BEGIN:VCALENDAR VERSION:2.0 PRODID:-//Drupal iCal API//EN X-WR-CALNAME:Events items teaser X-WR-TIMEZONE:America/Toronto BEGIN:VTIMEZONE TZID:America/Toronto X-LIC-LOCATION:America/Toronto BEGIN:DAYLIGHT TZNAME:EDT TZOFFSETFROM:-0500 TZOFFSETTO:-0400 DTSTART:20260308T070000 END:DAYLIGHT BEGIN:STANDARD TZNAME:EST TZOFFSETFROM:-0400 TZOFFSETTO:-0500 DTSTART:20251102T060000 END:STANDARD END:VTIMEZONE BEGIN:VEVENT UID:69cea2f9eca31 DTSTART;TZID=America/Toronto:20260410T103000 SEQUENCE:0 TRANSP:TRANSPARENT DTEND;TZID=America/Toronto:20260410T113000 URL:https://uwaterloo.ca/combinatorics-and-optimization/events/crypto-readi ng-group-elnaz-hessami-pilehrood-shadowfax SUMMARY:Crypto Reading Group - Elnaz Hessami Pilehrood-Shadowfax: Hybrid\nS ecurity and Deniability for AKEMs CLASS:PUBLIC DESCRIPTION:SPEAKER:\n\n Elnaz Hessami Pilehrood\n\nAFFILIATION:\n Universi ty of Waterloo\n\nLOCATION:\n MC 6029\n\nABSTRACT:As cryptographic protoco ls transition to post-quantum\nsecurity\, most adopt hybrid solutions comb ining classical and\npost-quantum assumptions. This shift often sacrifices efficiency\,\ncompactness\, or even security. One such property is deniab ility\, which\nenables users to plausibly deny authorship of potentially\n incriminating messages. While classical protocols like X3DH key\nagreement (used in Signal and WhatsApp) provide deniability\,\npost-quantum protoco ls like PQXDH and Apple’s iMessage with PQ3 do\nnot. This work addresses this gap by investigating how to efficiently\npreserve deniability in pos t-quantum protocols. Specifically\, we\npropose two hybrid schemes for aut henticated key encapsulation\nmechanisms (AKEMs). The first is a black-box construction that\npreserves deniability when both constituent AKEMs are deniable. The\nsecond is Shadowfax\, a non-black-box AKEM that achieves hy brid\nsecurity\, integrating a classical non-interactive key exchange\, a\ npost-quantum key encapsulation mechanism\, and a post-quantum ring\nsigna ture. Shadowfax satisfies deniability in both dishonest and\nhonest receiv er settings\, relying on statistical security in the\nformer and on a sing le pre- or post-quantum assumption in the latter.\nFinally\, we provide se veral portable implementations of Shadowfax.\nWhen instantiated with stand ardised components (ML–KEM and Falcon)\,\nShadowfax yields ciphertexts o f 1 728 bytes and public keys of 2 036\nbytes\, with encapsulation and dec apsulation costs of 1.8M and 0.7M\ncycles on an Apple M1 Pro. DTSTAMP:20260402T171017Z END:VEVENT END:VCALENDAR