It is my pleasure to invite you to my PhD defense entitled "Theoretical Hardness of Algebraically Structured Learning With Errors".
It will take place on Tuesday, November 16th at 9.30 am in the room Petri-Turing at the IRISA center in Rennes.
The presentation will be in English and live-streamed online on Youtube (https://youtu.be/Bu_PWWb63iU).
Please note that there won't be a common "pot de thèse" afterwards, but I will be there for the coffee break in the afternoon and I would be happy to start celebrating there with the ones who are at IRISA then.
------------------- Abstract --------------------
The main focus of this PhD thesis lies on the computational problem Learning With Errors (LWE). It is a core building block of lattice-based cryptography, which itself is among the most promising candidates to replace current cryptographic protocols once large-scale quantum computers may be available. The contributions of the present work are separated into two different parts. First, we study the hardness of structured variants of LWE. To this end, we show that under suitable parameter choices the Module Learning With Errors (M-LWE) problem doesn't become significantly easier to solve even if the underlying secret is replaced by a binary vector. Furthermore, we provide a classical hardness reduction for M-LWE, which further strengthens our confidence in its suitability for cryptography. Additionally, we define a new hardness assumption, the Middle-Product Computational Learning With Rounding (MP-CLWR) problem, which inherits the advantages of two existing LWE variants. Finally, we study problems related to the partial Vandermonde matrix. This is a recent source of hardness assumptions for lattice-based cryptography and its rigorous study is important to gain trust in it. In the second part of this manuscript, we show that the new hardness assumptions we introduced before serve for the construction of efficient public-key encryption. On the one hand, we design a new encryption scheme, whose security is provably based on the MP-CLWR problem. On the other hand, we modify an existing encryption scheme, called PASS Encrypt, to provide it with a security proof based on two explicitly stated partial Vandermonde problems.
Shweta Agrawal, IIT Madras (examiner),
Martin R. Albrecht, Royal Holloway, University of London (examiner),
Céline Chevalier, Université Panthéon-Assas Paris 2 (reviewer),
Stéphanie Delaune, CNRS, Rennes (examiner),
Frederik Vercauteren, Katholieke Universiteit Leuven (reviewer),
Adeline Roux-Langlois, CNRS, Rennes (director),
Pierre-Alain Fouque, Université de Rennes 1 (co-director)