Description
In this talk I will introduce a new kind of attack on cryptosystems which can be represented by an (unknown) low degree polynomial with tweakable public variables such as a plaintext or IV and fixed secret variables such as a key. Its complexity is exponential in the degree but only polynomial in the key size, and it was successfully applied to several concrete schemes. In particular, for Trivium with 672 initialization rounds, it reduces the complexity of the best known attack from a barely practical 2^{55} to a trivial 2^{19}, which can recover the full key in less than a second on a single PC.
Next sessions
-
Oblivious Transfer from Zero-Knowledge Proofs (or how to achieve round-optimal quantum Oblivious Transfer without structure)
Speaker : Léo Colisson - Université Grenoble Alpes
We provide a generic construction to turn any classical Zero-Knowledge (ZK) protocol into a composable oblivious transfer (OT) protocol (the protocol itself involving quantum interactions), mostly lifting the round-complexity properties and security guarantees (plain-model/statistical security/unstructured functions…) of the ZK protocol to the resulting OT protocol. Such a construction is unlikely[…]-
Cryptography
-