
BEGIN:VCALENDAR
VERSION:2.0
PRODID:-//Laboratoire de Mathématiques de Versailles - ECPv6.15.20//NONSGML v1.0//EN
CALSCALE:GREGORIAN
METHOD:PUBLISH
X-WR-CALNAME:Laboratoire de Mathématiques de Versailles
X-ORIGINAL-URL:https://lmv.math.cnrs.fr
X-WR-CALDESC:Évènements pour Laboratoire de Mathématiques de Versailles
REFRESH-INTERVAL;VALUE=DURATION:PT1H
X-Robots-Tag:noindex
X-PUBLISHED-TTL:PT1H
BEGIN:VTIMEZONE
TZID:Europe/Paris
BEGIN:DAYLIGHT
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
TZNAME:CEST
DTSTART:20170326T010000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
DTSTART:20171029T010000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
TZNAME:CEST
DTSTART:20180325T010000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
DTSTART:20181028T010000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
TZNAME:CEST
DTSTART:20190331T010000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
DTSTART:20191027T010000
END:STANDARD
BEGIN:DAYLIGHT
TZOFFSETFROM:+0100
TZOFFSETTO:+0200
TZNAME:CEST
DTSTART:20200329T010000
END:DAYLIGHT
BEGIN:STANDARD
TZOFFSETFROM:+0200
TZOFFSETTO:+0100
TZNAME:CET
DTSTART:20201025T010000
END:STANDARD
END:VTIMEZONE
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20191114T103000
DTEND;TZID=Europe/Paris:20191114T120000
DTSTAMP:20260410T044156
CREATED:20191014T134245Z
LAST-MODIFIED:20191118T092453Z
UID:6650-1573727400-1573732800@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Antonio Flórez Gutiérrez (Inria\, Paris) : Improving the Key Recovery in Linear Attacks: Application to 28-round PRESENT
DESCRIPTION:Linear cryptanalysis is an extremely important consideration when evaluating the security of symmetric primitives. After its introduction by Matsui in 1993\, it has been largely extended and improved\, and it has led to attacks on multiple ciphers. One of these developments is the proposal in 2007 by Collard et al. of an acceleration of the key-recovery part of Algorithm~2 for last-round attacks based on the FFT.\nWe now introduce a generalized\, matrix-based version of this algorithm which easily allows to take into consideration an arbitrary number of key-recovery rounds.  We have also constructed efficient variants which exploit the key schedule and are compatible with multiple linear attacks.\nAs an example of application\, we provide some new attacks on PRESENT\, including the first on 28 rounds.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-antonio-florez-gutierrez-inria-paris-improving-the-key-recovery-in-linear-attacks-application-to-28-round-present/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20190408T130000
DTEND;TZID=Europe/Paris:20190408T140000
DTSTAMP:20260410T044156
CREATED:20190404T135159Z
LAST-MODIFIED:20190416T135556Z
UID:4749-1554728400-1554732000@lmv.math.cnrs.fr
SUMMARY:CRYPTO :  Antonin Leroux (UVSQ) : Efficient Proactive Multi-Party Computation
DESCRIPTION:Secure Multi-Party Computation (MPC) allows a set of « n » distrusting parties to compute functions on their private inputs while guaranteeing secrecy of inputs while ensuring correctness of the computation. Most MPC protocols can achieve such security only against a minority of corrupted parties (e.g.\, there is an honest majority > n/2). Based on\ncryptographic assumptions\, security against dishonest majorities can be obtained but requires more computation and communication. These levels of security are often not sufficient in real life especially threats that require long-term security against powerful persistent attackers (e.g.