CySec members contribute to SCN 2024

Marek Sefranek presented the latest findings from the COnFIDE project. His talk “How (Not) to Simulate PLONK” focused on PLONK, a zk-SNARK system designed by Gabizon, Williamson, and Ciobotaru. While PLONK had been deployed in various applications, its zero-knowledge property was only informally argued. Marek identified and fixed a vulnerability in the original specification, which led to an update in PLONK’s eprint version. He also provided a proof that the updated version achieves statistical zero-knowledge and demonstrated a flaw in the previous version.
Slides of the talk

Prof. Elena Andreeva co-authored the paper “OAE-RUP: A Strong Online AEAD Security Notion and Its Application to SAEF”, introducing a new security concept for online Authenticated Encryption with Associated Data (AEAD) schemes, particularly addressing the Release of Unverified Plaintexts (RUP), a significant concern for lightweight devices. The research demonstrates that SAEF, optimized for short message encryption, meets OAE-RUP security standards without modifications. SAEF effectively resists nonce misuse and plaintext leakage, offering enhanced security in encryption and decryption. Using the coefficient H technique, the team proved that SAEF achieves OAE-RUP security up to the birthday bound, making it highly resistant to attacks. This work offers a significant contribution to strengthening the security of online AE schemes, particularly in real-world applications where systems have limited memory and processing power. It ensures that even in cases of plaintext leakage before verification, both integrity and confidentiality remain protected, addressing a critical gap in existing AEAD schemes.