[{"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","external_id":{"arxiv":["2603.00728"]},"OA_type":"hybrid","day":"18","keyword":["Signal first-order logic","Robustness-based quantitative semantics","Online runtime monitoring"],"project":[{"call_identifier":"H2020","_id":"62781420-2b32-11ec-9570-8d9b63373d4d","name":"Vigilant Algorithmic Monitoring of Software","grant_number":"101020093"}],"date_updated":"2026-06-22T08:21:09Z","page":"214-233","conference":{"location":"Tokyo, Japan","end_date":"2026-05-22","name":"FM: Formal Methods","start_date":"2026-05-18"},"file_date_updated":"2026-06-22T08:18:41Z","oa":1,"has_accepted_license":"1","ddc":["000"],"_id":"22006","author":[{"full_name":"Chalupa, Marek","last_name":"Chalupa","id":"87e34708-d6c6-11ec-9f5b-9391e7be2463","first_name":"Marek"},{"orcid":"0000-0002-2985-7724","last_name":"Henzinger","full_name":"Henzinger, Thomas A","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","first_name":"Thomas A"},{"full_name":"Sarac, Naci E","last_name":"Sarac","first_name":"Naci E","id":"8C6B42F8-C8E6-11E9-A03A-F2DCE5697425"},{"full_name":"Yu, Zhengqi","last_name":"Yu","orcid":"0000-0002-4993-773X","id":"20aa2ae8-f2f1-11ed-bbfa-8205053f1342","first_name":"Zhengqi"}],"publisher":"Springer Nature","publication_status":"published","quality_controlled":"1","acknowledgement":"We thank the anonymous reviewers for their helpful comments. This work was supported by the European Research Council (ERC) Grants VAMOS (No. 101020093) and HYPER (No. 101055412), and by the Advanced Research and Invention Agency under the Safeguarded AI programme (MSAI-PR01-P047).","intvolume":"     16557","year":"2026","title":"Quantitative monitoring of Signal First-Order logic","publication_identifier":{"issn":["0302-9743"],"eissn":["1611-3349"],"isbn":["9783032262196"]},"arxiv":1,"doi":"10.1007/978-3-032-26220-2_11","date_published":"2026-05-18T00:00:00Z","language":[{"iso":"eng"}],"publication":"27th International Symposium on Formal Methods","scopus_import":"1","license":"https://creativecommons.org/licenses/by/4.0/","type":"conference","date_created":"2026-06-14T22:01:44Z","ec_funded":1,"tmp":{"legal_code_url":"https://creativecommons.org/licenses/by/4.0/legalcode","image":"/images/cc_by.png","name":"Creative Commons Attribution 4.0 International Public License (CC-BY 4.0)","short":"CC BY (4.0)"},"file":[{"date_updated":"2026-06-22T08:18:41Z","file_size":849237,"file_name":"2026_LNCS_Chalupa.pdf","content_type":"application/pdf","checksum":"7055199ecb985e9e2e272f4988827067","success":1,"file_id":"22113","relation":"main_file","date_created":"2026-06-22T08:18:41Z","creator":"dernst","access_level":"open_access"}],"oa_version":"Published Version","das_tickbox":"0","citation":{"short":"M. Chalupa, T.A. Henzinger, N.E. Sarac, E. Yu, in:, 27th International Symposium on Formal Methods, Springer Nature, 2026, pp. 214–233.","ama":"Chalupa M, Henzinger TA, Sarac NE, Yu E. Quantitative monitoring of Signal First-Order logic. In: <i>27th International Symposium on Formal Methods</i>. Vol 16557. Springer Nature; 2026:214-233. doi:<a href=\"https://doi.org/10.1007/978-3-032-26220-2_11\">10.1007/978-3-032-26220-2_11</a>","chicago":"Chalupa, Marek, Thomas A Henzinger, Naci E Sarac, and Emily Yu. “Quantitative Monitoring of Signal First-Order Logic.” In <i>27th International Symposium on Formal Methods</i>, 16557:214–33. Springer Nature, 2026. <a href=\"https://doi.org/10.1007/978-3-032-26220-2_11\">https://doi.org/10.1007/978-3-032-26220-2_11</a>.","apa":"Chalupa, M., Henzinger, T. A., Sarac, N. E., &#38; Yu, E. (2026). Quantitative monitoring of Signal First-Order logic. In <i>27th International Symposium on Formal Methods</i> (Vol. 16557, pp. 214–233). Tokyo, Japan: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-26220-2_11\">https://doi.org/10.1007/978-3-032-26220-2_11</a>","mla":"Chalupa, Marek, et al. “Quantitative Monitoring of Signal First-Order Logic.” <i>27th International Symposium on Formal Methods</i>, vol. 16557, Springer Nature, 2026, pp. 214–33, doi:<a href=\"https://doi.org/10.1007/978-3-032-26220-2_11\">10.1007/978-3-032-26220-2_11</a>.","ieee":"M. Chalupa, T. A. Henzinger, N. E. Sarac, and E. Yu, “Quantitative monitoring of Signal First-Order logic,” in <i>27th International Symposium on Formal Methods</i>, Tokyo, Japan, 2026, vol. 16557, pp. 214–233.","ista":"Chalupa M, Henzinger TA, Sarac NE, Yu E. 2026. Quantitative monitoring of Signal First-Order logic. 27th International Symposium on Formal Methods. FM: Formal Methods, LNCS, vol. 16557, 214–233."},"alternative_title":["LNCS"],"OA_place":"publisher","status":"public","volume":16557,"month":"05","abstract":[{"text":"Runtime monitoring checks, during execution, whether a partial signal produced by a hybrid system satisfies its specification. Signal First-Order Logic (SFO) offers expressive real-time specifications over such signals, but currently comes only with Boolean semantics and has no tool support. We provide the first robustness-based quantitative semantics for SFO, enabling the expression and evaluation of rich real-time properties beyond the scope of existing formalisms such as Signal Temporal Logic. To enable online monitoring, we identify a past-time fragment of SFO and give a pastification procedure that transforms bounded-response SFO formulas into equisatisfiable formulas in this fragment. We then develop an efficient runtime monitoring algorithm for this past-time fragment and evaluate its performance on a set of benchmarks, demonstrating the practicality and effectiveness of our approach. To the best of our knowledge, this is the first publicly available prototype for online quantitative monitoring of full SFO.","lang":"eng"}],"article_processing_charge":"No","department":[{"_id":"ToHe"}]},{"date_created":"2026-01-25T23:01:40Z","oa_version":"Preprint","OA_place":"repository","alternative_title":["LNCS"],"citation":{"ama":"Neiheiser R, Kokoris Kogias E. Anthemius: Efficient and modular block assembly for concurrent execution. In: <i>29th International Conference on Financial Cryptography and Data Security</i>. Vol 15751. Springer Nature; 2026:307-323. doi:<a href=\"https://doi.org/10.1007/978-3-032-07024-1_18\">10.1007/978-3-032-07024-1_18</a>","short":"R. Neiheiser, E. Kokoris Kogias, in:, 29th International Conference on Financial Cryptography and Data Security, Springer Nature, 2026, pp. 307–323.","ista":"Neiheiser R, Kokoris Kogias E. 2026. Anthemius: Efficient and modular block assembly for concurrent execution. 29th International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 15751, 307–323.","ieee":"R. Neiheiser and E. Kokoris Kogias, “Anthemius: Efficient and modular block assembly for concurrent execution,” in <i>29th International Conference on Financial Cryptography and Data Security</i>, Miyakojima, Japan, 2026, vol. 15751, pp. 307–323.","mla":"Neiheiser, Ray, and Eleftherios Kokoris Kogias. “Anthemius: Efficient and Modular Block Assembly for Concurrent Execution.” <i>29th International Conference on Financial Cryptography and Data Security</i>, vol. 15751, Springer Nature, 2026, pp. 307–23, doi:<a href=\"https://doi.org/10.1007/978-3-032-07024-1_18\">10.1007/978-3-032-07024-1_18</a>.","apa":"Neiheiser, R., &#38; Kokoris Kogias, E. (2026). Anthemius: Efficient and modular block assembly for concurrent execution. In <i>29th International Conference on Financial Cryptography and Data Security</i> (Vol. 15751, pp. 307–323). Miyakojima, Japan: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-07024-1_18\">https://doi.org/10.1007/978-3-032-07024-1_18</a>","chicago":"Neiheiser, Ray, and Eleftherios Kokoris Kogias. “Anthemius: Efficient and Modular Block Assembly for Concurrent Execution.” In <i>29th International Conference on Financial Cryptography and Data Security</i>, 15751:307–23. Springer Nature, 2026. <a href=\"https://doi.org/10.1007/978-3-032-07024-1_18\">https://doi.org/10.1007/978-3-032-07024-1_18</a>."},"status":"public","article_processing_charge":"No","abstract":[{"lang":"eng","text":"Many blockchains such as Ethereum execute all incoming transactions sequentially significantly limiting the potential throughput. A common approach to scale execution is parallel execution engines that fully utilize modern multi-core architectures. Parallel execution is then either done optimistically, by executing transactions in parallel and detecting conflicts on the fly, or guided, by requiring exhaustive client transaction hints and scheduling transactions accordingly.\r\n\r\nHowever, recent studies have shown that the performance of parallel execution engines depends on the nature of the underlying workload. In fact, in some cases, only a 60% speed-up compared to sequential execution could be obtained. This is the case, as transactions that access the same resources must be executed sequentially. For example, if 10% of the transactions in a block access the same resource, the execution cannot meaningfully scale beyond 10 cores. Therefore, a single popular application can bottleneck the execution and limit the potential throughput.\r\n\r\nIn this paper, we introduce Anthemius, a block construction algorithm that optimizes parallel transaction execution throughput. We evaluate Anthemius exhaustively under a range of workloads, and show that Anthemius enables the underlying parallel execution engine to process over twice as many transactions."}],"month":"01","volume":15751,"department":[{"_id":"KrPi"}],"acknowledgement":"This work was supported by the Austrian Science Fund (FWF) SFB project SpyCoDe F8502 and the Vienna Science and Technology Fund (WWTF) project SCALE2 CT22-045.","year":"2026","intvolume":"     15751","title":"Anthemius: Efficient and modular block assembly for concurrent execution","arxiv":1,"publication_identifier":{"isbn":["9783032070234"],"eissn":["1611-3349"],"issn":["0302-9743"]},"doi":"10.1007/978-3-032-07024-1_18","scopus_import":"1","date_published":"2026-01-01T00:00:00Z","publication":"29th International Conference on Financial Cryptography and Data Security","language":[{"iso":"eng"}],"type":"conference","oa":1,"conference":{"start_date":"2025-04-14","name":"FC: Financial Cryptography and Data Security","location":"Miyakojima, Japan","end_date":"2025-04-18"},"_id":"21042","author":[{"orcid":"0000-0001-7227-8309","last_name":"Neiheiser","full_name":"Neiheiser, Ray","id":"f09651b9-fec0-11ec-b5d8-934aff0e52a4","first_name":"Ray"},{"orcid":"0000-0002-8827-3382","last_name":"Kokoris Kogias","full_name":"Kokoris Kogias, Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","first_name":"Eleftherios"}],"publisher":"Springer Nature","publication_status":"published","corr_author":"1","quality_controlled":"1","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","external_id":{"arxiv":["2502.10074"]},"OA_type":"green","day":"01","project":[{"grant_number":"F8502","_id":"34a1b658-11ca-11ed-8bc3-c75229f0241e","name":"Interface Theory for Security and Privacy"},{"_id":"7bdd2f70-9f16-11ee-852c-b7950bc6d277","name":"SeCure, privAte, and interoperabLe layEr 2","grant_number":"ICT22-045"}],"date_updated":"2026-02-12T13:39:07Z","page":"307-323","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2502.10074"}]},{"external_id":{"arxiv":["2401.16292"]},"OA_type":"green","day":"01","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","page":"287-306","date_updated":"2026-02-16T07:56:09Z","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2401.16292"}],"oa":1,"conference":{"name":"FC: Financial Cryptography and Data Security","start_date":"2025-04-14","end_date":"2025-04-18","location":"Miyakojima, Japan"},"publisher":"Springer Nature","author":[{"first_name":"Quentin","last_name":"Kniep","full_name":"Kniep, Quentin"},{"first_name":"Eleftherios","id":"f5983044-d7ef-11ea-ac6d-fd1430a26d30","full_name":"Kokoris Kogias, Eleftherios","orcid":"0000-0002-8827-3382","last_name":"Kokoris Kogias"},{"full_name":"Sonnino, Alberto","last_name":"Sonnino","first_name":"Alberto"},{"first_name":"Igor","last_name":"Zablotchi","full_name":"Zablotchi, Igor"},{"last_name":"Zhang","full_name":"Zhang, Nuda","first_name":"Nuda"}],"_id":"21044","publication_status":"published","quality_controlled":"1","year":"2026","intvolume":"     15751","arxiv":1,"publication_identifier":{"eissn":["1611-3349"],"issn":["0302-9743"],"isbn":["9783032070234"]},"title":"Pilotfish: Distributed execution for scalable blockchains","doi":"10.1007/978-3-032-07024-1_17","type":"conference","scopus_import":"1","date_published":"2026-01-01T00:00:00Z","publication":"29th International Conference on Financial Cryptography and Data Security","language":[{"iso":"eng"}],"date_created":"2026-01-25T23:01:41Z","alternative_title":["LNCS"],"OA_place":"repository","citation":{"short":"Q. Kniep, E. Kokoris Kogias, A. Sonnino, I. Zablotchi, N. Zhang, in:, 29th International Conference on Financial Cryptography and Data Security, Springer Nature, 2026, pp. 287–306.","ama":"Kniep Q, Kokoris Kogias E, Sonnino A, Zablotchi I, Zhang N. Pilotfish: Distributed execution for scalable blockchains. In: <i>29th International Conference on Financial Cryptography and Data Security</i>. Vol 15751. Springer Nature; 2026:287-306. doi:<a href=\"https://doi.org/10.1007/978-3-032-07024-1_17\">10.1007/978-3-032-07024-1_17</a>","chicago":"Kniep, Quentin, Eleftherios Kokoris Kogias, Alberto Sonnino, Igor Zablotchi, and Nuda Zhang. “Pilotfish: Distributed Execution for Scalable Blockchains.” In <i>29th International Conference on Financial Cryptography and Data Security</i>, 15751:287–306. Springer Nature, 2026. <a href=\"https://doi.org/10.1007/978-3-032-07024-1_17\">https://doi.org/10.1007/978-3-032-07024-1_17</a>.","mla":"Kniep, Quentin, et al. “Pilotfish: Distributed Execution for Scalable Blockchains.” <i>29th International Conference on Financial Cryptography and Data Security</i>, vol. 15751, Springer Nature, 2026, pp. 287–306, doi:<a href=\"https://doi.org/10.1007/978-3-032-07024-1_17\">10.1007/978-3-032-07024-1_17</a>.","apa":"Kniep, Q., Kokoris Kogias, E., Sonnino, A., Zablotchi, I., &#38; Zhang, N. (2026). Pilotfish: Distributed execution for scalable blockchains. In <i>29th International Conference on Financial Cryptography and Data Security</i> (Vol. 15751, pp. 287–306). Miyakojima, Japan: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-07024-1_17\">https://doi.org/10.1007/978-3-032-07024-1_17</a>","ista":"Kniep Q, Kokoris Kogias E, Sonnino A, Zablotchi I, Zhang N. 2026. Pilotfish: Distributed execution for scalable blockchains. 