknown. That matters because it moves PQC fault attacks closer to realistic Rowhammer-like or noisy physical fault settings instead of idealized lab conditions. **πŸ”‘ Key Findings:** - Recovers CROSS secret keys by corrupting bits in the public parity-check matrix without needing exact control over fault position or value. - Adapts correction-based fault-analysis techniques to exploit structural properties unique to CROSS. - Demonstrates the attack on ARM Cortex-M4 hardware using voltage fault injection. - Shows partial key-exposure attacks can be extended to CROSS even with non-trivial erasure rates, reducing complexity. - Finds the attack can still work despite memory-integrity protections such as ECC, and proposes implementation countermeasures. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/1885) πŸ“Ž [PDF](https://eprint.iacr.org/2025/1885.pdf) #cryptography #crypto #hardware-security #cybersecurity #postquantum ⏱️ 2026-04-29 08:47 UTC
## πŸ“„ DAKE: Bandwidth-Efficient (U)AKE from Double-KEM ✍️ Hugo Beguinet, CΓ©line Chevalier, Guirec Lebrun, Thomas Legavre, Thomas Ricosset, et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2025-09-25 --- This paper proposes DAKE, a post-quantum authenticated key exchange framework that cuts communication overhead by building AKEs around double-KEM constructions instead of pairing separate encapsulations. It matters because bandwidth is a persistent pain point for PQ protocols, and the authors show concrete reductions while still proving strong forward secrecy and authentication guarantees in the standard model. **πŸ”‘ Key Findings:** - Defines DAKE variants for unilateral and mutual authentication, with versions supporting weak or full perfect forward secrecy and explicit authentication. - Bases security on strong eCK-style models, including eCKw and eCK-PFS, in the standard model. - Introduces a chosen-key Fujisaki-Okamoto transform in the QROM to turn IND-CPA double-PKEs into IND-CCA double-KEMs suitable for DAKE. - Presents Maul, a concrete double-KEM from ML-KEM under Hint-MLWE that reuses ciphertext components to shrink encapsulation size. - Reports encapsulation savings up to 42%, translating to about 16% lower communication for mutually authenticated AKE and 21% for unilateral AKE versus standard ML-KEM-based approaches. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/1755) πŸ“Ž [PDF](https://eprint.iacr.org/2025/1755.pdf) #cryptography #crypto #post-quantum-crypto #key-exchange ⏱️ 2026-05-22 14:45 UTC
## πŸ“„ On the Regularity of the Generalized Birthday Problem ✍️ Lili Tang, Yao Sun, Xiaorui Gong πŸ›οΈ IACR ePrint Β· πŸ“… 2025-07-24 --- This paper separates the regular and non-regular forms of the Generalized Birthday Problem and shows that the distinction materially changes both complexity bounds and cryptographic consequences. It gives new worst-case and average-case algorithms, breaks a non-constant-k XOR conjecture, and turns the theory into practical attacks on incremental hashing plus a revised Equihash-style PoW design. **πŸ”‘ Key Findings:** - Introduces an ISD-based framework for generalized birthday instances that beats the classic 2^(n/2) worst-case bound once k/n is above stated thresholds. - Heuristically argues that advanced ISD methods outperform the birthday bound for any constant k/n > 0 on density-one instances. - Shows the regular single-list variant has a sqrt(2)-factor gap in the exponent versus the non-regular case, with implications extending to k-SUM. - Uses regularity to build a stronger collision attack on ID-based incremental hash, improving Wagner-style complexity from O(2^sqrt(4n)) to O(sqrt(n) * 2^sqrt(2n)). - Applies the attack to iSHAKE256, reducing its claimed lower-bound security from 2^256 to 2^189, and proposes Requihash as a more ASIC-resistant replacement for Equihash. