À¶Ý®ÊÓƵ

There are 3 short talks this week.

Title: Quantum Collision-Finding in Non-Uniform Random Functions

´¡²ú²õ³Ù°ù²¹³¦³Ù:ÌýProving the security of a scheme against a quantum adversary often makes the strong assumption of modelling the hash function as uniformly random. In this work, we study the generic security of non-uniform random functions, specifically those with min-entropy k. This has applications to the quantum security of the Fujisaki-Okamoto transformation, as well as allowing for more relaxed security assumptions. We discuss previous results and sketch a proof for an asymptotic upper and lower bound of 2^k/3 quantum queries. 

°Õ¾±³Ù±ô±ð:ÌýFaster isogeny-based compressed key agreement

Abstract:Supersingular isogeny-based cryptography is one of the more recent families of post-quantum proposals. An interesting feature is the comparatively low bandwidth occupation in key agreement protocols, which stems from the possibility of key compression. However, compression and decompression introduce a significant overhead to the overall processing cost despite recent progress. In this talk I will describe a set of optimizations providing improvements in both key compression and decompression.

Title:Ìý±·°Õ¸é±«-±á¸é³§³§-°­·¡²Ñ

Abstract:The US National Institute of Standards and Technology (NIST) hasinitiated a project to standardize post-quantum cryptographic algorithms in the categories of key encapsulation, public key encryption, and digital signatures. I will present "NTRU-HRSS," a submission in the key encapsulation category. NTRU-HRSS is a direct instantiation of Hoffstein, Pipher, and Silverman's NTRUEncrypt scheme from ANTS 1998. Parameters for NTRU-HRSS were chosen to 1) ensure perfect correctness, 2) ease constant time implementation, and 3) provide at least 128 bit security with respect to a conservative cost model for quantum computation. I will justify these claims about the parameters and compare NTRU-HRSS with other NTRU/LWE schemes under consideration.