29th International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 15751, 287–306.","ieee":"Q. Kniep, E. Kokoris Kogias, A. Sonnino, I. Zablotchi, and N. Zhang, “Pilotfish: Distributed execution for scalable blockchains,” in <i>29th International Conference on Financial Cryptography and Data Security</i>, Miyakojima, Japan, 2026, vol. 15751, pp. 287–306."},"oa_version":"Preprint","status":"public","article_processing_charge":"No","volume":15751,"month":"01","abstract":[{"text":"Scalability is a crucial requirement for modern large-scale systems, enabling elasticity and ensuring responsiveness under varying load. While cloud systems have achieved scalable architectures, blockchain systems remain constrained by the need to over-provision validator machines to handle peak load. This leads to resource inefficiency, poor cost scaling, and limits on performance. To address these challenges, we introduce Pilotfish, the first scale-out transaction execution engine for blockchains. Pilotfish enables validators to scale horizontally by distributing transaction execution across multiple worker machines, allowing elasticity without compromising consistency or determinism. It integrates seamlessly with the lazy blockchain architecture, completing the missing piece of execution elasticity. To achieve this, Pilotfish tackles several key challenges: ensuring scalable and strongly consistent distributed transactions, handling partial crash recovery with lightweight replication, and maintaining concurrency with a novel versioned-queue scheduling algorithm. Our evaluation shows that Pilotfish scales linearly up to at least eight workers per validator for compute-bound workloads, while maintaining low latency. By solving scalable execution, Pilotfish brings blockchains closer to achieving end-to-end elasticity, unlocking new possibilities for efficient and adaptable blockchain systems.","lang":"eng"}]},{"main_file_link":[{"url":"https://doi.org/10.48550/arXiv.2505.14891","open_access":"1"}],"page":"127-142","date_updated":"2026-04-15T08:45:18Z","project":[{"_id":"34a34d57-11ca-11ed-8bc3-a2688a8724e1","name":"Security and Privacy by Design for Complex Systems","grant_number":"F8509"}],"OA_type":"green","external_id":{"arxiv":["2505.14891"]},"day":"01","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","corr_author":"1","quality_controlled":"1","publication_status":"published","publisher":"Springer Nature","_id":"21134","author":[{"full_name":"Baig, Mirza Ahad","last_name":"Baig","id":"3EDE6DE4-AA5A-11E9-986D-341CE6697425","first_name":"Mirza Ahad"},{"full_name":"Pietrzak, Krzysztof Z","orcid":"0000-0002-9139-1654","last_name":"Pietrzak","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","first_name":"Krzysztof Z"}],"oa":1,"conference":{"name":"FC: Financial Cryptography and Data Security","start_date":"2025-04-14","location":"Miyakojima, Japan","end_date":"2025-04-18"},"type":"conference","scopus_import":"1","language":[{"iso":"eng"}],"date_published":"2026-01-01T00:00:00Z","publication":"29th International Conference on Financial Cryptography and Data Security","doi":"10.1007/978-3-032-07035-7_8","arxiv":1,"publication_identifier":{"eissn":["1611-3349"],"issn":["0302-9743"],"isbn":["9783032070340"]},"title":"On the (in)security of Proofs-of-space based longest-chain blockchains","year":"2026","intvolume":"     15752","acknowledgement":"This research was funded in whole or in part by the Austrian Science Fund (FWF) 10.55776/F85.","department":[{"_id":"KrPi"}],"article_processing_charge":"No","abstract":[{"lang":"eng","text":"The Nakamoto consensus protocol underlying the Bitcoin blockchain uses proof of work as a voting mechanism. Honest miners who contribute hashing power towards securing the chain try to extend the longest chain they are aware of. Despite its simplicity, Nakamoto consensus achieves meaningful security guarantees assuming that at any point in time, a majority of the hashing power is controlled by honest parties. This also holds under “resource variability”, i.e., if the total hashing power varies greatly over time.\r\nProofs of space (PoSpace) have been suggested as a more sustainable replacement for proofs of work. Unfortunately, no construction of a “longest-chain” blockchain based on PoSpace, that is secure under dynamic availability, is known. In this work, we prove that without additional assumptions no such protocol exists. We exactly quantify this impossibility result by proving a bound on the length of the fork required for double spending as a function of the adversarial capabilities. This bound holds for any chain selection rule, and we also show a chain selection rule (albeit a very strange one) that almost matches this bound.\r\nThe Nakamoto consensus protocol underlying the Bitcoin blockchain uses proof of work as a voting mechanism. Honest miners who contribute hashing power towards securing the chain try to extend the longest chain they are aware of. Despite its simplicity, Nakamoto consensus achieves meaningful security guarantees assuming that at any point in time, a majority of the hashing power is controlled by honest parties. This also holds under “resource variability”, i.e., if the total hashing power varies greatly over time.\r\n\r\nProofs of space (PoSpace) have been suggested as a more sustainable replacement for proofs of work. Unfortunately, no construction of a “longest-chain” blockchain based on PoSpace, that is secure under dynamic availability, is known. In this work, we prove that without additional assumptions no such protocol exists. We exactly quantify this impossibility result by proving a bound on the length of the fork required for double spending as a function of the adversarial capabilities. This bound holds for any chain selection rule, and we also show a chain selection rule (albeit a very strange one) that almost matches this bound.\r\n\r\nConcretely, we consider a security game in which the honest parties at any point control 0 > 1\r\n times more space than the adversary. The adversary can change the honest space by a factor 1+- E with every block (dynamic availability), and “replotting” the space (which allows answering two challenges using the same space) takes as much time as p blocks.\r\nWe prove that no matter what chain selection rule is used, in this game the adversary can create a fork of length o^2 . p/E that will be picked as the winner by the chain selection rule.\r\nWe also provide an upper bound that matches the lower bound up to a factor o. There exists a chain selection rule (albeit a very strange one) which in the above game requires forks of length at least o . p/E\r\nOur results show the necessity of additional assumptions to create a secure PoSpace based longest-chain blockchain. The Chia network in addition to PoSpace uses a verifiable delay function. Our bounds show that an additional primitive like that is necessary."}],"month":"01","volume":15752,"status":"public","related_material":{"record":[{"status":"public","id":"21651","relation":"dissertation_contains"}]},"OA_place":"repository","alternative_title":["LNCS"],"citation":{"short":"M.A. Baig, K.Z. Pietrzak, in:, 29th International Conference on Financial Cryptography and Data Security, Springer Nature, 2026, pp. 127–142.","ama":"Baig MA, Pietrzak KZ. On the (in)security of Proofs-of-space based longest-chain blockchains. In: <i>29th International Conference on Financial Cryptography and Data Security</i>. Vol 15752. Springer Nature; 2026:127-142. doi:<a href=\"https://doi.org/10.1007/978-3-032-07035-7_8\">10.1007/978-3-032-07035-7_8</a>","ista":"Baig MA, Pietrzak KZ. 2026. On the (in)security of Proofs-of-space based longest-chain blockchains. 29th International Conference on Financial Cryptography and Data Security. FC: Financial Cryptography and Data Security, LNCS, vol. 15752, 127–142.","ieee":"M. A. Baig and K. Z. Pietrzak, “On the (in)security of Proofs-of-space based longest-chain blockchains,” in <i>29th International Conference on Financial Cryptography and Data Security</i>, Miyakojima, Japan, 2026, vol. 15752, pp. 127–142.","chicago":"Baig, Mirza Ahad, and Krzysztof Z Pietrzak. “On the (in)Security of Proofs-of-Space Based Longest-Chain Blockchains.” In <i>29th International Conference on Financial Cryptography and Data Security</i>, 15752:127–42. Springer Nature, 2026. <a href=\"https://doi.org/10.1007/978-3-032-07035-7_8\">https://doi.org/10.1007/978-3-032-07035-7_8</a>.","apa":"Baig, M. A., &#38; Pietrzak, K. Z. (2026). On the (in)security of Proofs-of-space based longest-chain blockchains. In <i>29th International Conference on Financial Cryptography and Data Security</i> (Vol. 15752, pp. 127–142). Miyakojima, Japan: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-07035-7_8\">https://doi.org/10.1007/978-3-032-07035-7_8</a>","mla":"Baig, Mirza Ahad, and Krzysztof Z. Pietrzak. “On the (in)Security of Proofs-of-Space Based Longest-Chain Blockchains.” <i>29th International Conference on Financial Cryptography and Data Security</i>, vol. 15752, Springer Nature, 2026, pp. 127–42, doi:<a href=\"https://doi.org/10.1007/978-3-032-07035-7_8\">10.1007/978-3-032-07035-7_8</a>."},"oa_version":"Preprint","date_created":"2026-02-01T23:01:43Z"},{"scopus_import":"1","language":[{"iso":"eng"}],"date_published":"2026-01-03T00:00:00Z","publication":"1st International Workshop on Efficient Medical Artificial Intelligence","type":"conference","doi":"10.1007/978-3-032-13961-0_26","title":"niiv: Interactive Self-supervised Neural Implicit Isotropic Volume Reconstruction","publication_identifier":{"eissn":["1611-3349"],"issn":["0302-9743"],"isbn":["9783032139603"]},"acknowledgement":"This work was supported by NIH grants 1U01NS132158 and R01HD104969. We thank the reviewers for their constructive feedback.","year":"2026","intvolume":"     16318","article_processing_charge":"No","volume":16318,"month":"01","abstract":[{"text":"Three-dimensional (3D) microscopy data is often anisotropic with significantly lower resolution (up to 8x) along the z axis than along the xy axes. Computationally generating plausible isotropic resolution from anisotropic imaging data would benefit the visual analysis of large-scale volumes. This paper proposes niiv, a self-supervised method for isotropic reconstruction of 3D microscopy data that can quickly produce images at arbitrary output resolutions. The representation embeds a learned latent code within a neural field that describes the implicit higher-resolution isotropic image region. We use an attention-guided latent interpolation approach, which allows flexible information exchange over a local latent neighborhood. Under isotropic volume assumptions, we self-supervise this representation on low-/high-resolution lateral image pairs to reconstruct an isotropic volume from low-resolution axial images. We evaluate our method on simulated and real anisotropic electron (EM) and light microscopy (LM) data. Compared to diffusion-based baselines, niiv shows improved reconstruction quality (+1 dB PSNR) and is over three orders of magnitude faster (1,000x) to infer. Specifically, niiv reconstructs a 128^3 voxel volume in 2/10th of a second, renderable at varying (continuous) high resolutions for display. Our code is available at https://github.com/jakobtroidl/niiv-miccai.","lang":"eng"}],"department":[{"_id":"JoDa"}],"related_material":{"link":[{"relation":"software","url":"https://github.com/jakobtroidl/niiv-miccai"}]},"status":"public","oa_version":"Preprint","alternative_title":["LNCS"],"OA_place":"repository","citation":{"ama":"Troidl J, Liang Y, Beyer J, et al. niiv: Interactive Self-supervised Neural Implicit Isotropic Volume Reconstruction. In: <i>1st International Workshop on Efficient Medical Artificial Intelligence</i>. Vol 16318. Springer Nature; 2026:257-267. doi:<a href=\"https://doi.org/10.1007/978-3-032-13961-0_26\">10.1007/978-3-032-13961-0_26</a>","short":"J. Troidl, Y. Liang, J. Beyer, M. Tavakoli, J.G. Danzl, M. Hadwiger, H. Pfister, J. Tompkin, in:, 1st International Workshop on Efficient Medical Artificial Intelligence, Springer Nature, 2026, pp. 257–267.","mla":"Troidl, Jakob, et al. “Niiv: Interactive Self-Supervised Neural Implicit Isotropic Volume Reconstruction.” <i>1st International Workshop on Efficient Medical Artificial Intelligence</i>, vol. 16318, Springer Nature, 2026, pp. 257–67, doi:<a href=\"https://doi.org/10.1007/978-3-032-13961-0_26\">10.1007/978-3-032-13961-0_26</a>.","apa":"Troidl, J., Liang, Y., Beyer, J., Tavakoli, M., Danzl, J. G., Hadwiger, M., … Tompkin, J. (2026). niiv: Interactive Self-supervised Neural Implicit Isotropic Volume Reconstruction. In <i>1st International Workshop on Efficient Medical Artificial Intelligence</i> (Vol. 16318, pp. 257–267). Daejeon, South Korea: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-13961-0_26\">https://doi.org/10.1007/978-3-032-13961-0_26</a>","chicago":"Troidl, Jakob, Yiqing Liang, Johanna Beyer, Mojtaba Tavakoli, Johann G Danzl, Markus Hadwiger, Hanspeter Pfister, and James Tompkin. “Niiv: Interactive Self-Supervised Neural Implicit Isotropic Volume Reconstruction.” In <i>1st International Workshop on Efficient Medical Artificial Intelligence</i>, 16318:257–67. Springer Nature, 2026. <a href=\"https://doi.org/10.1007/978-3-032-13961-0_26\">https://doi.org/10.1007/978-3-032-13961-0_26</a>.","ista":"Troidl J, Liang Y, Beyer J, Tavakoli M, Danzl JG, Hadwiger M, Pfister H, Tompkin J. 2026. niiv: Interactive Self-supervised Neural Implicit Isotropic Volume Reconstruction. 