seminar

Friday, Nov 8, 2024 - 10:30 - 24-25/509

Dounia Mfoukh

TBD

(ALMASTY Seminar)

Friday, Nov 15, 2024 - 10:30 - 24-25/509

Kevin Carrier

TBD

(ALMASTY Seminar)

Friday, Nov 22, 2024 - 10:30 - 24-25/405

Mahshid Riahinia

Fast Public-Key Silent OT and More from Constrained Naor-Reingold

(ALMASTY Seminar)

Pseudorandom Correlation Functions (PCFs) allow two parties to locally generate arbitrarily many pseudorandom correlated strings, e.g., Oblivious Transfer (OT) correlations, which can then be used by the two parties to run efficient secure computation protocols. In this talk, I will present a new and simple approach for constructing PCFs for OT correlations by relying on constrained pseudorandom functions for a class of constraints containing a weak pseudorandom function. I will then show that tweaking the Naor-Reingold pseudorandom function and relying on low-complexity weak PRFs allow us to instantiate this paradigm. This idea can be extended further to obtain efficient public-key PCFs for OT and reusable designated-verifier non-interactive zero-knowledge proofs (DV-NIZKs) for NP.

This talk is based on https://eprint.iacr.org/2024/178 , joint work with Dung Bui, Geoffroy Couteau, Pierre Meyer, and Alain Passelègue.

Friday, Nov 29, 2024 - 09:30 - 24-25/405

Lucas Ottow

TBD

(ALMASTY Seminar)

Friday, Dec 6, 2024 - 10:30 - 24-25/405

Pouria Fallahpour

Quantum Oblivious LWE Sampling and Insecurity of Standard Model Lattice-Based SNARKs

(ALMASTY Seminar)

The Learning With Errors (LWE) problem asks to find s from an input of the form (A, b = A s + e) in (Z/qZ)^{m × n} × (Z/qZ)^{m}, for a vector e that has small-magnitude entries. In this talk, I focus on the task of sampling LWE instances. As these are extremely sparse in their range, it may seem plausible that the only way to proceed is to first create s and e and then set b = A s + e. In particular, such an instance sampler knows the solution. This raises the question of whether it is possible to obliviously sample (A, A s + e), namely, without knowing the underlying s. A variant of the assumption that oblivious LWE sampling is hard has been used in a series of works to analyze the security of candidate constructions of Succinct Non-interactive Arguments of Knowledge (SNARKs). As the assumption is related to LWE, these SNARKs have been conjectured to be secure in the presence of quantum adversaries. The main focus of the talk is a quantum polynomial-time algorithm that samples well-distributed LWE instances while provably not knowing the solution, under the assumption that LWE is hard. Moreover, the approach works for a vast range of LWE parameterizations, including those used in the above-mentioned SNARKs. This invalidates the assumptions used in their security analyses, although it does not yield attacks against the constructions themselves.

Friday, Dec 13, 2024 - 10:30 - 24-25/405

River Moreira Ferreira

Polynomial-Time Key-Recovery Attack on the NIST Specification of PROV

(ALMASTY Seminar)

Friday, Oct 11, 2024 - 09:30 - Amphithéâtre Durand

Jules Maire

Zero-Knowledge Arguments from Secure Multiparty Computation

(Soutenance Thèse)