Post-quantum cryptography

Post-quantum cryptography aims at designing classical (non-quantum) cryptosystems that are secure against possibly quantum attackers. The recent advances towards building quantum computers make its development pressing. As a result, it is a vibrant sub-field of cryptography, raising questions on computational assumptions, models of attackers, cryptographic design, and practical deployment.
In this course, we will cover a wide range of approaches for designing quantum-safe cryptographic primitives, focusing on digital signatures and public-key encryption.

General Information

Thomas Debris-Alazard (INRIA Paris-Saclay), Damien Stehlé (ENS Lyon) and Benjamin Wesolowski (CNRS, U. Bordeaux).

For half the grade: a homework and a report on a research article
For the other half: an oral exam with a presentation of the research article and questions on the lectures


Tentative plan:

I. Hash-based signatures
  1. One-time signatures, Merkle trees, XMSS
  2. Goldreich's signature, SPHINCS
II. Codes
  1. Intractable problems related to codes
  2. Code-based encryption, from McEliece and Alekhnovich to modern schemes
  3. Code-based signatures, from Stern and CFS to modern schemes
III. Lattices
  1. Hardness assumptions: LWE, SIS, PLWE, PSIS
  2. Lyubashevsky's signature
  3. Encryption: Newhope and extensions
  4. NTRU
IV. Isogenies
  1. Elliptic curves and isogenies
  2. The Jao-De Feo key exchange, SIKE
  3. Hard homogenous spaces: post-quantum Diffie-Hellman and other applications