NIST PQC Seminars
Maxime Bros
The PQC Team at NIST will host a series of online talks about post-quantum cryptography.
More precisely, these "NIST PQC Seminars", each of about 1h (questions included), will start as soon as we receive proposals from potential speakers, and they will happen every 2 to 3 weeks approximately.
Every topic in connection with post-quantum cryptography is of interest to us, however we want to prioritize talks concerning the presentation, implementation, or attacks of signature schemes for the “onramp” additional PQC signature call from NIST.
It is, of course, not required to give a talk to submit, nor will submissions which are presented receive any extra or special consideration during the evaluation phase.
If you want to give a talk, please contact me at maxim...@nist.gov; once we agree on a date and time, it will be publicly announced on this pqc-forum.
Thanks,
Sincerely,
Maxime Bros
NIST PQC
Maxime Bros
Dear all,
I am glad to announce that we created a web page for the NIST PQC Seminars, please find it here: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.
You can find the 2 first talks info there, and the videos of the talks will be uploaded there as well.
We will also put the details on how to connect to the talks in the coming days.
Please find below this email the abstract of the first seminar that will happen on Tuesday March 14th, 2023, 10 a.m. US EDT.
Feel free to propose other talks 😊.
Sincerely,
Maxime Bros
NIST PQC
========================================================
### Title ###
LESS: Digital Signatures from Linear Code Equivalence
### Speaker and Affiliation ###
Dr. Edoardo Persichetti
Computer Science department, Sapienza University of Rome, Italy
### Abstract ###
The LESS signature scheme was introduced in 2020 and represents a breath of fresh air in the code-based panorama. Most notably, the scheme departs from the traditional error-correcting approach, and instead relies entirely on the hardness of the Code Equivalence Problem, a well-known problem in coding theory. Moreover, the underlying group action structure allows to design a versatile and efficient protocol. The initial construction was based on a 3-pass identification scheme, which is then transformed via Fiat-Shamir; several computational improvements were added in the following years to bolster performance. In this talk, we illustrate the LESS scheme and its background, and give an intuition about its potential as a post-quantum signature solution.
### Mini bio ###
Dr. Edoardo Persichetti is originally from Rome, Italy, where he studied Mathematics at Sapienza University. He received his PhD in 2013 from University of Auckland, under the supervision of Steven Galbraith, with a dissertation on code-based cryptography. After that he was a postdoc in the Cryptography and Data Security Group at Warsaw University in Poland, before moving to the United States, where he worked at Florida Atlantic University, first as Assistant Professor, and then as Associate Professor. He recently moved back to Italy where he joined the Computer Science department at Sapienza.
Maxime Bros
It is my pleasure to share the details of the second PQC seminar: it will happen on Tuesday April 4th, 2023, 10 a.m. US EDT, see the details below.
As usual, the connection instructions will be uploaded on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.
Recall that the slides and the video of the first talk will be available on this same website, as soon as we can upload them.
Feel free to propose other talks 😊.
Sincerely,
Maxime Bros
NIST PQC
========================================================
### Title ###
### Abstract ###
Why are side-channel countermeasures for Dilithium so much more complex than those for ECDSA? What do I need to do to protect hash-based signatures, and why do engineers consider Ascon and SHA3 to be "easier to protect" against side-channel attacks than SHA2?
Based on the latest academic research and the experience of developing side-channel secured versions of Kyber and Dilithium for commercial silicon, we dissect recent NIST PQC standards and discuss masking gadgets and other industry-standard countermeasures required to protect them against power- and emission-based side-channel attacks (DPA, DEMA). We discuss the cost (area, latency, energy) of these countermeasures on microcontroller targets and especially with custom hardware.
This engineering-oriented talk will also briefly overview FIPS 140-3 "non-invasive mitigation" side-channel testing methods (likely based on ISO 17825) and how side-channel issues are addressed in high-assurance Common Criteria certifications used for smart cards, secure elements, and platform security.
### Speaker and Affiliation ###
Staff Cryptography Architect, PQShield Ltd
### Mini bio ###
Dr. Saarinen is a Staff Security Architect at PQShield LTD (Oxford, UK) and a Professor of Practice ("työelämäprofessori") at NISEC, Tampere University, Finland. He started his career as a cryptographer at SSH Communications Security in 1997, working on the now-ubiquitous SSH2 protocol. Since then, he has stayed in the field, dividing time between academia and the security industry. Dr. Saarinen joined PQShield Ltd. at its inception as a University of Oxford spin-out in 2018. At PQShield, he has architected some of the first commercially successful high-assurance Post-Quantum Cryptography (PQC) hardware modules. He holds a Ph.D. in Information Security (Cryptanalysis) from Royal Holloway, University of London (2009).
Maxime Bros
I am glad to share the details of the third PQC seminar: it will happen at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday May 5th, 2023, see the details below.
As usual, the connection instructions are on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.
Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.
Feel free to propose other talks 😊.
Sincerely,
Maxime Bros
NIST PQC
========================================================
### Title ###
### Abstract ###
In this talk, we would like to present a systematic study of Fault Injection Attacks (FIA) on structured lattice-based schemes, with main focus on Kyber Key Encapsulation Mechanism (KEM) and Dilithium signature scheme, which are leading
candidates in the NIST standardization process for Post-Quantum Cryptography (PQC). Through our study, we attempt to understand the underlying similarities and differences between the existing attacks, while classify them into different
categories. Given the wide-variety of reported attacks, simultaneous protection against all the attacks requires to implement customized protections/countermeasures for both Kyber and Dilithium. We will also discuss several custom
countermeasures that can be implemented for Kyber and Dilithium to protect against different fault injection attacks.
### Speaker and Affiliation ###
Nanyang Technological University, Singapore
### Mini bio ###
Prasanna Ravi is a Research Associate at PACE labs (Physical Analysis and Cryptographic Engineering), Nanyang Technical University Singapore, and has been in NTU since 2017. He is currently pursuing his PhD in the topic of Side-Channel Analysis and Fault-Injection Analysis of Post-Quantum Lattice-based Cryptography (since 2019) under Dr. Anupam Chattopadhyay and Dr. Shivam Bhasin. He received his bachelor's degree in Electronics and Communications Engineering (ECE) from NIT Trichy, India in 2015. Before NTU, he held the position of Research Engineer at Center for Development of Telematics, Bangalore (CDOT-B), Government of India.
