Post-quantum cryptography

Garant předmětu:

Lecturer:

Tutor:

Supervisor:

Department of Physics

Synopsis:

The course focuses on theoretical aspects of post-quantum cryptography. It is shared between the CTU and the Eötvös Loránd University within the framework of the QTEdu Quantum Technology Open Pilot. To complete the course the students are expected to attend the on-line lectures (in real time or the recorded version) held on-line by Dr. Péter Kutas, and actively participate in the exercise sessions held in person at the CTU.

Requirements:

Syllabus of lectures:

1.Breaking discrete log and factoring with the hidden subgroup problem. Branches of post-quantum cryptography and basics of lattices

2.Minkowski's convex body theorem and applications to number theory. Hard lattice problems: SVP, CVP and its approximate versions. Lattices in 2 dimensions, Lagrange reduction

3.Hermite's constant and Hermite reduction. Weak LLL and size reduction. Babai's nearest plane algorithm,

4.LLL algorithm and properties of LLL reduced bases. The GGH encryption and digital signature schemes, discus-sions on security. SIS and LWE problems and basic constructions (hash function, PKE and digital signatures)

5.Ideal lattices, fast multiplication in cyclotomic rings. Description of the NTRU scheme, basic attacks, discussions on secure parameter sets.

6.Ring-LWE and Module-LWE problems. NIST finalist lattice schemes, advanced applications of lattices (identity-based encryption and fully homomorphic encryption)

7.Basics of multivariate cryptography. HFE and Oil and Vinegar schemes. Gröbner basis and Buchberger's algorithm

8.Attacks against HFE and Oil and Vinegar. UOV, LUOV and Rainbow. Beullens' attack.

9.Couveignes' Hard Homogenous Spaces framework. Basics of elliptic curves and isogenies. The supersingular isog-eny graph and its F_p-subgraph. Description of CSIDH.

10.Attacks against CSIDH. The SIDH key exchange. The GPST and torsion-point attacks.

11.The KLPT algorithm (sketch) and GPS and SQISign signatures. CSi-FiSh and other advanced primitives (threshold schemes, oblivious transfer etc)

12.Error-correcting codes. The McEliece cryptosystem. Special classes of codes admitting efficient decoding algo-rithms. Goppa codes

13.Attacks against McEliece variants. Rank metric based constructions (BIKE and Ledacrypt), discussion on security. The digital siganture scheme Wave.

Syllabus of tutorials:

During the exercises we will be reviewing the home work assigned by the remote lecturer.

Study Objective:

Study materials:

Key references:

[1] D. J. Bernstein, J. Buchmann, and E. Dahmen. Post-Quantum Cryptography. (Springer Science & Business Media, 2009).

Note:

Further information:

No time-table has been prepared for this course

The course is a part of the following study plans: