# Codes and Lattices in Cryptography

Τεχνίτη Νοημοσύνη και Ρομποτική

21 Νοε 2013 (πριν από 4 χρόνια και 6 μήνες)

111 εμφανίσεις

Codes and Lattices in Cryptography
Seminar proposals
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 1/17
Syndrome decoding problem
1.Input.
H:binary-matrix of size r n
S:vector of F
r
2
t:integer
2.Problem.Does there exist a vector e of F
n
2
of weight t such that:
I
Problem NP-complete
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 2/17
What can we do with this problem?
I
hash function
I
stream cipher
I
identiﬁcation
I
encryption
I
signature
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 3/17
Current works I
Hash-function
from PQCrypto book
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 4/17
Current works II
Stream cipher
from PQCrypto book
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 5/17
Current works III
Identiﬁcation
I
zero-knowledge,
I
generate a random matrix Hof size r n
I
we choose an integer t which is the weight
I
this is the public key (H;t)
I
each user owns e of n bits and weight t:
I
this is the secret key
I
each user computes:S = He:
I
S is public
I
A wants to prove that she knows e but she doesn’t want to divulgate it.
I
The protocol is on  rounds and each of them is deﬁned as follows:
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 6/17
Current works III
Identiﬁcation
1.A chooses randomly y of n bits and a permutation  of f1;2;:::;ng:
A sends to B:c
1
;c
2
;c
3
such that:
c
1
= h(jHy);c
2
= h((y));c
3
= h((y e))
2.B sends to A a randomb 2 f0;1;2g:
3.Three possibilities:
3.1 if b = 0:A reveals y and 
3.2 if b = 1:A reveals (y e) and 
3.3 if b = 2:A reveals (y) and (e)
4.Three possibilities:
4.1 if b = 0:B checks that c
1
;c
2
are correct
4.2 if b = 1:B checks that c
1
;c
3
are correct
I
for c
1
we can notice that:
Hy = H(y e) S
4.3 if b = 2:B checks that c
2
;c
3
are correct and that (e) is of weight t
Figure:Stern identiﬁcation scheme
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 7/17
Current works III
Identiﬁcation:seminar proposal
1 Code/Lattice-based commitment schemes
I
understand the concept of commitment function
I
understand the lattice-based proposal
I
design a code-based commitment function
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 8/17
Current works IV
Encryption:Niederreiter scheme
I
Private key:
I
C a [n;n r;d] code which corrects t errors,
I
H
0
a parity check matrix of C,
I
a r r invertible matrix Q,
I
a n n permutation matrix P.
I
Public key:H = QH
0
P.
I
Encryption:
n;t
(m) = e,with e of weight t and S = He:
I
Decryption:decode S in z,then zP
1
gives e and 
1
n;t
(e) = m:
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 9/17
Current works V
From PKC to Signature
I
PKC!signature.
I
RSA yes
I
McEliece and Niederreiter no directly
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 10/17
Current works V
Signature:N.COURTOIS,M.FINIASZ,N.SENDRIER
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 11/17
Current works V
Signature:N.COURTOIS,M.FINIASZ,N.SENDRIER
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 12/17
Current works V
Signature:seminar proposal
2 Code-based signature schemes with special properties
I
do a survey of additional properties a signature can propose
I
understand the code-based signature schemes
I
design a code-based signature scheme with an additional property
3 Quasi-cyclic CFS signature scheme
I
understand the CFS signature scheme
I
understand quasi-dyadic construciton of the CFS signature scheme
I
understand McEliece with quasi-cyclic codes
I
design CFS with quasi-cyclic codes
4 Code-based blind signatures
I
understand what a blind signature is
I
understand the post-quantum secure blind signature schemes
I
understand which additional properties a blind signature can have
I
design an efﬁcient code-based blind signature scheme
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 13/17
Current works VI
Cryptanalysis:Information Set Decoding
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 14/17
Current works VI
Cryptanalysis:Information Set Decoding
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 15/17
Current works VI
Cryptanalysis:seminar proposal
5 Grover vs PQ crypto
I
understand the paper Grover vs McEliece
I
propose secure parameters for several code-based schemes wrt Grover’s
attack
I
apply Grover’s attack to lattice-based schemes
I
provide post-quantum secure parameters for all the code/lattice-based
cryptosystems
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 16/17
Current works VII
More:seminar proposal
6 Code-based oblivious transfer
I
do a survey of all the code-based oblivious transfer
I
understand all those proposals
I
do a survey of all post-quantum secure oblivious transfer
I
understand all those proposals
I
improve the existing schemes
Dr.Pierre-Louis CAYREL Codes and Lattices in Cryptography 17/17