522 results
-
New Representations of the AES Key Schedule
Speaker : Clara Pernot - INRIA Paris
In this talk we present a new representation of the AES key schedule, with some implications to the security of AES-based schemes. In particular, we show that the AES-128 key schedule can be split into four independent parallel computations operating on 32 bits chunks, up to linear transformation. Surprisingly, this property has not been described in the literature after more than 20 years of[…] -
Syndrome Decoding in the Head – Shorter Signatures from Zero-Knowledge proofs
Speaker : Thibauld Feneuil - CryptoExperts et Sorbonne Université
In this talk, I will present a new zero-knowledge proof of knowledge for the syndrome decoding (SD) problem on random linear codes. Instead of using permutations like most of the existing protocols, we rely on the MPC-in-the-head paradigm in which we reduce the task of proving the low Hamming weight of the SD solution to proving some relations between specific polynomials. Specifically, we propose[…] -
Binary codes, hyperelliptic curves, and the Serre bound
Speaker : Ivan Pogildiakov - Rennes
TBA lien: https://seminaire-c2.inria.fr/ -
Isogenies over Hessian Model of Elliptic Curves
Speaker : Emmanuel Fouotsa - Université de Bamenda
In this talk we present explicit formulas for isogenies between elliptic curves in (twisted) Hessian form. We examine the numbers of operations in the base field to compute the formulas. In comparison with other isogeny formulas, we note that the obtained formulas for twisted Hessian curves have the lowest costs for processing the kernel and the X-affine formula has the lowest cost for processing[…] -
New uses in Symmetric Cryptography: from Cryptanalysis to Designing
Speaker : Clémence Bouvier - INRIA
New symmetric primitives are being designed to be run in abstract settings such as Multi-Party Computations (MPC) or Zero-Knowledge (ZK) proof systems. More particularly, these protocols have highlighted the need to minimize the number of multiplications performed by the primitive in large finite fields.<br/> As the number of such primitives grows, it is important to better understand the[…] -
On Rejection Sampling in Lyubashevsky's Signature Scheme
Speaker : Julien Devevey - ENS de Lyon
Lyubashevsky’s signatures are based on the Fiat-Shamir with aborts paradigm, whose central ingredient is the use of rejection sampling to transform (secret-key-dependent) signature samples into samples from a secret-key-independent distribution. The choice of these two underly- ing distributions is part of the rejection sampling strategy, and various instantiations have been considered up to this[…]