LCD 2024

Laura Ball, Liz Quaglia and Christian Weinert are organising the next London Crypto Day 2024, which will be on Friday 15th November 2024.

The event will be held in the Enigma Room of the Alan Turing Institute (located on the first floor in the British Library).

You can now register for the event here.

The LCD24 schedule is out!

10:00 - 10:25 Arrival and welcome coffee

10:25 - 10:30 Opening remarks

10:30 - 11:15 Andrew Mendelsohn (Imperial College)

11:15 - 12:00 Eamonn Postlethwaite (King's College)

12:00 - 12:15 Coffee break

12:15 - 13:00 Maria Corte-Real Santos (University College London)

13:00 - 14:00 Lunch 

14:00 - 14:45 Saqib Kakvi (RHUL) 

14:45 - 15:30 Dave Buckley (OpenMined)

15:30 - 16:00 Coffee Break

16:00 - 16:45 Lydia Garms (EY)

We are very pleased to announce the list of speakers for LCD24!

• Eamonn Postlethwaite, KCL

Hinted short integer solutions problems: or pass on the salt!

When building lattice based signatures (e.g. the NIST standard FALCON) in the style of Gentry--Peikert--Vaikuntanathan one must salt, i.e., randomise, the message to be signed. This is a consequence of the fact that two preimages of the same message, when unsalted, give a short vector in a `kernel' lattice. The security consequences of this are not well understood and hence salting is considered necessary. This is theoretically and practically unsatisfying when constructing a variety of advanced signature schemes, e.g. aggregate signatures. We introduce a variant of the standard lattice problem ISIS (inhomogeneous short integer solutions) called kHISIS (k-hinted-ISIS) that allows for the presence of hints. These hints are vectors in the kernel lattice, sampled according to some distribution, e.g. those obtainable from two preimages of an unsalted message as above. We show that, given certain parametrisations and a small technical assumption, if an adversary can solve kHISIS then subexponential memory lattice sieving algorithms exist. Given that the existence of such an algorithm would represent a major breakthrough in the complexity of lattice problems, we conjecture that under these circumstance kHISIS is hard.

• Maria Corte-Real Santos, UCL

Post-quantum secure signature schemes from isogenies

Most public-key cryptography that is deployed in today’s systems is susceptible to attacks by quantum computers. With increasing investment in the development of large-scale quantum computers, it is important to develop cryptography that is secure against both classical and quantum attacks. Considering this, in 2016, NIST began an effort to standardise post-quantum secure key exchange mechanisms and signature schemes. In this talk, we will focus on signature schemes and introduce SQIsign, the only isogeny-based signature scheme that was submitted to NISTs recent alternate call for signatures. SQIsign boasts the smallest combined signature and public key sizes, however it is much slower than its lattice-based counterparts. We will discuss in more detpth the benefits and drawbacks of SQIsign compared to other post-quantum secure signatures, and present joint work (with Jonathan Komada Eriksen, Michael Meyer and Krijn Reijnders) to obtain faster verification for SQIsign.

• Lydia Garms, EY

Starlight and Nightfall: Privacy and scalability tools for public blockchains

In this talk I will give an overview of two tools that facilitate privacy for public blockchains.

The first tool is starlight which compiles a solidity smart contract into a privacy preserving one using ZK-Snarks. Variables that are marked as “secret” are replaced with commitments, such that only the “owner” of a variable knows the secret key. Every time the variable is updated a new commitment is created and the old commitment nullified.  A zero knowledge proof is also generated, which can be verified to enforce that the commitment has been correctly updated.

The second tool is Nightfall 4, which is a ZK rollup, which allows multiple transactions to be “rolled up” off chain, via recursive ZK-Snarks. This reduces the amount of data stored on chain per transaction, reducing gas prices, and also provides privacy due to the zero knowledge property of the proofs.  In addition, unlike optimistic rollups, all the transactions can be verified via a single zero knowledge proof verification and so instant finality can be achieved. This means that significantly less time is required for transactions to be confirmed.

• Saqib Kakvi, RHUL

The Power of Generic Constructions

In this talk we will discuss the overlooked utility of a generic construction both as an implicit upper bound and as a tool for deeper understanding of relations and requirements between cryptographic primitives. As a case study we will consider the generic signature construction of Blazy et al. from PKC 2015 which constructs tightly secure signatures in the standard model and show how the construction interacts with past, present and future.

• Andrew Mendelsohn, Imperial College

Cryptographic Properties of the Ring Commutator

Some time ago, Miccancio proposed the inner product of vectors of ring elements modulo a prime as a hash function (with some constraints on the inputs), and studied the security properties of this function. This line of work led to proofs of collision resistance, under suitable constraints, assuming the hardness of worst-case lattice problems. In this talk we study what happens if one replaces the sum of products of commutative ring elements with sums of commutators of noncommutative ring elements; this is motivated by the better compression properties of the sum of commutators than the inner product. We give conditions for when the image of this function over elements of orders in quaternion algebras is uniform, and show that, subject to a novel SIS-style assumption, we obtain collision resistance. We will also sketch some cryptographic applications. 

• Dave Buckley, OpenMined

Real-world applications of privacy-enhancing technologies

In this talk, I will describe PySyft - OpenMined's open-source data infrastructure framework, which facilitates access and governance of nonpublic information assets using privacy-enhancing technologies. A number of real-world case studies where PySyft has been leveraged will then be presented, including collaborations with Reddit, EleutherAI, Anthropic, the UK AI Safety Institute, the Christchurch Call Initiative on Algorithmic Outcomes, and the United Nations PET Lab.