======== Agenda ======== 10:45-11:30 Suprita Talnikar 11:45-12:30 Divya Ravi 14:00-14:45 Sven Schäge 15:00-15:45 Silvia Ritsch ==================================== Details ==================================== 10:45 Suprita Talnikar Access Structure Hiding Verifiable Tensor Designs The field of verifiable secret sharing schemes was introduced by Verheul et al. and has evolved over time, including well-known examples by Feldman and Pedersen. Stinson made advancements in combinatorial design-based secret sharing schemes in 2004. Desmedt et al. introduced the concept of frameproofness in 2021, while recent research by Sehrawat et al. in 2021 focuses on LWE-based access structure hiding verifiable secret sharing with malicious-majority settings. Furthermore, Roy et al. combined the concepts of reparable threshold schemes by Stinson et al. and frameproofness by Desmedt et al. in 2023, to develop extendable tensor designs built from balanced incomplete block designs, and also presented a frameproof version of their design. This talk explores ramp-type verifiable secret sharing schemes, and the application of hidden access structures in such cryptographic protocols. Inspired by Sehrawat et al.'s access structure hiding scheme, we develop an $\ epsilon$-almost access structure hiding scheme, which is verifiable as well as frameproof. We detail how the concept $\epsilon$-almost hiding is important for incorporating ramp schemes, thus making a fundamental generalisation of this concept. 11:30 - coffee break 11:45 Divya Ravi On Broadcast and Identifiability in MPC TBD 12:30 lunch (not included) 14:00 Sven Schäge New Limits of Provable Security and Applications to ElGamal Encryption CCA1-secure – a long-standing open problem in cryptography. Our result follows from a very broad, meta-reduction-based impossibility result on random self-reducible relations with efficiently re-randomizable witnesses. The techniques that we develop allow, for the first time, to provide impossibility results for very weak security notions where the challenger outputs fresh challenge statements at the end of the security game. This can be used to finally tackle encryption-type definitions that have remained elusive in the past. We show that our results have broad applicability by casting several known cryptographic setups as instances of random self-reducible and re-randomizable relations. These setups include general semi-homomorphic PKE and the large class of certified homomorphic one-way bijections. As a result, we also obtain new impossibility results for the IND-CCA1 security of the PKEs of Paillier and Damgard–Jurik, and many one-more inversion assumptions like the one-more DLOG or the one-more RSA assumption. 14:45 coffee break 15:00 Silvia Ritsch Towards post-quantum secure PAKE ABSTRACT: Password-based authenticated key exchange (PAKE) protocols allow two parties to establish a secure session key using a shared password. Unlike traditional methods, PAKE does not require a public-key infrastructure (PKI) and is designed to be secure even if the password is weak. We revisit OCAKE (ACNS 23), a method for constructing PAKE generically using key encapsulation mechanisms (KEMs), including post-quantum KEMs like KYBER. The original paper left open the challenge of proving security against quantum attackers. To address this, we provide a game-based security proof in the BPR model (EUROCRYPT 2000), which is a crucial step towards a comprehensive post-quantum security proof. Finally, we explore current PQC KEMs that can be integrated into our protocol, supported by a proof-of-concept implementation and runtime benchmarks.