Four CySec Papers Presented at Crypto 2025
Crypto is a flagship hybrid conference of the International Association for Cryptologic Research (IACR). It convenes the global cryptography community for the presentation of rigorously peer-reviewed papers, keynote addresses, and tutorials, offering both on-site and virtual participation to foster broad engagement across theory and practice. CySec researchers contributed to four papers presented at Crypto 2025, highlighting advances with direct implications for privacy, authentication, and data security in real systems.
Georg Fuchsbauer, Marek Sefranek, Adam O’Neill, and Gavin Cho (both from the University of Massachusetts Amherst), in their work “Schnorr Signatures are Tightly Secure in the ROM under a Non-Interactive Assumption,” provide a tight security proof for Schnorr signatures, one of the most efficient and widely deployed digital signature schemes. A “tight” proof means that the theoretical security guarantee closely matches real-world parameters, minimizing the need for oversized keys or conservative settings. This result strengthens confidence in deployments ranging from cryptocurrencies and secure messaging to authentication tokens and embedded devices, helping standards bodies and engineers choose parameters that deliver both safety and performance.
Elena Andreeva and Amit Singh Bhati (COSIC, KU Leuven, Belgium, 3MI Labs), in “Breaking the IEEE Encryption Standard XCB-AES in Two Queries,” expose a fundamental flaw in XCB-AES, a tweakable enciphering mode standardized by IEEE 1619.2 for encrypting sector-based storage such as disks and file systems. They describe a highly efficient plaintext-recovery attack that succeeds with just one encryption and one decryption query, tracing the root cause to a separability property in the underlying polynomial hashing approach. Because XCB-style modes appear in storage and data-at-rest protection, the findings carry immediate practical significance: vendors and operators should reassess systems relying on XCB-AES or related designs, plan mitigations or migration paths, and update guidance to ensure that encrypted data on drives and appliances remains secure.
In “A Fully-Adaptive Threshold Partially-Oblivious PRF,” Paul Gerhart, Dominique Schröder, Ruben Baecker (FAU Erlangen-Nürnberg), and Daniel Rausch (University of Stuttgart) present the first threshold, partially oblivious pseudorandom function with fully adaptive and universally composable security, along with proactive key refresh. OPRFs are building blocks for privacy-preserving technologies such as private set intersection, oblivious keyword search, and modern password-based login protocols. By enabling multiple servers to jointly compute an OPRF without any one party learning sensitive inputs—and by supporting regular key rotation—the construction makes large-scale services more resilient to compromise while protecting user privacy. This advances practical deployments in areas like contact discovery, privacy-respecting analytics, and hardened credential systems used by consumer platforms and cloud providers.
In “Universally Composable SNARKs with Transparent Setup without Programmable Random Oracle,” Luigi Russo and co-authors introduce a new method for constructing succinct non-interactive proofs — commonly known as SNARKs — that require only a public hash function as setup, rather than a special “trusted” ceremony. This is significant because many emerging applications — from blockchain scalability and verifiable cloud computing to privacy-preserving digital identity — depend on small proofs that compose safely with other protocols. By demonstrating that universal composability can be achieved with a simple, non-programmable random-oracle setup and by delivering logarithmic-size proofs, the authors reduce trust assumptions, simplify deployments, and pave the way for more robust and widely usable proof systems in practice.