DATE

October 4, 5 2021

All times in local Colombian time (GMT -5)

DATE

October 4, 5 2021

All times in local Colombian time (GMT -5)

CONTACT

macc@urosario.edu.co

LOCATION

Online

October

8:00

Let us recall, Diffie-Hellman's (DH) key exchange protocol acts on the integers using modular exponentiations as the main block. The elliptic curve version of DH named ECDH relies on point-curve arithmetic (now scalar point multiplication instead of modular exponentiation). ECDH requires shorter keys than DH, but both are post-quantumly insecure. Thus, we will focus on SIDH, the Supersingular Isogeny variant of DH, and SIKE (its descended): the protocol acts on supersingular curves having the main block being mappings connecting curves. We will address what SI[DH/KE] is and its security by focusing on describing its public and private keyspaces.

10:00

Break

10:30

Cryptographic algorithms based on a group with a hard discrete-logarithm problem commonly assume the existence of a hash function that outputs elements of the group. When using elliptic curves to instantiate this group, the "hash to curve" function becomes a non-trivial operation both computationally and security-wise.

The goal of this course is to show best practices for performing this kind of hashing. We highlight the relevance of this primitive regarding security, since it helps to prevent vulnerabilities as those already arisen in real-world deployments.

By the end of the course, we expect participants to get familiar with hash to curve functions and obtain handy resources for its usage and implementation.

The course is composed of three parts. First, we contextualize the hashing operation and its properties and review some basic algorithms. We present work-in-progress efforts for defining a standard way for hashing to elliptic curves in Weierstrass, Montgomery and Edwards forms, quotient groups such as Decaf, and pairing-friendly curves.

In the second part, we present algorithmic optimizations, implementation techniques, and cryptographic libraries. Finally, we review some high-level cryptographic protocols that make use of hashing to curve.

Participants can find useful resources on this course for learning more about this topic and some challenges can also be expected.

12:30

Break

14:00

We will survey the built proof systems landscape and discuss current and potential future applications of these systems in practice. The focus is both on the relative strengths and weaknesses of existing approaches and on the challenges common to all systems. We will finish with a discussion of important open problems, and recent progress

October

8:00

The objective of this talk is to introduce famous lattice problems that are used in cryptography (SVP, LWE, SIS). We will see how they relate to each other, and also study some of the known algorithms that solve them. If time permits, we will also discuss structured variants of these problems, like ring-LWE or module-LWE.

10:00

Break

12:30

Break

13:30

In 1997, Brightwell and Smith suggested that there is a need for encrypting special domains into themselves. One can of course try and use standard encryption, but then the outcome is not likely to be in the domain. However, building a secure cipher that can encrypt any domain into any domain is not easy, as evident by the recent attacks on FPE standards. In this talk, we will cover the need for FPE, some of the designs that were proposed, and the security issues of such ciphers.

**Patrick Longa**

MSR Security and Cryptography

Microsoft Research, USA

One Microsoft Way, Redmond, WA 98052

E-mail: **plonga@microsoft.com**

**Carla Ráfols**

Wireless and Secure Communications Group

Departament de Tecnologies de la Informació i les Comunicacions

Universitat Pompeu Fabra

Roc Boronat, 138 08018 España

E-mail: **carla.rafols@upf.edu**

**Valérie Gauthier Umaña**

Head

Applied Mathematics and Computer Science Department

School of Engineering, Science and Technology

Universidad del Rosario

Bogotá, Colombia

Carrera 6 # 12 C - 16, oficina 502

E-mail: **valeriee.gauthier@urosario.edu.co**

**Francisco Rodríguez Henríquez**

Investigador CINVESTAV 3-D

Departamento de Computación

CINVESTAV-IPN

Av. IPN No. 2508 Col. San Pedro Zacatenco

México, D.F. 07360. MEXICO

E-mail: **francisco@cs.cinvestav.mx**