Homomorphic Field Trace Revisited : Breaking the Cubic Noise Barrier

We present a novel homomorphic trace evaluation algorithm RevHomTrace, which mitigates the phase amplification problem that comes with the definition of the field trace. Our RevHomTrace overcomes the phase amplification with only a negligible computational overhead, thereby improving the usability of the homomorphic field trace algorithm. Moreover, our tweak also improves the noise propagation of the HomTrace and breaks the traditional O (N3) variance bound in previous works into O (N log N). Our experimental results obtained by integrating RevHomTrace into state-of-theart homomorphic encryption algorithms further demonstrate the usefulness of our algorithm. Specifically, RevHomTrace improves the noise accumulation of the (high precision) circuit bootstrapping, which also achieves maximal 1.30× speedup by replacing the costly high precision trace evaluation. Also, based on our idea of RevHomTrace, we present a low latency, high precision LWE-to-GLWE packing algorithm MS-PackLWEs. We also show that our MS-PackLWEs significantly reduces the packing error without severe degradation of performance

Précis of The Brain Abstracted

The Brain Abstracted tackles the question of how we should interpret neuroscience for the purposes of doing philosophy of mind. Neurophilosophy rests on the premise that the findings presented in the theories and models of neuroscience are directly relevant to longstanding philosophical topics such as the nature of perception and agency. Insufficient attention has been paid to the challenge of brain complexity and how it fundamentally shapes neuroscientific practice. Given that all models and theories in neuroscience are highly simplified, relying on numerous abstractions and idealisations, as well as experimental controls which reduce the complexity of datasets elicited, it is reasonable to worry that such results may not be informative about the inherent natures of the neural processes associated with the cognitive kinds of interest to neurophilosophers

Breaking and Fixing MacaKey

The sponge construction underpins many modern symmetric primitives, enabling efficient hashing and authenticated encryption. While full-state absorption is known to be secure in keyed sponges, the security of full-state squeezing has remained unclear. Recently, Lefevre and Marhuenda-Beltrán introduced MacaKey, which applies ideas from the summation-truncation hybrid technique of constructing PRFs to the full-state sponge. The authors claimed that MacaKey is provably secure up to the birthday bound in capacity, even when the adversary is allowed to request variable-length outputs. In this work, we revisit this claim and show that MacaKey is insecure as a PRF. We demonstrate a simple four-query distinguishing attack that violates its claimed bound, exploiting the exposure of the full internal state and the resulting loss of secrecy in the capacity portion during squeezing. We then propose a simple modification that restores security with negligible overhead. The modified construction, KeyMacaKey, re-randomizes the internal state after absorption by incorporating a keyed finalization step without requiring an extra permutation call. Further, we show that KeyMacaKey achieves the stronger security of birthday-bound in the full state size than what was claimed for MacaKey

Do all brains have neurons? Metaphysics and neutrality in The Brain Abstracted

Mazviita Chirimuuta’s The Brain Abstracted (2024) is a fascinating intervention into the philosophy of mind and neuroscience, containing deeply interesting ideas and arguments. Our aim is to critically probe whether Haptic Realism is neutral on some substantive issues which Chirimuuta would like it to be neutral on. Firstly, it is unclear whether Haptic Realism is compatible with Chirimuuta’s metaphysical neutrality. Causal notions feature heavily in Haptic Realism, including construction and interaction, without which it is unclear what the haptic component of Haptic Realism amounts to. We argue that the interpretation of these causal notions forces a choice that jeopardises metaphysical neutrality, since it is doubtful that there are any relevantly neutral theories of causation. Secondly, we ask the question ‘Do all brains have neurons?’ Haptic Realism trades on the idea of ideal patterns, patterns that are coaxed into existence by the interaction between practitioners and the world. If ideal patterns only exist within the confines of the lab, and neurons are idealizations, then brains out in the wild do not have neurons. Worryingly, this commitment of Haptic Realism undermines our ability to project neurological knowledge that we gain from studying particular brains to what is happening inside the everyday human beings.

Compact and Low Latency First-Order AES Implementations with Low Randomness

Recent years have witnessed significant progress in first-order hardware masking of AES. However, most of the work focus on the optimizations over solely one of the metrics: chip area, latency or randomness. The optimizations for one metric often leads to increasing overheads of the other metrics. Consequently, few work focus on optimizations over all three metrics of first-order AES at the same time. To bridge this gap, we introduce two compact round-based first-order AES-128 encryption implementations with the latency of 31 cycles and 40 cycles, respectively. They are provably secure in the glitch-extended probing model with relatively low consumption of randomness. To achieve this, we first introduce a method to design first-order lowlatency d+1 TI (Threshold Implementations) for multi-output Boolean functions with a latency of only one clock cycle. Moreover, the random bits used in the low-latency TI cancels out in the expressions of output shares, which enables the applications of a COTG-based concept to significantly reduce the randomness consumption. Finally, we apply our method to design first-order implementations for AES-128 with two shares, which allows the designs to be compact. As a result, our implementations achieve a excellent trade-off over latency, area, and randomness. Compared to the 10-cycle and 20-cycle AES-128 implementations provided respectively in TCHES 2020 and TCHES 2025, the area and randomness demands of our implementations are significantly less. We also use formal verification tools, PROLEAD, and TLVA to validate the security of our designs for S-Box and round-based AES-128 implementations, respectively