Maxime Bros
Dear all,
I am glad to share the details of the fourth PQC seminar: it will happen at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday May 19th, 2023, see the details below.
As usual, the connection instructions will be posted on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.
Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.
Feel free to propose other talks 😊.
Sincerely,
Maxime Bros
NIST PQC
========================================================
### Title ###
UOV signature revisited
### Abstract ###
In this talk, we will present the UOV signature scheme to be submitted to NIST as a post-quantum signature candidate. We will present the details of the concrete design, the parameters and the rational behind. We will also present detailed security analysis and new attacks we recently developed.
### Speaker and Affiliation ###
Dr. Jintai Ding,
Tsinghua University and BIMSA, China
### Mini bio ###
Jintai Ding is a professor at the Tsinghua University and BIMSA. He is one of the designers of the NIST post-quantum KEM standard Kyber and the designer of one of the NIST third round post-quantum signature finalists: Rainbow. He received his B.A. from Xian Jiaotong University in 1988, his M.A. in mathematics from the University of Science and Technology of China in 1990 and his Ph.D in mathematics from Yale in 1995. He was a lecturer at the Research Institute for Mathematical Sciences of Kyoto University from 1995 to 1998. He has been a faculty member at the University of Cincinnati 1998-2020. From 2006 to 2007, he was a visiting professor and Alexander Von Humboldt Fellow at Technical University of Darmstadt. He received the Zhong Jia Qing Prize from by the Chinese Mathematical Society in 1990. He was a Taft Professor at University of Cincinnati. His main research interests are in cryptography, computational algebra and information security. He was a co-chair of the second, the 10th and 11th international workshop on post-quantum cryptography.
Maxime Bros
Dear all,
It is my pleasure to announce that the next NIST PQC Seminar #5 will start by a few words by Dr. Dustin Moody about the onramp signature call.
More precisely, it will happen at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday June 9th, 2023, see the details below.
As usual, the connection instructions are be posted on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.
Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.
Feel free to propose other talks 😊.
Sincerely,
Dr. Maxime Bros
NIST PQC
========================================================
### Title ###
Hypercube SDitH: a geometric share aggregation approach for more efficient MPCitH Zero Knowledge Proofs and Digital Signatures
### Abstract ###
Syndrome Decoding in the Head is a scheme proposed by Feneuil Joux Rivain presented at CRYPTO 22. In this scheme, they use state-of-the-art MPC in the Head (MPCitH) techniques in conjunction with conservative code-based assumptions, the unstructured syndrome decoding problem, to achieve short signatures.
Some months later, [AGHHJY] introduced a generic modification of the MPCitH approach for additive secret sharings. It provided the same soundness as previous schemes with N^D parties, but requiring only N*D MPC computation. The improvements are derived from the arrangement of secret shares on a hypercube. The ensuing MPC operations are then only performed over ‘main parties’ which aggregate shares along different dimensions of the hypercube. Ultimately, for a hypercube of side N and dimension D, the operations performed are equivalent to D independent runs of an N-party protocol. [AGHHJY] applied these results to SDitH, and created a faster/shorter (depending on trade-off, which is the Hypercube SDitH from the title) scheme that employed the exact same underlying computational problem, to be presented at EUROCRYPT 23. The Hypercube-MPCitH approach provides signature sizes as low as 6.784KB versus 8.481KB in SDitH for the same signing times. However, fixing signature sizes to be equal, the Hypercube-MPCitH can sign/verify an order of magnitude faster, as seen in Table 7 of [AGHHJY].
In a recent work [AHJMRY], a proof in the QROM is presented which proceeds by collapsing the 5 round structure to a 3 round commit-and-open - exploiting 2-special soundness of the 5 round protocol - via initial application of Fiat-Shamir transform (transforming the security of this part into an unstructured search problem), followed by direct application of a QROM 3-round FS-security result from the literature.
In this talk we would like to present the scheme of [AGHHJY]. We believe the hypercube-MPCitH approach is general to a wide range of MPCitH schemes, and at the end we would speak briefly about the QROM proof which we also believe can be used to argue security for a wide range of MPCitH schemes that enjoy 2-special soundness on the final challenge space.
[AGHHJY] "The Return of the SDitH", Eurocrypt 2023, https://eprint.iacr.org/2022/1645
### Speakers and Affiliations ###
Dr. Nicolas Gama, Principal Privacy Software Engineer, SandboxAQ
Dr. David Joseph, Senior Research Scientist, SandboxAQ
### Mini bios ###
Dr. David Joseph - I gained my PhD from Imperial College London during which I investigated quantum-annealing-inspired attacks of the Shortest Vector Problem, central to lattice based cryptography. During that time I joined the Quantum & AI team inside of X, The Moonshot Factory where I started a small team looking into quantum-secure communications. There I co-authored Transitioning Organizations to Post-Quantum Cryptography, published in Nature. Remaining with this team over the next few years, I graduated from Imperial, converted to full time, and in late 2021 moved to SandboxAQ as a researcher during the spinout of the Quantum & AI team from X.
Dr. Nicolas Gama - I spent most of career studying post-quantum cryptography, I obtained my PhD from Ecole Normale Supérieure on Lattice based Cryptography, with the aim of gathering and implementing the most efficient lattice reduction algorithms, and study their performance in order to estimate the security of lattice-based cryptosystems. I grew an interest for cryptography in use, and privacy preserving computation, where I co-designed a few practical schemes, such as the CGGI/TFHE homomorphic encryption scheme, or efficient fixed-point arithmetic backends for MPC. I joined SandboxAQ in 2022, where I continue to develop various domains of post-quantum cryptology, privacy and AI.
Maxime Bros
I'm glad to announce that the next NIST PQC Seminar #6 will be at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday July 7th, 2023, see the details below.
As usual, the connection instructions are posted on the NIST PQC Seminars website:
Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.
Feel free to propose other talks 😊.
Sincerely,
Dr. Maxime Bros
NIST PQC
========================================================
### Title ###
### Abstract ###
In this talk, we would like to present a systematic overview of existing Side-Channel Analysis (SCA) and Fault Injection Attacks (FIA) targeting the multivariate signature scheme UOV. Since its multi-layered version Rainbow was a finalist in the third round of the NIST PQC Standardization Process, it drew a lot of research attention and we will also discuss how existing attacks would translate to UOV.
