Sommaire

  • Cet exposé a été présenté le 01 mars 2019.

Description

  • Orateur

    Aurore Guillevic - INRIA

Pairings on elliptic curves are involved in signatures, NIZK, and recently in blockchains (ZK-SNARKS).<br/> These pairings take as input two points on an elliptic curve E over a finite field, and output a value in an extension of that finite field. Usually for efficiency reasons, this extension degree is a power of 2 and 3 (such as 12,18,24), and moreover the characteristic of the finite field has a special form. The security relies on the hardness of computing discrete logarithms in the group of points of the curve and in the finite field extension.<br/> In 2013-2016, new variants of the function field sieve and the number field sieve algorithms turned out to be faster in certain finite fields related to pairing-based cryptography. Now small characteristic settings (with GF(2^(4*n)), GF(3^(6*m))) are discarded, and the situation of GF(p^k) where p is prime and k is small (in practice from 2 to 54) is unclear.<br/> The asymptotic complexity of the Number Field Sieve algorithm in finite fields GF(p^k) (where p is prime) and its Special and Tower variants is given by an asymptotic formula of the form A^(c+o(1)) where A depends on the finite field size (log p^k), o(1) is unknown, and c is a constant between 1.526 and 2.201 that depends on p, k, and the choice of parameters in the algorithm.<br/> In this work we improve the approaches of Menezes-Sarkar-Singh and Barbulescu-Duquesne to estimate the cost of a hypothetical implementation of the Special-Tower-NFS in GF(p^k) for small k (k <= 24), and update some parameter sizes for pairing-based cryptography. This is a joint work with Shashank Singh, IISER Bhopal, India. lien: http://desktop.visio.renater.fr/scopia?ID=721273***5165&autojoin

Prochains exposés

  • SoK: Security of the Ascon Modes

    • 20 juin 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Charlotte Lefevre - Radboud University

    The Ascon authenticated encryption scheme and hash function of Dobraunig et al (Journal of Cryptology 2021) were recently selected as winner of the NIST lightweight cryptography competition. The mode underlying Ascon authenticated encryption (Ascon-AE) resembles ideas of SpongeWrap, but not quite, and various works have investigated the generic security of Ascon-AE, all covering different attack[…]

  • Comprehensive Modelling of Power Noise via Gaussian Processes with Applications to True Random Number Generators

    • 27 juin 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Maciej Skorski - Laboratoire Hubert Curien

    The talk examines power noise modelling through Gaussian Processes for secure True Random Number Generators.   While revisiting one-sided fractional Brownian motion, we obtain novel contributions by quantifying posterior uncertainty in exact analytical form, establishing quasi-stationary properties, and developing rigorous time-frequency analysis. These results are applied to model oscillator[…]

    • Cryptography

    • TRNG

  • CryptoVerif: a computationally-sound security protocol verifier

    • 05 septembre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Bruno Blanchet - Inria

    CryptoVerif is a security protocol verifier sound in the computational model of cryptography. It produces proofs by sequences of games, like those done manually by cryptographers. It has an automatic proof strategy and can also be guided by the user. It provides a generic method for specifying security assumptions on many cryptographic primitives, and can prove secrecy, authentication, and[…]

    • Cryptography

Voir les exposés passés
Haut de page