This is the webpage for the course Post-Quantum Cryptography for Spring 2022. Here is the preliminary syllabus for the course:
Breaking discrete log and factoring with the hidden subgroup problem. Branches of post-quantum cryptography and basics of lattices
Minkowski's convex body theorem and applications to number theory. Hard lattice problems: SVP, CVP and its approximate versions. Lattices in 2 dimensions, Lagrange reduction
Hermite's constant and Hermite reduction. Weak LLL and size reduction. Babai's nearest plane algorithm,
LLL algorithm and properties of LLL reduced basises. The GGH encryption and digital signature schemes, discussions on security. SIS and LWE problems and basic constructions (hash function, PKE and digital signatures)
Ideal lattices, fast multiplication in cyclotomic rings. Description of the NTRU scheme, basic attacks, discussions on secure parameter sets.
Ring-LWE and Module-LWE problems. NIST finalist lattice schemes, advanced applications of lattices (identity-based encryption and fully homomorphic encryption)
Basics of multivariate cryptography. HFE and Oil and Vinegar schemes. Gröbner basis and Buchberger's algorithm
Attacks against HFE and Oil and Vinegar. UOV, LUOV and Rainbow. Beullens' attack.
Couveignes' Hard Homogenous Spaces framework. Basics of elliptic curves and isogenies. The supersingular isogeny graph and its F_p-subgraph. Description of CSIDH.
Attacks against CSIDH. The SIDH key exchange. The GPST and torsion-point attacks.
The KLPT algorithm (sketch) and GPS and SQISign signatures. CSi-FiSh and other advanced primitives (threshold schemes, oblivious transfer etc)
Error-correcting codes. The McEliece cryptosystem. Special classes of codes admitting efficient decoding algorithms. Goppa codes
Attacks against McEliece variants. Rank metric based constructions (BIKE and Ledacrypt), discussion on security. The digital siganture scheme Wave.