\, so called Advanced Persistent Threats). In such cases\, all the\nparties involved in the protocol may become corrupted at some point. Proactive MPC (PMPC) aims to address such mobile persistent threats; PMPC guarantees privacy and correctness against an adversary allowed to change the set of corrupted parties over time but that is bounded by a threshold at any given instant. Until recently\, PMPC protocols existed\nonly against a dishonest minority. The first generic PMPC protocol against a dishonest majority was introduced in a recent work to be presented in September 2018\, it presents a feasibility result demonstrating that it can be achieved but with high communication complexity: O(n^4). \nThis talk presents our most recent work which develops an efficient generic PMPC protocol secure against a dishonest majority. We improve the overall complexity of the generic PMPC from O(n^4) to O(n^2) communication. Two necessary stepping stones for generic PMPC are Proactive Secret Sharing (PSS) and a secure distributed multiplication protocol. In this work we introduce a new PSS scheme requiring only O(n^2) communications. We also present a multiplication protocol against dishonest majorities in the proactive setting; this protocol introduces a new efficient way to perform multiplication in dishonest majority without using pre-computation.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-antonin-leroux-uvsq-efficient-proactive-multi-party-computation/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20190325T140000
DTEND;TZID=Europe/Paris:20190325T150000
DTSTAMP:20260410T044156
CREATED:20190320T144937Z
LAST-MODIFIED:20190416T135115Z
UID:4747-1553522400-1553526000@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Kevin Atighehchi (GREYC\, Caen) : La cryptographie incrémentale : techniques et mises en œuvre
DESCRIPTION:La cryptographie incrémentale permet d’obtenir des applications plus performantes et plus économes en ressources énergétiques (serveurs\, appareils sur batterie). Elle se place dans le vaste contexte où des documents dont nous disposons des formes cryptographiques (p. ex. des chiffrés\, des signatures) sont modifiés par des opérations d’édition\, telles que des insertions ou des suppressions de chaînes de caractères. Ré-appliquer l’algorithme de transformation cryptographique à ces documents chaque fois que leurs contenus changent peut être long et particulièrement gourmand en ressources calculatoires. L’idée de la cryptographie incrémentale est donc de tirer profit des cas d’usages courants de la manipulation des documents\, en calculant la mise à jour d’une forme cryptographique de la version actuelle d’un document comme une fonction rapide de la précédente forme cryptographique et d’une opération d’édition. Le but de cet exposé est de présenter un état de l’art\, en fournissant des définitions\, des propriétés et des exemples de schémas. Enfin\, nous discuterons de leurs mises en pratique.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-kevin-atighehchi-greyc-caen-la-cryptographie-incrementale%e2%80%af-techniques-et-mises-en-oeuvre/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20190325T110000
DTEND;TZID=Europe/Paris:20190325T120000
DTSTAMP:20260410T044156
CREATED:20190320T144639Z
LAST-MODIFIED:20190416T134843Z
UID:4745-1553511600-1553515200@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Claire Delaplace (Ruhr Uni Bochum) : Improved Low-Memory Subset Sum and LPN Algorithms via Multiple Collisions
DESCRIPTION:For enabling post-quantum cryptanalytic experiments on a meaningful  scale\, there is a strong need for low-memory algorithms. We show that the combination of\ntechniques from representations\, multiple collision finding\, and the Schroeppel-Shamir Algorithm leads to improved low-memory algorithms. \nFor random subset sum instances (a_1\, …\, a_n\,t) defined modulo 2^n\, our algorithms improve over the Dissection technique for small memory M < 2^(0.02n) and in the mid-memory regime 2^(0.13n) < M < 2^(0.2n).\n\nAn application of our technique to LPN of dimension k and constant error p yields significant time complexity improvements over the Dissection-BKW algorithm from Crypto 2018 for all memory parameters M< 2^(0.35 k / log k).\n\nJoint work with Andre Esser and Alexander May.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-claire-delaplace-ruhr-uni-bochum-improved-low-memory-subset-sum-and-lpn-algorithms-via-multiple-collisions/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20190304T110000
DTEND;TZID=Europe/Paris:20190304T110000
DTSTAMP:20260410T044156
CREATED:20190225T100225Z
LAST-MODIFIED:20190308T090121Z
