Description
The CL encryption scheme, proposed in 2015 by Castagnos and Laguillaumie, is a linearly homomorphic encryption scheme, based on class groups of imaginary quadratic fields. The specificity of these groups is that their order is hard to compute, which means it can be considered unknown. This particularity, while being key in the security of the scheme, brings technical challenges in working with CL, especially in the design of zero-knowledge protocols.
To overcome these difficulties, we define a new notion of soundness, called soundness with partial extractability, that is especially suited to the CL framework. Thanks to partial extractability, we design efficient zero-knowledge proofs and arguments for different CL-related statements. In this talk, after motivating the necessity of efficient protocols in the CL context, I will introduce this new notion and present a batched proof of correct encryption.
Infos pratiques
Prochains exposés
-
Constant-time lattice reduction for SQIsign
Orateur : Sina Schaeffler
SQIsign is an isogeny-based signature scheme which has recently advanced to round 2 of NIST's call for additional post-quantum signatures. A central operation in SQIsign is lattice reduction of special full-rank lattices in dimension 4. As these input lattices are secret, this computation must be protected against side-channel attacks. However, known lattice reduction algorithms like the famous[…] -
Circuit optimisation problems in the context of homomorphic encryption
Orateur : Sergiu Carpov - Arcium
Fully homomorphic encryption (FHE) is an encryption scheme that enables the direct execution of arbitrary computations on encrypted data. The first generation of FHE schemes began with Gentry's groundbreaking work in 2019. It relies on a technique called bootstrapping, which reduces noise in FHE ciphertexts. This construction theoretically enables the execution of any arithmetic circuit, but[…]