Speaker: Thomas Prest
Date: 16 February 2018, Time: 10:00-11:00, Room: 25-26/105
In this talk, I will talk about the lattice-based signature scheme Falcon, with a focus on two aspects. The first part will detail the security analysis of the scheme, the underlying problems, the known attacks and how to mitigate them. The second part will highlight a few features (not feathers) of Falcon, such as the key-recovery, message-recovery and IBE modes.
Title: GeMSS and DualModeMS : Two Multivariate Submissions to the NIST Standardization Process
Speaker: Ludovic Perret
Date: 16 February 2018, Time: 11:15-12:15, Room: 25-26/105
In this talk, I will present two multivariate shcemes designed for the NIST standardization process.
The first scheme is called GeMSS (Great Multivariate Signature Scheme). GeMSS is a multivariate based signature scheme producing small signatures. It has a fast verification process, and a medium/large public-key. GeMSS is in direct lineage from the multivariate signature scheme QUARTZ. Thus, GeMSS is built from the Hidden Field Equations crypotsystem (HFE) by using the so-called minus and vinegar modifiers, i.e. HFEv-. GeMSS is a faster variant of QUARTZ that incorporates the latest results in multivariate cryptography to reach higher security levels than QUARTZ whilst improving efficiency. GeMSS is a joint work with A. Casanova, J.-C. Faugère, G. Macario-Rat, J. Patarin and J. Ryckeghem.
DualModeMS is a multivariate-based signature scheme with a rather peculiar property. Its public-key is small whilst the signature is large. This is in sharp contrast with traditionnal multivariate signature schemes based on the so-called Matsumoto and Imai (MI) constructions that produce short signatures but have larger public-keys. DualModeMS is composed by two distinct layers. The first one is a classical MI-like multivariate scheme based on HFEv. The second part is based on the method proposed by A. Szepieniec, W. Beullens, and B. Preneel in ''MQ signatures for PKI'' who presented a generic technique permitting to transform any MI-based multivariate signature scheme into a new scheme with much shorter public-key but larger signatures. We emphasize that this technique can be viewed as a mode of operations that offers a new flexibility for MI-like signature schemes. DualModeMS is a joint work with J.-C. Faugère and J. Ryckeghem.
GeMSS and DualModeMS has been prepared with the support of the french Programme d'Investissement d'Avenir under national project RISQ P141580.