Table of contents

  • This session has been presented September 28, 2018.

Description

  • Speaker

    Fabrice Mouhartem - ENS Lyon

Group encryption (GE) is the natural encryption analogue of group signatures in that it allows verifiably encrypting messages for some anonymous member of a group while providing evidence that the receiver is a properly certified group member. Should the need arise, an opening authority is capable of identifying the receiver of any ciphertext. As intro- duced by Kiayias, Tsiounis and Yung (Asiacrypt’07), GE is motivated by applications in the context of oblivious retriever storage systems, anony- mous third parties and hierarchical group signatures. This paper provides the first realization of group encryption under lattice assumptions. Our construction is proved secure in the standard model (assuming interac- tion in the proving phase) under the Learning-With-Errors (LWE) and Short-Integer-Solution (SIS) assumptions. As a crucial component of our system, we describe a new zero-knowledge argument system allowing to demonstrate that a given ciphertext is a valid encryption under some hid- den but certified public key, which incurs to prove quadratic statements about LWE relations. Specifically, our protocol allows arguing knowledge of witnesses consisting of X ∈ ℤ_q^{m×n}, s ∈ ℤ_q^n and a small-norm e ∈ ℤ^m which underlie a public vector b = X · s + e ∈ ℤ_q^m while simultaneously proving that the matrix X ∈ ℤ_q^{m×n} has been correctly certified. We believe our proof system to be useful in other applications involving zero-knowledge proofs in the lattice setting. lien: rien

Next sessions

  • !!! Reporté !!! Encryption homomorphe sans bruit à l'aide de groupes

    • June 26, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Pierre Guillot - Ravel Technologies (dispo Université de Strasbourg, IRMA)

    Je vais rappeler les travaux de Nuida et Ostrovski sur l'utilisation des groupes pour l'élaboration de schémas cryptographiques homomorphes. Je vais présenter nos travaux qui fournissent des encodages à la fois plus efficaces et plus généraux, et qui déterminent exactement quels groupes peuvent être utilisés.   Puis je vais discuter GRAFHEN, un protocole qui utilise ces idées. Je dirai juste[…]

    • Cryptography

  • MIKE: An efficient and compact NIKE Based on a Commutative Monoidal Action 

    • July 03, 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Speaker : Jonathan Komada Eriksen - COSIC, KU Leuven

    Robert recently described a powerful correspondence between certain (Hermitian) modules and (polarized) abelian varieties, which simultaneously generalizes both the class-group action underlying protocols such as CSIDH, and the Deuring correspondence, underlying protocols such as SQIsign. Using this correspondence, he also proposed how to construct a post-quantum NIKE, called MIKE, which, at a[…]

    • Cryptography

Show previous sessions
Page top