Table of contents

  • This session has been presented November 26, 2021.

Description

  • Speaker

    André Schrottenloher - CWI

The security of modern cryptosystems relies on computational assumptions, which may be challenged by the advent of large-scale quantum computing devices.<br/> While Shor's algorithm is known to break today's most popular public-key schemes, secret-key cryptosystems are generally expected to retain half of their pre-quantum bits of security. However, the precise advantage of quantum attacks cannot be determined without a dedicated analysis.<br/> In this talk, we will focus on key-recovery attacks against block ciphers. These attacks are often categorized in two scenarios, depending on the type of black-box access allowed to the adversary: either a classical query access, or a "quantum" query access where the black-box is part of the adversary's quantum algorithm. Attacks with classical queries, which are deemed more realistic, have so far complied with the rule of halving security levels.<br/> On the contrary, attacks with quantum queries can break some classically secure designs which exhibit a strong algebraic structure (Kuwakado & Morii, ISIT 2010).<br/> Exploiting this structure with classical queries only was the goal of the offline-Simon algorithm of Bonnetain et al. (ASIACRYPT 2019). In the final part of this talk, we will show that this algorithm allows to reach a more than quadratic speedup against some specific block cipher constructions. This is joint work with Xavier Bonnetain and Ferdinand Sibleyras.<br/> lien: https://univ-rennes1-fr.zoom.us/j/97066341266?pwd=RUthOFV5cm1uT0ZCQVh6QUcrb1drQT09

Next sessions

  • Algorithms for post-quantum commutative group actions

    • March 27, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Marc Houben - Inria Bordeaux

    At the historical foundation of isogeny-based cryptography lies a scheme known as CRS; a key exchange protocol based on class group actions on elliptic curves. Along with more efficient variants, such as CSIDH, this framework has emerged as a powerful building block for the construction of advanced post-quantum cryptographic primitives. Unfortunately, all protocols in this line of work are[…]

  • Journées C2: pas de séminaire

    • April 03, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

  • Endomorphisms via Splittings

    • April 10, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Min-Yi Shen - No Affiliation

    One of the fundamental hardness assumptions underlying isogeny-based cryptography is the problem of finding a non-trivial endomorphism of a given supersingular elliptic curve. In this talk, we show that the problem is related to the problem of finding a splitting of a principally polarised superspecial abelian surface. In particular, we provide formal security reductions and a proof-of-concept[…]

    • Cryptography

Show previous sessions
Page top