9 cispa papers at crypto 2025

In this work, the researchers introduce a new cryptographic concept called "pseudorandom obfuscation" (PRO). The aim of obfuscation is to make a computer program difficult to understand while keeping its functionality intact—an idea with many applications in security and privacy. Traditional approaches, like "indistinguishability obfuscation" (iO), are powerful but remain difficult to construct securely, especially against future quantum computers.

PRO focuses on obfuscating only a specific type of program: those that behave like pseudorandom functions (PRFs). These are functions that, to an observer, look like randomly behaving functions even though they follow a hidden logic. The authors develop several variants of PRO, ranging from weaker to stronger definitions, and explore their practical consequences.

One of the main findings is that even the weakest form of PRO, called iPRO, can already be used to build several advanced cryptographic tools. These include fully homomorphic encryption (a method for computing on encrypted data), succinct randomized encodings (compact ways to securely encode computations), and certain forms of witness encryption (which hides information unless a secret is known). In particular, the researchers show how iPRO can serve as a stepping stone toward constructing iO, offering a potential new path in this long-standing line of work.

For the stronger variants of PRO, the researchers present a candidate construction based on assumptions from lattice-based cryptography, which is considered secure against quantum attacks. However, they also show that in some settings these stronger versions of PRO cannot exist universally—highlighting the conceptual limits of this approach.

From a societal perspective, this research contributes to the broader effort to design secure cryptographic tools that are practical and possibly quantum-resistant. While PRO is a more limited form of obfuscation, it offers a simpler and more accessible route to certain applications, helping to broaden our toolkit for protecting data and computation in a digital world.

The researchers present a new, simple counterexample that challenges all known forms of the private-coin evasive Learning With Errors (LWE) assumption, a foundational idea used in building advanced cryptographic tools. This assumption has been used to justify the security of constructions such as witness encryption and succinct proofs, which are important for protecting data and verifying computations in modern cryptography.

The evasive LWE assumption builds on the well-established LWE problem, which is thought to be hard even for quantum computers. However, evasive LWE introduces an extra layer of complexity: it assumes that when certain mathematical patterns (called pre-conditions) are indistinguishable, then related patterns (post-conditions) are also indistinguishable. This assumption underpins a range of cryptographic techniques, particularly when the internal randomness used to generate data is kept hidden—the so-called private-coin setting.

The researchers construct a new and general counterexample that avoids relying on complex cryptographic mechanisms like obfuscation. Their approach exposes a weakness in the logic behind evasive LWE: they demonstrate that even when the pre-condition seems secure (i.e., indistinguishable from random), the post-condition can still be broken. This undermines the central intuition—known as the “pseudo-drowning heuristic”—which suggests that added noise would mask underlying structures. Their counterexample works using only simple mathematical techniques and applies broadly across all private-coin evasive LWE variants that were previously thought secure under natural assumptions.

While their results do not break existing cryptographic constructions built on evasive LWE, they call into question the soundness of its underlying assumptions. For society, this work contributes to a more careful and realistic understanding of cryptographic foundations. It emphasizes the need for cautious design of security assumptions and helps guide future research toward safer and more reliable cryptographic systems.

The researchers present a new cryptographic method called T-Spoon, which improves multi-signature schemes—a technique allowing multiple parties to jointly sign the same message. These schemes are important in systems where collective agreement and security are required, such as in cryptocurrencies or secure communication protocols.

Until now, researchers faced a key challenge: existing two-round multi-signature schemes either supported strong security (known as tight security) or allowed for key aggregation—a method of combining multiple public keys into one, which makes verification more efficient. But achieving both properties at the same time had not been possible in pairing-free cryptographic systems, which are commonly used due to their simplicity and efficiency.

T-Spoon solves this problem. It is the first method to offer both tight security and key aggregation in a two-round protocol using pairing-free cryptography. Importantly, it achieves this without significantly increasing the size of the digital signatures or the complexity of the system. The researchers introduce a novel technical approach they call signer partitioning, which enables the scheme to work securely even when signers use different parameters.

T-Spoon is built on well-understood cryptographic assumptions, specifically the Decisional Diffie-Hellman (DDH) assumption, and avoids relying on less practical idealized models. Compared to previous approaches, it offers better efficiency, more practical security guarantees, and a cleaner integration into real-world systems.

