London Crypto Day – 5th June 2017 – A day of cryptography talks in the London area

The list of speakers for the first London Crypto Day includes

– Martin Albrecht, Royal Holloway, University of London

Primal and Dual Attacks on LWE-based Encryption Schemes

This talk will review lattice attacks on LWE-based constructions. Firstly, I will present variants of the dual-lattice attack (Eurocrypt 2017) in the presence of an unusually short (and sparse) secret. Such LWE instances are common in homomorphic encryption libraries such as IBM’s HELib or Microsoft’s SEAL and our techniques lead to revised parameter choices for these libraries. Secondly, I will revisit primal attacks which proceed by finding an unusually short vector in a lattice. Here, two different success conditions are formulated in the literature. One going back to Gama & Nguyen’s work on predicting lattice reduction (Eurocrypt 2008) and one recently sketched by Alkim et al. (USENIX 2016). I will present empirical evidence confirming the correctness of the latter estimate and explain the observed behaviour by expanding on Alkim et al.’s work.

– Liqun Chen, University of Surrey

TBA

– Jens Groth, University College London

Snarky Signatures: Minimal Signatures of Knowledge from Simulation-Extractable SNARKs

Signatures of knowledge enable a signer to sign a message using a statement as the public key if she owns a witness to the truth of the statement. They are used in many cryptographic schemes including cryptocurrencies, anonymous credentials, ring and group signatures, and direct anonymous attestation. We will present succinct and highly efficient pairing-based signatures of knowledge. To do this we use that signatures of knowledge and simulation-extractable non-interactive zero-knowledge argument (SE-NIZK argument) are closely linked. We describe a succinct SE-NIZK argument (SE-SNARK) that consists of only 3 group elements and has highly efficient verification. The SNARK is perfectly complete, perfectly zero-knowledge and computationally simulation-extractable. As a consequence, we get signatures of knowledge consisting of only 3 group elements.

– Aggelos Kiayias, University of Edinburgh

TBA

– Markulf Kohlweiss, Microsoft Research Cambridge

A Cryptographically Verified Implementation of crypto_box

The crypto_box construction is a simple Diffie-Hellman based KEM-DEM construction introduced and implemented by Bernstein et al. in their crypto library NaCl. The construction was popularised by libsodium, a fork of NaCl, and is designed to be used modularly in a broad range of applications such as DNSCurve and Mega. The simplicity of crypto_box and its modular nature make it a great example to showcase code-based cryptographic verification techniques in F*, the program verification tool used by miTLS.

– Maura Paterson, Birkbeck, University of London

Reducing download complexity and storage requirements in PIR

Private Information Retrieval (PIR) involves a database consisting of several records and a user who wishes to learn one of the records without revealing which record they are seeking. Traditionally, much of the literature in the unconditionally secure setting considers the case of multiple non-colluding servers that each store a copy of the entire database, and seeks to construct schemes where the size of the users’ queries is as small as possible. Recently, however, there has been considerable interest in models focusing on slightly different aspects, such as the use of coded storage, rather than just replication, of the database in order to reduce the total storage overhead, and the consideration of smallest achievable sizes of the servers’ responses. In this talk we discuss recent developments in some of these areas.

1st London Crypto Day

List of speakers

Further details

Logo credit: Michele Villa