Description
The security of cryptographic systems such as Kyber and Dilithium (currently undergoing standardization by NIST) fundamentally hinges on the Learning With Errors (LWE) problem. However, the state of the art for attacking this problem is not yet entirely clear. Specifically, the validity of dual attacks on LWE is currently under scrutiny due to their analyses relying on heuristics that have proven to be inaccurate. Notably, an assumption of independence introduces an error in the counting of false positives. Nevertheless, there is hope for dual attacks. It is feasible to rectify their analyses to accurately account for false positives, demonstrating that their impact on attack complexity is negligible.
Prochains exposés
-
Predicting Module-Lattice Reduction
Orateur : Paola de Perthuis - CWI
Is module-lattice reduction better than unstructured lattice reduction? This question was highlighted as `Q8' in the Kyber NIST standardization submission (Avanzi et al., 2021), as potentially affecting the concrete security of Kyber and other module-lattice-based schemes. Foundational works on module-lattice reduction (Lee, Pellet-Mary, Stehlé, and Wallet, ASIACRYPT 2019; Mukherjee and Stephens[…]-
Cryptography
-
-
Attacking the Supersingular Isogeny Problem: From the Delfs–Galbraith algorithm to oriented graphs
Orateur : Arthur Herlédan Le Merdy - COSIC, KU Leuven
The threat of quantum computers motivates the introduction of new hard problems for cryptography.One promising candidate is the Isogeny problem: given two elliptic curves, compute a “nice’’ map between them, called an isogeny.In this talk, we study classical attacks on this problem, specialised to supersingular elliptic curves, on which the security of current isogeny-based cryptography relies. In[…]-
Cryptography
-