Vidéo pédagogique
Notice
Sous-titrage
Anglais
Langue :
Anglais
Crédits
Irene Marquez-Corbella (Intervenant), Nicolas Sendrier (Intervenant), Matthieu Finiasz (Intervenant)
Conditions d'utilisation
Ces ressources de cours sont, sauf mention contraire, diffusées sous Licence Creative Commons. L’utilisateur doit mentionner le nom de l’auteur, il peut exploiter l’œuvre sauf dans un contexte commercial et il ne peut apporter de modifications à l’œuvre originale.
Citer cette ressource :
Irene Marquez-Corbella, Nicolas Sendrier, Matthieu Finiasz. Inria. (2015, 5 mai). 5.6. An Efficient Provably Secure One-Way Function , in 5: Other cryptographic constructions relying on coding theory. [Vidéo]. Canal-U. https://www.canal-u.tv/92811. (Consultée le 11 décembre 2023)

# 5.6. An Efficient Provably Secure One-Way Function

Réalisation : 5 mai 2015 - Mise en ligne : 5 mai 2015
• document 1 document 2 document 3
• niveau 1 niveau 2 niveau 3
Descriptif

In this session, we aregoing to see how to build an efficient provably secureone-way function from coding theory. As you know, a one-wayfunction is a function which is simple to evaluate andwhich should be as fast as possible and hard to invert,ideally with good security arguments. There are manyapplications of one-way functions, especially in symmetriccryptography. For example, for compression functions tobuild hash functions, expansion functions to build pseudorandomnumber generators but many more. Unfortunately, one-wayfunctions are hard to build. We know some very fastfunctions which have very few security arguments and wehave some very strong security arguments forfunctions which are very slow. What we will try to do is toget a fast and secure function. Niederreiter Encryption is agood candidate for one-way function. Any public key encryptionscheme is a one-way function with a trapdoor, whichis the decryption key. It has very strong securityarguments usually a proof of security. But public keyencryption is usually very slow, especially if you takeconstruction from numbers theory, you require an expentiationwhich is expensive to compute. Niederreiter Encryption is muchfaster than other public key schemes. It simply converts theinput into a low weight word. There are many differenttechniques to do this and then compute its syndrome whichis only a few XORs, especially if the weight is very small.  The trapdoor can be easilyremoved by simply using a random binary matrix whichis enough when we don't need to invert this one-way function. And with a few tweaks, itcan be made even faster than the usual Niederreiter Encryption. Here, we will give an overview ofthe one-way function we are building. The parameters are matrix Hof size r*n and the constant weight encoding function φwhich takes l bits and output a word of weight w and length n. The one-way function simplytakes an input x and computes φ(x) and multiplies it byH to obtain a value, a syndrome y. Security ofthis function: inverting the function requires tosolve an instance of syndrome decoding; and efficiency:if φ is fast and w is small, then the functioncan be very efficient.

Intervenant
Thème
Documentation

## Dans la même collection

• Vidéo pédagogique
00:08:21

### 5.7. The Fast Syndrome-Based (FSB) Hash Function

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In the last session of this week, we will have a look at the FSB Hash Function which is built using the one-way function we saw in the previous session. What are the requirements for a

• Vidéo pédagogique
00:04:41

### 5.4. Parallel-CFS

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, I will present a variant of the CFS signature scheme called parallel-CFS. We start from a simple question: what happens if you try to use two different hash functions and compute

• Vidéo pédagogique
00:07:11

### 5.5. Stern’s Zero-Knowledge Identification Scheme

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we are going to have a look at Stern’s Zero-Knowledge Identification Scheme. So, what is a Zero-Knowledge Identification Scheme? An identification scheme allows a prover to prove

• Vidéo pédagogique
00:04:51

### 5.3. Attacks against the CFS Scheme

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is

• Vidéo pédagogique
00:04:32

### 5.1. Code-Based Digital Signatures

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key

• Vidéo pédagogique
00:04:21

### 5.2. The Courtois-Finiasz-Sendrier (CFS) Construction

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, I am going to present the Courtois-Finiasz-Sendrier Construction of a code-based digital signature. In the previous session, we have seen that it is impossible to hash a document

## Avec les mêmes intervenants

• Vidéo pédagogique
00:08:21

### 5.7. The Fast Syndrome-Based (FSB) Hash Function

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In the last session of this week, we will have a look at the FSB Hash Function which is built using the one-way function we saw in the previous session. What are the requirements for a

• Vidéo pédagogique
00:04:41

### 5.4. Parallel-CFS

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, I will present a variant of the CFS signature scheme called parallel-CFS. We start from a simple question: what happens if you try to use two different hash functions and compute

• Vidéo pédagogique
00:07:11

### 5.5. Stern’s Zero-Knowledge Identification Scheme

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we are going to have a look at Stern’s Zero-Knowledge Identification Scheme. So, what is a Zero-Knowledge Identification Scheme? An identification scheme allows a prover to prove

• Vidéo pédagogique
00:04:51

### 5.3. Attacks against the CFS Scheme

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is

• Vidéo pédagogique
00:04:21

### 5.2. The Courtois-Finiasz-Sendrier (CFS) Construction

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, I am going to present the Courtois-Finiasz-Sendrier Construction of a code-based digital signature. In the previous session, we have seen that it is impossible to hash a document

