Symphony: Threshold Evaluation of Symmetric Primitives (AES, SHA2, SHA3, G-/C-/H-/KMAC)

"Preview Talk" (by Team Symphony) @ MPTS 2026, in reply to the NIST Threshold Call

Abstract: This talk will give a preview overview of the package submission Symphony which is a protocol family to securely evaluate the AES block cipher, the hash functions SHA2 and SHA3, and the MAC schemes G-/C-/H- and KMAC in the three-party honest majority setting. The underlying MPC technique is based on replicated secret sharing over Boolean extension fields, combined with oblivious table lookup protocols. We target active security with abort and also cover the specification of a separate gadget for preprocessing of random one-hot vector correlations. The talk includes a summary on replicated secret sharing over Boolean extension fields, gives details on the oblivious lookup table techniques by Morita et al. (Usenix Security 2025) and shows the interconnection between different modules in the submission package. We will also present preliminary benchmark results for secure AES enciphering.

Joint work: Hiraku Morita, Erik Pohle, Peter Scholl, Daniel Tschudi.

[Slides] Suggested readings:

• Preview Writeup: Threshold Evaluation of Symmetric Primitives: A protocol family for threshold AES, SHA2, SHA3 and G-/C-/H-/KMAC evaluation in the three-party, honest majority setting
• MAESTRO: Multi-party AES using Lookup Tables (ia.cr/2024/1317)