Sommaire

  • Cet exposé a été présenté le 20 septembre 2024 (13:45).

Description

  • Orateur

    Aurore Guillevic - INRIA Rennes

This talk is based on joint works with Diego Aranha, Youssef El Housni, and Simon Masson. 

Elliptic curves make possible in practice very interesting mechanisms of proofs. The security relies on the difficulty of the discrete log problem and variants. Succinct non-interactive arguments of knowledge (SNARK) are a very fruitful topic, so that given a sequence of instructions that can be quite large, it is possible to extract a single equation such that if satisfied, it will convince a verifier that the set of instructions were correctly executed. To ensure the zero-knowledge property, the equation is hidden "in the exponents", in other words, "homomorphic hiding" is required. Such a property is made possible with a pairing on elliptic curves: a bilinear map e : G1 x G2 -> GT, where e([a]g1, [b]g2) = e(g1, g2)^{ab}, that can multiply secret scalars/exponents together. The solution of Groth at Eurocrypt'16 (Groth16) made possible a SNARK verification in three pairings, the proof size being two G1 and one G2 elements. 

The design of dedicated elliptic curves is required at different stages: finding ``inner'' pairing-friendly elliptic curves (first SNARK), finding ``outer'' pairing-friendly elliptic curves (second SNARK, a first construction was given in the Geppetto paper), finding ``embedded'' elliptic curves (such as JubJub for BLS12-381). This talk will recall the construction of particular pairing-friendly elliptic curves for SNARK, and the recent works on finding embedded curves. A generalisation of the work of Sanso and El Housni will be presented, that allows to obtain in about some hours a 2-cycle of elliptic curves with CM, given any input prime. The parameterized version will be given. 
 

Infos pratiques

Prochains exposés

  • Dual attacks in code-based (and lattice-based) cryptography

    • 19 septembre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Charles Meyer-Hilfiger - Inria Rennes

    The hardness of the decoding problem and its generalization, the learning with errors problem, are respectively at the heart of the security of the Post-Quantum code-based scheme HQC and the lattice-based scheme Kyber. Both schemes are to be/now NIST standards. These problems have been actively studied for decades, and the complexity of the state-of-the-art algorithms to solve them is crucially[…]

    • Cryptography

  • Présentations des nouveaux doctorants Capsule

    • 03 octobre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Alisée Lafontaine et Mathias Boucher - INRIA Rennes

    2 nouveaux doctorants arrivent dans l'équipe Capsule et présenteront leurs thématiques de recherche. Alisée Lafontaine, encadrée par André Schrottenloher, présentera son stage de M2: "Quantum rebound attacks on double-block length hash functions"  Mathias Boucher, encadré par Yixin Shen, parlera des algorithmes quantiques et des réseaux euclidiens.  

  • Design of fast AES-based Universal Hash Functions and MACs

    • 10 octobre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Augustin Bariant - ANSSI

    Ultra-fast AES round-based software cryptographic authentication/encryption primitives have recently seen important developments, fuelled by the authenticated encryption competition CAESAR and the prospect of future high-profile applications such as post-5G telecommunication technology security standards. In particular, Universal Hash Functions (UHF) are crucial primitives used as core components[…]

    • Cryptography

  • Lie algebras and the security of cryptosystems based on classical varieties in disguise

    • 07 novembre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Mingjie Chen - KU Leuven

    In 2006, de Graaf et al. proposed a strategy based on Lie algebras for finding a linear transformation in the projective linear group that connects two linearly equivalent projective varieties defined over the rational numbers. Their method succeeds for several families of “classical” varieties, such as Veronese varieties, which are known to have large automorphism groups.   In this talk, we[…]

    • Cryptography

  • Some applications of linear programming to Dilithium

    • 14 novembre 2025 (13:45 - 14:45)

    • IRMAR - Université de Rennes - Campus Beaulieu Bat. 22, RDC, Rennes - Amphi Lebesgue

    Orateur : Paco AZEVEDO OLIVEIRA - Thales & UVSQ

    Dilithium is a signature algorithm, considered post-quantum, and recently standardized under the name ML-DSA by NIST. Due to its security and performance, it is recommended in most use cases.   During this presentation, I will outline the main ideas behind two studies, conducted in collaboration with Andersson Calle-Vierra, Benoît Cogliati, and Louis Goubin, which provide a better understanding of[…]
Voir les exposés passés
Haut de page