As the amount of literature is not too overwhelming, we try to cover attacks that are still in a theoretical state, simulated attacks and those that have been practically executed on a Chipwhisperer Setup.
### Speaker and Affiliation ###
University of Regensburg,
Germany
### Mini bio ###
Thomas Aulbach is a Research Associate at the Chair for Data Security and Cryptography at the University of Regensburg, Germany. He is currently pursuing his PhD in the topic of Side-Channel Analysis and Fault-Injection Analysis of Post-Quantum Cryptography under Prof. Dr. Juliane Krämer (since 2021), with a focus on multivariate (and code-based) schemes. He received his bachelor's and master's degree from the Julius-Maximilians-University Würzburg, Germany in 2018 and 2020, respectively. Prior to that (in 2015), he earned a bachelor degree in mechanical engineering completing a dual study program at the DHBW Mosbach and the Bosch Rexroth AG.
Maxime Bros
It is my pleasure to announce that the next NIST PQC Seminar #7 will happen at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday July 21th, 2023, see the details below.
As usual, the connection instructions are posted on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.
Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.
Feel free to propose other talks 😊.
Sincerely,
Dr. Maxime Bros
========================================================
### Title ###
Batch me if you PQ-Sign
### Abstract ###
The Post-Quantum (PQ) signature schemes chosen for standardization by NIST all suffer from performance issues; they are computationally slower or consume much more bandwidth than the current standards we use today, such as ECDSA. Thus, for some applications and protocols such as TLS, switching to PQ signatures has the potential to severely increase the computation and communication cost. In this talk, we will explain an approach to mitigate these issues by signing messages in batches, rather than individually, and present experimental data showing the benefits of this approach when used within TLS and other applications.
### Speaker and Affiliation ###
Senior Research Scientist,
SandboxAQ
### Mini bio ###
Nina Bindel’s research addresses the construction and cryptanalysis of quantum-secure schemes, protocols and applications. She received her PhD from TU Darmstadt on post-quantum signature schemes in 2018. During her time at the Institute for Quantum Computing (IQC) and University of Waterloo (UW) in Waterloo, Ontario, Canada, she started looking into making protocols and standards (e.g., used in vehicle-to-vehicle communication or FIDO2) quantum-secure. Nina has been continuing this direction of research also after she joined SandboxAQ in 2022.
Maxime Bros
Dear all,
I hope you are all doing great.
After the summer break, the NIST PQC Seminars are back 😊, and I am glad to announce the 8th one which will happen at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday October 6th, 2023, see the details below.
As usual, the connection instructions are posted on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.
Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.
Feel free to propose other talks.
Sincerely,
Dr. Maxime Bros
NIST PQC Team
========================================================
### Title ###
Digital signatures from equivalence problems - A closer look at MEDS and ALTEQ
### Abstract ###
An equivalence (or isomorphism) problem ask whether two algebraic or combinatorial objects are essentially the same. Given an equivalence problem, one can obtain a digital signature scheme through the Goldreich--Micali--Wigderson zero-knowledge protocol and the Fiat--Shamir transformation. Three submissions to the latest NIST's call for post-quantum digital signature schemes follow this design, namely LESS (based on monomial code equivalence), MEDS (based on matrix code equivalence), and ALTEQ (based on alternating trilinear form equivalence).
In this talk we take a closer look at MEDS and ALTEQ. We will review their design and main features, and report their performances, advantages and limitations. In particular, MEDS and ALTEQ are based on equivalence problems that are polynomial-time equivalent. Therefore, it is not surprising that their design and cryptanalysis share several ingredients in common. Still, there are interesting subtle differences, and we will report on these too.
### Speakers and Affiliations ###
Dr. Simona Samardjiska, Radboud University, Netherlands
Dr. Youming Qiao, University of Technology Sydney, Australia
### Mini bios ###
Simona Samardjiska is an assistant professor at the Digital Security Group at Radboud University, The Netherlands. She obtained her Ph.D. at NTNU in Norway in 2015 on the topic of Multivariate Cryptography.
Her expertise and research interests are mostly in the mathematics of post-quantum cryptography, especially multivariate and code-based cryptography. She has been actively involved in the current NIST standardization process for Post-Quantum Cryptography as a principal submitter of the second-round candidate MQDSS and one of the submitters of MEDS. She has also contributed to the understanding of the security of other schemes in the competition by analyzing their classical security and resistance to side-channel attacks.
Youming Qiao is an associate professor at the Centre for Quantum Software and Information at the University of Technology Sydney. He obtained his Ph.D. at Tsinghua University in 2012. Youming started his research in theoretical computer science, in particular, computational complexitytheory and algebraic computation. This then taken him to do some work in quantum information and computation, cryptography (in particular, post-quantum cryptography), and pure mathematics (in particular, combinatorics and group theory).
Maxime Bros
I hope you are all doing great.
As usual, the connection instructions will be posted soon on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.
Feel free to propose other talks.
Sincerely,
Dr. Maxime Bros
NIST PQC Team
========================================================
### Title ###
### Abstract ###
Wave is a code-based hash-and-sign signature scheme which instantiates the theoretical framework of Gentry, Peikert and Vaikuntanathan. Its security is proven to inherit from the hardness of two well-identified problems for which the best known attacks rely on generic decoding algorithms. With appropriate parameters, Wave can therefore offer high security against classical and quantum adversaries.
Wave enjoys short signatures (822 Bytes) and fast verification, even with conservative parameters. Wave public keys are generator matrices for random-looking linear codes, so they are on the large side (especially given our conservative parameter choices): this is the main drawback of Wave. However, in use-cases where large public keys can be stored, Wave can be a strong candidate for high-security quantum-safe signatures.
### Speaker and Affiliation ###
### Mini bio ###
Thomas Debris-Alazard is a research scientist (chargé de recherche) at Inria in the Grace project-team. He is mostly interested in error correcting codes and Euclidean lattices in a cryptographic context.
Scott Fluhrer (sfluhrer)
You do realize that this is during the PKI Consortium’s Postquantum Cryptography conference, don’t you?
--
You received this message because you are subscribed to the Google Groups "pqc-forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email to
pqc-forum+...@list.nist.gov.
To view this discussion on the web visit
https://groups.google.com/a/list.nist.gov/d/msgid/pqc-forum/a34e7a34-8cb1-4380-ae4b-456d37f021a9n%40list.nist.gov.
Maxime Bros
I do realize that, sadly it is almost impossible to avoid simultaneous events such as conferences or public holidays in different countries.