From a societal perspective, T-Spoon contributes to making digital systems more secure and efficient. It supports better scalability and verification in multi-party settings, which is increasingly relevant as digital cooperation becomes more widespread. While its technical nature means it may be invisible to end users, it strengthens the foundational tools that underpin trust in digital communication, voting systems, and decentralized finance.

In this work, the researchers address a long-standing challenge in the field of distributed systems: how to efficiently and securely allow multiple parties to broadcast messages to each other in parallel, even when some participants may behave dishonestly. This task, known as Parallel Byzantine Broadcast, is central to many applications, including secure multi-party computation and fault-tolerant databases.

Previous approaches have either required a trusted authority for setup or relied on complex cryptographic tools. The authors propose a new protocol that avoids both. Their solution operates in the so-called *plain public key model*, meaning it only requires basic cryptographic tools such as digital signatures and public key encryption—no special setup or advanced cryptography is needed.

Technically, the protocol can tolerate up to nearly half of all parties behaving maliciously and still guarantee that all honest parties receive the same correct information. It does so with communication costs that are close to the theoretical minimum. The researchers achieve this by introducing an efficient gossip mechanism for spreading cryptographically signed information through the network, and a novel way of combining multiple messages into a consistent view shared by all participants.

The result is a system that balances strong security guarantees with practical efficiency. It performs well even in networks with thousands of participants, and it is scalable without relying on computationally expensive techniques.

From a societal perspective, this research enhances the reliability of distributed systems that underpin much of our digital infrastructure—from financial networks to collaborative computing platforms. By reducing the reliance on trusted parties and expensive cryptography, the proposed solution helps pave the way for more robust and accessible secure communication protocols in diverse settings.

The researchers investigate the problem of "leader election" in distributed systems—specifically, how a group of participants, some of whom may act dishonestly, can reliably choose a single leader without overwhelming communication costs. This task is a core building block for many technologies, including blockchains and secure coordination systems.

Previous work proposed an efficient solution for this problem nearly 20 years ago. That protocol, however, had subtle flaws. In particular, it relied on a method to limit each participant’s communication—called “silencing”—which could conflict with other parts of the protocol, potentially leading to breakdowns or unfair outcomes. Moreover, the protocol did not fully account for how dishonest participants could mislead honest ones by simulating “shadow elections.”

In this paper, the authors identify and explain these issues in detail. They then propose a new, corrected protocol that solves the problem of leader election under the same basic conditions, while keeping communication costs low. Their revised method uses improved mathematical structures (expanders and samplers) to organize participants efficiently. It also introduces a mechanism to confirm election results more reliably, even in the presence of dishonest behavior.

The new protocol ensures that each participant needs to send only a relatively small number of messages—growing very slowly with the number of participants—and that the process reliably selects an honest leader in most cases. The solution avoids the need for cryptography or trusted setup, and it works in a basic communication model where everyone has access to the same information.

From a societal standpoint, this research strengthens the foundation for scalable, secure digital systems that do not depend on central authorities. This can benefit applications ranging from secure collaboration tools to decentralized financial networks. While deeply technical, the work contributes to making future digital infrastructure more robust, fair, and efficient.

The researchers present a new method for constructing a statistical non-interactive zero-knowledge (NIZK) argument of knowledge that achieves a "rate-1" proof size. In simpler terms, they have developed a cryptographic proof system where the size of the proof is nearly equal to the size of the secret it proves, without revealing that secret. Their work addresses a longstanding open question in cryptography about whether such proofs can maintain strong privacy guarantees—specifically statistical zero-knowledge—while remaining compact.

In traditional NIZKs, a prover sends a single message to a verifier to demonstrate the truth of a statement without revealing additional information. The novelty here lies in achieving statistical zero-knowledge, meaning that no matter how powerful the verifier is—even in the far future—it cannot extract more information than allowed. At the same time, the system remains an "argument of knowledge," ensuring that any valid proof must correspond to an actual secret.

To overcome known limitations in proof size and efficiency, the researchers introduced a combination of specialized cryptographic tools, including a new kind of commitment scheme and optimized proof structures. Their design builds upon several cryptographic assumptions (like the hardness of the Learning With Errors problem) and uses techniques that preserve both efficiency and strong security.

Importantly, this system provides what is sometimes called “everlasting privacy”: even if future advances in computing break the assumptions behind the system’s soundness, the privacy of the secrets used in earlier proofs remains protected.