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/1351) πŸ“Ž [PDF](https://eprint.iacr.org/2025/1351.pdf) #cryptography #crypto #cybersecurity ⏱️ 2026-05-09 14:45 UTC
## πŸ“„ Tricycle: Private Transformer Inference with Tricyclic Encodings ✍️ Lawrence Lim, Vikas Kalagi, Julia Novick, Jiaming Liu, Divyakant Agrawal, et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2025-06-27 --- Tricycle is a homomorphic-encryption system for private transformer inference that targets full BERT-style models without exposing user inputs. Its main contribution is a new tricyclic encoding scheme that makes encrypted multi-head attention and matrix multiplication much cheaper, pushing private LLM inference noticeably closer to practical deployment. **πŸ”‘ Key Findings:** - Introduces tricyclic encodings, a packing scheme that supports batch matrix multiplication with optimal multiplicative depth and fits transformer multi-head attention naturally. - Combines several system-level optimizations, including Baby-Step Giant-Step variants, optimized block matrix multiplication, lazy relinearization, and free attention complexification, to cut key-switching overhead. - Adds a statistical max estimation method to stabilize softmax computations under CKKS-based homomorphic encryption. - On BERT-Base with 128 tokens, achieves 100.5 seconds latency on a single GPU. - Reports speedups of 6x over Thor and 3.4x over Powerformer on the evaluated workload. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/1200) πŸ“Ž [PDF](https://eprint.iacr.org/2025/1200.pdf) #crypto #cryptography #privacy #ai-security ⏱️ 2026-04-30 20:46 UTC
## πŸ“„ Lightweight Sorting in Approximate Homomorphic Encryption ✍️ Lorenzo Rovida, Alberto Leporati, Simone Basile πŸ›οΈ IACR ePrint Β· πŸ“… 2025-06-18 --- This paper improves practical encrypted sorting under CKKS by simplifying the approximations used in permutation-based sorting circuits and reducing both compute and memory costs. The result is a more deployable path for privacy-preserving services that need ranking or ordering over encrypted real-valued data. **πŸ”‘ Key Findings:** - Proposes simpler concrete approximations for the nonlinear functions used in CKKS-based sorting circuits. - Reports sorting 128 real-valued encrypted elements in about 22 seconds with 0.001 precision. - Reduces memory requirements to roughly 3 GB compared with prior approaches. - Introduces a swap-based bitonic network implementation that avoids approximating the sgn(x) function. - Presents a linear-scaling approach that is useful when ciphertext slot availability is limited. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/1150) πŸ“Ž [PDF](https://eprint.iacr.org/2025/1150.pdf) #cryptography #privacy #crypto #homomorphic-encryption #ckks ⏱️ 2026-05-27 14:46 UTC
## πŸ“„ OnionPIRv2: Efficient Single-Server PIR ✍️ Yue Chen, Ling Ren πŸ›οΈ IACR ePrint Β· πŸ“… 2025-06-17 --- OnionPIRv2 is an optimized implementation of single-server private information retrieval that combines recent somewhat homomorphic encryption advances with practical engineering refinements. The result is a notably more efficient PIR system, with low response overhead for small records and very high server-side throughput, making deployment scenarios more realistic. **πŸ”‘ Key Findings:** - Presents OnionPIRv2, an improved implementation of OnionPIR for single-server PIR. - Combines two lattice-based somewhat homomorphic encryption schemes to better control noise growth while preserving efficiency. - Adds standard orthogonal optimizations and implementation-level engineering improvements beyond the original design. - Reports 3.7x response overhead for 3 KB database entries in evaluation. - Achieves server computation throughput of up to 1372 MB/s, indicating strong practical performance. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/1142) πŸ“Ž [PDF](https://eprint.iacr.org/2025/1142.pdf) #privacy #cryptography #crypto ⏱️ 2026-05-12 08:45 UTC
## πŸ“„ Using the Schur Product to Solve the Code Equivalence Problem ✍️ Michele Battagliola, Rocco Mora, Paolo Santini πŸ›οΈ IACR ePrint Β· πŸ“… 2025-06-02 --- This paper shows that Schur-square transformations can turn hard-looking code permutation equivalence instances into ones with trivial hulls, making existing hull-based attacks far more effective. The result matters because it weakens a broad class of code-based assumptions and concretely breaks recommended parameters for a recent updatable encryption scheme. **πŸ”‘ Key Findings:** - Squaring a linear code preserves equivalence while making the resulting square code have trivial hull with high probability. - The authors show the same hidden permutation can often be recovered from the transformed instance, even when the original hull dimension was large. - Their attack complexity no longer depends directly on the starting hull dimension in the weak-instance regimes they identify. - They obtain average polynomial-time behavior when k < sqrt(2n) or h < sqrt(2n), under plausible heuristics backed by simulations. - Two Eurocrypt 2025 updatable encryption instances claiming 128-bit security were broken in about 10 minutes on a laptop. