Table of contents

  • This session has been presented April 07, 2006.

Description

  • Speaker

    Mathieu Baudet - ENS Cachan

Designing secure protocols based on passwords is a difficult task. Indeed, passwords, and more generally low-entropy secrets, are potentially vulnerable to guessing attacks, that is, exhaustive, "brute force" searches. Preventing guessing attacks typically requires a protocol to conceal any partial information on the password (e.g. its checksum) which could help the attacker confirm his guess during the searching process.<br/> Ensuring such a property is not obvious. Based on the seminal work of Lowe, several models and automatic tools have been proposed to analyze protocols with respect to guessing attacks. Unfortunately, these works rely on different symbolic models for which no computational justifications exist so far. (That is, a protocol may be secure in a symbolic model, and yet a feasible attack exists.) In this talk, we will study a recent, symbolic definition of security against guessing attacks, based on static equivalence. First, we will present a decision procedure for a large class of protocols, for a finite number of sessions. Then, we will provide a computational justification in the case of a passive adversary, that is, a pure eavesdropper. [This part is a joint work with M. Abadi and B. Warinschi.]

Next sessions

  • Post-Quantum Public-Key Pseudorandom Correlation Functions for OT

    • December 12, 2025 (13:45 - 14:45)

    • Salle Guernesey à l'ISTIC

    Speaker : Mahshid Riahinia - ENS, CNRS

    Public-Key Pseudorandom Correlation Functions (PK-PCF) are an exciting recent primitive introduced to enable fast secure computation. Despite significant advances in the group-based setting, success in the post-quantum regime has been much more limited. In this talk, I will introduce an efficient lattice-based PK-PCF for the string OT correlation. At the heart of our result lie several technical[…]

  • Predicting Module-Lattice Reduction

    • December 19, 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Paola de Perthuis - CWI

    Is module-lattice reduction better than unstructured lattice reduction? This question was highlighted as `Q8' in the Kyber NIST standardization submission (Avanzi et al., 2021), as potentially affecting the concrete security of Kyber and other module-lattice-based schemes. Foundational works on module-lattice reduction (Lee, Pellet-Mary, Stehlé, and Wallet, ASIACRYPT 2019; Mukherjee and Stephens[…]

    • Cryptography

Show previous sessions
Page top