NIST PQC Seminars

1826 views
Skip to first unread message

Maxime Bros

unread,
Feb 13, 2023, 5:37:09 PMFeb 13
to pqc-forum
Dear all,

The PQC Team at NIST will host a series of online talks about post-quantum cryptography.

More precisely, these "NIST PQC Seminars", each of about 1h (questions included), will start as soon as we receive proposals from potential speakers, and they will happen every 2 to 3 weeks approximately.

Every topic in connection with post-quantum cryptography is of interest to us, however we want to prioritize talks concerning the presentation, implementation, or attacks of signature schemes for the “onramp” additional PQC signature call from NIST.

It is, of course, not required to give a talk to submit, nor will submissions which are presented receive any extra or special consideration during the evaluation phase.
 
If you want to give a talk, please contact me at maxim...@nist.gov; once we agree on a date and time, it will be publicly announced on this pqc-forum.

Thanks,

Sincerely,  

Maxime Bros
NIST PQC

Maxime Bros

unread,
Mar 3, 2023, 9:48:53 AMMar 3
to pqc-forum

Dear all, 

I am glad to announce that we created a web page for the NIST PQC Seminars, please find it here: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
You can find the 2 first talks info there, and the videos of the talks will be uploaded there as well. 
We will also put the details on how to connect to the talks in the coming days.

Please find below this email the abstract of the first seminar that will happen on Tuesday March 14th, 2023, 10 a.m. US EDT. 

Feel free to propose other talks 😊

Sincerely, 

Maxime Bros

NIST PQC

========================================================

### Title ### 

LESS: Digital Signatures from Linear Code Equivalence


### Speaker and Affiliation ### 

Dr. Edoardo Persichetti

Computer Science department, Sapienza University of Rome, Italy 

 

### Abstract ### 

The LESS signature scheme was introduced in 2020 and represents a breath of fresh air in the code-based panorama. Most notably, the scheme departs from the traditional error-correcting approach, and instead relies entirely on the hardness of the Code Equivalence Problem, a well-known problem in coding theory. Moreover, the underlying group action structure allows to design a versatile and efficient protocol. The initial construction was based on a 3-pass identification scheme, which is then transformed via Fiat-Shamir; several computational improvements were added in the following years to bolster performance. In this talk, we illustrate the LESS scheme and its background, and give an intuition about its potential as a post-quantum signature solution.

 

### Mini bio ### 

Dr. Edoardo Persichetti is originally from Rome, Italy, where he studied Mathematics at Sapienza University. He received his PhD in 2013 from University of Auckland, under the supervision of Steven Galbraith, with a dissertation on code-based cryptography. After that he was a postdoc in the Cryptography and Data Security Group at Warsaw University in Poland, before moving to the United States, where he worked at Florida Atlantic University, first as Assistant Professor, and then as Associate Professor. He recently moved back to Italy where he joined the Computer Science department at Sapienza.

Maxime Bros

unread,
Mar 24, 2023, 10:26:49 AMMar 24
to pqc-forum, Maxime Bros
Dear all,

It is my pleasure to share the details of the second PQC seminar: it will happen on Tuesday April 4th, 2023, 10 a.m. US EDT, see the details below.

As usual, the connection instructions will be uploaded on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.

Recall that the slides and the video of the first talk will be available on this same website, as soon as we can upload them.

Feel free to propose other talks 😊.

Sincerely,

Maxime Bros

NIST PQC

========================================================

### Title ###

Intro to Side-Channel Security of NIST PQC Standards

### Abstract ###

Why are side-channel countermeasures for Dilithium so much more complex than those for ECDSA? What do I need to do to protect hash-based signatures, and why do engineers consider Ascon and SHA3 to be "easier to protect" against side-channel attacks than SHA2?
Based on the latest academic research and the experience of developing side-channel secured versions of Kyber and Dilithium for commercial silicon, we dissect recent NIST PQC standards and discuss masking gadgets and other industry-standard countermeasures required to protect them against power- and emission-based side-channel attacks (DPA, DEMA). We discuss the cost (area, latency, energy) of these countermeasures on microcontroller targets and especially with custom hardware.
This engineering-oriented talk will also briefly overview FIPS 140-3 "non-invasive mitigation" side-channel testing methods (likely based on ISO 17825) and how side-channel issues are addressed in high-assurance Common Criteria certifications used for smart cards, secure elements, and platform security.


