<div dir="ltr"><div dir="ltr"><div>Hi,</div><div><br></div><div>The next speaker of our seminar series is Andrea Basso, who will speak tomorrow afternoon about "<span><span id="m_-3130658146358846284gmail-rAECCd">Lattice-based cryptography and SABER</span></span>". You can find the abstract of the talk at the bottom of this
email.<br></div><div><br></div><div>You can join using the following Zoom link: <a href="https://berkeley.zoom.us/j/96826613566?pwd=MUZtOGllSklFM2d0NGhwaFBqNXhjdz09" target="_blank">https://berkeley.zoom.us/j/96826613566?pwd=MUZtOGllSklFM2d0NGhwaFBqNXhjdz09</a> (due to the default privacy settings you need to sign into your Zoom account before joining).</div><div><br></div><div>After the seminar we will have room for informal discussions as well on gather.town: <a href="https://gather.town/i/MRk4EY1j">https://gather.town/i/MRk4EY1j</a></div><div><br></div><div>Best,</div><div><br></div><div>AndrĂ¡s</div><div><br></div><div>2021.03.25 16:30 CET -- <b>Speaker: Andrea Basso</b> (University of Birmingham, UK)<br><br><b>Title:</b> <span><span id="m_-3130658146358846284gmail-rAECCd">Lattice-based cryptography and SABER</span></span><br><br><b>Abstract:</b> <span><span>Post-quantum cryptography represents the future of cryptographic research. One of the most promising approaches involves lattices. Lattice-based cryptosystems offer security, performance, and low communication costs. Indeed, one of the NIST standards is guaranteed to be lattice-based.</span><p><span>There are two main families of lattice-based protocols: those based on the NTRU problem and those based on the Learning With Errors (LWE) problem. The security of both can be reduced to long-studied problems in lattice theory. There are also several variations to each problem, with partial reductions between each other. Interestingly, lattice-based cryptography has also opened up new possibilities. A fully homomorphic encryption protocol was developed based on lattice problems, paving the way for the development of several new schemes that offer interesting properties. Homomorphic encryption thus has the potential to deeply transform several fields and impact privacy-focused applications, which makes it an exciting area of research.</span></p><p><span>On the public-key encryption side, one of the four finalists for the NIST standardization process is Saber, a key exchange mechanism based on a derandomized module variant of LWE. Saber consists of a Diffie-Hellman-like key exchange protocol, which is then transformed into an IND-CPA encryption scheme, and finally into an IND-CCA secure key encapsulation mechanism. The design of Saber relies on small secrets and power-of-two moduli. This contributes to high performance, but it also poses interesting implementation challenges. Research on Saber is still ongoing, and new techniques and implementations are being developed. In particular, side-channel security and masking performance are being studied, and the results will determine the future of the protocol.</span></p></span></div></div></div>
<p></p>
-- <br />
You received this message because you are subscribed to the Google Groups "Quantum CS Seminar" group.<br />
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="mailto:qcsseminar+unsubscribe@googlegroups.com">qcsseminar+unsubscribe@googlegroups.com</a>.<br />
To view this discussion on the web visit <a href="https://groups.google.com/d/msgid/qcsseminar/CAG54o1mPxqVYN71nd3U9S3HzwJCAhc4PsKs%2B1K0-PLmAJtfLdQ%40mail.gmail.com?utm_medium=email&utm_source=footer">https://groups.google.com/d/msgid/qcsseminar/CAG54o1mPxqVYN71nd3U9S3HzwJCAhc4PsKs%2B1K0-PLmAJtfLdQ%40mail.gmail.com</a>.<br />