Sommaire

  • Cet exposé a été présenté le 10 juin 2022.

Description

  • Orateur

    Thibauld Feneuil - CryptoExperts et Sorbonne Université

In this talk, I will present a new zero-knowledge proof of knowledge for the syndrome decoding (SD) problem on random linear codes. Instead of using permutations like most of the existing protocols, we rely on the MPC-in-the-head paradigm in which we reduce the task of proving the low Hamming weight of the SD solution to proving some relations between specific polynomials. Specifically, we propose a 5-round zero-knowledge protocol that proves the knowledge of a vector x such that y=Hx and wt(x)<= w and which achieves a soundness error closed to 1/N for an arbitrary N.<br/> While turning this protocol into a signature scheme, we achieve a signature size of 11-12 KB for 128-bit security when relying on the hardness of the SD problem on binary fields. Using larger fields (like F_{256}), we can produce fast signatures of around 8 KB. This allows us to outperform Picnic3 and to be competitive with SPHINCS+, both post-quantum signature candidates in the ongoing NIST standardization effort. Since the security relies on the hardness of the syndrome decoding problem for random linear codes which is known to be NP-hard and for which the cryptanalysis state of the art has been stable for many years, it results in a conservative signature scheme. Moreover, our scheme outperforms all the existing code-based signature schemes for the common « signature size + public key size » metric.<br/> Joint work with Antoine Joux and Matthieu Rivain.<br/> lien: https://seminaire-c2.inria.fr/

Prochains exposés

  • Predicting Module-Lattice Reduction

    • 19 décembre 2025 (13:45 - 14:45)

    • Batiment 22-23 salle 16 (en face de l'amphi Lebesgue)

    Orateur : Paola de Perthuis - CWI

    Is module-lattice reduction better than unstructured lattice reduction? This question was highlighted as `Q8' in the Kyber NIST standardization submission (Avanzi et al., 2021), as potentially affecting the concrete security of Kyber and other module-lattice-based schemes. Foundational works on module-lattice reduction (Lee, Pellet-Mary, Stehlé, and Wallet, ASIACRYPT 2019; Mukherjee and Stephens[…]

    • Cryptography

  • Séminaire C2 à INRIA Paris

    • 16 janvier 2026 (10:00 - 17:00)

    • INRIA Paris

    Emmanuel Thomé et Pierrick Gaudry Rachelle Heim Boissier Épiphane Nouetowa Dung Bui Plus d'infos sur https://seminaire-c2.inria.fr/ 

  • Attacking the Supersingular Isogeny Problem: From the Delfs–Galbraith algorithm to oriented graphs

    • 23 janvier 2026 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Arthur Herlédan Le Merdy - COSIC, KU Leuven

    The threat of quantum computers motivates the introduction of new hard problems for cryptography.One promising candidate is the Isogeny problem: given two elliptic curves, compute a “nice’’ map between them, called an isogeny.In this talk, we study classical attacks on this problem, specialised to supersingular elliptic curves, on which the security of current isogeny-based cryptography relies. In[…]

    • Cryptography

Voir les exposés passés
Haut de page