Skip to content

Commit

Permalink
Update publications
Browse files Browse the repository at this point in the history
  • Loading branch information
@vgonc
vgonc committed Aug 21, 2024
1 parent 8d5b27a commit aab398f
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 31 deletions.
19 changes: 19 additions & 0 deletions publications/Barbosa2024.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
---
title: "X-Wing: The Hybrid KEM You've Been Looking For"
year: 2024
location: "IACR Communications in Cryptology (Volume: 1, Issue: 1, March 2024)."
authors:
- Manuel Barbosa
- Deirdre Connolly
- João Diogo Duarte
- Aaron Kaiser
- Peter Schwabe
- Karolin Varner
- bas-westerbaan
doi: 10.62056/a3qj89n4e
related_interests:
- cryptography
- protocols
---

X-Wing is a hybrid key-encapsulation mechanism based on X25519 and ML-KEM-768. It is designed to be the sensible choice for most applications. The concrete choice of X25519 and ML-KEM-768 allows X-Wing to achieve improved efficiency compared to using a generic KEM combiner. In this paper, we introduce the X-Wing hybrid KEM construction and provide a proof of security. We show (1) that X-Wing is a classically IND-CCA secure KEM if the strong Diffie-Hellman assumption holds in the X25519 nominal group, and (2) that X-Wing is a post-quantum IND-CCA secure KEM if ML-KEM-768 is itself an IND-CCA secure KEM and SHA3-256 is secure when used as a pseudorandom function. The first result is proved in the ROM, whereas the second one holds in the standard model. Loosely speaking, this means X-Wing is secure if either X25519 or ML-KEM-768 is secure. We stress that these security guarantees and optimizations are only possible due to the concrete choices that were made, and it may not apply in the general case.
3 changes: 3 additions & 0 deletions publications/Siby2023.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,10 @@ authors:
- marwan-fayed
- nick-sullivan
- Carmela Troncoso
doi: 10.56553/popets-2023-0099
related_interests:
- cryptography
- security
---

Website fingerprinting (WF) is a well-known threat to users’ web privacy. New Internet standards, such as QUIC, include padding to support defenses against WF. Previous work on QUIC WF only analyzes the effectiveness of defenses when users are behind a VPN. Yet, this is not how most users browse the Internet. In this paper, we provide a comprehensive evaluation of QUIC-padding-based defenses against WFwhenusersdirectlybrowsetheweb,i.e.,without VPNs, HTTPS proxies, or other tunneling protocols. We confirm previous claims that network-layer padding cannot provide effective protection against powerful adversaries capable of observing all traffic traces. We show that the claims hold even against adversaries with constraints on traffic visibility and processing power. We then show that the current approach to web development, in which the use of third-party resources is the norm, impedes the effective use of padding-based defenses as it requires first and third parties to coordinate in order to thwart traffic analysis. We show that even when coordination is possible, in most cases, protection comes at a high cost.
31 changes: 0 additions & 31 deletions publications/Westerbaan2024.md
View file

This file was deleted.

0 comments on commit aab398f

Please sign in to comment.