[crypto] Fwd: Next CWG Program

R. Hirschfeld ray at unipay.nl
Fri Jun 7 09:59:53 CEST 2024 


-------- Original Message --------
Subject: Next CWG Program
Date: 2024-06-07 09:42
 From: "Guarise Vieira, Heloise" <h.guarise.vieira at tue.nl>
To:

Dear Crypto Working Group participant,

Below you will find the schedule for our next meeting, in De Kargadoor – 
Utrecht, on the 21st June.
You are welcome to join this day of activities.

Thank you,

21-06-2024 Program

10:45h - SQIsign, one- or two-dimensional?

Krijn Reijnders

The NIST candidate SQIsign achieves incredibly small signatures and 
public keys in comparison to all other post-quantum signature schemes. 
However, signing is currently very slow, and verification is only fast 
if compared to other isogeny-based protocols. In this talk, we explain 
SQIsign, and two recent developments. The first development is AprèsSQI, 
an approach to SQIsign that explores the fastest verification possible 
at the cost of possibly slowing down signing even mroe. The second 
development is two-dimensional SQIsign2D, which uses isogenies between 
higher-dimensional abelian varieties. This achieves much faster signing, 
and relatively fast verification. Finally, we show our most recent work, 
which shows that the original, one-dimensional SQIsign verification can 
alsow be viewed similarly as a higher-dimensional isogeny, and we 
explore how such an approach is feasible.

This talk presents joint work with Maria Corte-Real Santos, Jonathan 
Komada Eriksen, and Michael Meyer.

11:30 – Coffee Break

11:45h Towards formal security proofs for secure multiparty computation

Sabine Oeschsner

TBA

12:30h – Lunch

14:00h – Compiling secure computation circuits: From high-level circuits 
to arithmetic circuits and beyond

Jelle Vos

A common misconception is that the computational abilities of circuits 
composed of additions and multiplications are restricted to simple 
formulas only. Such arithmetic circuits over finite fields are actually 
capable of computing any function, including equality checks, 
comparisons, and other highly non-linear operations. While all those 
functions are computable, the challenge lies in computing them 
efficiently. We refer to this search problem as arithmetization. The 
objective in arithmetization has typically been to minimize the number 
of multiplications (multiplicative size), as multiplications are 
significantly more expensive to compute than additions. However, the 
multiplicative depth of a circuit arguably plays an even more important 
role in deciding the computational cost: For homomorphic encryption, it 
strongly affects the choice of cryptographic parameters and the number 
of bootstrapping operations required, which are orders of magnitude more 
expensive to compute than multiplications. In fact, if we can limit the 
multiplicative depth of a circuit such that we do not need to perform 
any bootstrapping, we can omit the large bootstrapping keys required to 
perform them all together. For secret sharing, the multiplicative depth 
strongly affects the number of interactions required. We argue that 
arithmetization should be treated as a multi-objective minimization 
problem, in which a trade-off can be made between a circuit's 
multiplicative size and depth. We present such depth-aware 
arithmetization methods for many primitive operations such as equality 
checks, comparisons, and ANDs and ORs. We also show how to intelligently 
compose arithmetized primitives in larger circuits to further trade-off 
depth and size. We implement these methods in the new Oraqle compiler, 
which allows non-expert users to generate efficient circuits.

14:45h – Coffee Break

15:00h Distributed homomorphic encryption in practice.

Stefan van den Berg

We created a pilot with Rabobank, ABN Amro and TNO to combat money 
laundering. For the pilot we are using homomorphic encryption to share 
and analyze the transaction network. The key used is generated in a 
distributed manner between the banks. In the presentation the 
challenges, both legally and technically, we encountered will be 
discussed.

15:45h – End of activities


--

[Image]

Heloise Vieira, PhD
Discrete Mathematics Cluster, Project Leader
Department of Mathematics and Computer Science
Phone number +31 (0)402474864

De Zaale, Eindhoven
05 MetaForum, MF 6.101

More information about the crypto mailing list