17-21 Jun 2024 Anglet (France)

Summer school

The summer school will take place at Atlanthal, an hotel in Anglet near Biarritz.

From june 17 to june 21 2024, we will welcome you, for the first summer school of the project PQ-TLS.

School price : 600 euros TTC (All inclusive)

The lectures will be in english.

Should you need more information, please contact : marilou.gaborel@irisa.fr

Project description

The famous « padlock » appearing in browsers when one visits websites whose address is preceded by « https » relies on cryptographic primitives that would not withstand a quantum computer. This integrated project aims to develop in 5 years post-quantum primitives in a prototype of « post-quantum lock » that will be implemented in an open source browser. The evolution of cryptographic standards has already started, the choice of new primitives will be made quickly, and the transition will be made in the next few years. The objective is to play a driving role in this evolution and to make sure that the French actors of post-quantum cryptography, already strongly involved, are able to influence the cryptographic standards of the decades to come.

Speaker & Topic presentation

Alice Pellet--Mary - CNRS - Institut de Mathématique de Bordeaux


Title : Introduction to lattice-based cryptography

Abstract: These two talks will give an introduction to some topics about lattice-based cryptography. We will review some basic results about lattices, and see how they can be used to construct encryption schemes and signature schemes. We will also discuss about cryptographic lattice problems, such as LWE and NTRU. Finally, we will mention some NIST candidates, such as Kyber and Falcon.


Charlie Jacomme - Inria Nancy


Title: Formal verification of cryptographuc protocols - how it works, what does formal guarantees even mean and why do we want that ?

Abstract: In this presentation, we will present why and how we try to increase our confidence in the security of cryptographic protocols by using formal methods, and notably using computer-aided verification. We will give a broad understanding of the main ideas behind verification tools such as CryptoVerif, ProVerif, Squirrel and Tamarin, notably touching on the challenges posed for them by the post-quantum setting. Finally, we will give a concrete example with a case study of the recently deployed PQXDH, a post-quantum variant of the initial key-exchange for the Signal Messenger application.


Matthieu Rivain - Cryptoexperts (https://www.cryptoexperts.com/)


Title: Zero-Knowledge Proofs & Post-Quantum Signatures from MPC in the Head

Abstract: The MPC-in-the-Head (MPCitH) paradigm builds zero-knowledge proofs from multi-party computation (MPC) protocols. MPCitH techniques are especially effective for small circuits such as those arising in (post-quantum) signature schemes. This was first demonstrated by the Picnic signature scheme, submitted to the NIST PQC process in 2017. In the recent NIST call for additional post-quantum signatures, 9 candidates out of the 40 selected for the first round rely on MPCitH techniques. This two-part presentation aims to provide a comprehensive introduction to the MPC-in the-Head paradigm, highlight recent advances in the field, and explore some specific post-quantum signature constructions.


Brice Minaud - Inria - ENS Paris


Title: Multivariate cryptography

Abstract: Multivariate cryptography is a technique to build post-quantum cryptography. It has received less attention than other major approaches, but paradoxically, it also has the highest number of submissions to the NIST standardization process for additional post-quantum signatures (according to the NIST's classification). This calls for additional research. In this presentation, I will endeavor to present multivariate cryptography, including constructions, reductions, attacks, and open problems.


Loïc Masure - CNRS - LIRMM


Title: Side-channel Analysis of cryptographic implementations : evaluation and counter-measures

Abstract: Since the seminal works of Paul Kocher in the late 90s, implementations of cryptographic primitives are known to be the attack vector providing perhaps the most efficient way to break an implementation. In a nutshell, it consists in leveraging some physical measurements of the device running the implementation. Through a divide-and-conquer approach, side-channel analysis often makes the attack complexity linear with the key size. That is why it is crucial to take this threat into account in the design and the implementation of (post-quantum) cryptography.

The goal of this presentation is to raise awareness of cryptographers on side-channel analysis, and to provide them some tools to evaluate and mitigate this threat. To this end, we will successively play the role of a malicious adversary, a security evaluator, and a cryptographic designer.

  1. First half
    1. Presentation and demonstration of side-channel attacks (malicious adversary)
    2. Methodology to evaluate the threat (security evaluator)
  1. Second half
    1. Masking : a universal counter-measure against SCA (cryptographic designer)
    2. What about post-quantum ? The specifics and open problems of SCA & masking against PQC.


Nicolas Sendrier - Inria Paris


Title; Error-correcting codes

Abstract: Coming soon


Xavier Bonnetain - Inria Paris


Title; Quantum computing & cryptanalysis

Abstract: Coming soon


Luca De Feo


Title: Isogeny

Abstract: Isogenies are groupe morphisms of elliptic curves. Isogeny-based Cryptography is an extension of Elliptic Curve Cryptography whose security is based on the difficulty of finding isogenies between elliptic curves. Unlike the elliptic discrete logarithm problem, the isogeny search problem is believed to resist to quantum attacks and is this used as a foundation of post-quantum cryptography.

This lecture will review the different families of isogeny-based schemes, explain the recent progress, and give context on the ongoing standardization efforts.









Online user: 2 Privacy