Search by date:
1998
|
1999
|
2000
|
2001
|
2002
|
2003
|
2004
|
2005
|
2006
|
2007
|
2008
|
2009
|
2010
|
2011
|
2012
|
2013
|
2014
|
2016
|
2017
|
2018
|
2019
| Forthcoming
If you wish to be informed about our seminars by email,
please contact Francesco Berti, Olivier Pereira or François-Xavier Standaert .
Seminars for the year 2018
July 2018
July 04, 14:00 - Masking Lattice-based Fiat-Shamir-with-aborts Signatures at Any Order (EUROCRYPT 2018)
| Date: | July 04, 2018 - 14:00 |
| Location: | Salle Shannon - Maxwell Building, first floor.
Place du Levant, 3 - 1348 Louvain-la-Neuve |
| Abstract: | Recently, numerous physical attacks have been demonstrated against lattice-based schemes, often exploiting their unique properties such as the reliance on Gaussian distributions, rejection sampling and FFT-based polynomial multiplication. As the call for concrete implementations and deployment of postquantum cryptography becomes more pressing, protecting against those attacks is an important problem. However, few countermeasures have been proposed so far. In particular, masking has been applied to the decryption procedure of some lattice-based encryption schemes, but the much more difficult case of signatures (which are highly non-linear and typically involve randomness) has not been considered until now.
In this paper, we describe the first masked implementation of a lattice-based signature scheme. Since masking Gaussian sampling and other procedures involving contrived probability distribution would be prohibitively inefficient, we focus on the GLP scheme of Güneysu, Lyubashevsky and Pöppelmann (CHES 2012). We show how to provably mask it in the Ishai-Sahai-Wagner model (CRYPTO 2003) at any order in a relatively efficient manner, using extensions of the techniques of Coron et al. for converting between arithmetic and Boolean masking. Our proof relies on a mild generalization of probing security that supports the notion of public outputs. We experiment with the efficiency of the generated scheme.
Blog article : http://risq.fr/?page_id=365⟨=en
Eprint : https://eprint.iacr.org/2018/381.pdf |
July 05, 14:00 - Minimizing Leakage with Garbled Circuits
by Aurélien Dupin
| Date: | July 05, 2018 - 14:00 |
| Location: | Salle Shannon - Maxwell Building, first floor.
Place du Levant, 3 - 1348 Louvain-la-Neuve |
| Abstract: | Secure two-party computation provides a way for two parties to compute a function, that depends on the two parties' inputs, while keeping them private. Known since the 1980s, Yao's garbled circuits appear to be a general solution to this problem, in the semi-honest model.
Decades of optimizations have made this tool a very practical solution. This presentation starts with an introduction to garbled circuits and some of its optimizations.
However, it is well known that a malicious adversary could modify a garbled circuit before submitting it.
Many protocols, mostly based on cut-&-choose, have been proposed to secure Yao's garbled circuits in the presence of malicious adversaries.
Nevertheless, how much an adversary can modify a circuit and make it still executable has not been studied yet.
We first prove that any modification made by an adversary is equivalent to adding/removing NOT gates arbitrarily in the original circuit, otherwise the adversary can get caught.
Thereafter, we study some evaluation functions for which, even without using cut-&-choose, no adversary can gain more information about the inputs by modifying the circuit. |
July 05, 15:01 - "On the Communication Complexity of Multiparty Computation in the Correlated Randomness Model" (TPMPC 2018)
by Geoffroy Couteau
| Date: | July 05, 2018 - 15:01 |
| Location: | Salle Shannon - Maxwell Building, first floor.
Place du Levant, 3 - 1348 Louvain-la-Neuve |
| Abstract: | Secure multiparty computation (MPC) addresses the challenge of evaluating functions on secret inputs without compromising their privacy. An central question in multiparty communication is to understand the amount of communication needed to securely evaluate a circuit of size s. In this work, we revisit this fundamental question, in the setting of information-theoretically secure MPC in the correlated randomness model, where a trusted dealer distributes correlated random coins, independent of the inputs, to all parties before the start of the protocol. This setting is of strong theoretical interest, and has led to the most practically efficient MPC protocols known to date. While it is known that protocols with optimal communication (proportional to input plus output size) can be obtained from the LWE assumption, and that protocols with sublinear communication o(s) can be obtained from the DDH assumption, the question of constructing protocols with o(s) communication remains wide open for the important case of information-theoretic MPC in the correlated randomness model. All known protocols in this model require O(s) communication in the online phase; improving this state of affairs is a long standing open question. In this work, we exhibit the first generic multiparty computation protocol in the correlated randomness model with communication sublinear in the circuit size, for a large class of circuits. More precisely, we show the following: any size-s layered circuit (whose nodes can be partitioned into layers so that any edge connects adjacent layers) can be evaluated with O(s/log log s) communication. Our result holds for both boolean and arithmetic circuits, and security holds with respect to malicious corruption, without honest majority.
|
See also:
