The talk will give an exposition of the paper "On Ideal Lattices and Learning with Errors Over Rings" by Vadim Lyubashevsky, Chris Peikert, and Oded Regev: https://eprint.iacr.org/2012/230.pdf
Shahed Sharif will lead a discussion on open questions in isogeny-based cryptography. This will include the open questions in the paper "How to not break SIDH" by Chloe Martindale and Lorenz Panny: https://eprint.iacr.org/2019/558
and perhaps also the paper "Trapdoor DDH groups from pairings and isogenies" by Péter Kutas and Christophe Petit and Javier Silva:
We will review the Shortest Vector Problem and Closest Vector
Problem, cover the elementary theory of these problems, and
discuss common lattice algorithms, including Babai's algorithms
for CVP and the LLL algorithm.
This talk will give an introduction to the Learning with Errors (LWE) and Ring Learning with Errors (Ring-LWE) Problems. References for LWE and Ring-LWE are here:
This talk with give a gentle introduction to Lattice-Based Cryptography.
Some references include the Lattices section of the book "Mathematics of Public Key Cryptography" by Steven Galbraith (free download available at https://www.math.auckland.ac.nz/~sgal018/crypto-book/crypto-book.html), the Lattices and Cryptography section of the book "An Introduction to Mathematical Cryptography" by Hoffstein, Pipher, and Silverman, or the article "Lattice-based Cryptography" by Micciancio and Regev (https://cims.nyu.edu/~regev/papers/pqc.pdf).
This talk will continue the talk of September 27, giving an exposition of Chris Peikert's quantum attack on CSIDH. The paper is He Gives C-Sieves on the CSIDH and it's available here: https://eprint.iacr.org/2019/725
This talk will give an exposition of Chris Peikert's quantum attack on CSIDH, then turn to lattices afterwards. The paper is He Gives C-Sieves on the CSIDH and it's available here: https://eprint.iacr.org/2019/725
We study experimentally the Hermite factor of BKZ2.0 on uSVP lattices, with the motivation of understanding the concrete security of LWE in the setting of homomorphic encryption. We run experiments by generating instances of LWE in small dimensions, where we consider secrets sampled from binary, ternary or discrete Gaussian distributions. We convert each LWE instance into a uSVP instance and run the BKZ2.0 algorithm to find an approximation to the shortest vector. When the attack is successful, we can deduce a bound on the Hermite factor achieved for the given blocksize. This allows us to give concrete values for the Hermite factor of the lattice generated for the uSVP instance. We compare the values of the Hermite factors we find for these lattices with estimates from the literature and find that the Hermite factor may be smaller than expected for blocksizes 30, 35, 40, 45. Our work also demonstrates that the experimental and estimated values of the Hermite factor trend differently as we increase the dimension of the lattice, highlighting the importance of a better theoretical understanding of the performance of BKZ2.0 on uSVP lattices.