1st International Workshop on Efficient Medical Artificial Intelligence. EMA4MICCAI: Efficient Medical Artificial Intelligence, LNCS, vol. 16318, 257–267.","ieee":"J. Troidl <i>et al.</i>, “niiv: Interactive Self-supervised Neural Implicit Isotropic Volume Reconstruction,” in <i>1st International Workshop on Efficient Medical Artificial Intelligence</i>, Daejeon, South Korea, 2026, vol. 16318, pp. 257–267."},"date_created":"2026-02-01T23:01:44Z","main_file_link":[{"open_access":"1","url":"https://doi.org/10.1101/2024.09.07.611785"}],"date_updated":"2026-02-16T08:50:50Z","page":"257-267","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","OA_type":"green","day":"03","quality_controlled":"1","publication_status":"published","_id":"21135","author":[{"last_name":"Troidl","full_name":"Troidl, Jakob","first_name":"Jakob"},{"first_name":"Yiqing","full_name":"Liang, Yiqing","last_name":"Liang"},{"last_name":"Beyer","full_name":"Beyer, Johanna","first_name":"Johanna"},{"id":"3A0A06F4-F248-11E8-B48F-1D18A9856A87","first_name":"Mojtaba","orcid":"0000-0002-7667-6854","last_name":"Tavakoli","full_name":"Tavakoli, Mojtaba"},{"first_name":"Johann G","id":"42EFD3B6-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0001-8559-3973","last_name":"Danzl","full_name":"Danzl, Johann G"},{"first_name":"Markus","full_name":"Hadwiger, Markus","last_name":"Hadwiger"},{"first_name":"Hanspeter","full_name":"Pfister, Hanspeter","last_name":"Pfister"},{"full_name":"Tompkin, James","last_name":"Tompkin","first_name":"James"}],"publisher":"Springer Nature","oa":1,"conference":{"end_date":"2025-09-23","location":"Daejeon, South Korea","name":"EMA4MICCAI: Efficient Medical Artificial Intelligence","start_date":"2025-09-23"}},{"_id":"21374","author":[{"first_name":"Todor","last_name":"Antić","full_name":"Antić, Todor"},{"last_name":"Džuklevski","full_name":"Džuklevski, Aleksa","first_name":"Aleksa"},{"first_name":"Jiří","last_name":"Fiala","full_name":"Fiala, Jiří"},{"full_name":"Kratochvíl, Jan","last_name":"Kratochvíl","first_name":"Jan"},{"last_name":"Liotta","full_name":"Liotta, Giuseppe","first_name":"Giuseppe"},{"id":"f86f7148-b140-11ec-9577-95435b8df824","first_name":"Morteza","full_name":"Saghafian, Morteza","last_name":"Saghafian"},{"full_name":"Saumell, Maria","last_name":"Saumell","first_name":"Maria"},{"full_name":"Zink, Johannes","last_name":"Zink","first_name":"Johannes"}],"publisher":"Springer Nature","oa":1,"conference":{"location":"Krakow, Poland","end_date":"2026-02-13","start_date":"2026-02-09","name":"SOFSEM: Conference on Current Trends in Theory and Practice of Computer Science"},"quality_controlled":"1","publication_status":"published","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","external_id":{"arxiv":["2511.22526"]},"day":"13","OA_type":"green","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2511.22526"}],"date_updated":"2026-03-02T08:49:20Z","page":"532-546","oa_version":"Preprint","OA_place":"repository","alternative_title":["LNCS"],"citation":{"mla":"Antić, Todor, et al. “Edge-Constrained Hamiltonian Paths on a Point Set.” <i>51st International Conference on Current Trends in Theory and Practice of Computer Science</i>, vol. 16448, Springer Nature, 2026, pp. 532–46, doi:<a href=\"https://doi.org/10.1007/978-3-032-17801-5_39\">10.1007/978-3-032-17801-5_39</a>.","apa":"Antić, T., Džuklevski, A., Fiala, J., Kratochvíl, J., Liotta, G., Saghafian, M., … Zink, J. (2026). Edge-constrained Hamiltonian paths on a point set. In <i>51st International Conference on Current Trends in Theory and Practice of Computer Science</i> (Vol. 16448, pp. 532–546). Krakow, Poland: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-17801-5_39\">https://doi.org/10.1007/978-3-032-17801-5_39</a>","chicago":"Antić, Todor, Aleksa Džuklevski, Jiří Fiala, Jan Kratochvíl, Giuseppe Liotta, Morteza Saghafian, Maria Saumell, and Johannes Zink. “Edge-Constrained Hamiltonian Paths on a Point Set.” In <i>51st International Conference on Current Trends in Theory and Practice of Computer Science</i>, 16448:532–46. Springer Nature, 2026. <a href=\"https://doi.org/10.1007/978-3-032-17801-5_39\">https://doi.org/10.1007/978-3-032-17801-5_39</a>.","ieee":"T. Antić <i>et al.</i>, “Edge-constrained Hamiltonian paths on a point set,” in <i>51st International Conference on Current Trends in Theory and Practice of Computer Science</i>, Krakow, Poland, 2026, vol. 16448, pp. 532–546.","ista":"Antić T, Džuklevski A, Fiala J, Kratochvíl J, Liotta G, Saghafian M, Saumell M, Zink J. 2026. Edge-constrained Hamiltonian paths on a point set. 51st International Conference on Current Trends in Theory and Practice of Computer Science. SOFSEM: Conference on Current Trends in Theory and Practice of Computer Science, LNCS, vol. 16448, 532–546.","ama":"Antić T, Džuklevski A, Fiala J, et al. Edge-constrained Hamiltonian paths on a point set. In: <i>51st International Conference on Current Trends in Theory and Practice of Computer Science</i>. Vol 16448. Springer Nature; 2026:532-546. doi:<a href=\"https://doi.org/10.1007/978-3-032-17801-5_39\">10.1007/978-3-032-17801-5_39</a>","short":"T. Antić, A. Džuklevski, J. Fiala, J. Kratochvíl, G. Liotta, M. Saghafian, M. Saumell, J. Zink, in:, 51st International Conference on Current Trends in Theory and Practice of Computer Science, Springer Nature, 2026, pp. 532–546."},"date_created":"2026-03-01T23:01:40Z","article_processing_charge":"No","month":"02","volume":16448,"abstract":[{"lang":"eng","text":"Let . S be a set of distinct points in general position in the\r\nEuclidean plane. A plane Hamiltonian path on . S is a crossing-free geometric path such that every point of .S is a vertex of the path. It is\r\nknown that, if. S is sufficiently large, there exist three edge-disjoint plane\r\nHamiltonian paths on . S. In this paper we study an edge-constrained\r\nversion of the problem of finding Hamiltonian paths on a point set. We\r\nfirst consider the problem of finding a single plane Hamiltonian path . π\r\nwith endpoints .s, t ∈ S and constraints given by a segment . ab, where\r\n.a, b ∈ S. We consider the following scenarios: (i) .ab ∈ π; (ii) .ab π. We\r\ncharacterize those quintuples . S, a, b, s, t for which . π exists. Secondly,\r\nwe consider the problem of finding two plane Hamiltonian paths . π1, π2\r\non a set . S with constraints given by a segment . ab, where .a, b ∈ S. We\r\nconsider the following scenarios: (i) .π1 and .π2 share no edges and .ab is\r\nan edge of . π1; (ii) .π1 and .π2 share no edges and none of them includes\r\n.ab as an edge; (iii) both .π1 and .π2 include .ab as an edge and share no\r\nother edges. In all cases, we characterize those triples . S, a, b for which\r\n.π1 and .π2 exist."}],"department":[{"_id":"HeEd"}],"status":"public","title":"Edge-constrained Hamiltonian paths on a point set","publication_identifier":{"isbn":["9783032178008"],"issn":["0302-9743"],"eissn":["1611-3349"]},"arxiv":1,"acknowledgement":"We thank the organizers of the HOMONOLO 2024 workshop in Nová Louka, Czech Republic, for the fruitful atmosphere where the research on this project was initiated.\r\n\r\nT. Antić, A. Džuklevski, J. Kratochvíl and M. Saumell received funding from GAČR grant 23–04949X, T.A and A.Dž were additionally supported by GAUK grant SVV–2025–260822. G. Liotta was supported in part by MUR of Italy, PRIN Project no. 2022TS4Y3N – EXPAND and PON Project ARS01_00540. J. Fiala was in part supported by GAČR grant 25-16847S.","year":"2026","intvolume":"     16448","scopus_import":"1","language":[{"iso":"eng"}],"date_published":"2026-02-13T00:00:00Z","publication":"51st International Conference on Current Trends in Theory and Practice of Computer Science","type":"conference","doi":"10.1007/978-3-032-17801-5_39"},{"main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2409.11079"}],"date_updated":"2026-03-09T10:25:41Z","page":"386-401","project":[{"call_identifier":"H2020","_id":"266A2E9E-B435-11E9-9278-68D0E5697425","name":"Alpha Shape Theory Extended","grant_number":"788183"},{"_id":"268116B8-B435-11E9-9278-68D0E5697425","name":"Mathematics, Computer Science","grant_number":"Z00342","call_identifier":"FWF"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","external_id":{"arxiv":["2409.11079"]},"day":"14","OA_type":"green","quality_controlled":"1","publication_status":"published","author":[{"last_name":"Jabal Ameli","full_name":"Jabal Ameli, Afrouz","first_name":"Afrouz"},{"first_name":"Faezeh","last_name":"Motiei","full_name":"Motiei, Faezeh"},{"first_name":"Morteza","id":"f86f7148-b140-11ec-9577-95435b8df824","full_name":"Saghafian, Morteza","last_name":"Saghafian"}],"_id":"21410","publisher":"Springer Nature","oa":1,"conference":{"location":"Perugia, Italy","end_date":"2026-03-06","start_date":"2026-03-04","name":"WALCOM: International Conference and Workshops on Algorithms and Computation"},"scopus_import":"1","publication":"20th International Conference and Workshops on Algorithms and Computation","date_published":"2026-02-14T00:00:00Z","language":[{"iso":"eng"}],"type":"conference","doi":"10.1007/978-981-95-7127-7_26","title":"On the MST-ratio: Theoretical bounds and complexity of finding the maximum","publication_identifier":{"isbn":["9789819571260"],"issn":["0302-9743"],"eissn":["1611-3349"]},"arxiv":1,"acknowledgement":"A. J. Ameli—Supported by the project COALESCE (ERC grant no. 853234).\r\nM. Saghafian—Partially supported by the European Research Council (ERC), grant no. 788183, and by the Wittgenstein Prize, Austrian Science Fund (FWF), grant no. Z 342-N31.","year":"2026","intvolume":"     16444","article_processing_charge":"No","month":"02","volume":16444,"abstract":[{"lang":"eng","text":"Given a finite set of red and blue points in R^d, the MST-ratio is defined as the total length of the Euclidean minimum spanning trees of the red points and the blue points, divided by the length of the Euclidean minimum spanning tree of their union. The MST-ratio has recently gained attention due to its direct interpretation in topological models for studying point sets with applications in spatial biology. The maximum MST-ratio of a point set is the maximum MST-ratio over all proper colorings of its points by red and blue. We prove that finding the maximum MST-ratio of a given point set is NP-hard when the dimension is part of the input. Moreover, we present a quadratic-time 3-approximation algorithm for this problem. As part of the proof, we show that in any metric space, the maximum MST-ratio is smaller than 3. Furthermore, we study the average MST-ratio over all colorings of a set of n points. We show that this average is always at least n-2/n-1, and for n random points uniformly distributed in a d-dimensional unit cube, the average tends to (math formular) in expectation as n approaches infinity."}],"department":[{"_id":"HeEd"}],"status":"public","oa_version":"Preprint","OA_place":"repository","alternative_title":["LNCS"],"citation":{"chicago":"Jabal Ameli, Afrouz, Faezeh Motiei, and Morteza Saghafian. “On the MST-Ratio: Theoretical Bounds and Complexity of Finding the Maximum.” In <i>20th International Conference and Workshops on Algorithms and Computation</i>, 16444:386–401. Springer Nature, 2026. <a href=\"https://doi.org/10.1007/978-981-95-7127-7_26\">https://doi.org/10.1007/978-981-95-7127-7_26</a>.","mla":"Jabal Ameli, Afrouz, et al. “On the MST-Ratio: Theoretical Bounds and Complexity of Finding the Maximum.” <i>20th International Conference and Workshops on Algorithms and Computation</i>, vol. 16444, Springer Nature, 2026, pp. 386–401, doi:<a href=\"https://doi.org/10.1007/978-981-95-7127-7_26\">10.1007/978-981-95-7127-7_26</a>.","apa":"Jabal Ameli, A., Motiei, F., &#38; Saghafian, M. (2026). On the MST-ratio: Theoretical bounds and complexity of finding the maximum. In <i>20th International Conference and Workshops on Algorithms and Computation</i> (Vol. 16444, pp. 386–401). Perugia, Italy: Springer Nature. <a href=\"https://doi.org/10.1007/978-981-95-7127-7_26\">https://doi.org/10.1007/978-981-95-7127-7_26</a>","ista":"Jabal Ameli A, Motiei F, Saghafian M. 2026. On the MST-ratio: Theoretical bounds and complexity of finding the maximum. 20th International Conference and Workshops on Algorithms and Computation. WALCOM: International Conference and Workshops on Algorithms and Computation, LNCS, vol. 16444, 386–401.","ieee":"A. Jabal Ameli, F. Motiei, and M. Saghafian, “On the MST-ratio: Theoretical bounds and complexity of finding the maximum,” in <i>20th International Conference and Workshops on Algorithms and Computation</i>, Perugia, Italy, 2026, vol. 16444, pp. 386–401.","short":"A. Jabal Ameli, F. Motiei, M. Saghafian, in:, 20th International Conference and Workshops on Algorithms and Computation, Springer Nature, 2026, pp. 386–401.","ama":"Jabal Ameli A, Motiei F, Saghafian M. On the MST-ratio: Theoretical bounds and complexity of finding the maximum. In: <i>20th International Conference and Workshops on Algorithms and Computation</i>. Vol 16444. Springer Nature; 2026:386-401. doi:<a href=\"https://doi.org/10.1007/978-981-95-7127-7_26\">10.1007/978-981-95-7127-7_26</a>"},"ec_funded":1,"date_created":"2026-03-08T23:01:45Z"},{"corr_author":"1","quality_controlled":"1","publication_status":"published","_id":"20844","author":[{"full_name":"Dujmovic, Jesko","last_name":"Dujmovic","first_name":"Jesko"},{"full_name":"Günther, Christoph Ullrich","last_name":"Günther","first_name":"Christoph Ullrich","id":"ec98511c-eb8e-11eb-b029-edd25d7271a1"},{"last_name":"Pietrzak","orcid":"0000-0002-9139-1654","full_name":"Pietrzak, Krzysztof Z","first_name":"Krzysztof Z","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87"}],"publisher":"Springer Nature","oa":1,"conference":{"name":"TCC: Theory of Cryptography","start_date":"2025-12-01","location":"Aarhus, Denmark","end_date":"2025-12-05"},"main_file_link":[{"open_access":"1","url":"https://eprint.iacr.org/2025/1723"}],"date_updated":"2025-12-29T11:44:16Z","page":"171-202","project":[{"grant_number":"F8509","_id":"34a34d57-11ca-11ed-8bc3-a2688a8724e1","name":"Security and Privacy by Design for Complex Systems"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","OA_type":"green","day":"05","article_processing_charge":"No","month":"12","volume":16271,"abstract":[{"text":"We introduce and construct a new proof system called Non-interactive Arguments of Knowledge or Space (NArKoS), where a space-bounded prover can convince a verifier they know a secret, while having access to sufficient space allows one to forge indistinguishable proofs without the secret.