Description
The security of quantum key distribution protocols is often defined in terms of the information an adversary obtains by measuring his system. Such definitions are fundamentally flawed because of a locking property of the accessible information: Giving the adversary a single bit of information may increase the accessible information by more than one bit. We give examples of keys that are not exposure-resilient and can thus not safely be used for one-time pad encryption, even though they satisfy a measurement-based security definition. In the second part of the talk, we discuss a universally composable security definition for cryptographic keys and show how this stronger type of security can be achieved.<br/> This is joint work with Andor Bariska, Ueli Maurer and Renato Renner.
Prochains exposés
-
Algorithms for post-quantum commutative group actions
Orateur : Marc Houben - Inria Bordeaux
At the historical foundation of isogeny-based cryptography lies a scheme known as CRS; a key exchange protocol based on class group actions on elliptic curves. Along with more efficient variants, such as CSIDH, this framework has emerged as a powerful building block for the construction of advanced post-quantum cryptographic primitives. Unfortunately, all protocols in this line of work are[…] -
Endomorphisms via Splittings
Orateur : Min-Yi Shen - No Affiliation
One of the fundamental hardness assumptions underlying isogeny-based cryptography is the problem of finding a non-trivial endomorphism of a given supersingular elliptic curve. In this talk, we show that the problem is related to the problem of finding a splitting of a principally polarised superspecial abelian surface. In particular, we provide formal security reductions and a proof-of-concept[…]-
Cryptography
-