PolSys (SU/INRIA/CNRS) and LCR (ANSSI) are co-organizing a new seminar on quantum-safe cryptography. The seminar will be (usually) hosted at Sorbonne Université. This seminar is organized within the framework of the Programme d’Investissement d’Avenir RISQ.
[Next talk] [Upcoming talks] [Past talks] [Directions] [Contact]
Next Talk
Title: Estimate all the {LWE, NTRU} schemes!
Speaker: Rachel Player
Affiliation: SU
Date: March, 9, 2018 Time: 9:30:00-10:30 Room: 26-00/101
We consider all LWE- and NTRU-based encryption, key encapsulation and digital signature schemes proposed for standardisation as part of the Post-Quantum Cryptography process run by the US National Institute of Standards and Technology (NIST). In particular, we investigate the impact that different estimates for the asymptotic runtime of (block-wise) lattice reduction have on the predicted security of these schemes. Relying on the “LWE estimator” by Albrecht et al., we estimate the cost of running primal and dual lattice attacks against every LWE-based scheme, using every cost model proposed as part of a submission. Furthermore, we estimate resistance of the proposed NTRU-like schemes against the primal attack resp. a simplified variant of the Hybrid attack under all cost models for lattice reduction. This is joint work with Martin R. Albrecht, Benjamin R. Curtis, Amit Deo, Alex Davidson, Eamonn Postlethwaite, Fernando Virdia and Thomas Wunderer. Web page of the estimator
Title: Falcon
Speaker: Thomas Prest
Affiliation: TCS
Date: 16 February 2018, Time: 10:00-11:00, Room: 25-26/105
In this talk, I will talk about the lattice-based signature scheme Falcon, with a focus on two aspects. The first part will detail the security analysis of the scheme, the underlying problems, the known attacks and how to mitigate them. The second part will highlight a few features (not feathers) of Falcon, such as the key-recovery, message-recovery and IBE modes.
Title: GeMSS and DualModeMS : Two Multivariate Submissions to the NIST Standardization Process
Speaker: Ludovic Perret
Affiliation: SU/INRIA/CNRS/LIP6/PolSys
Date: 16 February 2018, Time: 11:15-12:15, Room: 25-26/105
In this talk, I will present two multivariate shcemes designed for the NIST standardization process.
The first scheme is called GeMSS (Great Multivariate Signature Scheme). GeMSS is a multivariate based signature scheme producing small signatures. It has a fast verification process, and a medium/large public-key. GeMSS is in direct lineage from the multivariate signature scheme QUARTZ. Thus, GeMSS is built from the Hidden Field Equations crypotsystem (HFE) by using the so-called minus and vinegar modifiers, i.e. HFEv-. GeMSS is a faster variant of QUARTZ that incorporates the latest results in multivariate cryptography to reach higher security levels than QUARTZ whilst improving efficiency. GeMSS is a joint work with A. Casanova, J.-C. Faugère, G. Macario-Rat, J. Patarin and J. Ryckeghem.

DualModeMS is a multivariate-based signature scheme with a rather peculiar property. Its public-key is small whilst the signature is large. This is in sharp contrast with traditionnal multivariate signature schemes based on the so-called Matsumoto and Imai (MI) constructions that produce short signatures but have larger public-keys. DualModeMS is composed by two distinct layers. The first one is a classical MI-like multivariate scheme based on HFEv. The second part is based on the method proposed by A. Szepieniec, W. Beullens, and B. Preneel in ''MQ signatures for PKI'' who presented a generic technique permitting to transform any MI-based multivariate signature scheme into a new scheme with much shorter public-key but larger signatures. We emphasize that this technique can be viewed as a mode of operations that offers a new flexibility for MI-like signature schemes. DualModeMS is a joint work with J.-C. Faugère and J. Ryckeghem.

GeMSS and DualModeMS has been prepared with the support of the french Programme d'Investissement d'Avenir under national project RISQ P141580.


View Larger Map

LIP6 - Sorbonne Université, 4 place Jussieu, 75005 Paris - France


You can contact Jean-Charles Faugère or Ludovic Perret or Guénaël Renault if you want to give a talk.

If you are interested in receiving email announcements of upcoming talks then join PolSys diffusion list or send us an email.