### Speaker and Affiliation ###

Dr. Markku-Juhani O. Saarinen
Staff Cryptography Architect, PQShield Ltd

### Mini bio ###

Dr. Saarinen is a Staff Security Architect at PQShield LTD (Oxford, UK) and a Professor of Practice ("työelämäprofessori") at NISEC, Tampere University, Finland. He started his career as a cryptographer at SSH Communications Security in 1997, working on the now-ubiquitous SSH2 protocol. Since then, he has stayed in the field, dividing time between academia and the security industry. Dr. Saarinen joined PQShield Ltd. at its inception as a University of Oxford spin-out in 2018. At PQShield, he has architected some of the first commercially successful high-assurance Post-Quantum Cryptography (PQC) hardware modules. He holds a Ph.D. in Information Security (Cryptanalysis) from Royal Holloway, University of London (2009).

Maxime Bros

unread,
Apr 24, 2023, 10:04:28 AMApr 24
to pqc-forum, Maxime Bros
Dear all,

I am glad to share the details of the third PQC seminar: it will happen at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday May 5th, 2023, see the details below.

As usual, the connection instructions are on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.

Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.

Feel free to propose other talks 😊.

Sincerely,

Maxime Bros
NIST PQC

========================================================

### Title ###

Practical Fault Injection Attacks on Lattice-based NIST PQC Standards - Kyber and Dilithium

### Abstract ###

In this talk, we would like to present a systematic study of Fault Injection Attacks (FIA) on structured lattice-based schemes, with main focus on Kyber Key Encapsulation Mechanism (KEM) and Dilithium signature scheme, which are leading
candidates in the NIST standardization process for Post-Quantum Cryptography (PQC). Through our study, we attempt to understand the underlying similarities and differences between the existing attacks, while classify them into different
categories. Given the wide-variety of reported attacks, simultaneous protection against all the attacks requires to implement customized protections/countermeasures for both Kyber and Dilithium. We will also discuss several custom
countermeasures that can be implemented for Kyber and Dilithium to protect against different fault injection attacks.


### Speaker and Affiliation ###

Mr. Prasanna Ravi
Nanyang Technological University, Singapore

### Mini bio ###

Prasanna Ravi is a Research Associate at PACE labs (Physical Analysis and Cryptographic Engineering), Nanyang Technical University Singapore, and has been in NTU since 2017. He is currently pursuing his PhD in the topic of Side-Channel Analysis and Fault-Injection Analysis of Post-Quantum Lattice-based Cryptography (since 2019) under Dr. Anupam Chattopadhyay and Dr. Shivam Bhasin. He received his bachelor's degree in Electronics and Communications Engineering (ECE) from NIT Trichy, India in 2015. Before NTU, he held the position of Research Engineer at Center for Development of Telematics, Bangalore (CDOT-B), Government of India.

Maxime Bros

unread,
May 10, 2023, 11:33:30 AMMay 10
to pqc-forum, Maxime Bros

Dear all,

 

I am glad to share the details of the fourth PQC seminar: it will happen at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday May 19th, 2023, see the details below.

 

As usual, the connection instructions will be posted on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.

 

Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.

 

Feel free to propose other talks 😊.

 

Sincerely,

 

Maxime Bros

NIST PQC

 

========================================================

 

### Title ###

 

UOV signature revisited

 

### Abstract ###

 

In this talk, we will present the UOV signature scheme to be submitted to NIST as a post-quantum signature candidate. We will present the details of the concrete design, the parameters and the rational behind. We will also present detailed security analysis and new attacks we recently developed. 

 

### Speaker and Affiliation ###

 

Dr. Jintai Ding, 

Tsinghua University and BIMSA, China

 

### Mini bio ###

 

Jintai Ding is a professor at the Tsinghua University and BIMSA. He is one of the designers of the NIST post-quantum KEM standard Kyber and the designer of one of the NIST third round post-quantum signature finalists: Rainbow. He received his B.A. from Xian Jiaotong University in 1988, his M.A. in mathematics from the University of Science and Technology of China in 1990 and his Ph.D in mathematics from Yale in 1995. He was a lecturer at the Research Institute for Mathematical Sciences of Kyoto University from 1995 to 1998. He has been a faculty member at the University of Cincinnati  1998-2020. From 2006 to 2007, he was a visiting professor and Alexander Von Humboldt Fellow at Technical University of Darmstadt. He received the Zhong Jia Qing Prize from by the Chinese Mathematical Society in 1990. He was a Taft Professor at University of Cincinnati. His main research interests are in cryptography, computational algebra and information security. He was a co-chair of the second, the 10th and 11th international workshop on post-quantum cryptography.

