[crypto] [Ronald.Cramer at cwi.nl: [risc-list] RISC at CWI June11/15/21: Short Course Lattice-Crypto]
ray at unipay.nl
Mon Jun 4 17:20:14 CEST 2012
------- Start of forwarded message -------
Date: Mon, 04 Jun 2012 14:37:28 +0200 (CEST)
From: Ronald Cramer <Ronald.Cramer at cwi.nl>
Subject: [risc-list] RISC at CWI June11/15/21: Short Course Lattice-Crypto
Dr Erwin Dassen (CWI) will give a short course on lattice-based cryptography (including fully homomorphic encryption)
on June 11, 15, 21 (14.00h-16.30h) in room L016 at CWI.
You are hereby cordially invited to participate. Also, please forward this invitation to any students, postdocs, staff you think may be interested.
The program is as follows:
Day 1 - L016 - 11 June
Session 1 - 14:00 - 15:00 - Introduction to lattices
In this session we introduce lattices and some of their invariants. We take a look at bases and basis reduction algorithms with special attention to the LLL algorithm. We finish with some examples.
Session 2 - 15:30 - 16:30 - Lattices in cryptanalysis
Continuing with examples we now describe two uses of lattices in cryptanalysis: Coppersmith's attack on RSA based on stereotypical messages and the attack on the GGH signature scheme.
Day 2 - L016 - 15 June
Session 3 - 14:00 - 15:00 - The SIS problem
We move on to "modern" lattice-based cryptography. We introduce the Short Integer Solution (SIS) problem one of the problems with average-case to worst-case reduction to lattice problems. We describe this reduction and give an example of a cryptographic primitive (collision-resistant hash functions) based on SIS.
Session 4 - 15:30 - 16:30 - LWE and Ring-LWE
We introduce the "other half" of lattice-based cryptography: the Learning With Errors (LWE) problem. Cryptographic schemes whose security are based on LWE or SIS enjoy average-case to worst-case reduction to lattice problems. We introduce a variant of this problem called Ring-LWE that is widely used to bolster efficiency. We briefly discuss the security of schemes based on the latter.
Day 3 - L016 - 21 June
Session 5 - 14:00 - 15:00 - Fully homomorphic encryption
We introduce a "hot-topic" in lattice-based cryptography: fully homomorphic encryption. We discuss Gentry's bootstrapping theorem and give an example of a such a scheme based on RLWE.
Session 6 - 15:30 - 16:30 - Brakerski's "scale-invariant" FHE scheme
We discuss the latest scheme of Brakerski that achieves FHE from LWE and thus security based on problems for general lattices (contrary to RLWE).
best regards, Ronald Cramer
risc-list mailing list
risc-list at cwi.nl
------- End of forwarded message -------
More information about the crypto