Table of contents

  • This session has been presented November 19, 2021.

Description

  • Speaker

    Thomas Prest - PQShield

Continuous group key agreements (CGKAs) are a class of protocols that can provide strong security guarantees to secure group messaging protocols such as Signal and MLS. Protection against device compromise is provided by commit messages: at a regular rate, each group member may refresh their key material by uploading a commit message, which is then downloaded and processed by all the other members. In practice, propagating commit messages dominates the bandwidth consumption of existing CGKAs. We propose Chained CmPKE, a CGKA with an asymmetric bandwidth cost: in a group of N members, a commit message costs O(N) to upload and O(1) to download, for a total bandwidth cost of O(N). In contrast, TreeKEM costs Ω(log N) in both directions, for a total cost Ω(N logN). Our protocol relies on generic primitives, and is therefore readily post-quantum.<br/> We go one step further and propose post-quantum primitives that are tailored to Chained CmPKE, which allows us to cut the growth rate of uploaded commit messages by two or three orders of magnitude compared to naive instantiations. Finally, we realize a software implementation of Chained CmPKE. Our experiments show that even for groups with a size as large as N=2^10, commit messages can be computed and processed in less than 100 ms.<br/> This talk is based on joint work with Keitaro Hashimoto, Shuichi Katsumata, Eamonn Postlethwaite and Bas Westerbaan. Link to the full article: https://eprint.iacr.org/2021/1407.<br/&gt; lien: https://univ-rennes1-fr.zoom.us/j/97066341266?pwd=RUthOFV5cm1uT0ZCQVh6QUcrb1drQT09

Next sessions

  • Efficient zero-knowledge proofs and arguments in the CL framework

    • March 07, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Agathe Beaugrand - Institut de Mathématiques de Bordeaux

    The CL encryption scheme, proposed in 2015 by Castagnos and Laguillaumie, is a linearly homomorphic encryption scheme, based on class groups of imaginary quadratic fields. The specificity of these groups is that their order is hard to compute, which means it can be considered unknown. This particularity, while being key in the security of the scheme, brings technical challenges in working with CL,[…]

  • Constant-time lattice reduction for SQIsign

    • March 14, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Sina Schaeffler - IBM Research

    SQIsign is an isogeny-based signature scheme which has recently advanced to round 2 of NIST's call for additional post-quantum signatures. A central operation in SQIsign is lattice reduction of special full-rank lattices in dimension 4. As these input lattices are secret, this computation must be protected against side-channel attacks. However, known lattice reduction algorithms like the famous[…]

  • Circuit optimisation problems in the context of homomorphic encryption

    • March 21, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Sergiu Carpov - Arcium

    Fully homomorphic encryption (FHE) is an encryption scheme that enables the direct execution of arbitrary computations on encrypted data. The first generation of FHE schemes began with Gentry's groundbreaking work in 2019. It relies on a technique called bootstrapping, which reduces noise in FHE ciphertexts. This construction theoretically enables the execution of any arithmetic circuit, but[…]

  • TBD

    • March 28, 2025 (13:45 - 14:45)

    • Salle Guernesey, ISTIC

    Speaker : Maria Corte-Real Santos - ENS Lyon

    TBD

    • Cryptography

  • Journées C2

    • April 04, 2025 (00:00 - 18:00)

    • Pornichet

Show previous sessions
Page top