###### tags: `Reading sessions` [toc] # 2021 <https://asiacrypt.iacr.org/2021/program.php> ## [Cryptographic Analysis of the Bluetooth Secure Connection Protocol Suite](https://eprint.iacr.org/2021/1597.pdf) * Marc Fischlin, Olga Sanina * Diffie-Hellman items do not need to be fresh; devices can use up to 8 connections * A good summary of previous attacks * e.g., Breaking Passkey Entry through MITM (Zhang et al, USENIX Security 2020): the attack itself is standard, not suprising thought * In bluetooth, privacy is mostly defined as linkability of physical characteristics * The reuse of Diffie-Hellman allows linking the device (Sun et al., Sensor 2019) * Results * The Secure Connection protocol suite is secure in TOFU (trust on first use) model ###### tags: `` `` # 2023 <https://asiacrypt.iacr.org/2023/program.php> ## [Sigma Protocols from Verifiable Secret Sharing and Their Applications](https://eprint.iacr.org/2023/1388) * By Min Zhang, Yu Chen, Chuanzhou Yao, and Zhichao Wang * Background: * Sigma protocols are one of the most common and efficient zero-knowledge proofs (ZKPs). They are mainly used to prove algebraic statements, such as proving the knowledge of discrete logarithm or modular root. Over the decades, a large number of Sigma protocols are proposed, yet few works pay attention to the common design principal. * Contributions: * This paper proposed a generic framework of Sigma protocols for algebraic statements from verifiable secret sharing (VSS) schemes. This framework provides a general and unified approach to understanding Sigma protocols. It not only neatly explains the classic protocols such as Schnorr, Guillou–Quisquater and Okamoto protocols, but also leads to new Sigma protocols that were not previously known. * This paper applied their framework to design ZKPs for composite statements, by combining Sigma protocols from VSS and ZKPs following MPC-in-the-head paradigm. Via a technique of witness sharing reusing, their construction first achieved the advantage that no “glue” proof is needed. * This paper gave a concrete ZKP protocol for composite statements by instantiating their construction with Ligero++ and designing an associated Sigma protocol from VSS. * Limitations: * Their ZKP protocol for composite statements is tailored to general-purpose ZKPs following MPC-in-the-head paradigm. ###### tags: `sigma protocols` `CP-SNARKs` `Composite Statement` ## [Protostar: Generic Efficient Accumulation/Folding for Special-sound Protocols](https://eprint.iacr.org/2023/620) * By Benedikt Bünz and Binyi Chen * Incrementally Verifiable Computation is a powerful primitive that enables a possibly infinite computation to be run, such that the correctness of the state of the computation can be verified at any point. * Historically, IVC was built from recursive SNARKs, proving that the previous computation step had a valid SNARK that proves correctness up to that point. Recently, IVCs was constructed from accumulation/folding schemes that don't require trusted setup, pairings, or FFTs. But they have limited flexibility due to R1CS and are not non-uniform (SuperNova is non-uniform but only supports R1CS). * Protostar is new non-uniform IVC scheme that supports high-degree gates and lookup gates efficiently. It is constructed in a modular way: * Firstly, design special-sound interactive argument for an NP-complete relation with an algebraic verifier. * Secondly, compress the prover message by committing to them in a homomorphic commitment scheme. * Thirdly, apply the Fiat-Shamir transform to achieve non-interactivity, and yield a secure NARK. * Fourthly, build a simple and efficient accumulation scheme for the NARK. * Lastly, apply the compiler from [BCLMS21] to yield a secure IVC scheme. ###### tags: `IVCs` `accumulation/folding schemes`