However, please note that the video of the seminar together with the slides, will be posted later at
https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Sincerely,
Maxime
To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+unsubscribe@list.nist.gov.
Maxime Bros
It is my pleasure to announce that the next NIST PQC Seminar #10 will happen at 10 a.m. US EST (Eastern Standard Time, New York, NY, UTC-5) on Tuesday November 28th, 2023, see the details below.
As usual, the connection instructions will be posted soon on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.
Feel free to propose other talks.
Sincerely,
Dr. Maxime Bros
NIST PQC Team
========================================================
### Title ###
### Abstract ###
The selection of parameters that offer the best possible performance while simultaneously guaranteeing a well-defined level of security is one of the most challenging tasks in cryptographic system design. The complexity of this task is witnessed by the NIST PQC standardization effort for post-quantum secure cryptographic systems launched in 2016. Similar efforts are expected to be necessary for the just recently initiated NIST standardization process for post-quantum secure digital signature schemes.
In order to ensure that the chosen parameters offer a certain level of security, an estimation of the computational complexity of the underlying hard problem is required. To date, those estimations are often performed in an ad-hoc manner. This led to a scattered landscape of available estimation scripts, with multiple scripts for the same problem with varying outputs. Overall, this complicates the task of reaching a consensus on the hardness of cryptographic problems. Furthermore, for designers, it is difficult to gather precise information on the concrete difficulty of the underlying problems. Especially in light of the still ongoing NIST PQC standardization effort and the recently renewed call for digital signature schemes, there is a pressing need for a reliable point of access for concrete security estimates.
In this talk, we present the first open-source software library entirely dedicated to cryptographic hardness estimation, the CryptographicEstimators library. In contrast to most previous estimators, this library follows a modern object-oriented software architecture, which provides a wide variety of features. Overall, the design is optimized to ease extending existing estimators with new algorithms and makes it simple to integrate completely new estimators. We then show particular features related to the Syndrome Decoding estimator and the Multivariate Quadratic estimator and then showcase the functionality of the library by presenting estimates for some of the candidates of the NIST PQC first-round digital signature standardization effort.
### Speakers and Affiliations ###
Dr. Javier Verbel, Lead Cryptanalyst, Technology Innovation Institute, United Arab Emirates
### Mini bios ###
Andre is currently Lead Researcher of the asymmetric cryptanalysis team at the Technology Innovation Institute (TII). He received his PhD in 2020 under supervision of Alexander May from Ruhr University Bochum. His main research focus lies in the field of post quantum cryptography, with a special focus on code-based cryptanalysis. Andre works on the edge of theoretical and practical cryptanalysis. As such, he is co-designer of three submissions to the NIST PQC renewed call for additional digital signatures and co-holder of multiple record computations in the field of decoding.
Javier is currently Lead Cryptanalyst of the asymmetric cryptanalysis team at the Technology Innovation Institute (TII). Javier received his PhD in 2021 under the supervision of Prof. Daniel Cabarcas from the National University of Colombia. His research focuses on the practical and theoretical evaluation of cryptographic primitives based on the multivariate quadratic problem and on the MinRank problem. Javier is co-designer of two submissions to the NIST PQC renewed call for additional digital signatures.
To unsubscribe from this group and stop receiving emails from it, send an email to pqc-forum+...@list.nist.gov.
Maxime Bros
I hope you’re doing well.
It is my pleasure to announce that the NIST PQC Seminars now have a mailing list 😊.
It will enable you to receive notifications for the coming talks, you can find more info about this list here: https://list.nist.gov/pqc-seminars
To subscribe, please send an empty email with your first name + last name as the subject to pqc-seminar...@list.nist.gov
You will receive an email asking you to confirm your subscription by either:
- clicking a link (using your google account)
- or simply replying to the email (no need to use a google account for that)
Then, allow a few days for your subscription to be approved, and if it is not, feel free to send a request to pqc-se...@nist.gov
Please find more detailed instructions here: https://csrc.nist.gov/csrc/media/Projects/post-quantum-cryptography/documents/pqc-seminars/listserve-subscribe-instructions.pdf
Sincerely,
Dr. Maxime Bros
NIST PQC
Maxime Bros
I hope you're doing well.
The next one, namely NIST PQC Seminars # 11 will happen at 10 a.m. US EDT (Eastern Daylight Time, Washington D.C., UTC-4) on Tuesday April 23rd, 2024. Please find more details below.
Since Verizon discontinued its BlueJeans service, we decided to switch to Zoom for Government (ZoomGov). On your side, everything will be the same as with the usual Zoom: you can join in the browser or with your usual Zoom desktop application (we recommend this option for stability), and no need to have a Zoom account to join.
More details on how to join a Zoom meeting can be found in this video from Zoom: https://www.youtube.com/watch?v=pAMDxH_H_Cs
The actual and detailed invitation will be published on the NIST PQC Seminars website soon:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Here are its main info:
Join ZoomGov Meeting: https://nist.zoomgov.com/j/1616642370?pwd=UkFjL0Nnc0JGdmJxSld6V0VXbUF4dz09
Meeting ID: 161 664 2370
Passcode: 738025
Sincerely,
Dr. Maxime Bros
NIST PQC Team
========================================================
### Title ###
### Abstract ###
Multivariate cryptography is one of very few known approaches to achieving short signatures in the post-quantum world. In this talk, we will present FOX and PROV, two new UOV-based multivariate schemes, and round 1 candidates in the NIST call for additional post-quantum signatures. FOX and PROV both seek to reinforce the security of UOV, while retaining its main features: speed, simplicity, and short signatures.
Full-VOX, nicknamed FOX, is a close variant of VOX, already introduced in the VOX original specification. The main VOX submission used the so-called QR property to decrease public key size, at the potential expense of security. VOX has been the target of several attacks, all exploiting the QR property. FOX retains the core ideas of VOX, but removes QR entirely. In essence, FOX adds a few random equations to the UOV system, making certain attacks completely unfeasible, at a modest cost in efficiency.
PROV reinforces UOV in a different way: by adding provable security. Standard UOV does not have a security proof. In a nutshell, this is because in addition to the public key, UOV signatures leak information. The core observation of PROV is that a slight tweak of UOV is enough to remove this extra leakage, and enable a security proof.
