Date de l'exposé : 24 novembre 2023
Finding short integer solutions when the modulus is small
We present cryptanalysis of the inhomogenous short integer solution (ISIS) problem for anomalously small moduli by exploiting the geometry of BKZ reduced bases of q-ary lattices.
We apply this cryptanalysis to examples from the literature where taking such small moduli has been suggested. A recent work [Espitau–Tibouchi–Wallet–Yu, CRYPTO 2022] suggests small versions of the lattice signature scheme FALCON and its variant MITAKA.
For one small parametrisation of FALCON we reduce the estimated security against signature forgery by approximately 26 bits. For one small parametrisation of MITAKA we successfully forge a signature in seconds.
date: 08 décembre 2023
prenom: Sabrina
nom: Kunzweiler
universite: Université Bordeaux
titre: Password-Authenticated Key Exchange (PAKE) from Isogenies
resume: The passwords that we use in our everyday life are often chosen to be easily memorable which makes them vulnerable to attacks. This problem is addressed by password-authenticated key exchange (PAKE). The general idea is to enable two parties who share the same (potentially weak) password to establish a strong session key.
Most PAKE protocols used today are based on Diffie-Hellman key exchange in prime order groups, hence they are not secure against quantum attackers. A promising candidate for replacing Diffie-Hellman key exchange in a post-quantum world is the Commutative-Supersingular-Isogeny-Diffie-Hellman (CSIDH) key exchange. In this talk, we introduce two novel PAKE protocols based on CSIDH.