\r\nAn application of NArKoS are space-deniable proofs, which are proofs of knowledge (say for authentication in access control) that are sound when executed by a lightweight device like a smart-card or an RFID chip that cannot have much storage, but are deniable (in the strong sense of online deniability) as the verifier, like a card reader, can efficiently forge such proofs.\r\nWe construct NArKoS in the random oracle model using an OR-proof combining a sigma protocol (for the proof of knowledge of the secret) with a new proof system called simulatable Proof of Transient Space (simPoTS). We give two different constructions of simPoTS, one based on labelling graphs with high pebbling complexity, a technique used in the construction of memory-hard functions and proofs of space, and a more practical construction based on the verifiable space-hard functions from TCC’24 where a prover must compute a root of a sparse polynomial. In both cases, the main challenge is making the proofs efficiently simulatable.","lang":"eng"}],"department":[{"_id":"KrPi"}],"status":"public","oa_version":"Preprint","alternative_title":["LNCS"],"OA_place":"repository","citation":{"ama":"Dujmovic J, Günther CU, Pietrzak KZ. Space-deniable proofs. In: <i>23rd International Conference on Theory of Cryptography</i>. Vol 16271. Springer Nature; 2025:171-202. doi:<a href=\"https://doi.org/10.1007/978-3-032-12290-2_6\">10.1007/978-3-032-12290-2_6</a>","short":"J. Dujmovic, C.U. Günther, K.Z. Pietrzak, in:, 23rd International Conference on Theory of Cryptography, Springer Nature, 2025, pp. 171–202.","ista":"Dujmovic J, Günther CU, Pietrzak KZ. 2025. Space-deniable proofs. 23rd International Conference on Theory of Cryptography. TCC: Theory of Cryptography, LNCS, vol. 16271, 171–202.","ieee":"J. Dujmovic, C. U. Günther, and K. Z. Pietrzak, “Space-deniable proofs,” in <i>23rd International Conference on Theory of Cryptography</i>, Aarhus, Denmark, 2025, vol. 16271, pp. 171–202.","mla":"Dujmovic, Jesko, et al. “Space-Deniable Proofs.” <i>23rd International Conference on Theory of Cryptography</i>, vol. 16271, Springer Nature, 2025, pp. 171–202, doi:<a href=\"https://doi.org/10.1007/978-3-032-12290-2_6\">10.1007/978-3-032-12290-2_6</a>.","apa":"Dujmovic, J., Günther, C. U., &#38; Pietrzak, K. Z. (2025). Space-deniable proofs. In <i>23rd International Conference on Theory of Cryptography</i> (Vol. 16271, pp. 171–202). Aarhus, Denmark: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-12290-2_6\">https://doi.org/10.1007/978-3-032-12290-2_6</a>","chicago":"Dujmovic, Jesko, Christoph Ullrich Günther, and Krzysztof Z Pietrzak. “Space-Deniable Proofs.” In <i>23rd International Conference on Theory of Cryptography</i>, 16271:171–202. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-032-12290-2_6\">https://doi.org/10.1007/978-3-032-12290-2_6</a>."},"date_created":"2025-12-21T23:01:33Z","scopus_import":"1","date_published":"2025-12-05T00:00:00Z","language":[{"iso":"eng"}],"publication":"23rd International Conference on Theory of Cryptography","type":"conference","doi":"10.1007/978-3-032-12290-2_6","title":"Space-deniable proofs","publication_identifier":{"isbn":["9783032122896"],"issn":["0302-9743"],"eissn":["1611-3349"]},"acknowledgement":"Jesko Dujmovic: Funded by the European Union (ERC, LACONIC, 101041207). Views and opinions expressed are however those of the author(s) only and do not necessarily reflect those of the European Union or the European Research Council. Neither the European Union nor the granting authority can be held responsible for them.\r\nChristoph U. Günther and Krzysztof Pietrzak: This research was funded in whole or in part by the Austrian Science Fund (FWF) 10.55776/F85. For open access purposes, the author has applied a CC BY public copyright license to any author-accepted manuscript version arising from this submission.","year":"2025","intvolume":"     16271"},{"OA_type":"green","day":"05","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","main_file_link":[{"url":"https://eprint.iacr.org/2025/375","open_access":"1"}],"page":"259-290","date_updated":"2025-12-29T11:51:13Z","publisher":"Springer Nature","author":[{"first_name":"Shweta","full_name":"Agrawal, Shweta","last_name":"Agrawal"},{"last_name":"Modi","full_name":"Modi, Anuja","first_name":"Anuja"},{"last_name":"Yadav","full_name":"Yadav, Anshu","first_name":"Anshu","id":"dc8f1524-403e-11ee-bf07-9649ad996e21"},{"full_name":"Yamada, Shota","last_name":"Yamada","first_name":"Shota"}],"_id":"20845","conference":{"start_date":"2025-12-01","name":"TCC: Theory of Cryptography","end_date":"2025-12-05","location":"Aarhus, Denmark"},"oa":1,"quality_controlled":"1","publication_status":"published","publication_identifier":{"eissn":["1611-3349"],"issn":["0302-9743"],"isbn":["9783032122926"]},"title":"Zeroizing attacks against evasive and circular evasive LWE","intvolume":"     16269","year":"2025","acknowledgement":"We thank Rachel Lin for expressing concern about the applicability of “HJL-style” attacks [15] on the construction in [2] during a talk by the first author about [2]. This was the starting point of the investigation that led us to develop the attack in [5, Sec 4.1]. The first author also thanks Hoeteck Wee for sharing his rationale for introducing evasive LWE.\r\nThe first author is supported by the CyStar center of excellence, the VHAR faculty chair, and the C3iHub fellowship. The third author thanks Cystar, IIT Madras, for supporting a visit to IIT Madras during which the collaboration was initiated. The 4th author is partly supported by JST CREST Grant Number JPMJCR22M1.","type":"conference","language":[{"iso":"eng"}],"publication":"23rd International Conference on Theory of Cryptography","date_published":"2025-12-05T00:00:00Z","scopus_import":"1","doi":"10.1007/978-3-032-12293-3_9","citation":{"apa":"Agrawal, S., Modi, A., Yadav, A., &#38; Yamada, S. (2025). Zeroizing attacks against evasive and circular evasive LWE. In <i>23rd International Conference on Theory of Cryptography</i> (Vol. 16269, pp. 259–290). Aarhus, Denmark: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-12293-3_9\">https://doi.org/10.1007/978-3-032-12293-3_9</a>","mla":"Agrawal, Shweta, et al. “Zeroizing Attacks against Evasive and Circular Evasive LWE.” <i>23rd International Conference on Theory of Cryptography</i>, vol. 16269, Springer Nature, 2025, pp. 259–90, doi:<a href=\"https://doi.org/10.1007/978-3-032-12293-3_9\">10.1007/978-3-032-12293-3_9</a>.","chicago":"Agrawal, Shweta, Anuja Modi, Anshu Yadav, and Shota Yamada. “Zeroizing Attacks against Evasive and Circular Evasive LWE.” In <i>23rd International Conference on Theory of Cryptography</i>, 16269:259–90. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-032-12293-3_9\">https://doi.org/10.1007/978-3-032-12293-3_9</a>.","ista":"Agrawal S, Modi A, Yadav A, Yamada S. 2025. Zeroizing attacks against evasive and circular evasive LWE. 23rd International Conference on Theory of Cryptography. TCC: Theory of Cryptography, LNCS, vol. 16269, 259–290.","ieee":"S. Agrawal, A. Modi, A. Yadav, and S. Yamada, “Zeroizing attacks against evasive and circular evasive LWE,” in <i>23rd International Conference on Theory of Cryptography</i>, Aarhus, Denmark, 2025, vol. 16269, pp. 259–290.","ama":"Agrawal S, Modi A, Yadav A, Yamada S. Zeroizing attacks against evasive and circular evasive LWE. In: <i>23rd International Conference on Theory of Cryptography</i>. Vol 16269. Springer Nature; 2025:259-290. doi:<a href=\"https://doi.org/10.1007/978-3-032-12293-3_9\">10.1007/978-3-032-12293-3_9</a>","short":"S. Agrawal, A. Modi, A. Yadav, S. Yamada, in:, 23rd International Conference on Theory of Cryptography, Springer Nature, 2025, pp. 259–290."},"alternative_title":["LNCS"],"OA_place":"repository","oa_version":"Preprint","date_created":"2025-12-21T23:01:33Z","department":[{"_id":"KrPi"}],"volume":16269,"abstract":[{"lang":"eng","text":"We develop new attacks against the Evasive LWE family of assumptions, in both the public and private-coin regime. To the best of our knowledge, ours are the first attacks against Evasive LWE in the public-coin regime, for any instantiation from the family. Our attacks are summarized below.\r\n\r\nPublic-Coin Attacks.\r\n1.The recent work by Hseih, Lin and Luo [17] constructed the first Attribute Based Encryption (ABE) for unbounded depth circuits by relying on the “circular” evasive LWE assumption. This assumption has been popularly considered as a safe, public-coin instance of Evasive LWE in contrast to its “private-coin” cousins (for instance, see [10, 11]).\r\nWe provide the first attack against this assumption, challenging the widely held belief that this is a public-coin assumption.\r\n2. We demonstrate a counter-example against vanilla public-coin evasive LWE by Wee [26] in an unnatural parameter regime. Our attack crucially relies on the error in the pre-condition being larger than the error in the post-condition, necessitating a refinement of the assumption.\r\n\r\nPrivate-Coin Attacks.\r\n1. The recent work by Agrawal, Kumari and Yamada [2] constructed the first functional encryption scheme for pseudorandom functionalities (PRFE) and extended this to obfuscation for pseudorandom functionalities (PRIO) [4] by relying on private-coin evasive LWE. We provide a new attack against the assumption stated in the first posting of their work (subsequently refined to avoid these attacks).\r\n2. The recent work by Branco et al. [8] (concurrently to [4]) provides a construction of obfuscation for pseudorandom functionalities by relying on private-coin evasive LWE. We provide a new attack against their stated assumption.\r\n3. Branco et al. [8] showed that there exist contrived, “self-referential” classes of pseudorandom functionalities for which pseudorandom obfuscation cannot exist. We extend their techniques to develop an analogous result for pseudorandom functional encryption.\r\n\r\nWhile Evasive LWE was developed to specifically avoid “zeroizing attacks”, our work shows that in certain settings, such attacks can still apply."}],"month":"12","article_processing_charge":"No","status":"public"},{"publication_identifier":{"eissn":["1611-3349"],"issn":["0302-9743"],"isbn":["9783032122896"]},"title":"Constrained verifiable random functions without obfuscation and friends","intvolume":"     16271","year":"2025","acknowledgement":"We thank Jonas Steinbach and Gertjan De Mulder for helpful discussions on BIP 32, Dennis Hofheinz and Julia Kastner for helpful discussions on early prototypes of our CVRF, and Klaus Kraßnitzer for running pairing benchmarks on his MacBook Pro.\r\nChristoph U. Günther: This research was funded in whole or in part by the Austrian Science Fund (FWF) 10.55776/F85. For open access purposes, the author has applied a CC BY public copyright license to any author-accepted manuscript version arising from this submission.","type":"conference","date_published":"2025-12-05T00:00:00Z","language":[{"iso":"eng"}],"publication":"23rd International Conference on Theory of Cryptography","scopus_import":"1","doi":"10.1007/978-3-032-12290-2_16","citation":{"apa":"Brandt, N., Cueto Noval, M., Günther, C. U., Ünal, A., &#38; Wohnig, S. (2025). Constrained verifiable random functions without obfuscation and friends. In <i>23rd International Conference on Theory of Cryptography</i> (Vol. 16271, pp. 478–511). Aarhus, Denmark: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-12290-2_16\">https://doi.org/10.1007/978-3-032-12290-2_16</a>","mla":"Brandt, Nicholas, et al. “Constrained Verifiable Random Functions without Obfuscation and Friends.” <i>23rd International Conference on Theory of Cryptography</i>, vol. 16271, Springer Nature, 2025, pp. 478–511, doi:<a href=\"https://doi.org/10.1007/978-3-032-12290-2_16\">10.1007/978-3-032-12290-2_16</a>.","chicago":"Brandt, Nicholas, Miguel Cueto Noval, Christoph Ullrich Günther, Akin Ünal, and Stella Wohnig. “Constrained Verifiable Random Functions without Obfuscation and Friends.” In <i>23rd International Conference on Theory of Cryptography</i>, 16271:478–511. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-032-12290-2_16\">https://doi.org/10.1007/978-3-032-12290-2_16</a>.","ista":"Brandt N, Cueto Noval M, Günther CU, Ünal A, Wohnig S. 2025. Constrained verifiable random functions without obfuscation and friends. 23rd International Conference on Theory of Cryptography. TCC: Theory of Cryptography, LNCS, vol. 16271, 478–511.","ieee":"N. Brandt, M. Cueto Noval, C. U. Günther, A. Ünal, and S. Wohnig, “Constrained verifiable random functions without obfuscation and friends,” in <i>23rd International Conference on Theory of Cryptography</i>, Aarhus, Denmark, 2025, vol. 16271, pp. 478–511.","ama":"Brandt N, Cueto Noval M, Günther CU, Ünal A, Wohnig S. Constrained verifiable random functions without obfuscation and friends. In: <i>23rd International Conference on Theory of Cryptography</i>. Vol 16271. Springer Nature; 2025:478-511. doi:<a href=\"https://doi.org/10.1007/978-3-032-12290-2_16\">10.1007/978-3-032-12290-2_16</a>","short":"N. Brandt, M. Cueto Noval, C.U. Günther, A. Ünal, S. Wohnig, in:, 23rd International Conference on Theory of Cryptography, Springer Nature, 2025, pp. 478–511."},"OA_place":"repository","alternative_title":["LNCS"],"oa_version":"Preprint","date_created":"2025-12-21T23:01:34Z","department":[{"_id":"KrPi"}],"volume":16271,"month":"12","abstract":[{"lang":"eng","text":"CVRFs are PRFs that unify the properties of verifiable and constrained PRFs. Since they were introduced concurrently by Fuchsbauer and Chandran-Raghuraman-Vinayagamurthy in 2014, it has been an open problem to construct CVRFs without using heavy machinery such as multilinear maps, obfuscation or functional encryption.\r\nWe solve this problem by constructing a prefix-constrained verifiable PRF that does not rely on the aforementioned assumptions. Essentially, our construction is a verifiable version of the Goldreich-Goldwasser-Micali PRF. To achieve verifiability we leverage degree-2 algebraic PRGs and bilinear groups. In short, proofs consist of intermediate values of the Goldreich-Goldwasser-Micali PRF raised to the exponents of group elements. These outputs can be verified using pairings since the underlying PRG is of degree 2.\r\nWe prove the selective security of our construction under the Decisional Square Diffie-Hellman (DSDH) assumption and a new assumption, which we dub recursive Decisional Diffie-Hellman (recursive DDH).\r\nWe prove the soundness of recursive DDH in the generic group model assuming the hardness of the Multivariate Quadratic (MQ) problem and a new variant thereof, which we call MQ+.\r\nLast, in terms of applications, we observe that our CVRF is also an exponent (C)VRF in the plain model. Exponent VRFs were recently introduced by Boneh et al. (Eurocrypt’25) with various applications to threshold cryptography in mind. In addition to that, we give further applications for prefix-CVRFs in the blockchain setting, namely, stake-pooling and compressible randomness beacons."}],"article_processing_charge":"No","status":"public","project":[{"grant_number":"F8509","name":"Security and Privacy by Design for Complex Systems","_id":"34a34d57-11ca-11ed-8bc3-a2688a8724e1"}],"OA_type":"green","day":"05","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","main_file_link":[{"open_access":"1","url":"https://eprint.iacr.org/2025/1045"}],"page":"478-511","date_updated":"2025-12-29T11:11:29Z","publisher":"Springer Nature","_id":"20846","author":[{"full_name":"Brandt, Nicholas","last_name":"Brandt","first_name":"Nicholas"},{"orcid":"0000-0002-2505-4246","last_name":"Cueto Noval","full_name":"Cueto Noval, Miguel","first_name":"Miguel","id":"ffc563a3-f6e0-11ea-865d-e3cce03d17cc"},{"first_name":"Christoph Ullrich","id":"ec98511c-eb8e-11eb-b029-edd25d7271a1","full_name":"Günther, Christoph Ullrich","last_name":"Günther"},{"id":"f6b56fb6-dc63-11ee-9dbf-f6780863a85a","first_name":"Akin","orcid":"0000-0002-8929-0221","last_name":"Ünal","full_name":"Ünal, Akin"},{"first_name":"Stella","last_name":"Wohnig","full_name":"Wohnig, Stella"}],"conference":{"name":"TCC: Theory of Cryptography","start_date":"2025-12-01","location":"Aarhus, Denmark","end_date":"2025-12-05"},"oa":1,"corr_author":"1","quality_controlled":"1","publication_status":"published"},{"ec_funded":1,"date_created":"2026-01-29T16:01:41Z","citation":{"mla":"Cano Cordoba, Filip, et al. “Algorithmic Fairness: A Runtime Perspective.” <i>25th International Conference on Runtime Verification</i>, vol. 16087, Springer Nature, 2025, pp. 1–21, doi:<a href=\"https://doi.org/10.1007/978-3-032-05435-7_1\">10.1007/978-3-032-05435-7_1</a>.","apa":"Cano Cordoba, F., Henzinger, T. A., &#38; Kueffner, K. (2025). Algorithmic fairness: A runtime perspective. In <i>25th International Conference on Runtime Verification</i> (Vol. 16087, pp. 1–21). Graz, Austria: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-05435-7_1\">https://doi.org/10.1007/978-3-032-05435-7_1</a>","chicago":"Cano Cordoba, Filip, Thomas A Henzinger, and Konstantin Kueffner. “Algorithmic Fairness: A Runtime Perspective.” In <i>25th International Conference on Runtime Verification</i>, 16087:1–21. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-032-05435-7_1\">https://doi.org/10.1007/978-3-032-05435-7_1</a>.","ieee":"F. Cano Cordoba, T. A. Henzinger, and K. Kueffner, “Algorithmic fairness: A runtime perspective,” in <i>25th International Conference on Runtime Verification</i>, Graz, Austria, 2025, vol. 16087, pp. 1–21.","ista":"Cano Cordoba F, Henzinger TA, Kueffner K. 2025. Algorithmic fairness: A runtime perspective. 25th International Conference on Runtime Verification. RV: Runtime Verification, LNCS, vol. 16087, 1–21.","ama":"Cano Cordoba F, Henzinger TA, Kueffner K. Algorithmic fairness: A runtime perspective. In: <i>25th International Conference on Runtime Verification</i>. Vol 16087. Springer Nature; 2025:1-21. doi:<a href=\"https://doi.org/10.1007/978-3-032-05435-7_1\">10.1007/978-3-032-05435-7_1</a>","short":"F. Cano Cordoba, T.A. Henzinger, K. Kueffner, in:, 25th International Conference on Runtime Verification, Springer Nature, 2025, pp. 1–21."},"alternative_title":["LNCS"],"OA_place":"repository","oa_version":"Preprint","status":"public","department":[{"_id":"ToHe"}],"abstract":[{"lang":"eng","text":"Fairness in AI is traditionally studied as a static property evaluated once, over a fixed dataset. However, real-world AI systems operate sequentially, with outcomes and environments evolving over time. This paper proposes a framework for analysing fairness as a runtime property. Using a minimal yet expressive model based on sequences of coin tosses with possibly evolving biases, we study the problems of monitoring and enforcing fairness expressed in either toss outcomes or coin biases. Since there is no one-size-fits-all solution for either problem, we provide a summary of monitoring and enforcement strategies, parametrised by environment dynamics, prediction horizon, and confidence thresholds. For both problems, we present general results under simple or minimal assumptions. We survey existing solutions for the monitoring problem for Markovian and additive dynamics, and existing solutions for the enforcement problem in static settings with known dynamics."}],"month":"09","volume":16087,"article_processing_charge":"No","intvolume":"     16087","year":"2025","acknowledgement":"This work is supported by the European Research Council under Grant No.: ERC-2020-AdG 101020093.","arxiv":1,"publication_identifier":{"eissn":["1611-3349"],"issn":["0302-9743"],"eisbn":["9783032054357"]},"title":"Algorithmic fairness: A runtime perspective","doi":"10.1007/978-3-032-05435-7_1","type":"conference","date_published":"2025-09-13T00:00:00Z","language":[{"iso":"eng"}],"publication":"25th International Conference on Runtime Verification","conference":{"start_date":"2025-09-15","name":"RV: Runtime Verification","end_date":"2025-09-19","location":"Graz, Austria"},"oa":1,"publisher":"Springer Nature","_id":"21090","author":[{"last_name":"Cano Cordoba","orcid":"0000-0002-0783-904X","full_name":"Cano Cordoba, Filip","id":"708cad98-e86a-11ef-8098-bdae2d7c6af1","first_name":"Filip"},{"last_name":"Henzinger","orcid":"0000-0002-2985-7724","full_name":"Henzinger, Thomas A","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","first_name":"Thomas A"},{"id":"8121a2d0-dc85-11ea-9058-af578f3b4515","first_name":"Konstantin","last_name":"Kueffner","orcid":"0000-0001-8974-2542","full_name":"Kueffner, Konstantin"}],"publication_status":"published","corr_author":"1","quality_controlled":"1","day":"13","OA_type":"green","external_id":{"arxiv":["2507.20711"]},"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","project":[{"_id":"62781420-2b32-11ec-9570-8d9b63373d4d","name":"Vigilant Algorithmic Monitoring of Software","grant_number":"101020093","call_identifier":"H2020"}],"page":"1-21","date_updated":"2026-02-16T11:57:00Z","main_file_link":[{"url":"https://doi.org/10.48550/arXiv.2507.20711","open_access":"1"}]},{"publication_status":"published","corr_author":"1","quality_controlled":"1","conference":{"start_date":"2025-09-15","name":"RV: Runtime Verification","end_date":"2025-09-19","location":"Graz, Austria"},"oa":1,"author":[{"last_name":"Henzinger","orcid":"0000-0002-2985-7724","full_name":"Henzinger, Thomas A","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","first_name":"Thomas A"},{"id":"8121a2d0-dc85-11ea-9058-af578f3b4515","first_name":"Konstantin","last_name":"Kueffner","orcid":"0000-0001-8974-2542","full_name":"Kueffner, Konstantin"},{"id":"20aa2ae8-f2f1-11ed-bbfa-8205053f1342","first_name":"Zhengqi","last_name":"Yu","orcid":"0000-0002-4993-773X","full_name":"Yu, Zhengqi"}],"_id":"21091","publisher":"Springer Nature","date_updated":"2026-02-16T11:53:25Z","page":"54-72","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2507.11987"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","day":"13","OA_type":"green","external_id":{"arxiv":["2507.11987"]},"project":[{"grant_number":"101020093","_id":"62781420-2b32-11ec-9570-8d9b63373d4d","name":"Vigilant Algorithmic Monitoring of Software","call_identifier":"H2020"}],"status":"public","month":"09","abstract":[{"lang":"eng","text":"Neural certificates have emerged as a powerful tool in cyber-physical systems control, providing witnesses of correctness. These certificates, such as barrier functions, often learned alongside control policies, once verified, serve as mathematical proofs of system safety. However, traditional formal verification of their defining conditions typically faces scalability challenges due to exhaustive state-space exploration. To address this challenge, we propose a lightweight runtime monitoring framework that integrates real-time verification and does not require access to the underlying control policy. Our monitor observes the system during deployment and performs on-the-fly verification of the certificate over a lookahead region to ensure safety within a finite prediction horizon. We instantiate this framework for ReLU-based control barrier functions and demonstrate its practical effectiveness in a case study. Our approach enables timely detection of safety violations and incorrect certificates with minimal overhead, providing an effective but lightweight alternative to the static verification of the certificates."}],"volume":16087,"article_processing_charge":"No","department":[{"_id":"ToHe"}],"date_created":"2026-01-29T16:03:01Z","ec_funded":1,"oa_version":"Preprint","citation":{"short":"T.A. Henzinger, K. Kueffner, E. Yu, in:, 25th International Conference on Runtime Verification, Springer Nature, 2025, pp. 54–72.","ama":"Henzinger TA, Kueffner K, Yu E. Formal verification of neural certificates done dynamically. In: <i>25th International Conference on Runtime Verification</i>. Vol 16087. Springer Nature; 2025:54-72. doi:<a href=\"https://doi.org/10.1007/978-3-032-05435-7_4\">10.1007/978-3-032-05435-7_4</a>","chicago":"Henzinger, Thomas A, Konstantin Kueffner, and Emily Yu. “Formal Verification of Neural Certificates Done Dynamically.” In <i>25th International Conference on Runtime Verification</i>, 16087:54–72. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-032-05435-7_4\">https://doi.org/10.1007/978-3-032-05435-7_4</a>.","mla":"Henzinger, Thomas A., et al. “Formal Verification of Neural Certificates Done Dynamically.” <i>25th International Conference on Runtime Verification</i>, vol. 16087, Springer Nature, 2025, pp. 54–72, doi:<a href=\"https://doi.org/10.1007/978-3-032-05435-7_4\">10.1007/978-3-032-05435-7_4</a>.","apa":"Henzinger, T. A., Kueffner, K., &#38; Yu, E. (2025). Formal verification of neural certificates done dynamically. In <i>25th International Conference on Runtime Verification</i> (Vol. 16087, pp. 54–72). Graz, Austria: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-05435-7_4\">https://doi.org/10.1007/978-3-032-05435-7_4</a>","ista":"Henzinger TA, Kueffner K, Yu E. 2025. Formal verification of neural certificates done dynamically. 25th International Conference on Runtime Verification. RV: Runtime Verification, LNCS, vol. 16087, 54–72.","ieee":"T. A. Henzinger, K. Kueffner, and E. Yu, “Formal verification of neural certificates done dynamically,” in <i>25th International Conference on Runtime Verification</i>, Graz, Austria, 2025, vol. 16087, pp. 54–72."},"OA_place":"repository","alternative_title":["LNCS"],"doi":"10.1007/978-3-032-05435-7_4","language":[{"iso":"eng"}],"date_published":"2025-09-13T00:00:00Z","publication":"25th International Conference on Runtime Verification","type":"conference","acknowledgement":"This work is supported by the European Research Council under Grant No.: ERC-2020-AdG 101020093.","intvolume":"     16087","year":"2025","title":"Formal verification of neural certificates done dynamically","publication_identifier":{"eisbn":["9783032054357"],"eissn":["1611-3349"],"issn":["0302-9743"]},"arxiv":1},{"type":"conference","date_published":"2025-09-13T00:00:00Z","language":[{"iso":"eng"}],"publication":"25th International Conference on Runtime Verification","doi":"10.1007/978-3-032-05435-7_9","publication_identifier":{"issn":["0302-9743"],"eissn":["1611-3349"],"eisbn":["9783032054357"]},"arxiv":1,"title":"Alignment monitoring","year":"2025","intvolume":"     16087","acknowledgement":"This work is supported by the European Research Council under Grant No.: ERC-2020-AdG 101020093.","department":[{"_id":"ToHe"}],"article_processing_charge":"No","month":"09","abstract":[{"text":"Formal verification provides assurances that a probabilistic system satisfies its specification—conditioned on the system model being aligned with reality. We propose alignment monitoring to watch that this assumption is justified. We consider a probabilistic model well aligned if it accurately predicts the behaviour of an uncertain system in advance. An alignment score measures this by quantifying the similarity between the model’s predicted and the system’s (unknown) actual distributions. An alignment monitor observes the system at runtime; at each point in time it uses the current state and the model to predict the next state. After the next state is observed, the monitor updates the verdict, which is a high-probability interval estimate for the true alignment score. We utilize tools from sequential forecasting to construct our alignment monitors. Besides a monitor for measuring the expected alignment score, we introduce a differential alignment monitor, designed for comparing two models, and a weighted alignment monitor, which permits task-specific alignment monitoring. We evaluate our monitors experimentally on the PRISM benchmark suite. They are fast, memory-efficient, and detect misalignment early.","lang":"eng"}],"volume":16087,"status":"public","alternative_title":["LNCS"],"OA_place":"repository","citation":{"ieee":"T. A. Henzinger, K. Kueffner, V. Singh, and I. Sun, “Alignment monitoring,” in <i>25th International Conference on Runtime Verification</i>, Graz, Austria, 2025, vol. 16087, pp. 140–159.","ista":"Henzinger TA, Kueffner K, Singh V, Sun I. 2025. Alignment monitoring. 25th International Conference on Runtime Verification. RV: Runtime Verification, LNCS, vol. 16087, 140–159.","apa":"Henzinger, T. A., Kueffner, K., Singh, V., &#38; Sun, I. (2025). Alignment monitoring. In <i>25th International Conference on Runtime Verification</i> (Vol. 16087, pp. 140–159). Graz, Austria: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-05435-7_9\">https://doi.org/10.1007/978-3-032-05435-7_9</a>","mla":"Henzinger, Thomas A., et al. “Alignment Monitoring.” <i>25th International Conference on Runtime Verification</i>, vol. 16087, Springer Nature, 2025, pp. 140–59, doi:<a href=\"https://doi.org/10.1007/978-3-032-05435-7_9\">10.1007/978-3-032-05435-7_9</a>.","chicago":"Henzinger, Thomas A, Konstantin Kueffner, Vasu Singh, and I Sun. “Alignment Monitoring.” In <i>25th International Conference on Runtime Verification</i>, 16087:140–59. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-032-05435-7_9\">https://doi.org/10.1007/978-3-032-05435-7_9</a>.","ama":"Henzinger TA, Kueffner K, Singh V, Sun I. Alignment monitoring. In: <i>25th International Conference on Runtime Verification</i>. Vol 16087. Springer Nature; 2025:140-159. doi:<a href=\"https://doi.org/10.1007/978-3-032-05435-7_9\">10.1007/978-3-032-05435-7_9</a>","short":"T.A. Henzinger, K. Kueffner, V. Singh, I. Sun, in:, 25th International Conference on Runtime Verification, Springer Nature, 2025, pp. 140–159."},"oa_version":"Preprint","date_created":"2026-01-29T16:03:43Z","ec_funded":1,"main_file_link":[{"url":"https://doi.org/10.48550/arXiv.2508.00021","open_access":"1"}],"page":"140-159","date_updated":"2026-02-16T11:56:38Z","project":[{"call_identifier":"H2020","_id":"62781420-2b32-11ec-9570-8d9b63373d4d","name":"Vigilant Algorithmic Monitoring of Software","grant_number":"101020093"}],"OA_type":"green","external_id":{"arxiv":["2508.00021"]},"day":"13","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","corr_author":"1","quality_controlled":"1","publication_status":"published","publisher":"Springer Nature","_id":"21092","author":[{"first_name":"Thomas A","id":"40876CD8-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0002-2985-7724","last_name":"Henzinger","full_name":"Henzinger, Thomas A"},{"last_name":"Kueffner","orcid":"0000-0001-8974-2542","full_name":"Kueffner, Konstantin","id":"8121a2d0-dc85-11ea-9058-af578f3b4515","first_name":"Konstantin"},{"id":"4DAE2708-F248-11E8-B48F-1D18A9856A87","first_name":"Vasu","full_name":"Singh, Vasu","last_name":"Singh"},{"first_name":"I","last_name":"Sun","full_name":"Sun, I"}],"oa":1,"conference":{"end_date":"2025-09-19","location":"Graz, Austria","start_date":"2025-09-15","name":"RV: Runtime Verification"}},{"quality_controlled":"1","corr_author":"1","publication_status":"published","author":[{"last_name":"Chalupa","full_name":"Chalupa, Marek","id":"87e34708-d6c6-11ec-9f5b-9391e7be2463","first_name":"Marek"},{"full_name":"Henzinger, Thomas A","last_name":"Henzinger","orcid":"0000-0002-2985-7724","first_name":"Thomas A","id":"40876CD8-F248-11E8-B48F-1D18A9856A87"},{"first_name":"Ana A","id":"8b282559-50b0-11ef-861e-d6ace0d92e9b","last_name":"Oliveira da Costa","full_name":"Oliveira da Costa, Ana A"}],"_id":"21093","publisher":"Springer Nature","oa":1,"conference":{"name":"RV: Runtime Verification","start_date":"2025-09-15","location":"Graz, Austria","end_date":"2025-09-19"},"main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2508.02301"}],"date_updated":"2026-02-16T11:59:20Z","page":"417-437","project":[{"name":"Vigilant Algorithmic Monitoring of Software","_id":"62781420-2b32-11ec-9570-8d9b63373d4d","grant_number":"101020093","call_identifier":"H2020"},{"grant_number":"F8502","name":"Interface Theory for Security and Privacy","_id":"34a1b658-11ca-11ed-8bc3-c75229f0241e"}],"user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","OA_type":"green","day":"13","external_id":{"arxiv":["2508.02301"]},"article_processing_charge":"No","abstract":[{"lang":"eng","text":"We propose a monitoring approach for hyperproperties where the system’s observations range over infinite domains. The specifications are given as formulas of symbolic hypernode logic, an extension of earlier versions of hypernode logic that supports events with data. We demonstrate how to translate terms of symbolic hypernode logic into multi-tape symbolic transducers and we present a monitoring algorithm for universally quantified formulas that is based on this translation. We evaluate our approach against the previous approach for monitoring hypernode logic, and we also compare it to other monitors for hyperproperties."}],"month":"09","volume":16087,"department":[{"_id":"ToHe"}],"status":"public","oa_version":"Preprint","OA_place":"repository","alternative_title":["LNCS"],"citation":{"apa":"Chalupa, M., Henzinger, T. A., &#38; Oliveira da Costa, A. A. (2025). Monitoring hypernode logic over infinite domains. In <i>25th International Conference on Runtime Verification</i> (Vol. 16087, pp. 417–437). Graz, Austria: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-05435-7_23\">https://doi.org/10.1007/978-3-032-05435-7_23</a>","mla":"Chalupa, Marek, et al. “Monitoring Hypernode Logic over Infinite Domains.” <i>25th International Conference on Runtime Verification</i>, vol. 16087, Springer Nature, 2025, pp. 417–37, doi:<a href=\"https://doi.org/10.1007/978-3-032-05435-7_23\">10.1007/978-3-032-05435-7_23</a>.","chicago":"Chalupa, Marek, Thomas A Henzinger, and Ana A Oliveira da Costa. “Monitoring Hypernode Logic over Infinite Domains.” In <i>25th International Conference on Runtime Verification</i>, 16087:417–37. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-032-05435-7_23\">https://doi.org/10.1007/978-3-032-05435-7_23</a>.","ista":"Chalupa M, Henzinger TA, Oliveira da Costa AA. 2025. Monitoring hypernode logic over infinite domains. 25th International Conference on Runtime Verification. RV: Runtime Verification, LNCS, vol. 16087, 417–437.","ieee":"M. Chalupa, T. A. Henzinger, and A. A. Oliveira da Costa, “Monitoring hypernode logic over infinite domains,” in <i>25th International Conference on Runtime Verification</i>, Graz, Austria, 2025, vol. 16087, pp. 417–437.","ama":"Chalupa M, Henzinger TA, Oliveira da Costa AA. Monitoring hypernode logic over infinite domains. In: <i>25th International Conference on Runtime Verification</i>. Vol 16087. Springer Nature; 2025:417-437. doi:<a href=\"https://doi.org/10.1007/978-3-032-05435-7_23\">10.1007/978-3-032-05435-7_23</a>","short":"M. Chalupa, T.A. Henzinger, A.A. Oliveira da Costa, in:, 25th International Conference on Runtime Verification, Springer Nature, 2025, pp. 417–437."},"date_created":"2026-01-29T16:04:31Z","ec_funded":1,"language":[{"iso":"eng"}],"date_published":"2025-09-13T00:00:00Z","publication":"25th International Conference on Runtime Verification","type":"conference","doi":"10.1007/978-3-032-05435-7_23","title":"Monitoring hypernode logic over infinite domains","arxiv":1,"publication_identifier":{"eisbn":["9783032054357"],"eissn":["1611-3349"],"issn":["0302-9743"]},"acknowledgement":"This work was supported in part by the ERC-2020-AdG 101020093 and in part by the FWF-2022-SFB F8502 (SPyCoDe).","year":"2025","intvolume":"     16087"},{"type":"conference","date_published":"2025-08-17T00:00:00Z","language":[{"iso":"eng"}],"publication":"45th Annual International Cryptology Conference","doi":"10.1007/978-3-032-01913-4_5","publication_identifier":{"eisbn":["9783032019134"],"isbn":["9783032019127"],"eissn":["1611-3349"],"issn":["0302-9743"]},"title":"Continuous group-key agreement: Concurrent updates without pruning","intvolume":"     16007","year":"2025","acknowledgement":"B. Auerbach and B. Erol—Conducted part of this work at ISTA.","department":[{"_id":"KrPi"}],"volume":16007,"abstract":[{"text":"Continuous Group Key Agreement (CGKA) is the primitive underlying secure group messaging. It allows a large group of N users to maintain a shared secret key that is frequently rotated by the\r\ngroup members in order to achieve forward secrecy and post compromise security. The group messaging scheme Messaging Layer Security (MLS) standardized by the IETF makes use of a CGKA called TreeKEM which arranges the N group members in a binary tree. Here, each node is associated with a public-key, each user is assigned one of the leaves, and a user knows the corresponding secret keys from their leaf to the root. To update the key material known to them, a user must just replace keys at log(N) nodes, which requires them to create and upload log(N) ciphertexts. Such updates must be processed sequentially by all users, which for large groups is impractical. To allow for concurrent updates, TreeKEM uses the “propose and commit” paradigm, where multiple users can concurrently propose to update (by just sampling a fresh leaf key), and a single user can then commit to all proposals at once. Unfortunately, this process destroys the binary tree structure as the tree gets pruned and some nodes must be “blanked” at the cost of increasing the in-degree of others, which makes the commit operation, as well as, future commits more costly. In the worst case, the update cost (in terms of uploaded ciphertexts) per user can grow from log(N) to Ω(N). In this work we provide two main contributions. First, we show that MLS’ communication complexity is bad not only in the worst case but also if the proposers and committers are chosen at random: even if there’s just one update proposal for every commit the expected cost is already over √N, and it approaches N as this ratio changes towards more proposals. Our second contribution is a new variant of propose and commit for\r\nTreeKEM which for moderate amounts of update proposals per commit provably achieves an update cost of Θ(log(N)) assuming the proposers and committers are chosen at random.","lang":"eng"}],"month":"08","article_processing_charge":"No","status":"public","citation":{"short":"B. Auerbach, M. Cueto Noval, B. Erol, K.Z. Pietrzak, in:, 45th Annual International Cryptology Conference, Springer Nature, 2025, pp. 141–172.","ama":"Auerbach B, Cueto Noval M, Erol B, Pietrzak KZ. Continuous group-key agreement: Concurrent updates without pruning. In: <i>45th Annual International Cryptology Conference</i>. Vol 16007. Springer Nature; 2025:141-172. doi:<a href=\"https://doi.org/10.1007/978-3-032-01913-4_5\">10.1007/978-3-032-01913-4_5</a>","ista":"Auerbach B, Cueto Noval M, Erol B, Pietrzak KZ. 2025. Continuous group-key agreement: Concurrent updates without pruning. 45th Annual International Cryptology Conference. CRYPTO: International Cryptology Conference, LNCS, vol. 16007, 141–172.","ieee":"B. Auerbach, M. Cueto Noval, B. Erol, and K. Z. Pietrzak, “Continuous group-key agreement: Concurrent updates without pruning,” in <i>45th Annual International Cryptology Conference</i>, Santa Barbara, CA, United States, 2025, vol. 16007, pp. 141–172.","chicago":"Auerbach, Benedikt, Miguel Cueto Noval, Boran Erol, and Krzysztof Z Pietrzak. “Continuous Group-Key Agreement: Concurrent Updates without Pruning.” In <i>45th Annual International Cryptology Conference</i>, 16007:141–72. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-032-01913-4_5\">https://doi.org/10.1007/978-3-032-01913-4_5</a>.","mla":"Auerbach, Benedikt, et al. “Continuous Group-Key Agreement: Concurrent Updates without Pruning.” <i>45th Annual International Cryptology Conference</i>, vol. 16007, Springer Nature, 2025, pp. 141–72, doi:<a href=\"https://doi.org/10.1007/978-3-032-01913-4_5\">10.1007/978-3-032-01913-4_5</a>.","apa":"Auerbach, B., Cueto Noval, M., Erol, B., &#38; Pietrzak, K. Z. (2025). Continuous group-key agreement: Concurrent updates without pruning. In <i>45th Annual International Cryptology Conference</i> (Vol. 16007, pp. 141–172). Santa Barbara, CA, United States: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-01913-4_5\">https://doi.org/10.1007/978-3-032-01913-4_5</a>"},"OA_place":"repository","alternative_title":["LNCS"],"oa_version":"Preprint","date_created":"2026-02-17T07:41:04Z","main_file_link":[{"open_access":"1","url":"https://eprint.iacr.org/2025/1035"}],"page":"141-172","date_updated":"2026-02-18T07:36:42Z","OA_type":"green","day":"17","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","quality_controlled":"1","publication_status":"published","publisher":"Springer Nature","author":[{"first_name":"Benedikt","id":"D33D2B18-E445-11E9-ABB7-15F4E5697425","full_name":"Auerbach, Benedikt","last_name":"Auerbach","orcid":"0000-0002-7553-6606"},{"first_name":"Miguel","id":"ffc563a3-f6e0-11ea-865d-e3cce03d17cc","last_name":"Cueto Noval","orcid":"0000-0002-2505-4246","full_name":"Cueto Noval, Miguel"},{"last_name":"Erol","full_name":"Erol, Boran","first_name":"Boran"},{"first_name":"Krzysztof Z","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","orcid":"0000-0002-9139-1654","last_name":"Pietrzak","full_name":"Pietrzak, Krzysztof Z"}],"_id":"21262","conference":{"name":"CRYPTO: International Cryptology Conference","start_date":"2025-08-17","end_date":"2025-08-21","location":"Santa Barbara, CA, United States"},"oa":1},{"oa_version":"Preprint","citation":{"chicago":"Belohorec, Juraj, Pavel Dvořák, Charlotte Hoffmann, Pavel Hubáček, Kristýna Mašková, and Martin Pastyřík. “On Extractability of the KZG Family of Polynomial Commitment Schemes.” In <i>45th Annual International Cryptology Conference</i>, 16005:584–616. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-032-01887-8_19\">https://doi.org/10.1007/978-3-032-01887-8_19</a>.","mla":"Belohorec, Juraj, et al. “On Extractability of the KZG Family of Polynomial Commitment Schemes.” <i>45th Annual International Cryptology Conference</i>, vol. 16005, Springer Nature, 2025, pp. 584–616, doi:<a href=\"https://doi.org/10.1007/978-3-032-01887-8_19\">10.1007/978-3-032-01887-8_19</a>.","apa":"Belohorec, J., Dvořák, P., Hoffmann, C., Hubáček, P., Mašková, K., &#38; Pastyřík, M. (2025). On extractability of the KZG family of polynomial commitment schemes. In <i>45th Annual International Cryptology Conference</i> (Vol. 16005, pp. 584–616). Santa Barbara, CA, United States: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-032-01887-8_19\">https://doi.org/10.1007/978-3-032-01887-8_19</a>","ieee":"J. Belohorec, P. Dvořák, C. Hoffmann, P. Hubáček, K. Mašková, and M. Pastyřík, “On extractability of the KZG family of polynomial commitment schemes,” in <i>45th Annual International Cryptology Conference</i>, Santa Barbara, CA, United States, 2025, vol. 16005, pp. 584–616.","ista":"Belohorec J, Dvořák P, Hoffmann C, Hubáček P, Mašková K, Pastyřík M. 2025. On extractability of the KZG family of polynomial commitment schemes. 45th Annual International Cryptology Conference. CRYPTO: International Cryptology Conference, LNCS, vol. 16005, 584–616.","short":"J. Belohorec, P. Dvořák, C. Hoffmann, P. Hubáček, K. Mašková, M. Pastyřík, in:, 45th Annual International Cryptology Conference, Springer Nature, 2025, pp. 584–616.","ama":"Belohorec J, Dvořák P, Hoffmann C, Hubáček P, Mašková K, Pastyřík M. On extractability of the KZG family of polynomial commitment schemes. In: <i>45th Annual International Cryptology Conference</i>. Vol 16005. Springer Nature; 2025:584-616. doi:<a href=\"https://doi.org/10.1007/978-3-032-01887-8_19\">10.1007/978-3-032-01887-8_19</a>"},"OA_place":"repository","alternative_title":["LNCS"],"date_created":"2026-02-18T10:59:58Z","volume":16005,"month":"08","abstract":[{"lang":"eng","text":"We present a unifying framework for proving the knowledge-soundness of KZG-like polynomial commitment schemes, encompassing both univariate and multivariate variants. By conceptualizing the proof technique of Lipmaa, Parisella, and Siim for the univariate KZG scheme (EUROCRYPT 2024), we present tools and falsifiable hardness assumptions that permit black-box extraction of the multivariate KZG scheme. Central to our approach is the notion of a canonical Proof-of-Knowledge of a Polynomial (PoKoP) of a polynomial commitment scheme, which we use to capture the extractability notion required in constructions of practical zk-SNARKs. We further present an explicit polynomial decomposition lemma for multivariate polynomials, enabling a more direct analysis of interpolating extractors and bridging the gap between univariate and multivariate commitments. Our results provide the first standard-model proofs of extractability for the multivariate KZG scheme and many of its variants under falsifiable assumptions."}],"article_processing_charge":"No","department":[{"_id":"KrPi"}],"status":"public","title":"On extractability of the KZG family of polynomial commitment schemes","publication_identifier":{"issn":["0302-9743"],"eissn":["1611-3349"],"isbn":["9783032018861"],"eisbn":["9783032018878"]},"acknowledgement":"Juraj Belohorec, Pavel Hubáček, and Kristýna Mašková were partially supported by the Academy of Sciences of the Czech Republic (RVO 67985840), Czech Science Foundation GAČR grant No. 25-16311S, and by Zircuit. Pavel Dvořák was supported by Czech Science Foundation GAČR grant No. 22-14872O. Juraj Belohorec and Kristýna Mašková were supported by the grant SVV–2025–260822.","intvolume":"     16005","year":"2025","language":[{"iso":"eng"}],"date_published":"2025-08-17T00:00:00Z","publication":"45th Annual International Cryptology Conference","type":"conference","doi":"10.1007/978-3-032-01887-8_19","_id":"21323","author":[{"last_name":"Belohorec","full_name":"Belohorec, Juraj","first_name":"Juraj"},{"full_name":"Dvořák, Pavel","last_name":"Dvořák","first_name":"Pavel"},{"full_name":"Hoffmann, Charlotte","orcid":"0000-0003-2027-5549","last_name":"Hoffmann","id":"0f78d746-dc7d-11ea-9b2f-83f92091afe7","first_name":"Charlotte"},{"first_name":"Pavel","full_name":"Hubáček, Pavel","last_name":"Hubáček"},{"first_name":"Kristýna","full_name":"Mašková, Kristýna","last_name":"Mašková"},{"last_name":"Pastyřík","full_name":"Pastyřík, Martin","first_name":"Martin"}],"publisher":"Springer Nature","conference":{"end_date":"2025-08-221","location":"Santa Barbara, CA, United States","start_date":"2025-08-17","name":"CRYPTO: International Cryptology Conference"},"oa":1,"quality_controlled":"1","publication_status":"published","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","day":"17","OA_type":"green","main_file_link":[{"url":"https://eprint.iacr.org/2025/514","open_access":"1"}],"date_updated":"2026-02-19T07:50:33Z","page":"584-616"},{"publication_identifier":{"isbn":["9783031827020"],"issn":["0302-9743"],"eissn":["1611-3349"]},"arxiv":1,"title":"1–2–3–Go! Policy synthesis for parameterized Markov decision processes via decision-tree learning and generalization","year":"2025","intvolume":"     15530","acknowledgement":"This research was funded in part by the DFG project 427755713 GOPro, the DFG GRK 2428 (ConVeY), the MUNI Award in Science and Humanities (MUNI/I/1757/2021) of the Grant Agency of Masaryk University, and the EU under MSCA grant agreement 101034413 (IST-BRIDGE).","type":"conference","scopus_import":"1","language":[{"iso":"eng"}],"publication":"26th International Conference on Verification, Model Checking, and Abstract Interpretation","date_published":"2025-01-23T00:00:00Z","doi":"10.1007/978-3-031-82703-7_5","OA_place":"repository","alternative_title":["LNCS"],"citation":{"ieee":"M. Azeem <i>et al.</i>, “1–2–3–Go! Policy synthesis for parameterized Markov decision processes via decision-tree learning and generalization,” in <i>26th International Conference on Verification, Model Checking, and Abstract Interpretation</i>, Denver, CO, United States, 2025, vol. 15530, pp. 97–120.","ista":"Azeem M, Chakraborty D, Kanav S, Kretinsky J, Mohagheghi M, Mohr S, Weininger M. 2025. 1–2–3–Go! Policy synthesis for parameterized Markov decision processes via decision-tree learning and generalization. 26th International Conference on Verification, Model Checking, and Abstract Interpretation. VMCAI: Verification, Model Checking, and Abstract Interpretation, LNCS, vol. 15530, 97–120.","chicago":"Azeem, Muqsit, Debraj Chakraborty, Sudeep Kanav, Jan Kretinsky, Mohammadsadegh Mohagheghi, Stefanie Mohr, and Maximilian Weininger. “1–2–3–Go! Policy Synthesis for Parameterized Markov Decision Processes via Decision-Tree Learning and Generalization.” In <i>26th International Conference on Verification, Model Checking, and Abstract Interpretation</i>, 15530:97–120. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-031-82703-7_5\">https://doi.org/10.1007/978-3-031-82703-7_5</a>.","apa":"Azeem, M., Chakraborty, D., Kanav, S., Kretinsky, J., Mohagheghi, M., Mohr, S., &#38; Weininger, M. (2025). 1–2–3–Go! Policy synthesis for parameterized Markov decision processes via decision-tree learning and generalization. In <i>26th International Conference on Verification, Model Checking, and Abstract Interpretation</i> (Vol. 15530, pp. 97–120). Denver, CO, United States: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-031-82703-7_5\">https://doi.org/10.1007/978-3-031-82703-7_5</a>","mla":"Azeem, Muqsit, et al. “1–2–3–Go! Policy Synthesis for Parameterized Markov Decision Processes via Decision-Tree Learning and Generalization.” <i>26th International Conference on Verification, Model Checking, and Abstract Interpretation</i>, vol. 15530, Springer Nature, 2025, pp. 97–120, doi:<a href=\"https://doi.org/10.1007/978-3-031-82703-7_5\">10.1007/978-3-031-82703-7_5</a>.","short":"M. Azeem, D. Chakraborty, S. Kanav, J. Kretinsky, M. Mohagheghi, S. Mohr, M. Weininger, in:, 26th International Conference on Verification, Model Checking, and Abstract Interpretation, Springer Nature, 2025, pp. 97–120.","ama":"Azeem M, Chakraborty D, Kanav S, et al. 1–2–3–Go! Policy synthesis for parameterized Markov decision processes via decision-tree learning and generalization. In: <i>26th International Conference on Verification, Model Checking, and Abstract Interpretation</i>. Vol 15530. Springer Nature; 2025:97-120. doi:<a href=\"https://doi.org/10.1007/978-3-031-82703-7_5\">10.1007/978-3-031-82703-7_5</a>"},"oa_version":"Preprint","ec_funded":1,"date_created":"2025-03-09T23:01:29Z","department":[{"_id":"KrCh"}],"article_processing_charge":"No","volume":15530,"month":"01","isi":1,"abstract":[{"text":"Despite the advances in probabilistic model checking, the scalability of the verification methods remains limited. In particular, the state space often becomes extremely large when instantiating parameterized Markov decision processes (MDPs) even with moderate values. Synthesizing policies for such huge MDPs is beyond the reach of available tools. We propose a learning-based approach to obtain a reasonable policy for such huge MDPs.\r\n\r\nThe idea is to generalize optimal policies obtained by model-checking small instances to larger ones using decision-tree learning. Consequently, our method bypasses the need for explicit state-space exploration of large models, providing a practical solution to the state-space explosion problem. We demonstrate the efficacy of our approach by performing extensive experimentation on the relevant models from the quantitative verification benchmark set. The experimental results indicate that our policies perform well, even when the size of the model is orders of magnitude beyond the reach of state-of-the-art analysis tools.","lang":"eng"}],"status":"public","project":[{"_id":"fc2ed2f7-9c52-11eb-aca3-c01059dda49c","name":"IST-BRIDGE: International postdoctoral program","grant_number":"101034413","call_identifier":"H2020"}],"day":"23","OA_type":"green","external_id":{"isi":["001446577100005"],"arxiv":["2410.18293"]},"user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","main_file_link":[{"url":"https://doi.org/10.48550/arXiv.2410.18293","open_access":"1"}],"page":"97-120","date_updated":"2025-09-30T10:46:54Z","publisher":"Springer Nature","author":[{"full_name":"Azeem, Muqsit","last_name":"Azeem","first_name":"Muqsit"},{"first_name":"Debraj","last_name":"Chakraborty","full_name":"Chakraborty, Debraj"},{"first_name":"Sudeep","full_name":"Kanav, Sudeep","last_name":"Kanav"},{"full_name":"Kretinsky, Jan","orcid":"0000-0002-8122-2881","last_name":"Kretinsky","id":"44CEF464-F248-11E8-B48F-1D18A9856A87","first_name":"Jan"},{"first_name":"Mohammadsadegh","last_name":"Mohagheghi","full_name":"Mohagheghi, Mohammadsadegh"},{"last_name":"Mohr","full_name":"Mohr, Stefanie","first_name":"Stefanie"},{"full_name":"Weininger, Maximilian","last_name":"Weininger","id":"02ab0197-cc70-11ed-ab61-918e71f56881","first_name":"Maximilian"}],"_id":"19375","oa":1,"conference":{"location":"Denver, CO, United States","end_date":"2025-01-21","start_date":"2025-01-20","name":"VMCAI: Verification, Model Checking, and Abstract Interpretation"},"quality_controlled":"1","publication_status":"published"},{"project":[{"name":"Formal Methods for Stochastic Models: Algorithms and Applications","_id":"0599E47C-7A3F-11EA-A408-12923DDC885E","grant_number":"863818","call_identifier":"H2020"}],"user_id":"317138e5-6ab7-11ef-aa6d-ffef3953e345","OA_type":"green","external_id":{"arxiv":["2411.12582"],"isi":["001537885900016"]},"day":"20","main_file_link":[{"open_access":"1","url":"https://doi.org/10.48550/arXiv.2411.12582"}],"date_updated":"2025-09-30T11:14:33Z","page":"244-265","author":[{"first_name":"Jan Matyáš","last_name":"Křišťan","full_name":"Křišťan, Jan Matyáš"},{"id":"130759D2-D7DD-11E9-87D2-DE0DE6697425","first_name":"Jakub","last_name":"Svoboda","orcid":"0000-0002-1419-3267","full_name":"Svoboda, Jakub"}],"_id":"19445","publisher":"Springer Nature","conference":{"location":"Chengdu, China","end_date":"2025-03-02","name":"WALCOM: International Conference and Workshops on Algorithms and Computation","start_date":"2025-02-28"},"oa":1,"quality_controlled":"1","publication_status":"published","title":"Reconfiguration using generalized token jumping","publication_identifier":{"issn":["0302-9743"],"eissn":["1611-3349"],"isbn":["9789819628445"]},"arxiv":1,"acknowledgement":"J. M. Křišťan acknowledges the support of the Czech Science Foundation Grant No. 24-12046S. This work was supported by the Grant Agency of the Czech Technical University in Prague, grant No. SGS23/205/OHK3/3T/18. J. Svoboda acknowledges the support of the ERC CoG 863818 (ForM-SMArt) grant.","intvolume":"     15411","year":"2025","date_published":"2025-02-20T00:00:00Z","language":[{"iso":"eng"}],"publication":"19th International Conference and Workshops on Algorithms and Computation","scopus_import":"1","type":"conference","doi":"10.1007/978-981-96-2845-2_16","oa_version":"Preprint","citation":{"ieee":"J. M. Křišťan and J. Svoboda, “Reconfiguration using generalized token jumping,” in <i>19th International Conference and Workshops on Algorithms and Computation</i>, Chengdu, China, 2025, vol. 15411, pp. 244–265.","ista":"Křišťan JM, Svoboda J. 2025. Reconfiguration using generalized token jumping. 19th International Conference and Workshops on Algorithms and Computation. WALCOM: International Conference and Workshops on Algorithms and Computation, LNCS, vol. 15411, 244–265.","chicago":"Křišťan, Jan Matyáš, and Jakub Svoboda. “Reconfiguration Using Generalized Token Jumping.” In <i>19th International Conference and Workshops on Algorithms and Computation</i>, 15411:244–65. