iCore Workshop: 04 May 2016 (Wednesday) 11:00-18:00
Title: "Lattice Coding & Crypto Workshop"
Venue: Dennis Gabor Seminar Room, 611, level 6, EEE Dept. @ Imperial College

Lattice-based approaches are emerging as a common theme in modern cryptography and coding theory. In communications, they are an indispensable mathematical tools to construct powerful error-correction codes achieving the capacity of wireless channels. In cryptography, they are used to build lattice-based schemes with provable security, better asymptotic efficiency, resilience against quantum attacks and new functionalities such as fully homomorphic encryption.

This meeting aims to connect the two communities in the UK with a common interest in lattices, with a long-term goal of building a synergy of the two fields. It will consist of several talks on related topics, with a format that will hopefully encourage interaction.

Everyone is welcome. Please send an email at c.ling@imperial.ac.uk for catering purposes.

Program Schedule

We have four talks scheduled.

11:00-12:30 | Cong Ling (Imperial): Achieving Channel Capacity with Lattice Codes
Lattice coding is a new paradigm of modern coding theory, giving rise to coding schemes achieving the Shannon capacity of Gaussian-noise channels. In wireless communications, lattices have become an indispensable tool to construct powerful error-correction codes over mobile fading channels, thanks to the connection to algebraic number theory. This talk presents an overview of the constructions of lattice codes for Gaussian, fading and MIMO (multi-input multi-output) channels, and introduces a novel framework to achieve the capacity of fading/MIMO channels with ideal lattices.

13:30-15:00 | Nigel Smart (Bristol): Post-Quantum Cryptography

15:00-16:30 | Alister Burr (York): Lattice Coding

16:30-18:00 | Martin Albrecht (Royal Holloway): A Subfield Lattice Attack on Overstretched NTRU Assumptions
We present work which exploits the presence of a subfield to solve the NTRU problem for large moduli qq: norming-down the public key h to a subfield may lead to an easier lattice problem, and any sufficiently good solution may be lifted to a short vector in the full NTRU-lattice.
We restrict ourselves to choices of dimensions n(λ) and modulus q(λ) that were previously thought to offer resistance against attacks in time exponential in the security parameter λ. For any super-polynomial q(λ), the subfield attack can be made sub-exponential in λ, or even polynomial as q(λ) gets larger.
The subfield lattice attack directly affects the asymptotic security of the bootstrappable homomorphic encryption schemes LTV and YASHE. It also makes GGH-like Multilinear Maps vulnerable to principal ideals attacks - therefore leading to a quantum break - and almost vulnerable to a statistical attack a-la Gentry-Szydlo. No encodings of zero nor zero-testing parameter are required.