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/1017) πŸ“Ž [PDF](https://eprint.iacr.org/2025/1017.pdf) #cryptography #crypto #cybersecurity ⏱️ 2026-05-19 14:45 UTC
## πŸ“„ Robust Threshold ECDSA with Online-Friendly Design in Three Rounds ✍️ Guofeng Tang, Haiyang Xue πŸ›οΈ IACR ePrint Β· πŸ“… 2025-05-21 --- This paper introduces a three-round threshold ECDSA scheme that is both robust and online-friendly, closing a practical gap in prior work. It matters because it reduces online signing cost to elliptic-curve operations while preserving robustness against misbehaving signers, making deployment more realistic for latency-sensitive systems. **πŸ”‘ Key Findings:** - Claims the first threshold ECDSA protocol that combines robustness and online-friendly design in only three rounds. - Keeps the online phase limited to elliptic-curve group operations rather than heavier homomorphic-encryption work. - Benchmarks show the online phase is 2.5x faster than WMY+23 and hundreds of times faster than WMC24. - Targets settings where a threshold of semi-honest participants is available even if some signers misbehave. - Shows the same techniques can extend to a robust, online-friendly three-round threshold BBS+ scheme. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/910) πŸ“Ž [PDF](https://eprint.iacr.org/2025/910.pdf) #cryptography #crypto #threshold-signatures #ecdsa ⏱️ 2026-05-19 08:47 UTC
## πŸ“„ Post-Quantum UAV Communications Encryption Tester (P-QUAVCET)* ✍️ Julia Minton, Daniel Collins, Michael Creech, Joshua Grossman, Amber Manspeaker, et al. πŸ›οΈ DTIC Β· πŸ“… 2025-05-17 --- This paper presents a tester for post-quantum encryption on UAV communications, aimed at reducing interception and spoofing risk on drone links. It matters because it treats PQC as an operational communications problem for unmanned systems instead of a purely theoretical crypto exercise. **πŸ”‘ Key Findings:** - Focuses on securing UAV communications against interception and spoofing. - Evaluates post-quantum encryption in a UAV communications test setup. - Bridges applied drone security with migration toward quantum-resistant cryptography. - Suggests a practical validation path for fielding PQ-safe comms in unmanned platforms. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=Post-Quantum+UAV+Communications+Encryption+Tester) #defense #crypto #cryptography #cybersecurity #uav ⏱️ 2026-04-24 22:30 UTC
## πŸ“„ An RF Direction Finding Payload for UAVs with Deep Learning Direction Prediction Via Resnet ✍️ Andrew Willis, Braden Feshami, Srini Vasan, Jimmy Touma πŸ›οΈ DTIC Β· πŸ“… 2025-05-17 --- This paper describes a UAV-mounted RF direction-finding payload that uses an antenna array plus a ResNet-based predictor to estimate emitter direction. It matters because it pushes airborne signal geolocation toward lighter, more automated sensing for ISR, spectrum awareness, and contested-environment operations. **πŸ”‘ Key Findings:** - Builds a direction-finding payload for UAV platforms using multi-antenna RF sensing. - Uses deep learning, specifically a ResNet-based approach, to predict signal direction from received data. - Targets practical airborne RF localization, a useful capability for ISR and signals-intelligence style missions. - Frames the work as a compact payload design rather than only a simulation or theory study. --- πŸ”— [Read paper](https://dtic.dimensions.ai/discover/publication?search_text=An+RF+Direction+Finding+Payload+for+UAVs+with+Deep+Learning+Direction+Prediction+Via+Resnet) #defense #intelligence #cybersecurity #signals-intelligence #uav ⏱️ 2026-04-24 22:30 UTC
## πŸ“„ Encrypted Matrix-Vector Products from Secret Dual Codes ✍️ Fabrice Benhamouda, Caicai Chen, Shai Halevi, Yuval Ishai, Hugo Krawczyk et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2025-05-15 --- This paper introduces encrypted matrix-vector product protocols that let a server store an encrypted matrix and answer repeated encrypted queries while revealing nothing about either input. The construction is based on secret dual codes under LPN and LSN-style assumptions, and gets online cost close enough to plaintext computation to make secure ML and encrypted fuzzy search much more practical. **πŸ”‘ Key Findings:** - Defines an offline/online EMVP model where the client keeps only a short secret key while the server stores an encrypted matrix. - Builds field-agnostic EMVP protocols from secret dual linear codes, so computation stays over the target finite field rather than a scheme-specific ring. - Uses noise to harden the code-based encoding against algebraic attacks, drawing on recent secret-key PIR techniques. - Reports that for sufficiently large vector dimensions, the LSN-based construction can keep online computation and communication below twice the cost of cleartext matrix-vector multiplication. - Positions the primitive as a building block for secure post-processing tasks including encrypted fuzzy search and secure machine learning. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/858) πŸ“Ž [PDF](https://eprint.iacr.org/2025/858.pdf) #cryptography #privacy #crypto ⏱️ 2026-04-29 20:45 UTC
## πŸ“„ Attacking Single-Cycle Ciphers on Modern FPGAs featuring Explainable Deep Learning ✍️ Mustafa Khairallah, Trevor Yap πŸ›οΈ IACR ePrint Β· πŸ“… 2025-03-13 --- This paper revisits side-channel key recovery against unrolled single-cycle block ciphers on modern low-cost FPGA hardware, using Princev2 as the case study. The interesting result is that older classical attacks do not transfer cleanly to newer Artix-7 implementations, but deep learning still recovers keys, and explainability helps show where the leakage signal lives. **πŸ”‘ Key Findings:** - Detectable side-channel leakage is still present on a cheap modern Artix-7 FPGA and oscilloscope setup. - Classical chosen-plaintext CPA, stochastic attacks, and template attacks struggle because the leakage depends on more key bits than expected. - Deep learning based attacks do achieve key recovery, though they need a large number of traces. - Key Guessing Occlusion identifies time points the neural network relies on, improving classical template attack feature selection. - The work highlights how modern FPGA behavior can break old attack assumptions without eliminating exploitable leakage. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/478) πŸ“Ž [PDF](https://eprint.iacr.org/2025/478.pdf) #cryptography #hardware-security #cybersecurity #side-channel #fpga ⏱️ 2026-04-27 08:45 UTC
## πŸ“„ Sublinear Proofs over Polynomial Rings ✍️ Mi-Ying Miryam Huang, Xinyu Mao, Jiapeng Zhang πŸ›οΈ IACR ePrint Β· πŸ“… 2025-02-11 --- This paper introduces ring switching, a technique for translating polynomial-ring proof statements into finite-field or Galois-ring settings so they can use more efficient non-interactive proof machinery. The result is a sublinear-size argument system for Ring-R1CS that materially reduces verification cost for lattice-based cryptographic protocols, which has been a stubborn bottleneck in post-quantum proof systems. **πŸ”‘ Key Findings:** - Defines ring switching to bridge the mismatch between polynomial rings used in lattice cryptography and fields used in efficient NIZK/SNARK constructions. - Builds a non-interactive argument of knowledge for Ring-R1CS over Z_Q[X]/(X^N+1) for arbitrary prime-power moduli Q. - Achieves sublinear proof sizes while cutting verifier cost by removing expensive ring multiplications from verification. - Supports practical lattice parameter regimes, including NTT-friendly moduli and power-of-two moduli. - Provides a foundation later used to speed up lattice-based polynomial commitments and verifiable homomorphic encryption. --- πŸ”— [Read paper](https://eprint.iacr.org/2025/199) πŸ“Ž [PDF](https://eprint.iacr.org/2025/199.pdf) #cryptography #crypto #privacy ⏱️ 2026-05-21 08:45 UTC
## πŸ“„ On Efficient Computations of $y^2=x^3+b/\mathbb{F}_p$ for Primes $p\equiv 1 \mod 3$ ✍️ Guangwu Xu, Wei Yu, Ke Han, Pengfei Lu πŸ›οΈ IACR ePrint Β· πŸ“… 2024-11-23 --- This paper develops a new $\tau$-adic scalar multiplication method for prime-field curves of the form $y^2=x^3+b$ when $p \equiv 1 \pmod 3$, a family that includes secp256k1, BN254, and BLS12-381. The result is a concrete speedup over GLV-style multiplication, plus a regularized variant meant to preserve side-channel resistance. **πŸ”‘ Key Findings:** - Identifies the endomorphism $\tau = 1-\omega$ in $\mathbb{Z}[\omega]$ as a practical basis for $\tau$-adic scalar multiplication on these prime-field curves. - Gives a Jacobian-coordinate evaluation of $\tau P$ using only 6 field multiplications and a new point-tripling formula costing 10 multiplications instead of the prior best 15. - Uses a coefficient set invariant under the Eisenstein unit group to cut precomputation cost by about five-sixths. - Reports performance gains of 16.7%, 17.6%, and 18.0% over state-of-the-art GLV for 256-, 384-, and 512-bit group orders. - Presents a regular window $\tau$-NAF countermeasure