# Discussion about open questions in isogeny-based cryptography

Shahed Sharif

## Institution:

Cal State University San Marcos

## Time:

Friday, November 22, 2019 - 1:00pm

## Location:

RH 440R

Shahed Sharif will lead a discussion on open questions in isogeny-based cryptography. This will include the open questions in the paper "How to not break SIDH" by Chloe Martindale and Lorenz Panny:
https://eprint.iacr.org/2019/558

and perhaps also the paper "Trapdoor DDH groups from pairings and isogenies" by Péter Kutas and Christophe Petit and Javier Silva:

# Lattice problems and algorithms

Shahed Sharif

## Institution:

Cal State University San Marcos

## Time:

Friday, November 8, 2019 - 1:00pm

## Location:

RH 440R

We will review the Shortest Vector Problem and Closest Vector
Problem, cover the elementary theory of these problems, and
discuss common lattice algorithms, including Babai's algorithms
for CVP and the LLL algorithm.

# Introduction to LWE and Ring-LWE

Oscar Villareal

## Institution:

El Camino College

## Time:

Friday, October 25, 2019 - 1:00pm

## Location:

RH 440R

This talk will give an introduction to the Learning with Errors (LWE) and Ring Learning with Errors (Ring-LWE) Problems. References for LWE and Ring-LWE are here:

and here:

# Introduction to NTRU encryption

Alice Silverberg

UCI

## Time:

Friday, October 18, 2019 - 1:00pm

## Location:

RH 440R

This talk will give an introduction to NTRU encryption.

# Report on "How to not break SIDH"

Shahed Sharif

## Institution:

Cal State University San Marcos

## Time:

Friday, November 1, 2019 - 1:00pm

## Location:

RH 440R

This talk will be a report on the paper "How to not break SIDH" by Chloe Martindale and Lorenz Panny: https://eprint.iacr.org/2019/558

# Introduction to Lattice-Based Cryptography

Alice Silverberg

UCI

## Time:

Friday, October 11, 2019 - 1:00pm

## Location:

RH 440R

This talk with give a gentle introduction to Lattice-Based Cryptography.

Some references include the Lattices section of the book "Mathematics of Public Key Cryptography" by Steven Galbraith (free download available at https://www.math.auckland.ac.nz/~sgal018/crypto-book/crypto-book.html), the Lattices and Cryptography section of the book "An Introduction to Mathematical Cryptography" by Hoffstein, Pipher, and Silverman, or the article "Lattice-based Cryptography" by Micciancio and Regev (https://cims.nyu.edu/~regev/papers/pqc.pdf).

# Peikert's quantum attack on CSIDH, Part 2

Shahed Sharif

## Institution:

Cal State University San Marcos

## Time:

Friday, October 4, 2019 - 1:00pm to 1:50pm

## Location:

RH 440R

This talk will continue the talk of September 27, giving an exposition of Chris Peikert's quantum attack on CSIDH. The paper is He Gives C-Sieves on the CSIDH and it's available here: https://eprint.iacr.org/2019/725

Notes for the talk are on this website:

https://public.csusm.edu/ssharif/crypto/

# Peikert's quantum attack on CSIDH

Shahed Sharif

## Institution:

Cal State University San Marcos

## Time:

Friday, September 27, 2019 - 1:00pm

## Location:

RH 440R

This talk will give an exposition of Chris Peikert's quantum attack on CSIDH, then turn to lattices afterwards. The paper is He Gives C-Sieves on the CSIDH and it's available here: https://eprint.iacr.org/2019/725

No knowledge of quantum computing is required.

# On the concrete security of the unique Shortest Vector Problem

Lynn Chua

UC Berkeley

## Time:

Thursday, November 14, 2019 - 3:00pm to 4:00pm

## Location:

RH 440R

We study experimentally the Hermite factor of BKZ2.0 on uSVP lattices, with the motivation of understanding the concrete security of LWE in the setting of homomorphic encryption. We run experiments by generating instances of LWE in small dimensions, where we consider secrets sampled from binary, ternary or discrete Gaussian distributions. We convert each LWE instance into a uSVP instance and run the BKZ2.0 algorithm to find an approximation to the shortest vector. When the attack is successful, we can deduce a bound on the Hermite factor achieved for the given blocksize. This allows us to give concrete values for the Hermite factor of the lattice generated for the uSVP instance. We compare the values of the Hermite factors we find for these lattices with estimates from the literature and find that the Hermite factor may be smaller than expected for blocksizes 30, 35, 40, 45. Our work also demonstrates that the experimental and estimated values of the Hermite factor trend differently as we increase the dimension of the lattice, highlighting the importance of a better theoretical understanding of the performance of BKZ2.0 on uSVP lattices.

# Quantum computing and Grover's algorithm

Shahed Sharif

## Institution:

California State University San Marcos

## Time:

Thursday, June 6, 2019 - 9:30am to 10:20am

## Location:

RH 510R

Given a database of $N$ entries of which exactly one satisfies some
easily checked condition, classically it takes $O(N)$ trials to find the
satisfying entry. Grover's algorithm is a quantum algorithm which
reduces the work to $O(\sqrt{N})$ trials. One consequence is that in the
post-quantum regime, hash functions and symmetric ciphers only provide
half the security (measured as the log of the number of trials) as
currently provided. In this talk, we will give a brief description of
Grover's algorithm, including all of the necessary background in quantum
computing.