Sommaire

  • Cet exposé a été présenté le 30 septembre 2016.

Description

  • Orateur

    Pierrick Méaux - ENS Paris

Fully Homomorphic Encryption is a powerful cryptographic construction, enabling to securely compute all functions on encrypted data, and decrypt the result of the function applied on the real data.<br/> This construction allows to securely delegate computation, which is a very important property with the increasing of the Cloud computing. Many client-server applications are appearing, all needing the computation delegating property of FHE, with different notions of security and cost. The client-server frameworks usually considered a client with small storage and computation possibilities and a cloud powerful for both. The client wants to delegate his computation with small computation and communication cost, which directly leads to Symmetric Encryption. As the frameworks considerate two types of encryption, we study the links and differences between them. Efficiency and security are not studied the same way, on one hand a SE scheme is evaluated relatively to its practical speed, storage cost and concrete cryptanalysis. On the other hand FHE is more a theoretic construction, evaluated relatively to its security assumptions and homomorphic capacities. To combine these two approaches, we need to study the different costs and efficiency implications from one type to the other. Our approach is to consider a particular family of FHE and adapt a SE scheme to build a framework efficient relatively to both metrics. Part of the study is to analyze the previous symmetric constructions relatively to this framework, more specifically figure out the error growth implied in the homomorphic decryption of the SE scheme. As minimizing this factor is not linked with SE efficiency, we have to considerate all kinds of SE constructions and find the properties suitable for FHE. First, with block-cipher constructions we can focus on the number of iterations, on the circuit depth and on the chaining mode used. Then stream-cipher constructions allow to study the error growth depending on the number of outputted bits. Finally the existent constructions of both families are not optimized nor totally suitable for our framework, leading us to the next step. This study enables us to compare the different alternatives and to conclude on properties to conserve or discard. We select some properties of known SE schemes behaving well with the FHE scheme consideration and study their compatibilities. Choosing the good characteristics for the SE-FHE framework gives us the starting point for a future optimal design.

Prochains exposés

  • Some applications of linear programming to Dilithium

    • 14 novembre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Paco AZEVEDO OLIVEIRA - Thales & UVSQ

    Dilithium is a signature algorithm, considered post-quantum, and recently standardized under the name ML-DSA by NIST. Due to its security and performance, it is recommended in most use cases.   During this presentation, I will outline the main ideas behind two studies, conducted in collaboration with Andersson Calle-Vierra, Benoît Cogliati, and Louis Goubin, which provide a better understanding of[…]

  • Wagner’s Algorithm Provably Runs in Subexponential Time for SIS^∞

    • 21 novembre 2025 (13:45 - 14:45)

    • Salle Guernesey à l'ISTIC

    Orateur : Johanna Loyer - Inria Saclay

    At CRYPTO 2015, Kirchner and Fouque claimed that a carefully tuned variant of the Blum-Kalai-Wasserman (BKW) algorithm (JACM 2003) should solve the Learning with Errors problem (LWE) in slightly subexponential time for modulus q = poly(n) and narrow error distribution, when given enough LWE samples. Taking a modular view, one may regard BKW as a combination of Wagner’s algorithm (CRYPTO 2002), run[…]

    • Cryptography

  • CryptoVerif: a computationally-sound security protocol verifier

    • 28 novembre 2025 (13:45 - 14:45)

    • Batiment 32B salle 12

    Orateur : Bruno Blanchet - Inria

    CryptoVerif is a security protocol verifier sound in the computational model of cryptography. It produces proofs by sequences of games, like those done manually by cryptographers. It has an automatic proof strategy and can also be guided by the user. It provides a generic method for specifying security assumptions on many cryptographic primitives, and can prove secrecy, authentication, and[…]

    • Cryptography

  • Structured-Seed Local Pseudorandom Generators and their Applications

    • 05 décembre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Nikolas Melissaris - IRIF

    We introduce structured‑seed local pseudorandom generators (SSL-PRGs), pseudorandom generators whose seed is drawn from an efficiently sampleable, structured distribution rather than uniformly. This seemingly modest relaxation turns out to capture many known applications of local PRGs, yet it can be realized from a broader family of hardness assumptions. Our main technical contribution is a[…]

    • Cryptography

Voir les exposés passés
Haut de page