Search by date:
1998
|
1999
|
2000
|
2001
|
2002
|
2003
|
2004
|
2005
|
2006
|
2007
|
2008
|
2009
|
2010
|
2011
|
2012
|
2013
|
2014
|
2016
|
2017
|
2018
|
2019
| Forthcoming
If you wish to be informed about our seminars by email,
please contact Francesco Berti, Olivier Pereira or François-Xavier Standaert .
Seminars for the year 2013
June 2013
June 12, 15:00 - Round-optimal Signature, developing new tools to improve efficienc
by Dr. Olivier Blazy
Date: | June 12, 2013 - 15:00 |
Location: | Maxwell Building, first floor
Place du Levant, 3 - 1348 Louvain-la-Neuve |
Abstract: | Randomizable encryption allows anyone to transform a ciphertext into a fresh ciphertext of the same message. Analogously, a randomizable signature can be transformed into a new signature on the same message. We combine randomizable encryption and signatures in a way that given the decryption key and a signature on a ciphertext, one can recover a signature on the encrypted message.
Using Groth-Sahai proofs and Waters signatures, we give several instantiations of our primitive proven secure under classical assumptions in the standard model yielding an efficient instantiation of Blind-Signatures.
Thanks to various tricks on the programmability of the Waters function, and on the proofs used we show how to further improve this construction.
Based on previous work at PKC 11, TCC 12, PKC 13, Crypto 13, and on ongoing work |
June 21, 14:30 - Functional Secret Sharing
by Pr. Yvo Desmedt
Date: | June 21, 2013 - 14:30 |
Location: | Room 207, Euler Building (near Maxwell Building) Avenue Georges Lemaître, 4-6 - 1348 Louvain-la-Neuve |
Abstract: | Functional encryption is now receiving a lot of attention. However, the topic of functional encryption was preceded by functional secret sharing (SIAM Journal on Discrete Mathematics, 2000).
In this lecture, we explain some of the motivations behind functional secret sharing. We note that in functional secret sharing, we have, as in normal secret sharing, a dealer. However, after the participants received shares from the dealer, a function f will be chosen and the participants will be asked to evaluate f(secret), without any help of the dealer.
Two approaches are surveyed. The first one is non-interactive in the sense that the participants need to broadcast some partial evaluation of f(secret). Since broadcast is used, these partial evaluations should not facilitate a non-authorized set to compute f'(secret), except if f'(secret) follows logically from f(secret). The second approach is interactive in which stricter privacy requirements can be enforced. Most of our solutions are reusable.
We conclude with giving open problems.
|
July 2013
July 17, 11:00 - Outils cryptographiques pour les accréditations anonymes
by Roch Lescuyer
Date: | July 17, 2013 - 11:00 |
Location: | Nyquist room - Maxwell Building a.164
Place du Levant, 3 - 1348 Louvain-la-Neuve
|
Abstract: | L'un des rôles de la cryptographie moderne est d'assurer l'authentification pour l'accès aux services numériques. Dans ce contexte, la traçabilité des personnes constitue bien souvent l'envers de la médaille. Afin de répondre à cette problématique majeure du respect de la vie privée, tout en maintenant des politiques de droits d'accès, il serait ainsi souhaitable de concilier authentification et anonymat. Parmi les outils que la cryptographie propose pour répondre à ce besoin, les accréditations anonymes permettent un usage anonyme d'attributs certifiés pour accéder à un service de façon authentifiée. Nous proposons dans un premier temps d'utiliser le concept de signatures caméléons dans le cadre des accréditations anonymes. Les signatures caméléons permettent la modification contrôlée, par une personne habilitée, d'un document signé après la génération de la signature. Nous proposons dans un second temps d'utiliser le concept de signatures agrégeables dans le cadre des accréditations anonymes. Les signatures agrégeables permettent la réunion de plusieurs signatures individuelles en un agrégat de taille constante. Leur utilisation dans les accréditations anonymes permet de simplifier l'utilisation de plusieurs accréditations au sein d'un même protocole d'authentification. |
September 2013
September 16, 11:00 - SPRING – Fast Pseudorandomness from Rounded Polynomial Products
by Hai Brenner
Date: | September 16, 2013 - 11:00 |
Location: | Salle Shannon - Maxwell Building, first floor. Place du Levant, 3 - 1348 Louvain-la-Neuve |
Abstract: | Recently, Banerjee, Peikert and Rosen (ePrint Report 2011/401) put forward a new, rigorously provable approach for constructing pseudorandom objects (namely, pseudorandom generators and functions) based on ``rounded products'' in certain polynomial rings. Their approach has the potential to help bridge the gap between theoretically sound and practically efficient constructions of symmetric cryptographic objects. In their paper, BPR present two alternative constructions: one is based on a construction by Naor and Reingold, using pseudorandom synthesizers, while the other is more “direct” and is based on the subset product of polynomials. I will present both BPR constructions, and the main theoretical ideas underlying these constructions. We will discuss the possibility of implementing each of the variants on hardware.
|
October 2013
October 10, 14:00 - Discrete logarithms: Recent progress (and open problems)
by Pr. Antoine Joux
Date: | October 10, 2013 - 14:00 |
Location: | Salle Shannon - Maxwell Building, first floor. Place du Levant, 3 - 1348 Louvain-la-Neuve |
Abstract: | In this talk, we present several recent improvements on the computation discrete logarithms in finite fields.
The first part presents a quasi-polynomial algorithm for computing discrete logarithms in fields of small characteristic. The main ingredient in a new method for generating multiplicative relations with a "systematic side" by composing the polynomial (X^q-X) with homographies.
The second part of the talk shows that the SNFS (special number field sieve) is not only an option for prime fields but can be generalized to extension fields, when the characteristic has a "sparse" expression. As a result, we obtain a variant of NFS with reduced complexity. In particular, this can be applied to some pairing-based constructions. |
See also: