This first post-quantum crypto day in Occitanie will take place in the salle de conférences of the LAAS, Toulouse (directions).

Tentative program

Organizers: Fabien Laguillaumie (UM/LIRMM), Vincent Migliore (INSA/LAAS)

Acknowledgements: Institut Cybersécurité Occitanie, ANR Sangria, PEPR SecureCompute

Abstracts

An introduction to HQC with future research directions
Jean-Christophe Deneuville (ENAC)

Towards a threshold variant of the HQC cryptosystem
Lucas Ottow (UM/LIRMM)

Threshold public key encryption is a variant of public key encryption (PKE) in which a certain number T out of a total number N participants is required to successfully decrypt a ciphertext. One way to build a threshold variant of existing PKEs is to design a (preferably efficient) MPC protocol to run the decryption algorithm of a classical PKE. We design a threshold scheme based on the HQC.PKE cryptosystem, which was recently standardized by the NIST as an alternative from the lattice-based primitives. The decryption algorithm of HQC.PKE require to decode Reed-Muller codewords and a Reed-Solomon codeword. They are done on a publicly known codes. However, the error weights corresponding to a given ciphertext is unknown in HQC, and might cause severe security issues if learned by an adversary. This brings a new set of challenges towards a efficient MPC protocol for HQC. Nevertheless, it is possible to obtain dedicated MPC protocols for both Reed-Solomon and Reed-Muller decoding, and we use them in order to build a CPA threshold cryptosystem based on HQC.PKE.

Simplifying Threshold Public Key Encryption from Reyni Noise Flooding and Extensions
Gabrielle Beck (CNRS/LIRMM - ICO)

In [BS23], Scholl and Boudgoust gave threshold PKE and FHE constructions from Reyni noise flooding. Both constructions start by transforming an OW-CPA secure public key encryption scheme into a secure threshold OW-CPA scheme and then into a threshold IND-CPA secure scheme. Passelegue and Stehle [PS24] showed that the threshold IND-CPA FHE scheme of [BS23] could only satisfy selective security. In this work, we provide a simple construction of threshold PKE from Reyni noise flooding that uses the public sampleability framework in conjunction with an almost-linear decryption, IND-CPA secure PKE in the standard model. Along the way we show that constructing these schemes can be tricky by giving a very intuitive construction which fails to satisfy adaptive security via a counter-example. We also discuss how this threshold PKE construction might be extended to linear homomorphic PKE with adaptive security or to get CCA security.

A decade of Masking Security Proofs
Loïc Masure (CNRS/LIRMM)

Masking, a.k.a. "MPC on silicon", is a popular counter-measure against side-channel analysis of cryptographic hardware, by operating the computations over a secret sharing of sensitive data. Though masking was designed in the late 1990s as an ad hoc counter-measure, the research community has been able to establish since the 2010s its provable security, as a universal counter-measure. This presentation aims at giving a summary of the state of the art, and the many challenges remaining to address.

Key Recovery from Side-Channel Power Analysis Attacks on HQC Decryption
Cyrius Nugier (ENAC)

A new algebraic approach on the code equivalence problem
Rocco Mora (UM/LIRMM)

Given two linear codes, the Code Equivalence Problem consists in determining whether there exists an isometry mapping one code to the other. Recently, code equivalence has attracted significant attention in cryptography, as it is widely believed to be resistant to quantum attacks.

In this talk, we provide an overview of cryptographic constructions based on the code equivalence problem in the Hamming metric and of existing solving techniques. Then, we introduce an attack strategy based on the Schur product of codes, which enables us to tackle certain instances previously considered difficult. We demonstrate the effectiveness of this approach by applying it to the concrete cryptanalysis of a recent cryptographic scheme. We conclude by discussing open problems and future research directions related to the code equivalence problem, as well as possible extensions of our results.

RHQC: post-quantum ratcheted key exchange from coding assumptions
Marina Dehez-Clementi (ISAE-SUPAERO)