Heute um 18:30 Uhr hält Kathrin Hövelmanns (Lehrstuhl für Kryptographie) einen Online-Vortrag über CCA-Verschlüsselung in der QROM bei dem Workshop "Lattices: Von der Theorie zur Praxis" am Simons Institute, Berkeley. Sie wird einen Überblick über den Wissensstand darüber geben, wie aus schwächeren Bausteinen direkt aktive Sicherheit abgeleitet werden kann, wobei von Quantenangreifern ausgegangen wird.
Die Veranstaltung findet als Zoom-Webinar statt und ist zugänglich über simons.berkeley.edu/workshops/lattices-2020-3
Title: CCA encryption in the QROM
Abstract: In the context of the NIST competition, the last three years have seen a lot of research to be invested in the construction of public-key primitives that remain actively secure even in the presence of quantum adversaries. All current NIST proposals follow the approach to achieve active security by first constructing a weaker primitive, and then applying a variant of the Fujisaki-Okamoto transformation.
The Fujisaki-Okamoto transformation and its variants turns any scheme with a weak security level into a scheme with the desired active security level, in a generic way. All of its variants, however, are constructed relative to hash functions, and quantum attackers might interact with these hash functions in a more sophisticated way than classical attackers would be capable of. This possibility is reflected in the security bounds that have been proven for quantum adversaries: They are less tight than in the classical setting.
In this context, tight bounds mean that the derived scheme is as secure as the underlying building block, whereas less tight results relate the derived scheme's security to the weaker building block in a less immediate manner. To still achieve a sufficient level of security for the derived scheme, the underlying primitive's level of security would have to be scaled up, leading to less efficient schemes. Gradual progress towards tighter security bounds has been made within the last years, but it comes at the price of additional restrictions for the weaker building block.
Allgemeiner Hinweis: Mit einer möglichen Nennung von geschlechtszuweisenden Attributen implizieren wir alle, die sich diesem Geschlecht zugehörig fühlen, unabhängig vom biologischen Geschlecht.