### Speakers and Affiliations ###
Dr. Brice Minaud, ENS and Inria, France
### Mini bios ###
Dr. Gilles Macario-Rat is a researcher at Orange in Châtillon. His research focuses mainly on post-quantum public key cryptography based on multivariate polynomials.
Dr. Brice Minaud is an Inria researcher at École Normale Supérieure in Paris. His research focuses mainly on symmetric and public-key cryptanalysis, as well as searchable encryption.
Dear all,
I hope you’re doing well.
It is my pleasure to announce that the NIST PQC Seminars now have a mailing list 😊.
It will enable you to receive notifications for the coming talks, you can find more info about this list here: https://list.nist.gov/pqc-seminars
To subscribe, please send an empty email with your first name + last name as the subject to pqc-seminars+subscribe@list.nist.gov
Maxime Bros
I hope you're doing well.
Recall that we use Zoom for Government (ZoomGov), so everything will be the same as with the usual Zoom: you can join in the browser or with your usual Zoom desktop application (we recommend this option for stability), and no need to have a Zoom account to join.
The actual and detailed invitation will be published on the NIST PQC Seminars website soon:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Here are its main info:
Meeting ID: 161 749 8087
Passcode: 658244
Sincerely,
Dr. Maxime Bros
NIST PQC Team
========================================================
### Title ###
### Abstract ###
In the wake of recent progress on quantum computing hardware, the National Institute of Standards and Technology (NIST) is standardizing cryptographic protocols that are resistant to attacks by quantum adversaries. The primary digital signature scheme that NIST has chosen is CRYSTALS-Dilithium. The hardness of this scheme is based on the hardness of three computational problems: Module Learning with Errors (MLWE), Module Short Integer Solution (MSIS), and SelfTargetMSIS. MLWE and MSIS have been well-studied and are widely believed to be secure. However, SelfTargetMSIS is novel and, though classically as hard as MSIS, its quantum hardness is unclear. In this paper, we provide the first proof of the hardness of SelfTargetMSIS via a reduction from MLWE in the Quantum Random Oracle Model (QROM). Our proof uses recently developed techniques in quantum reprogramming and rewinding. A central part of our approach is a proof that a certain hash function, derived from the MSIS problem, is collapsing. From this approach, we deduce a new security proof for Dilithium under appropriate parameter settings. Compared to the previous work by Kiltz, Lyubashevsky, and Schaffner (EUROCRYPT 2018) that gave the only other rigorous security proof for a variant of Dilithium, our proof has the advantage of being applicable under the condition q = 1 mod 2n, where q denotes the modulus and n the dimension of the underlying algebraic ring. This condition is part of the original Dilithium proposal and is crucial for the efficient implementation of the scheme. We provide new secure parameter sets for Dilithium under the condition q = 1 mod 2n, finding that our public key size and signature size are about 2.9 times and 1.3 times larger, respectively, than those proposed by Kiltz et al. at the same security level.
### Speaker and Affiliation ###
### Mini bios ###
Kelsey Jackson is a Research Assistant from the Department of Physics at the University of Maryland - College Park. She is currently pursuing a PhD in physics specializing in quantum computer science and particularly post-quantum lattice cryptography under Dr. Carl A. Miller within the Joint Center of Quantum Information and Computer Science (QuICS). She previously attained a bachelor of science degree from Creighton University in Omaha, NE with a major in physics and a double minor in abstract mathematics and data science. During this period, she also worked with Dr. Tom Wong on quantum walk algorithms.
Dear all,
To subscribe, please send an empty email with your first name + last name as the subject to pqc-seminar...@list.nist.gov
Maxime Bros
I hope you're doing well.
Recall that we use Zoom for Government (ZoomGov), so everything will be the same as with the usual Zoom: you can join in the browser or with your usual Zoom desktop application (we recommend this option for stability), and no need to have a Zoom account to join.
The actual and detailed invitation will be published on the NIST PQC Seminars website soon:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Here are its main info:
Meeting ID: 160 504 9342
Passcode: 562944
Sincerely,
Dr. Maxime Bros
NIST PQC Team
========================================================
### Title ###
### Abstract ###
The MPC-in-the-Head (MPCitH) paradigm is a versatile framework to design post-quantum signatures, by relying on secure multi-party computation (MPC) techniques. This paradigm has recently been improved in a series of works which makes it a practical and tunable tool. In this talk, I will propose a general introduction to MPCitH and provide an overview of the state of the art that led to the MPCitH-based candidates that have been submitted to the first round of the NIST call for additional post-quantum signatures.
### Speakers and Affiliations ###
### Mini bios ###
Thibauld is a research engineer in cryptography at CryptoExperts (France). He received his PhD in 2023 from Sorbonne University (France) under the supervision of Jean Claude Bajard, Antoine Joux, and Matthieu Rivain. His main research topics are zero-knowledge proofs and post-quantum signatures. He is involved in the current NIST standardization process for Post-Quantum Cryptography as a co-submitter of several MPCitH-based submissions.
Maxime Bros
I hope you're doing well.
In August 2023, the BSI (German Federal Office for Information Security) published a report on the state of quantum computing [1].
I am thrilled to announce that NIST PQC Seminar # 14 will be presented by one of the report's authors, who will introduce us to this field and share the latest developments in quantum computing for cryptanalysis.
I hope many of you will join this seminar and take the opportunity to ask Frank questions :-). Please feel free to share this invitation with your colleagues.
This NIST PQC Seminar will take place at 10 a.m. US EDT (Eastern Daylight Time, Washington D.C., UTC-4) on Tuesday June 4th, 2024. Please find more details below.
Recall that we use Zoom for Government (ZoomGov), so everything will be the same as with the usual Zoom: you can join in the browser or with your usual Zoom desktop application (we recommend this option for stability), and no need to have a Zoom account to join.
Join ZoomGov Meeting: https://nist.zoomgov.com/j/16127803271?pwd=YUVESHh6RUxITEpxN3BISXBTRWVJUT09&omn=1611078956
Meeting ID: 161 2780 3271
Passcode: 425053
Sincerely,
Dr. Maxime Bros
NIST PQC Team
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/Quantencomputer/Entwicklungstand_QC_V_2_0.pdf,
Frank K. Wilhelm, Rainer Steinwandt, Daniel Zeuch, Jurek Frey.
