[crypto] [leo.ducas at cwi.nl: [risc-list] RISC at CWI (Fri Feb 24th): Hash Proof Systems over Lattices Revisited]

R. Hirschfeld ray at unipay.nl
Wed Feb 22 00:08:10 CET 2017 

------- Start of forwarded message -------
From: Leo Ducas <leo.ducas at cwi.nl>
Date: Tue, 21 Feb 2017 14:20:37 +0100
Subject: [risc-list] RISC at CWI (Fri Feb 24th): Hash Proof Systems over
	Lattices Revisited

Dear Colleagues,
we cordially invite you to to a RISC Seminar taking place at CWI
	 * Friday February 24th, 2017, from 14:30 to 15:30 *		 * in CWI, Amsterdam, Room L017 *

==============================Talk:Willy Quash (ENS Lyon, CWI),	* Hash Proof Systems over Lattices Revisited*
Abstract:Hash Proof Systems or Smooth Projective Hash Functions (SPHFs) are aform of implicit arguments introduced by Cramer and Shoup atEurocrypt'02.   They have found many applications since then, inparticular for authenticated key exchange or honest-verifierzero-knowledge proofs. While they are relatively well understood ingroup settings, they seem painful to construct directly in the latticesetting.
Only one construction of an SPHF over lattices has been proposed, byKatz and Vaikuntanathan at Asiacrypt'09. But this construction has animportant drawback: it only works for an ad-hoc language of ciphertexts.Concretely, the corresponding decryption procedure needs to be tweaked,now requiring $q$ many trapdoor inversion attempts, where $q$ is themodulus of the underlying Learning With Error (LWE) problem.
Using harmonic analysis, we explain the source of this limitation, andpropose a way around it. We show how to construct SPHFs for standardlanguages of LWE ciphertexts, and explicit our construction over atag-CCA2 encryption scheme à la Micciancio-Peikert (Eurocrypt'12).
Finally, we conclude with applications of these SPHFs: password-basedauthenticated key exchange, honest-verifier zero-knowledge proofs, and avariant of witness encryption.
Joint work with:Fabrice Ben Hamouda, Olivier Blazy, Léo Ducas==============================
See https://www.cwi.nl/crypto/risc.php for more details.See you then and there!
Best regards,Léo Ducas


_______________________________________________risc-list mailing listrisc-list at cwi.nlhttps://lists.cwi.nl/mailman/listinfo/risc-list
------- End of forwarded message -------

More information about the crypto mailing list