UID:4239-1551697200-1551697200@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Andre Schrottenloher (Inria Paris) : Optimal Merging Trees in Quantum k-xor Algorithms
DESCRIPTION:The generalized birthday problem\, or k-xor problem\, has many applications in cryptography. Interestingly\, there is a gap between its provable query complexity and its best known time complexity\, obtained with Wagner’s algorithm. Quantum algorithms for this problem have been studied by Grassi et al. in 2018\, with a similar gap remaining. In this work\, we answer most of the open questions they left\, thanks to a general unified framework (« merging trees ») of which the algorithms of Grassi et al. are all special cases.\nUsing Mixed Integer Linear Programming\, we obtain the optimal time complexities for k-xor in this merging framework\, and prove our observations for all values of k. Contrary to the classical case\, where the complexity depends only on the biggest power of 2 included in k\, Grassi and al. first observed an exponential quantum time separation between 2-xor and 3-xor. We extend this to all k and prove a separation between any pair of them in the quantum RAM model (also improving the case k = 3).\nWhen the quantum space complexity (number of qubits) is limited to linear\, we obtain quantum time speedups on the classical k-xor for half of the values of k\, improving also all previously known results. We also study the parallelization of merging trees.\nFinally\, we extend this study to quantum multicollision search.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-andre-schrottenloher-inria-paris-optimal-merging-trees-in-quantum-k-xor-algorithms/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20190225T110000
DTEND;TZID=Europe/Paris:20190225T120000
DTSTAMP:20260410T044156
CREATED:20190212T155409Z
LAST-MODIFIED:20190416T134516Z
UID:4203-1551092400-1551096000@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Albrecht Petzoldt (LMV) : Cryptanalysis of the HiMQ-3 Signature Scheme
DESCRIPTION:The HiMQ-3 signature scheme is a very efficient multivariate signature scheme and was one of the first round candidates of the NIST post-quantum standardization process. \nIn this talk we present a new attack against HiMQ-3\, the so called singularity attack. The attack uses a large number of (message/signature) pairs to recover an equivalent private key\, which allows an attacker to forge signatures for arbitrary messages. \nWhile our attack does not break the scheme completely\, it shows that the security claims of the authors are not correct.
URL:https://lmv.math.cnrs.fr/evenenement/albrecht-petzoldt-lmv-cryptanalysis-of-the-himq-3-signature-scheme/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20190128T143000
DTEND;TZID=Europe/Paris:20190128T153000
DTSTAMP:20260410T044156
CREATED:20190124T153721Z
LAST-MODIFIED:20190416T134339Z
UID:4176-1548685800-1548689400@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Sébastien Duval (Université Catholique de Louvain) : Construction of MDS and almost-MDS matrices with a lightweight circuit
DESCRIPTION:MDS matrices are essential in symmetric-key cryptography since they provide optimal diffusion in block ciphers. Many MDS matrices are known\, but a problem remains which gathers a lot of attention: finding lightweight MDS matrices. \nSeveral approaches exist\, namely reducing the cost of already-known MDS matrices (to improve existing ciphers) and finding new MDS matrices lighter than the known ones (to make new ciphers). \nWe focus on the second case and\, contrarily to the usual approach\, we will not look for matrices whose coefficients are lightweight to implement. Rather than this local optimization\, we will prefer a global optimization of the whole matrix\, which allows reusing of intermediate values. \nWe propose an algorithm to search for lightweight formal MDS matrices on a polynomial ring\, by enumerating circuits until we reach an MDS matrix. This approach allows us to get much better results than previous works. We also adapt this algorithm to look for almost-MDS matrices\, which offer a trade-off between cost and security.
