CySec members contribute to SCN 2024

The 14th International Conference on Security and Cryptography for Networks (SCN 2024), held in Amalfi, Italy, from September 11-13, brought together researchers, practitioners, and developers in cryptography and information security. The conference fostered collaboration and exchange of techniques, tools, and ideas, driving innovation and strengthening connections in these vital fields. Among the original, high-quality research presented, two papers from TUW researchers, Marek Sefranek and Elena Andreeva, stood out for their theoretical and practical contributions.

2024-09-13

Marek Sefranek presented the latest findings from the COnFIDE project. His talk “How (Not) to Simulate PLONK” focused on PLONK, a zk-SNARK system designed by Gabizon, Williamson, and Ciobotaru. While PLONK had been deployed in various applications, its zero-knowledge property was only informally argued. Marek identified and fixed a vulnerability in the original specification, which led to an update in PLONK’s eprint version. He also provided a proof that the updated version achieves statistical zero-knowledge and demonstrated a flaw in the previous version.
Slides of the talk

Prof. Elena Andreeva co-authored the paper “OAE-RUP: A Strong Online AEAD Security Notion and Its Application to SAEF”, introducing a new security concept for online Authenticated Encryption with Associated Data (AEAD) schemes, particularly addressing the Release of Unverified Plaintexts (RUP), a significant concern for lightweight devices. The research demonstrates that SAEF, optimized for short message encryption, meets OAE-RUP security standards without modifications. SAEF effectively resists nonce misuse and plaintext leakage, offering enhanced security in encryption and decryption. Using the coefficient H technique, the team proved that SAEF achieves OAE-RUP security up to the birthday bound, making it highly resistant to attacks. This work offers a significant contribution to strengthening the security of online AE schemes, particularly in real-world applications where systems have limited memory and processing power. It ensures that even in cases of plaintext leakage before verification, both integrity and confidentiality remain protected, addressing a critical gap in existing AEAD schemes.