========================================================
### Title ###
Quantum computers - state of development for cryptanalysis
### Abstract ###
This talk is meant as an overview of the status of quantum computing as it is reflected in the study we wrote for the German Information Security Office (BSI). Next to reporting on the status, it will focus on clarifying what type of information to look for and where the main bottlenecks are. It is meant to thus demystify some of the physics and engineering-driven literature in the field for mathematics and computer-science oriented practicioners of post quantum cryptography.
### Speakers and Affiliations ###
### Mini bios ###
Frank Wilhelm-Mauch is the director of the Institute for Quantum Computing Analytics at the Forschungszentrum Jülich, Germany since 2020, as well as a full professor of theoretical physics at Saarland University, Germany, since 2011. He obtained his Diplom (1996) and doctoral (1999) degrees in Physics at Karlsruhe Institute of Technology, Germany, and his Habilitation in 2004 at Ludwig-Maximilians-University (LMU) in Munich, Germany. He was a postdoctoral fellow at Delft University of Technology, Netherlands, a senior postdoc and lecturer at LMU and an Associate Professor at the Institute for Quantum Computing and the Department of Physics and Astronomy at the University of Waterloo, Canada.
Maxime Bros
I hope you're doing well.
Please find the Zoom invitation below this email, alternatively you can click the talk's name on the NIST PQC Seminar website:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Be careful, the links / meeting ID or passcode sometimes change and sometimes remain the same from one seminar to another, so always double check on the website before connecting.
Sincerely,
Dr. Maxime Bros
NIST PQC Team
### Title ###
Constructions for digital signatures Part II: VOLE-in-the-head and FAEST
### Abstract ###
Zero-Knowledge (ZK) Proofs are cryptographic protocols that allow a prover to show to a verifier that a certain statement is true, without giving away any additional information in the process. They are a central tool in modern cryptography, with many interesting and surprising applications. Recently, Vector Oblivious Linear Evaluation(VOLE)-based ZK proof systems such as QuickSilver (Yang et al., ACM CCS 2021) and Mac'n'Cheese (Baum et al., IACR CRYPTO 2021) have shown tremendous success in efficiently proving large statements with small constant concrete overhead.
In this talk we will discuss the new VOLE-in-the-head approach (Baum et al., IACR CRYPTO 2023) to Zero-Knowledge proofs, and show how it can be used to turn the QuickSilver proof system into a digital signature scheme called FAEST. Moreover, we will discuss other instantiations of the FAEST approach based on Multivariate Quadratic Polynomials and the Rain scheme, as well as recent optimizations to VOLE-in-the-head.
### Speakers and Affiliations ###
### Mini bios ###
After having obtained his PhD degree from Aarhus University in 2016, Carsten was a Postdoc at Bar-Ilan University and Assistant Professor at Aarhus University before joining the Technical University of Denmark in 2022. His main research interest lies in cryptography, more specifically Multiparty Computation, Zero-Knowledge proofs and post-quantum cryptographic techniques. As part of this he recently participated in the DARPA SIEVE program, which led to a round 1 submission to the NIST call for Additional PQC Digital Signature Schemes. Carsten is also a consultant for Partisia.
======================================
Join ZoomGov Meeting
https://nist.zoomgov.com/j/16127803271?pwd=YUVESHh6RUxITEpxN3BISXBTRWVJUT09&omn=1612822715
Meeting ID: 161 2780 3271
Passcode: 425053
One tap mobile
+16692545252,,16127803271#,,,,*425053# US (San Jose)
+16469641167,,16127803271#,,,,*425053# US (US Spanish Line)
---
Dial by your location
• +1 669 254 5252 US (San Jose)
• +1 646 964 1167 US (US Spanish Line)
• +1 646 828 7666 US (New York)
• +1 551 285 1373 US (New Jersey)
• +1 669 216 1590 US (San Jose)
• +1 415 449 4000 US (US Spanish Line)
Meeting ID: 161 2780 3271
Passcode: 425053
---
Join by SIP
• 16127...@sip.zoomgov.com
---
Join by H.323
• 161.199.138.10 (US West)
• 161.199.136.10 (US East)
Meeting ID: 161 2780 3271
Passcode: 425053
Maxime Bros
I hope you're doing well.
Please find the Zoom invitation below this email, alternatively you can click the talk's name on the NIST PQC Seminar website:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Be careful, the links / meeting ID or passcode sometimes change and sometimes remain the same from one seminar to another, so always double check on the website before connecting.
Sincerely,
Dr. Maxime Bros
NIST PQC Team
======================================
### Title ###
### Abstract ###
The MPC-in-the-Head (MPCitH) paradigm is increasingly popular in building zero-knowledge proofs and post-quantum signatures, leveraging techniques from secure multi-party computation. Notably, this paradigm has been employed in 9 out of the 40 candidates selected for the first round of the recent NIST call for additional post-quantum signatures. In this talk, we will introduce the Threshold-Computation-in-the-Head (TCitH) framework, which utilizes threshold secret sharing —specifically, Shamir’s secret sharing— to enhance MPCitH-based proof systems and signature schemes. We will explore its Merkle tree and GGM tree variants, highlighting how it leverages the multiplication homomorphism and packing capabilities of Shamir’s secret sharing. We will discuss the strong connections between this framework and other proof systems (namely VOLE-in-the-Head and Ligero). Additionally, we will see how this framework improves the MPCitH-based NIST candidates and how it can be used in other applications. In particular, we will present a generic construction of a post-quantum ring signature that achieves a substantial improvement over the state of the art.
### Speaker and Affiliation ###
### Mini bio ###
Matthieu is a researcher and entrepreneur, currently CEO of CryptoExperts, a research and service company specializing in cryptography. He joined CryptoExperts in 2010 after completing an industrial PhD focused on side-channel attacks and secure cryptographic implementations, in collaboration with the University of Luxembourg and Oberthur (now Idemia). Matthieu's research interests span several areas of applied cryptography, with recent work concentrating on zero-knowledge proofs and post-quantum signatures. He is a co-author of several submissions to the NIST call for additional post-quantum signatures based on the MPC-in-the-Head paradigm.
======================================
Join ZoomGov Meeting
https://nist.zoomgov.com/j/16127803271?pwd=YUVESHh6RUxITEpxN3BISXBTRWVJUT09&omn=1609755821
Maxime Bros
Dear Community,
I hope you're all doing well.
I'm thrilled to finally announce that the videos of the NIST PQC Seminars #11 to #16 are now available online! 🎉🥳🎊
I apologize for the delay in processing and publishing them. Although publishing a video may seem straightforward, it requires the coordinated efforts of many people and takes time.
