Sommaire

  • Cet exposé a été présenté le 24 mai 2019.

Description

  • Orateur

    Alice Pellet-Mary - ENS de Lyon

Finding a short non zero vector in an Euclidean lattice is a well-studied problem which has proven useful to construct many cryptographic primitives. The current best asymptotic algorithm to find a relatively short vector in an arbitrary lattice is the BKZ algorithm. This algorithm recovers a vector which is at most $2^{n^{\alpha}}$ times larger than the shortest non zero vector in time $2^{n^{1-\alpha}}$ for any $\alpha$ between 0 and 1.<br/> In order to gain in efficiency, it is sometimes interesting to use structured lattices instead of general lattices. An example of such structured lattices are ideal lattices. One may then wonder whether, on the security front, it is easier to find short vectors in a structured lattice or not. Until 2016, there was no known algorithm which would perform better on ideal lattices than the BKZ algorithm (either classically or quantumly). In 2016 and 2017, Cramer-Ducas-Peikert-Regev and Cramer-Ducas-Wesolowski proposed a quantum algorithm that finds a $2^{\sqrt n}$ approximation of the shortest non zero vector in polynomial time. However, the BKZ algorithm remained the best algorithm in the classical setting or for approximation factor smaller than $2^{\sqrt n}$ in the quantum setting.<br/> In this talk, I will present an algorithm that extends the one of Cramer et al. and improves upon the BKZ algorithm for ideal lattices, both quantumly and classically. This algorithm is heuristic and non uniform (i.e., it requires an exponential time pre-processing).<br/> lien: http://desktop.visio.renater.fr/scopia?ID=723420***3028&autojoin

Prochains exposés

  • Efficient zero-knowledge proofs and arguments in the CL framework

    • 07 mars 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Agathe Beaugrand - Institut de Mathématiques de Bordeaux

    The CL encryption scheme, proposed in 2015 by Castagnos and Laguillaumie, is a linearly homomorphic encryption scheme, based on class groups of imaginary quadratic fields. The specificity of these groups is that their order is hard to compute, which means it can be considered unknown. This particularity, while being key in the security of the scheme, brings technical challenges in working with CL,[…]

  • Constant-time lattice reduction for SQIsign

    • 14 mars 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Sina Schaeffler - IBM Research

    SQIsign is an isogeny-based signature scheme which has recently advanced to round 2 of NIST's call for additional post-quantum signatures. A central operation in SQIsign is lattice reduction of special full-rank lattices in dimension 4. As these input lattices are secret, this computation must be protected against side-channel attacks. However, known lattice reduction algorithms like the famous[…]

  • Circuit optimisation problems in the context of homomorphic encryption

    • 21 mars 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Sergiu Carpov - Arcium

    Fully homomorphic encryption (FHE) is an encryption scheme that enables the direct execution of arbitrary computations on encrypted data. The first generation of FHE schemes began with Gentry's groundbreaking work in 2019. It relies on a technique called bootstrapping, which reduces noise in FHE ciphertexts. This construction theoretically enables the execution of any arithmetic circuit, but[…]

  • TBD

    • 28 mars 2025 (13:45 - 14:45)

    • Salle Guernesey, ISTIC

    Orateur : Maria Corte-Real Santos - ENS Lyon

    TBD

    • Cryptography

  • Journées C2

    • 04 avril 2025 (00:00 - 18:00)

    • Pornichet

Voir les exposés passés
Haut de page