variant that still beats regularized GLV by up to 20.9%. --- πŸ”— [Read paper](https://eprint.iacr.org/2024/1906) πŸ“Ž [PDF](https://eprint.iacr.org/2024/1906.pdf) #cryptography #crypto #cybersecurity ⏱️ 2026-05-10 14:45 UTC
## πŸ“„ Perfect 2-Party Computation from Somewhat Additive Homomorphic Encryption ✍️ Jonathan Trostle πŸ›οΈ IACR ePrint Β· πŸ“… 2024-02-18 --- This work proposes a 2-party computation design where the client's privacy is information-theoretic, even against a computationally unbounded server, by using a somewhat additive homomorphic construction with permutation tables. It is interesting because it shifts the privacy balance in 2PC, combining perfect client privacy with bounded-adversary security for the server and a path to constant ciphertext growth via subcircuit scaling. **πŸ”‘ Key Findings:** - The paper introduces secret-key somewhat additive homomorphic schemes that give the client perfect privacy against an unbounded server. - Multiplication is supported by having the client process multiplication gates and update the decryption key so prior ciphertext structure can absorb new outputs. - A permutation-table construction ensures every plaintext vector remains possible for a given ciphertext vector, which underpins perfect privacy. - The 2PC extension supports server inputs, while server privacy relies on computational assumptions including a variant of HSSP and DDH. - By partitioning computation into smaller subcircuits with separate parameters, ciphertext size can remain constant as overall circuit size grows. --- πŸ”— [Read paper](https://eprint.iacr.org/2024/273) πŸ“Ž [PDF](https://eprint.iacr.org/2024/273.pdf) #cryptography #crypto #privacy ⏱️ 2026-05-19 14:45 UTC
## πŸ“„ Et tu, Brute? SCA Assisted CCA using Valid Ciphertexts - A Case Study on HQC KEM ✍️ Thales Paiva, Prasanna Ravi, Dirmanto Jap, Shivam Bhasin, Sayan Das, et al. πŸ›οΈ IACR ePrint Β· πŸ“… 2023-10-19 --- This paper shows a side-channel assisted chosen-ciphertext attack against the HQC post-quantum KEM that uses only valid ciphertexts, defeating a practical detection-based defense strategy. It matters because it weakens the case for low-cost invalid-ciphertext detection as a standalone mitigation for side-channel CCA threats in PQC implementations. **πŸ”‘ Key Findings:** - The authors present the first side-channel chosen-ciphertext attack on HQC that relies only on valid ciphertexts. - The attack targets leakage in the Reed-Muller decoder, specifically the ExpandAndSum and FindPeaks operations. - Full key recovery succeeds with 100% success rate in their evaluation. - The method remains robust under noisy measurements and extends to bypass shuffling countermeasures on both targeted operations. - Detection and key-refresh defenses for malformed ciphertexts are therefore insufficient as standalone protection. --- πŸ”— [Read paper](https://eprint.iacr.org/2023/1626) πŸ“Ž [PDF](https://eprint.iacr.org/2023/1626.pdf) #cryptography #post-quantum #cybersecurity #hardware-security #side-channel ⏱️ 2026-04-27 08:45 UTC
## πŸ“„ MPC for Tech Giants (GMPC): Enabling Gulliver and the Lilliputians to Cooperate Amicably ✍️ Bar Alon, Moni Naor, Eran Omri, Uri Stemmer πŸ›οΈ IACR ePrint Β· πŸ“… 2022-07-11 --- This paper introduces the Gulliver MPC model, aimed at settings where a single powerful service provider wants to compute over many users' private data but cannot be fully trusted. The authors show that even under strict user-side communication and computation limits, secure multi-party computation is still possible against malicious users and a potentially blocking server. **πŸ”‘ Key Findings:** - Formalizes GMPC for star-topology systems with one dominant server and many weak users, each limited to polylogarithmic communication and state. - Adapts Feige's committee election protocol so agreement can still be reached even when the server can block messages between honest parties. - Shows that, assuming FHE, any efficient function with output size O(nΒ·polylog(n)) can be securely computed in the GMPC model. - Gives an FHE-free construction for functions computable by bounded fan-in, bounded fan-out circuits of polylogarithmic depth and O(nΒ·polylog(n)) size. - Proves that sorting can be securely computed without FHE, resolving an open question tied to the shuffle model of differential privacy. --- πŸ”— [Read paper](https://eprint.iacr.org/2022/902) πŸ“Ž [PDF](https://eprint.iacr.org/2022/902.pdf) #cryptography #privacy ⏱️ 2026-05-06 14:46 UTC