SCHOOL
The School is a two-and-a-half-day event, from Monday 10th to Wednesday 12th. It is mainly aimed at Ph.D. and M.Sc. students interested in the field of cryptography and it requires prior knowledge of commutative algebra, number theory, and cryptography at the graduate level.
The School will cover the main topics of post-quantum cryptography, from the basics of the underlying mathematical problems to examples of established protocols. In more details, the School will be organized into five modules: an introduction to post-quantum cryptography, multivariate-based, code-based, isogeny-based, and lattice-based cryptography.
The School is structured as follows:
Monday 10th: from 9.30am to 1:00pm and from 2:30pm to 6:00pm;
Tuesday 11th: from 9.30am to 1:00pm and from 2:30pm to 6:00pm;
Wednesday 12th: from 9.30am to 1:00pm.
PROGRAM
Day 1
Monday, October 10th
8:30 - 9:15 Registration
9:15 - 9:30 Marco Baldi, Carla Mascia, Alessio Meneghetti
Welcome
9:30 - 11:00 Joachim Rosenthal
Introduction to Post-Quantum Cryptography
Part One
11:00 - 11:20 Coffee-break
11:20 - 11:30 Institutional Greetings
Ana Maria Alonso Rodriguez
(Department of Mathematics, University of Trento)
Massimiliano Sala
(National Initiative "De Componendis Cifris")
Silvio Ranise
(Fondazione Bruno Kessler)
13:00 - 14:30 Lunch
14:30 - 16:00 Emmanuela Orsini
Lattices and Lattice Problems for Cryptography
The importance of lattice-based cryptography has been recently justified by the NIST post-quantum standardization process that identified two primary algorithms to be implemented for most use cases: CRYSTALS-KYBER (key-establishment) and CRYSTALS-Dilithium (digital signatures), both lattice-based. Other than for their apparent resistance to quantum attacks, lattice-based cryptographic primitives have other interesting features being supported by strong worst-case/average-case security guarantees and high asymptotic and concrete efficiency.
In this lecture, we give an introduction to the mathematical theory of lattices, describe the main tools and techniques used in lattice cryptography, and present an overview of the main post-quantum secure cryptographic primitives. (Part One)
16:00 - 16:30 Coffee-break
16:30 - 18:00 Emmanuela Orsini
Lattice-based Cryptography
Introduction to the mathematical theory of lattices, description of the main tools and techniques used in lattice cryptography, and overview of the main post-quantum secure cryptographic primitives. (Part Two)
Day 2
Tuesday, October 11th
9:30 - 11:00 Giulio Codogni
An introduction to Isogeny-Based Cryptography and Isogeny Graphs
Notion of isogeny between elliptic curves and application to cryptography. Isogeny graphs, their properties and their relation with isogeny based cryptography. (Part One)
11:00 - 11:30 Coffee-break
11:30 - 13:00 Giulio Codogni
Isogeny-Based Cryptography
Notion of isogeny between elliptic curves and application to cryptography. Isogeny graphs, their properties and their relation with isogeny based cryptography. (Part Two)
13:00 - 14:30 Lunch
14:30 - 16:00 Elisa Gorla
Introduction to Multivariate Cryptography and the Multivariate Quadratic Problem
Introduction to multivariate cryptography with some examples of multivariate schemes. Discussion of the Multivariate Quadratic Problem (MQP), which is the problem on which the security of multivariate cryptographic protocols relies. Discussion of the hardness of the MQP. To this extent, introducing Groebner bases and linear-algebra-based algorithms to compute them (often the most effective method to solve the MQP over finite fields). Definition of the solving degree, which controls the complexity of these algorithms.
16:00 - 16:30 Coffee-break
16:30 - 18:00 Elisa Gorla
Complexity of Groebner Bases Computations and Related Algebraic Invariants
Discussion of the invariants which we currently use to estimate the complexity of Groebner basis algorithms. As the solving degree is in practice hard to compute, it is often estimated by using other invariants, such as the degree of regularity, the first fall degree, the last fall degree, and the Castelnuovo-Mumford regularity. Discussion on their relations and how we can bound or estimate them. Some examples of concrete situations in which we can obtain estimates using the invariants and methods introduced in the lectures, including the MinRank Problem, which is relevant in the cryptanalysis of several cryptographic schemes.
Day 3
Wednesday, October 12th
9:30 - 11:00 Edoardo Persichetti
Code-Based Cryptography: Encryption and NIST standardization
Introduction to the area of code-based cryptography. Start with basic coding theory notions and explain the traditional approach, stemming from McEliece’s seminal 1978 paper. The talk will then cover the evolution of code-based encryption over the last 40 years, concluding with its role within NIST’s standardization protocol.
11:00 - 11:30 Coffee-break
11:30 - 13:00 Edoardo Persichetti
Code-Based Cryptography: Signatures and Future Developments
Presentation of some topics for current and future research in code-based cryptography. In particular, the lecture will focus on the design and cryptanalysis of digital signatures, starting from the vast literature of unsuccessful attempts, and continuing with present lines of research.
13:00 - 14:30 Lunch