Table of contents

  • This session has been presented February 21, 2020.

Description

  • Speaker

    Valentin Vasseur - INRIA

Quasi-cyclic moderate density parity check (QC-MDPC) codes allow the design of McEliece-like public-key encryption schemes with compact keys and a security that provably reduces to hard decoding problems for quasi-cyclic codes. Because of these features, QC-MDPC have attracted a lot of interest from the cryptographic community. In particular, the BIKE suite of key exchange mechanisms has been selected to the second round of the NIST call for standardization of quantum safe cryptographic primitives.<br/> To reach IND-CCA security, it is necessary to prove that the decoding failure rate (DFR) is negligible. Getting a formal proof of a low DFR is a difficult task. Instead, we propose to ensure this low DFR under some additional security assumption on the decoder. This assumption relates to the asymptotic behavior of the decoder and is supported by several other works. We thus evaluate a decoder by simulation and extrapolate its DFR under the decoder security assumption. Using standard techniques from communication systems, we can evaluate the confidence in our extrapolation.<br/> The construction of a set of weak keys, in the sense that they have a higher DFR, has been exhibited in a recent work [Drucker, Gueron, Kostic 2019]. We observe that these keys are related to the key recovery reaction attack of [Guo, Johansson, Stankovski 2016] by the fact that they have an atypical "spectrum". From this observation, we can generalize the construction by directly generating keys with an atypical spectrum. Using combinatorics to count these weak keys and applying our methodology to evaluate the DFR, we prove that they do not affect the security of the scheme.<br/> lien: http://desktop.visio.renater.fr/scopia?ID=723203***9541&autojoin

Next sessions

  • Verification of Rust Cryptographic Implementations with Aeneas

    • February 13, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Aymeric Fromherz - Inria

    From secure communications to online banking, cryptography is the cornerstone of most modern secure applications. Unfortunately, cryptographic design and implementation is notoriously error-prone, with a long history of design flaws, implementation bugs, and high-profile attacks. To address this issue, several projects proposed the use of formal verification techniques to statically ensure the[…]

  • On the average hardness of SIVP for module lattices of fixed rank

    • March 06, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Radu Toma - Sorbonne Université

    In joint work with Koen de Boer, Aurel Page, and Benjamin Wesolowski, we study the hardness of the approximate Shortest Independent Vectors Problem (SIVP) for random module lattices. We use here a natural notion of randomness as defined originally by Siegel through Haar measures. By proving a reduction, we show it is essentially as hard as the problem for arbitrary instances. While this was[…]

  • Journées C2: pas de séminaire

    • April 03, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

  • Endomorphisms via Splittings

    • April 10, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Min-Yi Shen - No Affiliation

    One of the fundamental hardness assumptions underlying isogeny-based cryptography is the problem of finding a non-trivial endomorphism of a given supersingular elliptic curve. In this talk, we show that the problem is related to the problem of finding a splitting of a principally polarised superspecial abelian surface. In particular, we provide formal security reductions and a proof-of-concept[…]

    • Cryptography

Show previous sessions
Page top