Maxime Bros

unread,
Jun 1, 2023, 6:24:26 PMJun 1
to pqc-forum, Maxime Bros

Dear all,

 

It is my pleasure to announce that the next NIST PQC Seminar #5 will start by a few words by Dr. Dustin Moody about the onramp signature call.

 

More precisely, it will happen at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday June 9th, 2023, see the details below.

 

As usual, the connection instructions are be posted on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.

 

Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.

 

Feel free to propose other talks 😊.

 

Sincerely,

 

Dr. Maxime Bros

NIST PQC

 

========================================================

 

### Title ###

 

Hypercube SDitH: a geometric share aggregation approach for more efficient MPCitH Zero Knowledge Proofs and Digital Signatures

 

### Abstract ###

 

Syndrome Decoding in the Head is a scheme proposed by Feneuil Joux Rivain presented at CRYPTO 22. In this scheme, they use state-of-the-art MPC in the Head (MPCitH) techniques in conjunction with conservative code-based assumptions, the unstructured syndrome decoding problem, to achieve short signatures.

Some months later, [AGHHJY] introduced a generic modification of the MPCitH approach for additive secret sharings. It provided the same soundness as previous schemes with N^D parties, but requiring only N*D MPC computation. The improvements are derived from the arrangement of secret shares on a hypercube. The ensuing MPC operations are then only performed over ‘main parties’ which aggregate shares along different dimensions of the hypercube. Ultimately, for a hypercube of side N and dimension D, the operations performed are equivalent to D independent runs of an N-party protocol. [AGHHJY] applied these results to SDitH, and created a faster/shorter (depending on trade-off, which is the Hypercube SDitH from the title) scheme that employed the exact same underlying computational problem, to be presented at EUROCRYPT 23. The Hypercube-MPCitH approach provides signature sizes as low as 6.784KB versus 8.481KB in SDitH for the same signing times. However, fixing signature sizes to be equal, the Hypercube-MPCitH can sign/verify an order of magnitude faster, as seen in Table 7 of [AGHHJY].

In a recent work [AHJMRY], a proof in the QROM is presented which proceeds by collapsing the 5 round structure to a 3 round commit-and-open - exploiting 2-special soundness of the 5 round protocol - via initial application of Fiat-Shamir transform (transforming the security of this part into an unstructured search problem), followed by direct application of a QROM 3-round FS-security result from the literature.

In this talk we would like to present the scheme of [AGHHJY]. We believe the hypercube-MPCitH approach is general to a wide range of MPCitH schemes, and at the end we would speak briefly about the QROM proof which we also believe can be used to argue security for a wide range of MPCitH schemes that enjoy 2-special soundness on the final challenge space.

 

[AGHHJY]             "The Return of the SDitH", Eurocrypt 2023, https://eprint.iacr.org/2022/1645

 

### Speakers and Affiliations ###

 

Dr. Nicolas Gama, Principal Privacy Software Engineer, SandboxAQ

Dr. David Joseph, Senior Research Scientist, SandboxAQ

 

### Mini bios ###

 

Dr. David Joseph - I gained my PhD from Imperial College London during which I investigated quantum-annealing-inspired attacks of the Shortest Vector Problem, central to lattice based cryptography. During that time I joined the Quantum & AI team inside of X, The Moonshot Factory where I started a small team looking into quantum-secure communications. There I co-authored Transitioning Organizations to Post-Quantum Cryptography, published in Nature. Remaining with this team over the next few years, I graduated from Imperial, converted to full time, and in late 2021 moved to SandboxAQ as a researcher during the spinout of the Quantum & AI team from X.

