Current

The seminar is held on Tuesdays from 11 to 12 and is organised by Sabrina Kunzweiler and Maxime Bombar. Unless stated otherwise it takes place in room 2 of IMB. To get announcements, you can subscribe to the mailing list of the Bordeaux number theory seminars. Last minute changes may appear first on the IMB website.

• 2025-10-14
  11:00
  Salle 2
  Pierre Pébereau (Sorbonne Université)
  Geometric approach to the cryptanalysis of UOV
  We present results concerning the security of post-quantum multivariate signature schemes based on UOV, in particular those submitted to NIST. We motivate our approach by a geometric interpretation of the trapdoor, based on the work of Kipnis and Shamir and more recently by Beullens. The geometric properties we exhibit are naturally translated into algebraic problems, which can be solved using standard algebraic cryptanalysis tools, such as efficient linear algebra and Gröbner basis algorithms. As an example, we show that the varieties defined by the public keys of UOV schemes admit large singular locii. These singularities enable us to introduce new algebraic attacks against UOV-based schemes, and to re-interpret the Kipnis-Shamir attack in an algebraic framework. Our attacks lower the security of UOV and VOX showing in particular that the parameters sets proposed for these schemes do not meet the NIST security requirements. At level V, we show that the security falls short by a factor of 229 logical gates. We also present on-going work with S. Abelard and M. Safey el Din enabling a generic analysis of the polynomial systems arising in the study of UOV.
• 2025-11-04
  11:00
  Salle 2
  Sebastian Spindler (Universität der Bundeswehr, München)
  TBA
• 2025-11-18
  11:00
  Salle 2
  Marzio Mula (Universität der Bundeswehr, München)
  TBA
• 2025-11-25
  11:00
  Salle 2
  Maxime Roméas (ANSSI)
  Compact, Efficient and CCA-Secure Updatable Encryption from Isogenies
  Updatable Encryption (UE) allows ciphertexts to be updated under new keys without decryption, enabling efficient key rotation. Constructing post-quantum UE with strong security guarantees is challenging: The only known CCA-secure scheme, COM-UE, uses bitwise encryption, resulting in large ciphertexts and high computational costs. We introduce DINE, a CCA-secure, isogeny-based post-quantum UE scheme that is both compact and efficient. Each encryption, decryption, or update requires only a few power-of-2 isogeny computations in dimension 2 to encrypt 28B messages, yielding 320B ciphertexts and 224B update tokens at NIST security level 1 — significantly smaller than prior constructions. Our full C implementation demonstrates practical performances: updates in 7ms, encryptions in 48ms, and decryptions in 86ms. Our design builds on recent advances in isogeny-based cryptography, combining high-dimensional isogeny representations with the Deuring correspondence. We also introduce new algorithms for the Deuring correspondence which may be of independent interest. Moreover, the security of our scheme relies on new problems that might open interesting perspectives in isogeny-based cryptography.