Sommaire

  • Cet exposé a été présenté le 14 mars 2025 (13:45 - 14:45).

Description

  • Orateur

    Sina Schaeffler - IBM Research

SQIsign is an isogeny-based signature scheme which has recently advanced to round 2 of NIST's call for additional post-quantum signatures. A central operation in SQIsign is lattice reduction of special full-rank lattices in dimension 4. As these input lattices are secret, this computation must be protected against side-channel attacks. However, known lattice reduction algorithms like the famous LLL algorithm are not naturally constant-time.

This talk presents a new, constant-time lattice reduction algorithm, developed in collaboration with Ottó Hanyecz, Alexander Karenin, Elena Kirshanova and Péter Kutas. We first give a short introduction to SQIsign without detailing its inner workings. Then, we analyze different existing lattice reduction algorithms, and present our constant-time version, which is based on the BKZ-2 algorithm. Finally, we explain some implementation choices and discuss the performance using two sets of parameters: one for provable guarantees on its output, and one for speed with a reasonable success rate.

Eprint: https://eprint.iacr.org/2025/027

Infos pratiques

Prochains exposés

  • CryptoVerif: a computationally-sound security protocol verifier

    • 05 septembre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Bruno Blanchet - Inria

    CryptoVerif is a security protocol verifier sound in the computational model of cryptography. It produces proofs by sequences of games, like those done manually by cryptographers. It has an automatic proof strategy and can also be guided by the user. It provides a generic method for specifying security assumptions on many cryptographic primitives, and can prove secrecy, authentication, and[…]
    • Cryptography

Voir les exposés passés