You can find all the videos here: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
I hope you enjoy them!
I'd also like to take this opportunity to remind you that all NIST PQC Seminars are recorded, and the slides and videos are posted online. However, I encourage you to join the live events, as it allows you to ask questions and experience the seminars in real-time.
Take care,
Dr. Maxime Bros
NIST PQC
Maxime Bros
I hope you're having a nice summer.
I'm happy to announce NIST PQC Seminars # 17 which will happen at 10 a.m. US EDT (Eastern Daylight Time, Washington D.C., UTC-4) on Tuesday August 6th, 2024. Please find more details below.
Please find the Zoom invitation below this email, alternatively you can click the talk's name on the NIST PQC Seminar website:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Be careful, the links / meeting ID or passcode sometimes change and sometimes remain the same from one seminar to another, so always double check on the website before connecting.
Sincerely,
Dr. Maxime Bros
NIST PQC Team
======================================
### Title ###
### Abstract ###
Given the importance of LWE-based cryptosystems, understanding their concrete security is critical. Most work on LWE security focuses on theoretical estimates of attack performance, which is important but may overlook attack nuances arising in real-world implementations. To improve our understanding of concrete LWE security, we provide the first benchmarks for LWE secret recovery on standardized parameters, for small and low-weight (sparse) secrets. We evaluate four LWE attacks in these settings to serve as a baseline: the Search-LWE attacks uSVP, SALSA, and Cool\&Cruel, and the Decision-LWE attack: Dual Hybrid Meet-in-the-Middle (MitM). We extend the SALSA and Cool\&Cruel attacks in significant ways, and implement and scale up MitM attacks for the first time. For example, we recover hamming weight $9-11$ binomial secrets for KYBER ($\kappa=2$) parameters in $28-36$ hours with SALSA and Cool\&Cruel. This talk will discuss our benchmarking efforts and attack innovations, as well as interesting lessons learned in the implementation process.
### Speaker and Affiliation ###
### Mini bios ###
Dr. Wenger researches security and privacy issues related to machine learning models. Currently, she is an Assistant Professor of Electrical and Computer Engineering at Duke University, and before that was a Research Scientist at Meta AI. She graduated with her PhD from the University of Chicago in 2023. Dr. Wenger's work has been featured by numerous media outlets including CNN, NBC, the New York Times, and the BBC. She has received various awards including a GFSD fellowship, Siebel Scholarship, and the University of Chicago Harper Dissertation award, and was named to the 2024 Forbes 30 under 30 list for her work on Glaze, a tool that protects artists' work from unwanted use in generative AI models.
======================================
Join ZoomGov Meeting
https://nist.zoomgov.com/j/16127803271?pwd=YUVESHh6RUxITEpxN3BISXBTRWVJUT09&omn=1619612940
Maxime Bros
Dear Community,
I hope you're all doing well and that you’ve had an amazing summer ☀️ 😎 🏖️.
I'm delighted to announce that the NIST PQC Seminars will have a second Series of three talks 😀, this time about the 4th Round of the NIST PQC Standardization Project.
Namely, there will be one talk per code-based candidate (see the dates below), more information will be published on the website of the NIST PQC Seminars soon: https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Please note that all talks below will happen at 10am US EDT (Eastern Daylight Time, Washington D.C.), UTC-4.
#18 - [Classic McEliece] Tuesday, September, 17, 2024
#19 - [HQC] Friday, September, 20, 2024
#21 - [BIKE] Friday, September, 27, 2024
Last but not least, I would like to take advantage of this post to announce the 20th NIST PQC Seminar which will be about multivariate candidates for the Additional Call for Signatures (also called "onramp"):
#20 - [MAYO - UOV] Tuesday, September, 24, 2024
As usual, instructions to connect to the seminars can be found on the website, as well as information to subscribe to the mailing list of the NIST PQC Seminars.
Thanks,
Maxime Bros
Dear all,
I hope you're doing well.
I'm glad to announce NIST PQC Seminars # 18 which will happen TOMORROW Tuesday September 17th, 2024 at 10 a.m. US EDT (Eastern Daylight Time, Washington D.C., UTC-4). Please find more details below.
Please find the Zoom invitation below this email, alternatively you can click the talk's name on the NIST PQC Seminar website:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Be careful, the links / meeting ID or passcode sometimes change and sometimes remain the same from one seminar to another, so always double check on the website before connecting.
Sincerely,
Dr. Maxime Bros
NIST PQC Team
======================================
### Title ###
Classic McEliece: conservative code-based cryptography
### Speaker and Affiliation ###
Prof. Daniel J. Bernstein, University of Illinois at Chicago, USA
======================================
Join ZoomGov Meeting
https://nist.zoomgov.com/j/16127803271?pwd=YUVESHh6RUxITEpxN3BISXBTRWVJUT09&omn=1618114512
Maxime Bros
I hope you're doing well.
Please find the Zoom invitation below this email, alternatively you can click the talk's name on the NIST PQC Seminar website:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Be careful, the links / meeting ID or passcode sometimes change and sometimes remain the same from one seminar to another, so always double check on the website before connecting.
Sincerely,
Dr. Maxime Bros
NIST PQC Team
======================================
### Title ###
### Abstract ###
HQC (Hamming Quasi-Cyclic) is a code-based encryption scheme based on coding theory, which security is reduced to the Syndrome Decoding problem in the Hamming metric for random Quasi-Cyclic codes. A key feature of HQC is that the code used during the decryption process is public, and can thus be chosen for its performance alone, regardless of whether or not it can be masked.
In this talk we will review the latest version of HQC, and in particular, the choice of concatenated Reed-Muller and Reed-Solomon codes for decoding, the performance of the scheme, and the analysis of its decryption failure rate.
### Speaker and Affiliation ###
### Mini bio ###
Nicolas Aragon is an associate professor (Maitre de conférences) at the University of Limoges, France. His main research interests are code-based cryptography, both in the Hamming and the rank metric, as well as the implementation and side-channel resistance of cryptographic schemes.
======================================
Join ZoomGov Meeting
https://nist.zoomgov.com/j/16127803271?pwd=YUVESHh6RUxITEpxN3BISXBTRWVJUT09&omn=1615210904
Maxime Bros
I hope you're doing well.