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-981-96-2845-2_16\">https://doi.org/10.1007/978-981-96-2845-2_16</a>.","mla":"Křišťan, Jan Matyáš, and Jakub Svoboda. “Reconfiguration Using Generalized Token Jumping.” <i>19th International Conference and Workshops on Algorithms and Computation</i>, vol. 15411, Springer Nature, 2025, pp. 244–65, doi:<a href=\"https://doi.org/10.1007/978-981-96-2845-2_16\">10.1007/978-981-96-2845-2_16</a>.","apa":"Křišťan, J. M., &#38; Svoboda, J. (2025). Reconfiguration using generalized token jumping. In <i>19th International Conference and Workshops on Algorithms and Computation</i> (Vol. 15411, pp. 244–265). Chengdu, China: Springer Nature. <a href=\"https://doi.org/10.1007/978-981-96-2845-2_16\">https://doi.org/10.1007/978-981-96-2845-2_16</a>","short":"J.M. Křišťan, J. Svoboda, in:, 19th International Conference and Workshops on Algorithms and Computation, Springer Nature, 2025, pp. 244–265.","ama":"Křišťan JM, Svoboda J. Reconfiguration using generalized token jumping. In: <i>19th International Conference and Workshops on Algorithms and Computation</i>. Vol 15411. Springer Nature; 2025:244-265. doi:<a href=\"https://doi.org/10.1007/978-981-96-2845-2_16\">10.1007/978-981-96-2845-2_16</a>"},"alternative_title":["LNCS"],"OA_place":"repository","date_created":"2025-03-23T23:01:27Z","ec_funded":1,"month":"02","isi":1,"volume":15411,"abstract":[{"text":"In reconfiguration, we are given two solutions to a graph problem, such as Vertex Cover or Dominating Set, with each solution represented by a placement of tokens on vertices of the graph. Our task is to reconfigure one into the other using small steps while ensuring the intermediate configurations of tokens are also valid solutions. The two commonly studied settings are Token Jumping and Token Sliding, which allows moving a single token to an arbitrary or an adjacent vertex, respectively.\r\n\r\nWe introduce new rules that generalize Token Jumping, parameterized by the number of tokens allowed to move at once and by the maximum distance of each move. Our main contribution is identifying minimal rules that allow reconfiguring any possible given solution into any other for Independent Set, Vertex Cover, and Dominating Set. For each minimal rule, we also provide an efficient algorithm that finds a corresponding reconfiguration sequence.\r\n\r\nWe further focus on the rule that allows each token to move to an adjacent vertex in a single step. This natural variant turns out to be the minimal rule that guarantees reconfigurability for Vertex Cover. We determine the computational complexity of deciding whether a (shortest) reconfiguration sequence exists under this rule for the three studied problems. While reachability for Vertex Cover is shown to be in P, finding a shortest sequence is shown to be NP-complete. For Independent Set and Dominating Set, even reachability is shown to be PSPACE-complete.","lang":"eng"}],"article_processing_charge":"No","department":[{"_id":"KrCh"}],"status":"public"},{"page":"207-223","date_updated":"2025-11-05T07:52:35Z","main_file_link":[{"url":"https://eprint.iacr.org/2021/1539","open_access":"1"}],"OA_type":"green","day":"01","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","project":[{"_id":"0599E47C-7A3F-11EA-A408-12923DDC885E","name":"Formal Methods for Stochastic Models: Algorithms and Applications","grant_number":"863818","call_identifier":"H2020"}],"publication_status":"published","quality_controlled":"1","conference":{"end_date":"2024-09-20","location":"Bydgoszcz, Poland","name":"ESORICS: European Symposium on Research in Computer Security","start_date":"2024-09-16"},"oa":1,"publisher":"Springer Nature","author":[{"first_name":"Zeta","last_name":"Avarikioti","full_name":"Avarikioti, Zeta"},{"last_name":"Bastankhah","full_name":"Bastankhah, Mahsa","first_name":"Mahsa"},{"first_name":"Mohammad Ali","last_name":"Maddah-Ali","full_name":"Maddah-Ali, Mohammad Ali"},{"first_name":"Krzysztof Z","id":"3E04A7AA-F248-11E8-B48F-1D18A9856A87","full_name":"Pietrzak, Krzysztof Z","last_name":"Pietrzak","orcid":"0000-0002-9139-1654"},{"id":"130759D2-D7DD-11E9-87D2-DE0DE6697425","first_name":"Jakub","full_name":"Svoboda, Jakub","last_name":"Svoboda","orcid":"0000-0002-1419-3267"},{"first_name":"Michelle X","id":"2D82B818-F248-11E8-B48F-1D18A9856A87","orcid":"0009-0001-3676-4809","last_name":"Yeo","full_name":"Yeo, Michelle X"}],"_id":"19600","doi":"10.1007/978-3-031-82349-7_15","type":"conference","date_published":"2025-04-01T00:00:00Z","publication":"Computer Security. ESORICS 2024 International Workshops","language":[{"iso":"eng"}],"scopus_import":"1","intvolume":"     15263","year":"2025","acknowledgement":"This work was supported in part by the ERC CoG 863818 (ForM-SMArt), Austrian Science Fund (FWF) 10.55776/COE12, and MOE-T2EP20122-0014 (Data-Driven Distributed Algorithms) grants.","publication_identifier":{"eissn":["1611-3349"],"issn":["0302-9743"],"isbn":["9783031823480"]},"title":"Route discovery in private payment channel networks","status":"public","department":[{"_id":"KrPi"},{"_id":"KrCh"}],"month":"04","abstract":[{"lang":"eng","text":"In this work, we explore route discovery in private payment channel networks. We first determine what “ideal\" privacy for a routing protocol means in this setting. We observe that protocols achieving this strong privacy definition exist by leveraging Multi-Party Computation but they are inherently inefficient as they must involve the entire network. We then present protocols with weaker privacy guarantees but much better efficiency (involving only a small fraction of the nodes). The core idea is that both sender and receiver gossip a message which propagates through the network, and the moment any node in the network receives both messages, a path is found. In our first protocol the message is always sent to all neighbouring nodes with a delay proportional to the fees of that edge. In our second protocol the message is only sent to one neighbour chosen randomly with a probability proportional to its degree. We additionally propose a more realistic notion of privacy in order to measure the privacy leakage of our protocols in practice. Our realistic notion of privacy challenges an adversary that join the network with a fixed budget to create channels to guess the sender and receiver of a transaction upon receiving messages from our protocols. Simulations of our protocols on the Lightning network topology (for random transactions and uniform fees) show that 1) forming edges with high degree nodes is a more effective attack strategy for the adversary, 2) there is a tradeoff between the number of nodes involved in our protocols (privacy) and the optimality of the discovered path, and 3) our protocols involve a very small fraction of the network on average."}],"volume":15263,"article_processing_charge":"No","ec_funded":1,"date_created":"2025-04-20T22:01:28Z","citation":{"ieee":"Z. Avarikioti, M. Bastankhah, M. A. Maddah-Ali, K. Z. Pietrzak, J. Svoboda, and M. X. Yeo, “Route discovery in private payment channel networks,” in <i>Computer Security. ESORICS 2024 International Workshops</i>, Bydgoszcz, Poland, 2025, vol. 15263, pp. 207–223.","ista":"Avarikioti Z, Bastankhah M, Maddah-Ali MA, Pietrzak KZ, Svoboda J, Yeo MX. 2025. Route discovery in private payment channel networks. Computer Security. ESORICS 2024 International Workshops. ESORICS: European Symposium on Research in Computer Security, LNCS, vol. 15263, 207–223.","mla":"Avarikioti, Zeta, et al. “Route Discovery in Private Payment Channel Networks.” <i>Computer Security. ESORICS 2024 International Workshops</i>, vol. 15263, Springer Nature, 2025, pp. 207–23, doi:<a href=\"https://doi.org/10.1007/978-3-031-82349-7_15\">10.1007/978-3-031-82349-7_15</a>.","apa":"Avarikioti, Z., Bastankhah, M., Maddah-Ali, M. A., Pietrzak, K. Z., Svoboda, J., &#38; Yeo, M. X. (2025). Route discovery in private payment channel networks. In <i>Computer Security. ESORICS 2024 International Workshops</i> (Vol. 15263, pp. 207–223). Bydgoszcz, Poland: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-031-82349-7_15\">https://doi.org/10.1007/978-3-031-82349-7_15</a>","chicago":"Avarikioti, Zeta, Mahsa Bastankhah, Mohammad Ali Maddah-Ali, Krzysztof Z Pietrzak, Jakub Svoboda, and Michelle X Yeo. “Route Discovery in Private Payment Channel Networks.” In <i>Computer Security. ESORICS 2024 International Workshops</i>, 15263:207–23. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-031-82349-7_15\">https://doi.org/10.1007/978-3-031-82349-7_15</a>.","ama":"Avarikioti Z, Bastankhah M, Maddah-Ali MA, Pietrzak KZ, Svoboda J, Yeo MX. Route discovery in private payment channel networks. In: <i>Computer Security. ESORICS 2024 International Workshops</i>. Vol 15263. Springer Nature; 2025:207-223. doi:<a href=\"https://doi.org/10.1007/978-3-031-82349-7_15\">10.1007/978-3-031-82349-7_15</a>","short":"Z. Avarikioti, M. Bastankhah, M.A. Maddah-Ali, K.Z. Pietrzak, J. Svoboda, M.X. Yeo, in:, Computer Security. ESORICS 2024 International Workshops, Springer Nature, 2025, pp. 207–223."},"alternative_title":["LNCS"],"OA_place":"repository","oa_version":"Submitted Version"},{"day":"28","OA_type":"green","user_id":"2DF688A6-F248-11E8-B48F-1D18A9856A87","page":"385-415","date_updated":"2025-05-28T06:12:39Z","main_file_link":[{"open_access":"1","url":"https://www.research-collection.ethz.ch/handle/20.500.11850/732894"}],"conference":{"start_date":"2025-05-04","name":"EUROCRYPT: International Conference on the Theory and Applications of Cryptographic Techniques","end_date":"2025-05-08","location":"Madrid, Spain"},"oa":1,"publisher":"Springer Nature","_id":"19712","author":[{"orcid":"0000-0002-2505-4246","last_name":"Cueto Noval","full_name":"Cueto Noval, Miguel","first_name":"Miguel","id":"ffc563a3-f6e0-11ea-865d-e3cce03d17cc"},{"first_name":"Simon-Philipp","full_name":"Merz, Simon-Philipp","last_name":"Merz"},{"full_name":"Stählin, Patrick","last_name":"Stählin","first_name":"Patrick"},{"id":"f6b56fb6-dc63-11ee-9dbf-f6780863a85a","first_name":"Akin","full_name":"Ünal, Akin","last_name":"Ünal","orcid":"0000-0002-8929-0221"}],"publication_status":"published","quality_controlled":"1","corr_author":"1","intvolume":"     15606","year":"2025","acknowledgement":"We thank Pierre Briaud and Morten Øygarden for helpful discussions on algebraic attacks on RSD, and the EC reviewers for helpful comments.","publication_identifier":{"isbn":["9783031910944"],"eisbn":["9783031910951"],"issn":["0302-9743"],"eissn":["1611-3349"]},"title":"On the soundness of algebraic attacks against code-based assumptions","doi":"10.1007/978-3-031-91095-1_14","type":"conference","publication":"44th Annual International Conference on the Theory and Applications of Cryptographic Techniques","date_published":"2025-04-28T00:00:00Z","language":[{"iso":"eng"}],"scopus_import":"1","date_created":"2025-05-19T14:15:01Z","citation":{"ista":"Cueto Noval M, Merz S-P, Stählin P, Ünal A. 2025. On the soundness of algebraic attacks against code-based assumptions. 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques. EUROCRYPT: International Conference on the Theory and Applications of Cryptographic Techniques, LNCS, vol. 15606, 385–415.","ieee":"M. Cueto Noval, S.-P. Merz, P. Stählin, and A. Ünal, “On the soundness of algebraic attacks against code-based assumptions,” in <i>44th Annual International Conference on the Theory and Applications of Cryptographic Techniques</i>, Madrid, Spain, 2025, vol. 15606, pp. 385–415.","apa":"Cueto Noval, M., Merz, S.-P., Stählin, P., &#38; Ünal, A. (2025). On the soundness of algebraic attacks against code-based assumptions. In <i>44th Annual International Conference on the Theory and Applications of Cryptographic Techniques</i> (Vol. 15606, pp. 385–415). Madrid, Spain: Springer Nature. <a href=\"https://doi.org/10.1007/978-3-031-91095-1_14\">https://doi.org/10.1007/978-3-031-91095-1_14</a>","mla":"Cueto Noval, Miguel, et al. “On the Soundness of Algebraic Attacks against Code-Based Assumptions.” <i>44th Annual International Conference on the Theory and Applications of Cryptographic Techniques</i>, vol. 15606, Springer Nature, 2025, pp. 385–415, doi:<a href=\"https://doi.org/10.1007/978-3-031-91095-1_14\">10.1007/978-3-031-91095-1_14</a>.","chicago":"Cueto Noval, Miguel, Simon-Philipp Merz, Patrick Stählin, and Akin Ünal. “On the Soundness of Algebraic Attacks against Code-Based Assumptions.” In <i>44th Annual International Conference on the Theory and Applications of Cryptographic Techniques</i>, 15606:385–415. Springer Nature, 2025. <a href=\"https://doi.org/10.1007/978-3-031-91095-1_14\">https://doi.org/10.1007/978-3-031-91095-1_14</a>.","ama":"Cueto Noval M, Merz S-P, Stählin P, Ünal A. On the soundness of algebraic attacks against code-based assumptions. In: <i>44th Annual International Conference on the Theory and Applications of Cryptographic Techniques</i>. Vol 15606. Springer Nature; 2025:385-415. doi:<a href=\"https://doi.org/10.1007/978-3-031-91095-1_14\">10.1007/978-3-031-91095-1_14</a>","short":"M. Cueto Noval, S.-P. Merz, P. Stählin, A. Ünal, in:, 44th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Springer Nature, 2025, pp. 385–415."},"OA_place":"repository","alternative_title":["LNCS"],"oa_version":"Submitted Version","status":"public","department":[{"_id":"KrPi"}],"abstract":[{"lang":"eng","text":"We study recent algebraic attacks (Briaud-Øygarden EC’23) on the Regular Syndrome Decoding (RSD) problem and the assumptions underlying the correctness of their attacks’ complexity estimates. By relating these assumptions to interesting algebraic-combinatorial problems, we prove that they do not hold in full generality. However, we show that they are (asymptotically) true for most parameter sets, supporting the soundness of algebraic attacks on RSD. Further, we prove—without any heuristics or assumptions—that RSD can be broken in polynomial time whenever the number of error blocks times the square of the size of error blocks is larger than 2 times the square of the dimension of the code.\r\nAdditionally, we use our methodology to attack a variant of the Learning With Errors problem where each error term lies in a fixed set of constant size. We prove that this problem can be broken in polynomial time, given a sufficient number of samples. This result improves on the seminal work by Arora and Ge (ICALP’11), as the attack’s time complexity is independent of the LWE modulus."}],"month":"04","volume":15606,"article_processing_charge":"No"}]