URL:https://lmv.math.cnrs.fr/evenenement/sebastien-duval-universite-catholique-de-louvain-construction-of-mds-and-almost-mds-matrices-with-a-lightweight-circuit/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20190122T113000
DTEND;TZID=Europe/Paris:20190122T123000
DTSTAMP:20260410T044156
CREATED:20190118T151715Z
LAST-MODIFIED:20190416T083907Z
UID:4011-1548156600-1548160200@lmv.math.cnrs.fr
SUMMARY:AG / CRYPTO : Fabrice Rouillier (INRIA\, Jussieu) : Quelques outils pour l’étude des variétés algébriques
DESCRIPTION:Le but de l’exposé sera de présenter quelques travaux s’articulant autour de l’utilisation d’objets calculables pour l’étude des variétés algébriques (existence de points réels\, discussion de la structure des solutions en fonction de paramètres\, connexité\, paramétrisation de solutions de systèmes algébriques zéro-dimensionnels\, etc.) \nComme fil rouge\, nous parlerons de recherche de structures CR-Sphériques pour une gamme de variétés de petites dimensions généralisant les travaux initiés par Thurston dans le cas hyperbolique. De façon très raccourcie\, une variété triangulée de C^3 peut être décrite par un objet combinatoire (recollement de tétrahèdres) définissant naturellement une variété algébrique. Le groupe fondamental de cette variété triangulée peut alors être vue comme un sous-groupe de matrices dont les entrées dépendent directement de points sur cette variété. L’existence de points particuliers (réels\, unipotents\, etc.) conditionne alors l’existence de structures géométriques (hyperboliques ou CR-sphériques dans notre cas). \nIl ne sera pas question de dérouler les aspects les plus théoriques ni d’entrer dans les détails les plus techniques des implantations utilisées : il s’agira plutôt de décrire quelques objets calculables et de montrer comment les composer agréablement pour répondre de manière exacte à quelques questions (existence de solutions réelles\, irréductibilité de variétés\, paramétrisation de solutions\, etc.) permettant d’apporter une valeur ajoutée sur le problème posé. \nLe point particulier de cette application est qu’il est totalement illusoire de prétendre répondre à quelque question que ce soit en utilisant le calcul formel comme « boite noire ». Les ensembles à étudier sont en effet pour la plupart des ensembles constructibles et non des variétés algébriques\, les systèmes font intervenir plusieurs dizaines de variables (48 pour les derniers résolus)\, plusieurs paramètres et sont de haut degrés (dépassant la dizaine) … le O(d^n) lié à la borne de Bézout nous ramène instantanément à la réalité.
URL:https://lmv.math.cnrs.fr/evenenement/fabrice-rouillier-inria-jussieu/
LOCATION:Bâtiment Fermat\, amphi I
CATEGORIES:Séminaire AG,Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20190108T110000
DTEND;TZID=Europe/Paris:20190108T120000
DTSTAMP:20260410T044156
CREATED:20190104T143912Z
LAST-MODIFIED:20190416T134105Z
UID:4741-1546945200-1546948800@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Yann Rotella (Radboud\, Nijmegen\, Pays Bas) : Choosing Round Constant in Lightweight Block Ciphers
DESCRIPTION:In 2011\, Gregor Leander et al. found a new type of attacks against lightweight block ciphers called Invariant attacks. Four years later\, this class of attacks has been generalized by Todo and Leander into the nonlinear invariant attacks. It appeared also that many lightweight block ciphers were vulnerable to Invariant attacks. \nIn the first part of the talk\, we’ll see how we can prove the resistance against this class of attacks for existing ciphers.\nIn the second part of the talk\, we show how to construct block cipher that resist to nonlinear Invariant attacks\, by choosing appropriate linear layer and round constants\, leading to a new design criteria for block ciphers.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-yann-rotella-radboud-nijmegen-pays-bas-choosing-round-constant-in-lightweight-block-ciphers/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20181214T150000
DTEND;TZID=Europe/Paris:20181214T160000
DTSTAMP:20260410T044156
CREATED:20181210T142625Z
LAST-MODIFIED:20190416T133849Z
UID:4738-1544799600-1544803200@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Luca de Feo (LMV) : Exploring Isogeny Graphs – HDR defense