Please find the Zoom invitation below this email, alternatively you can click the talk's name on the NIST PQC Seminar website:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Be careful, the links / meeting ID or passcode sometimes change and sometimes remain the same from one seminar to another, so always double check on the website before connecting.
Sincerely,
Dr. Maxime Bros
NIST PQC Team
======================================
### Title ###
### Abstract ###
This talk will give an overview of the MAYO digital signature scheme, and the Oil and Vinegar signature scheme that it is based on.
We will also briefly discuss some of the changes the MAYO team plans to make to the spec in case MAYO proceeds to the next round of the NIST on ramp.
### Speaker and Affiliation ###
### Mini bio ###
Ward is a cryptographer at IBM Research Zurich working on quantum safe cryptography. He is interested in the design and cryptanalysis of quantum safe digital signatures, zero-knowledge proofs and advanced protocols from various hardness assumptions including multivariate, isogeny-based, lattice-based, symmetric, and less common assumptions. He is part of the MAYO NIST submission team. He is known to break things on his laptop during weekends.
======================================
Join ZoomGov Meeting
https://nist.zoomgov.com/j/16127803271?pwd=YUVESHh6RUxITEpxN3BISXBTRWVJUT09&omn=1610963945
Maxime Bros
I'm happy to announce NIST PQC Seminars # 21 which will happen TOMORROW Friday September 27th, 2024 at 10 a.m. US EDT (Eastern Daylight Time, Washington D.C., UTC-4). Please find more details below.
Please find the Zoom invitation below this email, alternatively you can click the talk's name on the NIST PQC Seminar website:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Be careful, the links / meeting ID or passcode sometimes change and sometimes remain the same from one seminar to another, so always double check on the website before connecting.
Sincerely,
Dr. Maxime Bros
NIST PQC Team
======================================
### Title ###
BIKE
### Abstract ###
In this talk, we will give an overview of the BIKE - Bit Flipping Key Encapsulation submission, covering aspects such as its underlying security assumptions, performance, and modes of usage. We will also describe the recent changes we have made to our submission to incorporate the feedback received from NIST and the community. In particular, new settings for the decoder are proposed, which reduce the impact of weak keys. Finally, some links between decoding failure rate (DFR), weak keys and preliminary results on error floor estimates will be presented. This indicates a favorable asymptotic evolution of the DFR and improved guarantees for the CCA security of BIKE.
### Speakers and Affiliations ###
Dr. Rafael Misoczki, Meta, USA
Dr. Nicolas Sendrier, Inria, France
### Mini bios ###
Dr. Rafael Misoczki is a Cryptographer at Meta. His areas of expertise are post-quantum cryptography, fully homomorphic encryption, privacy enhancing technologies, conventional cryptography, and the application of these constructions to various use cases. He is an active contributor to international standardization efforts on cryptography, such as ISO/IEC, IETF, and NIST. Dr. Misoczki received his PhD from Sorbonne University / INRIA, France, in 2013, with a thesis on efficient constructions for post-quantum cryptography.
Nicolas Sendrier is a researcher at Inria Paris in France. He obtained a PhD degree in 1991 and an ``Habilitation à Diriger des Recherches'' in 2002, both from Sorbonne University. He has been a research scientist at Inria since 1992 and a senior research scientist since 2003. His main research interest is the design and analysis of code-based cryptographic primitives. He is a member of the steering committee for the PQCrypto conference series.
======================================
Join ZoomGov Meeting
https://nist.zoomgov.com/j/16127803271?pwd=YUVESHh6RUxITEpxN3BISXBTRWVJUT09&omn=1617506939
Hamilton Silberg
The NIST PQC Seminar continues in 2025 with a talk next week,
Tuesday, January 7th, 2025 at 10am US EST (Washington D.C., UTC-5).
Please find the Zoom and talk details below, and please note that this meeting link is different than previous meetings.
Best,
Hamilton Silberg
NIST PQC Team
=================================
### Title ###
Error floor prediction with Markov models for QC-MDPC codes
### Abstract ###
Public-key cryptosystems based on low-density parity check (LDPC) and moderate-density parity check (MDPC) codes are popular due to their efficiency and are believed to be secure against quantum attacks. Quasi-cyclic MPDC (QC-MDPC) code-based encryption schemes under iterative decoders offer highly-competitive performance in the quantum-resistant space of cryptography, but the decoding-failure rate (DFR) of these algorithms are not well-understood. It is known that the DFR decreases extremely rapidly as the ratio of code-length to error-bits increases, then decreases much more slowly in regimes known as the waterfall and error-floor, respectively.
This work establishes three, successively more detailed probabilistic models of the behavior of iterative, hard-decision decoders for QC-MDPC codes: the simplified model, the refined model for perfect keys, and the refined model for all keys. The models are built upon a Markov model introduced by Sendrier and Vasseur (SV) that closely predicts decoding behavior in the waterfall region but does not capture the error floor behavior of those codes. The simplified model introduces a heuristic modification which captures the dominant contributor to error floor behavior which is convergence to near codewords belonging to the set N introduced by Vasseur in 2021. The refined models give more accurate predictions taking into account certain structural features of specific keys. The first refined model accounts for the structure of perfect keys while the second accounts for the measured properties of any key.
Our models are based on the step-by-step decoder, also used in the SV model, which is highly simplified and experimentally displays worse decoding performance than parallel decoders used in practice. Despite the use of the simplified decoder, we obtain a remarkably accurate prediction of the DFR in the error floor and demonstrate that the error floor behavior is indeed dominated by convergence to a near codeword during a failed decoding instance.
### Speakers and Affiliations ###
Dr. Jean-Pierre Tillich, Inria, France
=================================
Join ZoomGov Meeting
https://nist.zoomgov.com/j/16056059946?pwd=mvrgAwFbjMktdBPVM75iLIPqqrXXb8.1&omn=1618503271
Meeting ID: 160 5605 9946
Passcode: 715855
---
One tap mobile
+16692545252,,16056059946#,,,,*715855# US (San Jose)
+16468287666,,16056059946#,,,,*715855# US (New York)
• +1 551 285 1373 US (New Jersey)
• +1 669 216 1590 US (San Jose)
Passcode: 715855
Find your local number: https://nist.zoomgov.com/u/axfamGEPa
---
Join by SIP
• 16056...@sip.zoomgov.com
---
Join by H.323
• 161.199.138.10 (US West)
• 161.199.136.10 (US East)
Passcode: 715855