 

Dr. Nicolas Gama - I spent most of  career studying post-quantum cryptography, I obtained my PhD from Ecole Normale Supérieure on Lattice based Cryptography, with the aim of gathering and implementing the most efficient lattice reduction algorithms, and study their performance in order to estimate the security of lattice-based cryptosystems. I grew an interest for cryptography in use, and privacy preserving computation, where I co-designed a few practical schemes, such as the CGGI/TFHE homomorphic encryption scheme, or efficient fixed-point arithmetic backends for MPC. I joined SandboxAQ in 2022, where I continue to develop various domains of post-quantum cryptology, privacy and AI.

Maxime Bros

unread,
Jun 30, 2023, 4:41:18 PMJun 30
to pqc-forum, Maxime Bros
Dear all,

I'm glad to announce that the next NIST PQC Seminar #6 will be at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday July 7th, 2023, see the details below.
 
As usual, the connection instructions are posted on the NIST PQC Seminars website:
https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.

Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.

Feel free to propose other talks 😊.

Sincerely,

Dr. Maxime Bros
NIST PQC

========================================================

### Title ###
 
On the Side-Channel Resistance of UOV
 
### Abstract ###
 
In this talk, we would like to present a systematic overview of existing Side-Channel Analysis (SCA) and Fault Injection Attacks (FIA) targeting the multivariate signature scheme UOV. Since its multi-layered version Rainbow was a finalist in the third round of the NIST PQC Standardization Process, it drew a lot of research attention and we will also discuss how existing attacks would translate to UOV.
As the amount of literature is not too overwhelming, we try to cover attacks that are still in a theoretical state, simulated attacks and those that have been practically executed on a Chipwhisperer Setup.

 
### Speaker and Affiliation ###
 
Mr. Thomas Aulbach
University of Regensburg,
Germany
 
### Mini bio ###
 
Thomas Aulbach is a Research Associate at the Chair for Data Security and Cryptography at the University of Regensburg, Germany. He is currently pursuing his PhD in the topic of Side-Channel Analysis and Fault-Injection Analysis of Post-Quantum Cryptography under Prof. Dr. Juliane Krämer (since 2021), with a focus on multivariate (and code-based) schemes. He received his bachelor's and master's degree from the Julius-Maximilians-University Würzburg, Germany in 2018 and 2020, respectively. Prior to that (in 2015), he earned a bachelor degree in mechanical engineering completing a dual study program at the DHBW Mosbach and the Bosch Rexroth AG.

Maxime Bros

unread,
Jul 14, 2023, 4:36:30 PMJul 14
to pqc-forum, Maxime Bros
Dear all,
 
It is my pleasure to announce that the next NIST PQC Seminar #7 will happen at 10 a.m. US EDT (Eastern Daylight Time, New York, NY, UTC-4) on Friday July 21th, 2023, see the details below.

 
As usual, the connection instructions are posted on the NIST PQC Seminars website: https://csrc.nist.gov/Projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars.
 
Be careful, the connection info and links often change from one seminar to the other, so do not reuse previous ones.
 
Feel free to propose other talks 😊.
 
Sincerely,
 
Dr. Maxime Bros
NIST PQC Team
 
========================================================
 
### Title ###

Batch me if you PQ-Sign

### Abstract ###

The Post-Quantum (PQ) signature schemes chosen for standardization by NIST all suffer from performance issues; they are computationally slower or consume much more bandwidth than the current standards we use today, such as ECDSA. Thus, for some applications and protocols such as TLS, switching to PQ signatures has the potential to severely increase the computation and communication cost. In this talk, we will explain an approach to mitigate these issues by signing messages in batches, rather than individually, and present experimental data showing the benefits of this approach when used within TLS and other applications.


### Speaker and Affiliation ###

Dr. Nina Bindel,
Senior Research Scientist,
SandboxAQ

### Mini bio ###

Nina Bindel’s research addresses the construction and cryptanalysis of quantum-secure schemes, protocols and applications. She received her PhD from TU Darmstadt on post-quantum signature schemes in 2018. During her time at the Institute for Quantum Computing (IQC) and University of Waterloo (UW) in Waterloo, Ontario, Canada, she started looking into making protocols and standards (e.g., used in vehicle-to-vehicle communication or FIDO2) quantum-secure. Nina has been continuing this direction of research also after she joined SandboxAQ in 2022.
Reply all
Reply to author
Forward
0 new messages