DESCRIPTION:Motivated by the recent applications of isogeny graphs in cryptography\, we review topics related to isogenies of elliptic curves defined over finite fields\, and their computations. \nIsogeny graphs come in two families: complex multiplication (CM) and supersingular. CM graphs enjoy a rich structure\, related to the theory of the orders of an imaginary quadratic field. We explain how this theory yields practical algorithms to move « vertically » in the graphs\, along the lattice of quadratic orders. \nHowever\, « practical » does not imply « easy ». In order to efficiently implement our algorithms\, we shall review the available methods to compute in the algebraic closure of a finite field. Interestingly\, isogenies will also turn out to be useful for these algorithms\, their computation thus becoming both a goal and a tool. \nFinally\, we will review the application of isogeny graphs to cryptographic key exchange. CM graphs will offer a natural generalization of the classical Diffie–Hellman key exchange\, a fact already recognized twenty years ago\, and recently revamped. The structure of supersingular graphs\, on the other hand\, is related to the maximal orders of a quaternion algebra\, and is harder to handle algorithmically; only recently these graphs have been proposed as a foundation for cryptography. \nIn both cases\, the security of the cryptographic protocols is based on the difficulty of moving « horizontally » in the isogeny graphs. We shall thus conclude our study with a review of the known algorithms\, both classical and quantum\, to solve these problems.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-luca-de-feo-lmv-exploring-isogeny-graphs-hdr-defense/
LOCATION:Bâtiment Descartes\, amphi B
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20181211T110000
DTEND;TZID=Europe/Paris:20181211T120000
DTSTAMP:20260410T044156
CREATED:20181206T140324Z
LAST-MODIFIED:20190416T132604Z
UID:4736-1544526000-1544529600@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Simon Masson (Thalès) : Cocks–Pinch curves of embedding degrees five to eight and ate pairing computation
DESCRIPTION:Recent algorithmic improvements of discrete logarithm computation in special extension fields threaten the security of pairing-friendly curves used in practice. A possible answer to this delicate situation is to propose alternative curves that are immune to these attacks\, without\ncompromising the efficiency of the pairing computation too much. We follow this direction\, and focus on embedding degrees 5 to 8; we extend the Cocks–Pinch algorithm to obtain pairing-friendly curves with an efficient ate pairing. We carefully select our curve parameters so as to thwart possible attacks by « special » or « tower » Number Field Sieve algorithms. We target a 128-bit security level\, and back this security claim by computation time estimates for the DLP computation. We also compare the efficiency of the ate pairing computation on these curves to k = 12 curves (Barreto–Naehrig\, Barreto–Lynn–Scott)\, k = 16 curves (Kachisa–Schaefer–Scott) and k = 1 curves (Chatterjee–Menezes–Rodríguez-Henríquez).
URL:https://lmv.math.cnrs.fr/evenenement/crypto-simon-masson-thales-cocks-pinch-curves-of-embedding-degrees-five-to-eight-and-ate-pairing-computation/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20181127T110000
DTEND;TZID=Europe/Paris:20181127T120000
DTSTAMP:20260410T044156
CREATED:20181124T140015Z
LAST-MODIFIED:20190416T130212Z
UID:4734-1543316400-1543320000@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Léo Perrin (Inria Paris) : La Recherche d’Espaces Vectoriels et ses Applications en Fonctions Booléennes
DESCRIPTION:Un algorithme efficace retournant tous les espaces vectoriels de dimension d contenus dans un ensemble d’éléments de {0\,1}^n a de nombreuses applications en fonctions booléennes et\, plus généralement\, en cryptographie symétrique. \nTout d’abord\, je vais présenter les idées derrière un algorithme permettant une telle recherche et permettant sa généralisation à la recherche d’espaces affines. Ensuite\, je présenterai comment utiliser ces algorithmes pour faire des attaques structurelles. En particulier\, j’expliquerai comment de telles recherches nous informent sur la structure cachée dans la boîte-S partagée par les derniers standards russes en cryptographie symétrique\, à savoir le chiffrement par bloc Kuznyechik et la fonction de hachage Streebog.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-leo-perrin-inria-paris-la-recherche-despaces-vectoriels-et-ses-applications-en-fonctions-booleennes/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20181120T110000
DTEND;TZID=Europe/Paris:20181120T120000
DTSTAMP:20260410T044156
CREATED:20181116T135747Z
LAST-MODIFIED:20190416T125941Z
UID:4732-1542711600-1542715200@lmv.math.cnrs.fr
SUMMARY:CRYPTO  : Mariya Georgieva (Inpher) : TFHE - Chimera: How to combine fully homomorphic encryption schemes ?