WeMu: Effective and Scalable Emulation of Microarchitectural Weird Machines

Recent research on Microarchitectural Weird Machines (µWMs) has shown that microarchitectural optimization features, originally exploited for data exfiltration, can also facilitate hidden computation. Emerging µWMs, enabled by dedicated compilers, have become increasingly practical, evading conventional analysis tools by executing complex cryptographic algorithms and unpacking malware entirely within the microarchitectural domain. To address the lack of defensive capabilities against this growing threat, we introduce WeMu, the first emulation-based framework specifically designed for the analysis of µWMs. WeMu enables security analysts to observe and reverse engineer hidden microarchitectural computations through novel abstractions that accurately replicate µWM behavior without the overhead and limitations of full microarchitectural simulation. We validate WeMu\u27s effectiveness by successfully emulating µWMs ranging from basic logic gates to sophisticated cryptographic routines consisting of thousands of gates. WeMu establishes the first practical foundation for the analysis and reverse engineering of microarchitectural computations, paving the way for more effective defenses

Affirming Unity in a Shared Temple: Recent Changes in the Lingsar Festival

The Lingsar Temple and its annual festival, Pujwali, serve as a unifying event for the local Sasak Muslims and Hindus of Balinese origin. Constructed above abundant water springs in Lingsar, West Lombok, Indonesia, the temple complex holds significant religious importance due to the sacred properties attributed to its waters. This article explores recent developments in the multireligious festival. My fieldwork spans from 2017 to 2023, a period marked by significant changes. Analysing these changes provides insights into the entanglements of multicultural religious encounters during Pujawali and the ambivalence of majority–minority relations. The festival has navigated challenges such as earthquakes, the COVID-19 pandemic, shifts in power dynamics, evolving gender relations, the empowerment of the local Muslim community, and intrareligious crises within Hindu leadership. This article introduces an intrareligious perspective on the festival centred around sustaining interreligious unity and culminating in collaborative efforts between the two religious communities

A Tool for Lightweight (AND, XOR) Implementations of Large-Degree S-boxes

We propose a new ad hoc automatic tool to look for lightweight implementations of non-linear functions on up to 7 variables. This tool is mainly aimed at finding implementations of arbitrary cryptographic S-boxes, with the goal of enabling lightweight protected implementations (such as masking), hence we focus on two metrics that we try to minimise: multiplicative depth and multiplicative complexity. We introduce an algorithm based on successive divisions, which we instantiate into a tool focused on binary operations AND and XOR. In a sense, this is a dual approach to a recent work which used an ad hoc algorithm based on multiplications, which was limited to degree-2 functions. Our algorithm removes this limitation, and our tool is efficient to find implementations of cryptographic S-boxes up to degree 5 on 6 bits and degree 3 on 7 bits

Cube and Integral Attacks on ChiLow-32

The protection of executable code in embedded systems requires efficient mechanisms that ensure confidentiality and integrity. Belkheyar et al. recently proposed the Authenticated Code Encryption (ACE) framework, with ChiLow as the first ACE-2 instantiation at EUROCRYPT 2025. ChiLow-(32 + τ ) is a 32-bit tweakable block cipher combined with a pseudorandom function, featuring quadratic nonlinear layers called ChiChi (χχ) and a nested tweak/key schedule optimized for low-latency decryptions in secure code execution under strict query limits.In this paper, we exploit the algebraic structure of χχ and study the resistance of ChiLow-(32 + τ ) to cube-like and integral cryptanalysis in single- and multiple-tweak settings. In the multiple-tweak setting, we present conditional attacks that can recover the full key for 5-round ChiLow-(32 + τ ) with practical complexity, and extend the analysis to 6 rounds at a still non-trivial but purely theoretical cost below brute force. We additionally construct borderline cube attacks on 5- and 6-round ChiLow-(32 + τ ), each capable of recovering the full key with practical complexity. Specifically, we recover the full key for 5-round ChiLow-(32 + τ ) using 232 decryptions, 218.58 chosen ciphertext data, and 233.56 bits of memory, and for 6-round ChiLow-(32 + τ ) using 234 decryptions, 233.58 chosen ciphertext data, and 254.28 bits of memory.We then focus on integral cryptanalysis and the challenge of extending the analysis to 7 rounds. We identify integral distinguishers in the single- and multiple-tweak models and extend suitable 2-round and 3-round integral distinguishers to build a 7-round attack. We present a nested strategy to recover all round tweaks and tackle the problem of deriving the master key from round-tweak and key information. Our key-recovery method exploits high-degree monomials that arise in the integral key-recovery phase to reduce the average number of guessed key bits and hence reduce the time complexity. As a result, we mount a 7-round key-recovery attack on ChiLow-(32 + τ ) that requires 26.32 chosen ciphertext data, has a time complexity of about 2108.55 encryptions, and needs negligible memory.Notably, all our attacks remain consistent with the security claims of the design

Differential Pattern Transition: Characterizing the Differential Behavior of AES-like Linear Layers

This paper introduces a new cryptographic notion for diffusion matrices, termed the Differential Pattern Transition (DPT). Building on this notion, we develop a systematic framework for describing the differential behavior of diffusion layers over multiple rounds in AES-like block ciphers. Specifically, the DPT framework enables a finer-grained evaluation of diffusion strength against differential attacks, allowing distinctions even among matrices sharing the same branch number. Furthermore, the DPT framework facilitates the classification of shuffle layers and assists in identifying permutation layers that maximize differential resistance.As a case study, we apply the DPT framework to the diffusion matrices used in MIDORI, PRINCE, QARMA, and AES, as well as a lightweight MDS matrix proposed in [SS16]. The results show that DPT provides both theoretical insights and practical guidance for the selection and design of diffusion and shuffle layers in secure and efficient block cipher constructions