• Vidéo pédagogique
00:04:32

### 5.1. Code-Based Digital Signatures

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key

• Vidéo pédagogique
00:06:45

### 4.8. Attack against Algebraic Geometry codes

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will present an attack against Algebraic Geometry codes (AG codes). Algebraic Geometry codes is determined by a triple. First of all, an algebraic curve of genus g, then a n

• Vidéo pédagogique
00:04:03

### 4.9. Goppa codes still resist

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

All the results that we have seen this week doesn't mean that code based cryptography is broken. So in this session we will see that Goppa code still resists to all these attacks. So recall that

• Vidéo pédagogique
00:05:47

### 4.7. Attack against Reed-Muller codes

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will introduce an attack against binary Reed-Muller codes. Reed-Muller codes were introduced by Muller in 1954 and, later, Reed provided the first efficient decoding algorithm

• Vidéo pédagogique
00:05:31

### 4.5. Error-Correcting Pairs

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

We present in this session a general decoding method for linear codes. And we will see it in an example. Let C be a generalized Reed-Solomon code of dimension k associated to the pair (c, d). Then,

• Vidéo pédagogique
00:05:27

### 4.6. Attack against GRS codes

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session we will discuss the proposal of using generalized Reed-Solomon codes for the McEliece cryptosystem. As we have already said, generalized Reed-Solomon codes were proposed in 1986 by

• Vidéo pédagogique
00:03:56

### 4.4. Attack against subcodes of GRS codes

Marquez-Corbella
Irene
Sendrier
Nicolas
Finiasz
Matthieu

In this session, we will talk about using subcodes of a Generalized Reed–Solomon code for the McEliece Cryptosystem. Recall that to avoid the attack of Sidelnikov and Shestakov, Berger and

## Sur le même thème

• Conférence
00:18:39

### jasmin dall'agnola, lara croft. doing fieldwork under surveillance

Lara Croft. Doing Fieldwork Under Surveillance Intervention de Jasmin Dall'Agnola (The George Washington University), dans le cadre du Colloque coorganisé par Anders Albrechtslund, professeur en

• Conférence
00:20:04

### jan czarnocki, containing predictive tokens in the eu

Czarnocki
Jan

Containing Predictive Tokens in the EU – Mapping the Laws Against Digital Surveillance, intervention de Jan Czarnocki (KU Leuven), dans le cadre du Colloque coorganisé par Anders Albrechtslund,

• Conférence
00:22:25

### Inauguration de l'exposition - Vanessa Vitse : Nombres de Sophie Germain et codes secrets

Vitse
Vanessa

Exposé de Vanessa Vitse (Institut Fourier) : Nombres de Sophie Germain et codes secrets

• Conférence
01:06:10

### "Le mathématicien Petre (Pierre) Sergescu, historien des sciences, personnalité du XXe siècle"

Herléa
Alexandre

Alexandre HERLEA est membre de la section « Sciences, histoire des sciences et des techniques et archéologie industrielle » du CTHS. Professeur émérite des universités, membre effectif de l'Académie

• Conférence
00:40:11

### Ivan Murit - Processus de création d'images

Murit
Ivan

Je vais présenter une manière décalée d'aborder les outils d'impression. Pour cela nous ne partirons pas de l'envie d'imprimer une image préexistante, mais d'avant cela : comment se crée une forme

• Conférence
00:21:11

### Retour d'expérience sur l'utilisation croisée de plusieurs archives de fouilles

Tufféry
Christophe

Dans le cadre d'une thèse de doctorat engagée depuis 2019, une étude historiographique et épistémologique des effets des dispositifs numériques sur l'archéologie et sur les archéologues au cours des

• Conférence
01:19:36

### Information Structures for Privacy and Fairness

Palamidessi
Catuscia

Information Structures for Privacy and Fairness

• Documentaire
00:05:52

### Le Creativ’Lab, au cœur de la robotique et de l’intelligence artificielle (ASR N°18 - LORIA)

Hénaff
Patrick
Lefebvre
Sylvain

Le LORIA, laboratoire phare de la Grande Région dans le domaine de l’informatique, propose de rendre la recherche plus ouverte, plus collaborative, plus ambitieuse… en un mot, plus créative, à travers

• Conférence
01:01:22

### AI and Human Decision-Making: An Interdisciplinary Perspective

Castelluccia
Claude

This seminar will talk about some of the privacy risks of these systems and will describe some recent attacks. It will also discuss why they sometimes fail to deliver. Finally, we will also show that

• Cours/Séminaire
00:49:00

### Webinaire sur la rédaction des PGD

Louvet
Violaine

Rédaction des Plans de Gestion de Données (PGD) sous l’angle des besoins de la communauté mathématique.

• Conférence
00:29:42

### Les algorithmes de Parcoursup

Mathieu
Claire

L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l

• Conférence
00:26:20

### Algorithmes d'aide à la décision publique / Ouverture

Réveillère
Laurent
Maveyraud-Tricoire
Samuel
Blanc
Xavier
Bertrand
Yves
Mainguené
Marc

L’objectif de la journée « Algorithmes d’aide à la décision publique » était de sensibiliser le grand public aux rôles des algorithmes d’aide à la décision publique utilisés par exemple pour l