DESCRIPTION:Chimera is common framework for scale-invariant fully homomorphic schemes based on Ring-LWE\, unifying the plaintext space and the noise representation. This hybrid protocol allows to use multiple libraries during the same computation and provides the possibility to take advantage of the best of three schemes (TFHE\, HEAAN and B/FV). We review how different strategies developed for each of these schemes\, such as bootstrapping\, external product\, integer arithmetic and Fourier series\, can be combined to evaluate the principle nonlinear functions involved in machine learning.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-mariya-georgieva-inpher-tfhe-chimera-how-to-combine-fully-homomorphic-encryption-schemes/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20181113T110000
DTEND;TZID=Europe/Paris:20181113T120000
DTSTAMP:20260410T044156
CREATED:20181104T135443Z
LAST-MODIFIED:20190416T125713Z
UID:4730-1542106800-1542110400@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Julien Lavauzelle (Inria Saclay) : Codes à propriétés locales : constructions et application cryptographique
DESCRIPTION:En théorie des codes\, la notion de localité est apparue dans le courant des années 1990\, dans le contexte des « preuves vérifiables en probabilité » (probabilistically checkable proof\, PCP). En particulier\, elle consiste a étudier le décodage d’un symbole d’un mot de code bruité\, en complexité sous-linéaire en la taille du mot.\nDans cet exposé\, nous prendrons le temps de rappeler la définition des codes localement corrigibles (locally correctable codes\, LCC)\, et nous en présenterons une nouvelle instance à fort taux de transmission. Nous donnerons ensuite une méthode générique de construction de LCC à base d’objets combinatoires appelés « block designs ». Nous terminerons cet\nexposé en proposant un exemple d’application cryptographique de ces codes à propriétés locales\, dans le domaine de la récupération confidentielle d’information (private information retrieval\, PIR).
URL:https://lmv.math.cnrs.fr/evenenement/crypto-julien-lavauzelle-inria-saclay-codes-a-proprietes-locales-constructions-et-application-cryptographique/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20181106T110000
DTEND;TZID=Europe/Paris:20181106T120000
DTSTAMP:20260410T044156
CREATED:20181105T134938Z
LAST-MODIFIED:20190913T080534Z
UID:4726-1541502000-1541505600@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Élise Barelli (LMV) : Étude de clé compactes pour le schéma de McEliece utilisant des codes géométriques avec des automorphismes non triviaux
DESCRIPTION:En 1978\, McEliece introduit un système de chiffrement basé sur l’utilisation des codes linéaires\net propose d’utiliser les codes de Goppa classiques\, ie: des\nsous-codes sur un sous-corps de codes algébriques (AG codes) construit sur une courbe de genre 0. Cette proposition reste sécurisée et dans le but d’introduire une généralisation de ces codes\, en 1996\, H. Janwa et O. Moreno proposent d’utiliser des sous-codes sur un sous corps de codes construits à partir de\ncourbes de genre > 0 \, on les appelle les SSAG codes (Subfield Subcode of AG codes). Cette proposition donne un plus grand choix de code puisqu’on peut faire varier la courbe\, le genre\, et les points rationnels du diviseur qui génère le code. Le principal obstacle à l’utilisation de ces codes en cryptographie reste le taille de la clé publique comparée aux autres systèmes à clé publique. Pour contourner cette limitation\, on réduit la taille des clés en utilisant des codes qui admettent une matrice génératrice compacte. Un moyen d’obtenir des matrices compactes est de choisir des codes avec un groupe d’automorphismes non-trivial\, par exemple on utilise des SSAG codes quasi-cycliques.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-elise-barelli-lmv-etude-de-cle-compactes-pour-le-schema-de-mceliece-utilisant-des-codes-geometriques-avec-des-automorphismes-non-triviaux/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
BEGIN:VEVENT
DTSTART;TZID=Europe/Paris:20181023T110000
DTEND;TZID=Europe/Paris:20181023T120000
DTSTAMP:20260410T044156
CREATED:20181016T124142Z
LAST-MODIFIED:20190416T124816Z
UID:4724-1540292400-1540296000@lmv.math.cnrs.fr
SUMMARY:CRYPTO : Sam Jaques (University of Waterloo) : Costs of quantum random walks to find secret isogenies
DESCRIPTION:Tani’s quantum claw-finding algorithm is cited as the best quantum attack against Supersingular Isogeny-based Diffie-Helman. However\, it requires exponential quantum memory. In this talk I’ll explain how Tani’s algorithm works as a natural quantum analogue of a classical random walk. I’ll give a brief explanation of why superposition\, reversibility\, and error correction imply huge costs to quantum memory. Combining these ideas\, I conclude that Grover’s algorithm\, or even classical van Oorschot-Wiener\, would be a better use of any quantum hardware.
URL:https://lmv.math.cnrs.fr/evenenement/crypto-sam-jaques-university-of-waterloo-costs-of-quantum-random-walks-to-find-secret-isogenies/
LOCATION:Bâtiment Descartes\, salle 301
CATEGORIES:Séminaire CRYPTO
END:VEVENT
END:VCALENDAR