[crypto] [Ronald.Cramer at cwi.nl: [risc-list] RISC at CWI June11/15/21: Short Course Lattice-Crypto]

R. Hirschfeld ray at unipay.nl
Mon Jun 4 17:20:14 CEST 2012

------- Start of forwarded message -------
Date: Mon, 04 Jun 2012 14:37:28 +0200 (CEST)
From: Ronald Cramer <Ronald.Cramer at cwi.nl>
Subject: [risc-list] RISC at CWI June11/15/21: Short Course Lattice-Crypto

Dear Colleague,

Dr Erwin Dassen (CWI) will give a short course on lattice-based cryptography (including fully homomorphic encryption)
on June 11, 15, 21 (14.00h-16.30h) in room L016 at CWI.

You are hereby cordially invited to participate. Also, please forward this invitation to any students, postdocs, staff you think may be interested.

The program is as follows:

Day 1 - L016 - 11 June

Session 1 - 14:00 - 15:00 - Introduction to lattices

In this session we introduce lattices and some of their invariants. We take a look at bases and basis reduction algorithms with special attention to the LLL algorithm. We finish with some examples.

Session 2 - 15:30 - 16:30 - Lattices in cryptanalysis

Continuing with examples we now describe two uses of lattices in cryptanalysis: Coppersmith's attack on RSA based on stereotypical messages and the attack on the GGH signature scheme.


Day 2 - L016 - 15 June

Session 3 - 14:00 - 15:00 - The SIS problem

We move on to "modern" lattice-based cryptography. We introduce the Short Integer Solution (SIS) problem one of the problems with average-case to worst-case reduction to lattice problems. We describe this reduction and give an example of a cryptographic primitive (collision-resistant hash functions) based on SIS.

Session 4 - 15:30 - 16:30 - LWE and Ring-LWE

We introduce the "other half" of lattice-based cryptography: the Learning With Errors (LWE) problem. Cryptographic schemes whose security are based on LWE or SIS enjoy average-case to worst-case reduction to lattice problems. We introduce a variant of this problem called Ring-LWE that is widely used to bolster efficiency. We briefly discuss the security of schemes based on the latter.


Day 3 - L016 - 21 June

Session 5 - 14:00 - 15:00 - Fully homomorphic encryption

We introduce a "hot-topic" in lattice-based cryptography: fully homomorphic encryption. We discuss Gentry's bootstrapping theorem and give an example of a such a scheme based on RLWE.

Session 6 - 15:30 - 16:30 - Brakerski's "scale-invariant" FHE scheme

We discuss the latest scheme of Brakerski that achieves FHE from LWE and thus security based on problems for general lattices (contrary to RLWE).

best regards, Ronald Cramer
risc-list mailing list
risc-list at cwi.nl
------- End of forwarded message -------

More information about the crypto mailing list