> about
i am a cryptographer and computer scientist.
i am currently working as a phd student under the supervision of geoffroy couteau at institut de recherche en informatique fondamentale (irif) as part of université paris-cité.
i completed my undergraduate degree in math // cs at cmi. i completed my masters' at oregon state, where i was advised by mike rosulek and jiayu xu.
> research interests
i am interested in cryptography and theoretical computer science. my work mostly spans foundational results along with the cryptanalysis of concrete cryptographic protocols. more broadly i am interested in mathematical problems, often with a combinatorial flavor, and questions about the nature of computer science and what it implies about the world. recently i have been working on the following keywords:
- mpc hss pcg
- threshold [thing]
- black-box impossibilities
> papers
preprints
-
From OT to OLE with Almost-Linear CommunicationDoing OLEs in the OT-hybrid model used to take \(O(n\log n)\) communication. Now we can do it with \(O(n\cdot 2^{\log^{*}n})\).
-
Threshold Signing for Standard Hash-Based Signatures is ExpensiveHash-based schemes seem great: the security assumption is straightforward (SHA), SPHINCS+ has been standardized as SLH-DSA, and they don't use any super-fancy cryptography. We show that it's not so good if you want to threshold sign them; there are some inherent limitations that make threshold signing prohibitively expensive if you're doing it in a way that makes black-box use of the hash-function.
-
Minicrypt PRFs Do Not Admit Black-Box Oblivious EvaluationsOPRFs (Oblivious PseudoRandom Functions) are how you do PSI and PAKE, but they come in two varieties: key-reusable OPRFs, where the key \(k\) is fixed at the beginning by the sender, and ephemeral-key OPRFs, where you generate a new key each time the receiver wants to obtain the OPRF output at any input point of its choice. The first kind is nicer for updatable applications, but it looks like you can only ever build it using public key crypto. We show this gap is inherent: there's no PRF in Minicrypt which supports a nice OPRF protocol.
-
On the UC-(In)security of PAKE Protocols without Random OraclesKOY is an age-old PAKE protocol which bases its security purely on the DDH assumption. Is KOY UC-Secure? We show that it isn't, but that if you're working in the AGM you can prove it secure under a different assumption.
2025
-
Multiparty Homomorphic Secret Sharing and More from LPN and MQCan you securely a circuit with less communication than the circuit size? We use LPN and MQ to construct \(n\)-party DPFs, HSS and PCGs for constant-degree correlations—and show that you can do \(n\)-party MPC for layered circuits with \(O(n/\log^{*} n)\) communication.
-
Low-Rate Boolean Garbling Scheme from Generic GroupsBoolean garbled circuits need an \(O(\lambda)\) communication overhead—or do they? We show a garbling scheme that does slightly better under a variant of the Power-DDH Assumption.
-
Breaking the Low-Rate Arithmetic Garbling BarrierArithmetic garbled circuits need an \(O(\lambda)\) communication overhead—or do they? We show a garbling scheme that does slightly better under a variant of the Power-DDH Assumption.
2024
-
10-Party Sublinear Secure Computation from Standard AssumptionsCan you securely a circuit with less communication than the circuit size? We use a standard assumption soup to construct \(10\)-party MPC for layered circuits with \(O(n/\log\log\log n)\) communication.
> contact
naman [dot] kumar [at] irif [dot] fr
namankr02 [at] gmail [dot] com
please use these emails for all professional inquiries. i have others, but they don't work well; you certainly won't get an immediate response.