Skip to main content

Abstracts for Conference on "The Mathematics of Post-Quantum Cryptography"

Alternatively have a look at the program.

Welcome and Introduction

Posted in
Date: 
Wed, 04/12/2024 - 13:00 - 13:20
Location: 
MPIM Lecture Hall

Interpolating isogenies between elliptic curves: destructive and constructive applications

Posted in
Speaker: 
Wouter Castryck
Affiliation: 
KU Leuven
Date: 
Wed, 04/12/2024 - 13:20 - 14:20
Location: 
MPIM Lecture Hall

A degree-$d$ isogeny $\Phi : E \to E'$ between elliptic curves is always uniquely determined by the images of any $4d + 1$ points $P \in E$. In a series of recent(ish) works, this statement was made algorithmically effective: given any point $Q \in E$, we now understand how to efficiently compute its image $\Phi(Q)$ from such interpolation data (over finite fields, and assuming that the interpolation points generate a group of smooth order). We will explain this method, in which higher-dimensional abelian varieties play a surprising role.

Lattices in Number Theory

Posted in
Speaker: 
Peter Stevenhagen
Affiliation: 
Leiden University
Date: 
Wed, 04/12/2024 - 14:25 - 15:10
Location: 
MPIM Lecture Hall

I will define lattices and discuss some of their basic properties, including Minkowski’s theorem on lattice points in convex bodies. In the setting of algebraic number theory, I will explain how number rings and their ideals come with a natural embedding as lattices in Euclidean spaces.

 

Principles of Lattice Cryptography, and cryptanalysis by lattice reduction

Posted in
Speaker: 
Leo Ducas
Affiliation: 
Centrum Wiskunde and Informatica, and Leiden University
Date: 
Wed, 04/12/2024 - 15:15 - 16:00
Location: 
MPIM Lecture Hall

In this presentation, I will present lattice-based cryptography as stemming from tessellating a Euclidean vector space according using a lattice basis. This directly points at lattice reduction algorithm for cryptanalysis, and I will cover the famous LLL algorithm, and discuss stronger but slower algorithm.
If times allow, I will also discuss the special case of ideal lattices of a number field, how the reduction theory differs, and how it can be exploited for attacks and hardness proof.

 

Algebraic cryptanalysis applied to equivalence problems

Posted in
Speaker: 
Monika Trimoska
Affiliation: 
Eindhoven University of Technology
Date: 
Wed, 04/12/2024 - 16:40 - 17:25
Location: 
MPIM Lecture Hall

In this talk, we first give an introduction to algebraic cryptanalysis, before looking into concrete applications to solving hard problems relevant for cryptography. The examples chosen for this talk are equivalence problems. Broadly, an equivalence problem considers two instances of the same mathematical object and asks if there exists a map between them that preserves some defined property. Two such problems will be looked at in detail.

Problem Session

Posted in
Date: 
Wed, 04/12/2024 - 17:30 - 18:30
Location: 
MPIM Lecture Hall

The syzygy distinguisher

Posted in
Speaker: 
Hugues Randriam
Affiliation: 
ANSSI
Date: 
Thu, 05/12/2024 - 09:00 - 09:45
Location: 
MPIM Lecture Hall

We present a new distinguisher for alternant and Goppa codes, whose complexity is subexponential in the error-correcting capability, hence better than that of generic decoding algorithms. Moreover it does not suffer from the strong regime limitations of the previous distinguishers or structure recovery algorithms: in particular, it applies to the codes used in the Classic McEliece candidate for postquantum cryptography standardization. The invariants that allow us to distinguish are graded Betti numbers of the homogeneous coordinate ring of a shortening of the dual code.

Isogeny-based group actions in cryptography

Posted in
Speaker: 
Sabrina Kunzweiler
Affiliation: 
Inria Bordeaux and Université de Bordeaux
Date: 
Thu, 05/12/2024 - 09:45 - 10:30
Location: 
MPIM Lecture Hall

The hardness of computing discrete logarithms in a prime order group builds the basis of many constructions in cryptography.
While there exist efficient quantum algorithms for solving this problem, the situation is different when we consider group actions:
Given two elements $x,y$ in a set $X$, and a group $G$ acting on $X$, the "group-action DLOG problem" asks to find a group element $g \in G$ so that $y = gx$ (if it exists).

In this talk, the focus will be on group actions that are used in isogeny-based cryptography.

Hardness of isogeny problems and equidistribution

Posted in
Speaker: 
Aurel Page
Affiliation: 
Inria Bordeaux and Université de Bordeaux
Date: 
Thu, 05/12/2024 - 11:00 - 11:40
Location: 
MPIM Lecture Hall

When studying proposed isogeny-based cryptosystems, several computational problems naturally appear: some are upper bounds for the security of the system (if one can solve the problem, then one can break the cryptosystem), some are lower bounds (if one can break the cryptosystem, then one can solve the problem). We would therefore like to understand the relative difficulty of these problems, ideally showing that they are all equivalent.

Utility and usability of projective resolutions

Posted in
Speaker: 
Severin Barmeier
Affiliation: 
University of Cologne
Date: 
Thu, 05/12/2024 - 14:05 - 14:50
Location: 
MPIM Lecture Hall

Projective resolutions are a standard tool of homological algebra that allow to compute cohomology and associated invariants such as Betti numbers which are used in both abstract contexts and concrete applications. From a theoretical perspective, all projective resolutions are (homotopy) equivalent. Projective resolutions can appear in a wide range of flavours, some more apt for abstract arguments, others more apt for concrete calculations.

© MPI f. Mathematik, Bonn Impressum & Datenschutz
-A A +A