536 results
-
On the (In)Security of IPsec in MAC-then-Encrypt Configurations.
Speaker : Jean Paul Degabriele - Royal Holloway, University of London
IPsec allows a huge amount of flexibility in the ways in which its component cryptographic mechanisms can be combined to build a secure communications service. This may be good for supporting different security requirements but is potentially bad for security. We demonstrate the reality of this by describing efficient, plaintext-recovering attacks against all configurations of IPsec in which[…] -
An explicit description of (log) de Rham cohomology over the Witt vector
Speaker : Moritz Minzlaff - Technische Universität Berlin
Motivated by applications to computing zeta functions, we will discuss the log de Rham and de Rham cohomologies of smooth schemes (together with 'nice' divisors) over the Witt vectors. For the former, we will give an explicit description that eventually might lead to improvements to point counting algorithms. Regarding the latter, we will measure "how far" the de Rham cohomology of a curve is from[…] -
Towards Automatic Verification of Security Proofs for
Speaker : Marion Daubrignard - Verimag
Providing security proofs instead of arguing lack of existing relevant attacks is a quite new approach when it comes to cryptography. In the last thirty years, a lot of work has been done to formalize security of systems and prove of the achievement of security criteria. It has resulted in the design of a great number of proofs under various hypotheses. Though a step in the right direction, these[…] -
On Ideal Lattices and Learning with Errors Over Rings
Speaker : Vadim Lyubashevsky - ENS
The "learning with errors'' (LWE) problem is to distinguish random linear equations, which have been perturbed by a small amount of noise, from truly uniform ones. The problem has been shown to be as hard as worst-case lattice problems, and in recent years it has served as the foundation for a plethora of cryptographic applications. Unfortunately, these applications are rather inefficient due to[…] -
Utilisation des symétries pour la résolution du problème de
Speaker : Louise Huot - LIP6
Récemment Diem et Gaudry ont introduit indépendemment une méthode de résolution du DLP sur les courbes elliptiques définies sur un corps fini non premier K, de degré d'extension n > 1 sur le corps de base k. Cet algorithme repose sur le principe général du calcul d'indice. Une étape cruciale de cet algorithme nécessite de décomposer des points de la courbe E(K) selon une base de facteurs. C'est à[…] -
Analysis of BKZ
Speaker : Xavier Pujol - ENS Lyon
Strong lattice reduction is the key element for most attacks against lattice-based cryptosystems. Between the strongest but impractical HKZ reduction and the weak but fast LLL reduction, there have been several attempts to find efficient trade-offs. Among them, the BKZ algorithm introduced by Schnorr and Euchner in 1991 seems to achieve the best time/quality compromise in practice. However, no[…]