The Learning with Errors (LWE) hardness assumption is one of the most promising primitive for post-quantum cryptography due to its strong security reduction from the worst-case of NP-hard problems and its lightweight operations. The Public Key Encryption (PKE) scheme based on LWE has a simple and fast decryption, but its encryption is rather slow due to large parameter sizes for Leftover Hash Lemma or expensive Gaussian samplings.

In this talk, we introduce a novel PKE without relying on either of them. For encryption, we first combine several LWE instances as in the previous LWE-based PKEs. However, the following step to re-randomize this combination before adding a message is different: remove several least significant bits of ciphertexts rather than inserting errors. We prove that our scheme is IND-CPA secure under the hardness of LWE and can be converted into an IND-CCA scheme in the quantum random oracle model.

Our approach accelerates encryption speed to a large extent and also reduces the size of ciphertexts. The proposed scheme is very competitive for all applications requiring both of fast encryption and decryption. In our single-core implementation in Macbook Pro, encryption and decryption of a 128-bit message for quantum 128-bit security take 7 and 6 microseconds that are 3.4 and 4.2 times faster than those of NTRU PKE, respectively. To achieve these results, we further take some advantage of sparse small secrets, under which the security of our scheme is also proved.

We will also talk about recent announcement on NIST's call-for-proposal for post-quantum crypto.

This talk is based on the preprint in http://eprint.iacr.org/2016/1126.

Let us consider the one dimensional Schr{\"o}dinger operator $H=-D^2+V$. It is well known that $H$  has  no positive eigenvalues  if $V (x)$= o(x^{−1})$.   More generally, if $\limsup |xV (x)| = C$, Eastham-Kalf  show any eigenvalue must  be euqal or less than  $C^2$. On the other hand, Naboko and Simon have constructed $V (x)$ decaying arbitrarily slower than  $x^{-1}$ with dense eigenvalues.  

It is conjectured by Barry Simon that if  $\limsup |xV (x)| <\infty$, then $\sum \sqrt{\lambda_n}<\infty$, where $\{\lambda_n\}$  are the positive eigenvalues of $H$.

In this seminar, I will present a result of Kiselev-Last-Simon, which states that if $\limsup |xV (x)| = C$,  then $\sum \lambda_n\leq \frac{C^2}{2}$.

The Denjoy integral is an integral that extends the Lebesgue integral and can integrate any derivative. In this talk, it is shown that the graph of the indefinite Denjoy integral $f\mapsto \int_a^x f$ is a coanalytic non-Borel relation on the product space $M[a,b]\times C[a,b]$, where $M[a,b]$ is the Polish space of real-valued measurable functions on $[a,b]$ and where $C[a,b]$ is the Polish space of real-valued continuous functions on $[a,b]$. Using the same methods, it is also shown that the class of indefinite Denjoy integrals, called $ACG_{\ast}[a,b]$, is a coanalytic but not Borel subclass of the space $C[a,b]$, thus answering a question posed by Dougherty and Kechris. Some basic model theory of the associated spaces of integrable functions is also studied. Here the main result is that, when viewed as an $\mathbb{R}[X]$-module with the indeterminate $X$ being interpreted as the indefinite integral, the space of continuous functions on the interval $[a,b]$ is elementarily equivalent to the Lebesgue-integrable and Denjoy-integrable functions on this interval, and each is stable but not superstable, and that they all have a common decidable theory when viewed as $\mathbb{Q}[X]$-modules.

The Denjoy integral is an integral that extends the Lebesgue integral and can integrate any derivative. In this talk, it is shown that the graph of the indefinite Denjoy integral $f\mapsto \int_a^x f$ is a coanalytic non-Borel relation on the product space $M[a,b]\times C[a,b]$, where $M[a,b]$ is the Polish space of real-valued measurable functions on $[a,b]$ and where $C[a,b]$ is the Polish space of real-valued continuous functions on $[a,b]$. Using the same methods, it is also shown that the class of indefinite Denjoy integrals, called $ACG_{\ast}[a,b]$, is a coanalytic but not Borel subclass of the space $C[a,b]$, thus answering a question posed by Dougherty and Kechris. Some basic model theory of the associated spaces of integrable functions is also studied. Here the main result is that, when viewed as an $\mathbb{R}[X]$-module with the indeterminate $X$ being interpreted as the indefinite integral, the space of continuous functions on the interval $[a,b]$ is elementarily equivalent to the Lebesgue-integrable and Denjoy-integrable functions on this interval, and each is stable but not superstable, and that they all have a common decidable theory when viewed as $\mathbb{Q}[X]$-modules.

We consider the scattering map introduced by Beals and Coifman and Fokas and Ablowitz that may be used to transform one of the Davey Stewartson equations to a linear evolution. We give mapping properties of the scattering transform on weighted L^2  Sobolev spaces that mimic well-known properties of the Fourier transform. This is joint work with  Katharine Ott, Peter Perry, and Nathan Serpico.