NIST PQC seminar # 12 (Tuesday 2024-May-07, 10am EDT)
Bros, Maxime P. (IntlAssoc)
Dear all,
I hope you're doing well.
I'm glad to announce NIST PQC Seminars # 12 which will happen at 10 a.m. US EDT (Eastern Daylight Time, Washington D.C., UTC-4) on Tuesday May 7th, 2024. Please find more details below.
Recall that we use Zoom for Government (ZoomGov), so everything will be the same as with the usual Zoom: you can join in the browser or with your usual Zoom desktop application (we recommend this option for stability), and no need to have a Zoom account to join.
The actual and detailed invitation will be published on the NIST PQC Seminars website soon:
https://csrc.nist.gov/projects/post-quantum-cryptography/workshops-and-timeline/pqc-seminars
Here are its main info:
Join ZoomGov Meeting: https://nist.zoomgov.com/j/1617498087?pwd=OUdkVzFNa3Y0anpXV25zTWNSVHo0Zz09
Meeting ID: 161 749 8087
Passcode: 658244
Sincerely,
Dr. Maxime Bros
NIST PQC Team
========================================================
### Title ###
Evaluating the security of CRYSTALS-Dilithium in the quantum random oracle model
### Abstract ###
In the wake of recent progress on quantum computing hardware, the National Institute of Standards and Technology (NIST) is standardizing cryptographic protocols that are resistant to attacks by quantum adversaries. The primary digital signature scheme that NIST has chosen is CRYSTALS-Dilithium. The hardness of this scheme is based on the hardness of three computational problems: Module Learning with Errors (MLWE), Module Short Integer Solution (MSIS), and SelfTargetMSIS. MLWE and MSIS have been well-studied and are widely believed to be secure. However, SelfTargetMSIS is novel and, though classically as hard as MSIS, its quantum hardness is unclear. In this paper, we provide the first proof of the hardness of SelfTargetMSIS via a reduction from MLWE in the Quantum Random Oracle Model (QROM). Our proof uses recently developed techniques in quantum reprogramming and rewinding. A central part of our approach is a proof that a certain hash function, derived from the MSIS problem, is collapsing. From this approach, we deduce a new security proof for Dilithium under appropriate parameter settings. Compared to the previous work by Kiltz, Lyubashevsky, and Schaffner (EUROCRYPT 2018) that gave the only other rigorous security proof for a variant of Dilithium, our proof has the advantage of being applicable under the condition q = 1 mod 2n, where q denotes the modulus and n the dimension of the underlying algebraic ring. This condition is part of the original Dilithium proposal and is crucial for the efficient implementation of the scheme. We provide new secure parameter sets for Dilithium under the condition q = 1 mod 2n, finding that our public key size and signature size are about 2.9 times and 1.3 times larger, respectively, than those proposed by Kiltz et al. at the same security level.
### Speaker and Affiliation ###
Ms. Kelsey A. Jackson, University of Maryland - College Park, USA
### Mini bios ###
Kelsey Jackson is a Research Assistant from the Department of Physics at the University of Maryland - College Park. She is currently pursuing a PhD in physics specializing in quantum computer science and particularly post-quantum lattice cryptography under Dr. Carl A. Miller within the Joint Center of Quantum Information and Computer Science (QuICS). She previously attained a bachelor of science degree from Creighton University in Omaha, NE with a major in physics and a double minor in abstract mathematics and data science. During this period, she also worked with Dr. Tom Wong on quantum walk algorithms.