From a societal perspective, this research advances the field of privacy-preserving digital systems. While the work is highly theoretical, it lays the groundwork for more secure and efficient protocols in applications such as digital identity verification, blockchain privacy, and secure cloud computation. Its conservative use of assumptions and rigorous construction make it a reliable building block for future cryptographic systems.

This research presents the first adaptively secure hierarchical identity-based encryption (HIBE) system that does not rely on complex mathematical tools like bilinear pairings or heuristic assumptions (such as random oracles). Previous HIBE systems could only guarantee a weaker form of security known as selective security, which assumes an attacker chooses their target before the system is set up—an unrealistic condition in practice.

The researchers build upon the work of Döttling and Garg, who had developed a method to achieve full security for simpler identity-based encryption (IBE) systems. However, their techniques couldn't be extended to hierarchical systems, which are crucial for representing real-world organizational structures. By carefully analyzing and redesigning how hierarchical keys and ciphertexts are generated and manipulated, this work overcomes longstanding technical barriers.

One major challenge addressed was the difficulty of simulating an encryption system that remains secure even when attackers can adaptively choose their targets and gain partial access to the system. The researchers introduce a new proof approach that combines a nested-hybrid argument with a pebbling-style strategy, leveraging recent advances in cryptographic primitives known as adaptively secure delegatable pseudorandom functions to solve the problem. Their solution ensures that the encryption system remains robust even under strong and flexible attack models.

They also extend their method to anonymous HIBE, which hides not just the message but also the recipient’s identity. This is achieved under standard cryptographic assumptions like the hardness of problems from number theory or lattice-based cryptography.

From a societal perspective, this research strengthens the foundation for secure communication systems that can be deployed in hierarchical structures like governments, corporations, or distributed networks. By removing the need for ad-hoc assumptions, it paves the way for cryptographic systems that are both practical and provably secure under well-understood conditions.

This research introduces Gargos, a new threshold signature scheme that improves the practicality and security of collaborative digital signatures. In threshold signature systems, a group of participants collectively signs a message so that at least a specified number (the threshold) must agree to produce a valid signature. Such systems are especially relevant for applications like blockchain consensus or distributed key management.

A key goal in this area is adaptive security—the ability to remain secure even if an attacker chooses which participants to corrupt over time, based on observed data. Most existing threshold signature schemes either lack adaptive security or depend on impractical assumptions, require participants to securely erase data, or need many rounds of communication, making them inefficient.

Gargos addresses these problems by offering the first three-round threshold Schnorr signature scheme that is provably secure against adaptive attacks, does not require secure erasures, and relies only on standard cryptographic assumptions. It is compatible with the widely used Schnorr and EdDSA signature schemes. The researchers achieved this by refining recent approaches and introducing new proof techniques that reduce the number of required communication rounds while still ensuring robustness against strong adversaries.

From a broader perspective, this work strengthens the cryptographic foundations of secure, decentralized systems. It contributes to building more efficient and trustworthy digital infrastructure, which is crucial in environments where collaboration, fault tolerance, and resilience against compromise are essential—such as in financial systems, elections, and emerging decentralized technologies. By reducing communication overhead without compromising security, Gargos makes advanced cryptographic protocols more usable in practice.

This research explores how to make cryptographic proofs even more compact, focusing on a type called designated-verifier SNARGs. These are proofs that allow someone (the prover) to convince a specific party (the verifier) that a statement is true, without revealing why it’s true, and without needing any back-and-forth communication. Such proofs are useful in privacy-preserving systems, such as private access to databases or anonymous credentials.

Previous systems either needed multiple elements from a mathematical structure called a group or relied on relaxed security assumptions. The researchers set out to find the minimal size such a proof could be, while still ensuring strong, reliable security guarantees—namely, that cheating would be nearly impossible even for powerful attackers.

The key result is a new construction that allows such proofs to be made using just one group element and a small number of additional bits, while still achieving high security levels. In concrete terms, they cut proof sizes nearly in half compared to the best previous systems. Their methods are based on rethinking how encryption can be “compressed” after it’s used to compute on hidden data. By analyzing and limiting how malicious users could try to exploit this compression, the researchers managed to keep the proofs short without compromising security.

They also propose a slightly longer version of the system that uses a random hash to further reduce the attack surface. In both cases, the size of the proof grows only modestly as the required level of security increases.

For society, this research contributes to making cryptographic systems more efficient and practical, especially in settings where bandwidth, storage, or verification time are limited. These advances could eventually benefit privacy technologies, secure messaging, and blockchain systems by reducing overhead while maintaining strong security assurances.