iCore Workshop: 04 May 2016 (Wednesday) 11:00-18:00
Title: "Lattice Coding & Crypto Workshop"
Venue:
Dennis Gabor Seminar Room, 611, level 6, EEE Dept. @ Imperial College
Lattice-based approaches are emerging as a common theme in modern cryptography and coding theory. In
communications, they are an indispensable mathematical tools to construct powerful error-correction
codes achieving the capacity of wireless channels. In cryptography, they are used to build lattice-based
schemes with provable security, better asymptotic efficiency, resilience against quantum attacks and new
functionalities such as fully homomorphic encryption.
This meeting aims to connect the two communities in the UK with a common interest
in lattices, with a long-term goal of building a synergy of the two fields. It will consist of several talks
on related topics, with a format that will hopefully encourage interaction.
Everyone is welcome. Please send an email at c.ling@imperial.ac.uk for catering purposes.
Program Schedule
We have four talks scheduled.
11:00-12:30 | Cong Ling (Imperial): Achieving Channel Capacity with Lattice Codes
Lattice coding is a new paradigm of modern coding theory, giving rise to coding schemes achieving the Shannon
capacity of Gaussian-noise channels. In wireless communications, lattices have become an indispensable tool to
construct powerful error-correction codes over mobile fading channels, thanks to the connection to algebraic
number theory. This talk presents an overview of the constructions of lattice codes for Gaussian, fading and
MIMO (multi-input multi-output) channels, and introduces a novel framework to achieve the capacity of fading/MIMO
channels with ideal lattices.
13:30-15:00 | Nigel Smart (Bristol): Post-Quantum Cryptography
15:00-16:30 | Alister Burr (York): Lattice Coding
16:30-18:00 | Martin Albrecht (Royal Holloway): A Subfield Lattice Attack on Overstretched NTRU Assumptions
We present work which exploits the presence of a subfield to solve the NTRU problem for large moduli qq: norming-down
the public key h to a subfield may lead to an easier lattice problem, and any sufficiently good solution may be
lifted to a short vector in the full NTRU-lattice.
We restrict ourselves to choices of dimensions n(λ) and modulus q(λ) that were previously thought to offer resistance
against attacks in time exponential in the security parameter λ. For any super-polynomial q(λ), the subfield attack
can be made sub-exponential in λ, or even polynomial as q(λ) gets larger.
The subfield lattice attack directly affects the asymptotic security of the bootstrappable homomorphic encryption
schemes LTV and YASHE. It also makes GGH-like Multilinear Maps vulnerable to principal ideals attacks - therefore
leading to a quantum break - and almost vulnerable to a statistical attack a-la Gentry-Szydlo. No encodings of
zero nor zero-testing parameter are required.