# Résultats de recherche

Nombre de programmes trouvés : **93**

Label UNT Vidéocours

le
(4m22s)

## 5.2. The *Courtois-Finiasz-Sendrier* (CFS) Construction

...In this session, I am going to present the *Courtois-Finiasz-Sendrier* Construction of a code-based digital signature. In the previous session, we have seen that it is impossible to hash a document into decodable syndromes. But it is possible to...
Voir la vidéo
Label UNT Vidéocours

le
(4m33s)

## 5.1. Code-Based Digital Signatures

Welcome to the last week of this MOOC on code-based cryptography. This week, we will be discussing other cryptographic constructions relying on coding theory. We have seen how to do public key encryption and now we will see other kind of constructions. This first sequence we'll be having a look at digital signatures and how to design code-based digital signatures. So, what is digital signature? A digital signature is meant to replace a paper signature on a digital document. Exactly like a paper signature, only one person should be able to ...
Voir la vidéo
Label UNT Vidéocours

le
(4m52s)

## 5.3. Attacks against the CFS Scheme

In this session, we will have a look at the attacks against the CFS signature scheme. As for public-key encryption, there are two kinds of attacks against signature schemes. First kind of attack is key recovery attacks where an attacker tries to recover the secret key from the knowledge of the public key. These attacks are exactly the same as against the McEliece cryptosystem that you have seen last week. The only difference is the parameters. Here in the signature, we have a small t and a large n but the algorithm ...
Voir la vidéo
Label UNT Vidéocours

le
(4m42s)

## 5.4. Parallel-CFS

In this session, I will present a variant of the CFS signature scheme called parallel-CFS. We start from a simple question: what happens if you try to use two different hash functions and compute two different CFS signatures? For the signer, you simply take twice as much computation because you have to do two signatures. And then, the signature is twice longer because you have just to concatenate two signatures. One would assume that for the attacker it is the same, he simply has to forge two signatures. Well, things are a ...
Voir la vidéo
Label UNT Vidéocours

le
(7m12s)

## 5.5. Stern’s Zero-Knowledge Identification Scheme

In this session, we are going to have a look at Stern’s Zero-Knowledge Identification Scheme. So, what is a Zero-Knowledge Identification Scheme? An identification scheme allows a prover to prove his identity to a verifier. And the Zero-Knowledge Protocol is an interactive protocol where one proves the knowledge of something, without revealing any information on this knowledge, on this element. So, Stern’s Identification Scheme was invented in 1993 and security relies on the syndrome decoding problem. Contrary to McEliece or the CFS signature, it uses a random binary matrix which means ...
Voir la vidéo
Label UNT Vidéocours

le
(5m21s)

## 5.6. An Efficient Provably Secure One-Way Function

In this session, we are going to see how to build an efficient provably secure one-way function from coding theory. As you know, a one-way function is a function which is simple to evaluate and which should be as fast as possible and hard to invert, ideally with good security arguments. There are many applications of one-way functions, especially in symmetric cryptography. For example, for compression functions to build hash functions, expansion functions to build pseudorandom number generators but many more. Unfortunately, one-way functions are hard to build. We know ...
Voir la vidéo
Label UNT Vidéocours

le
(8m22s)

## 5.7. The Fast Syndrome-Based (FSB) Hash Function

In the last session of this week, we will have a look at the FSB Hash Function which is built using the one-way function we saw in the previous session. What are the requirements for a cryptographic hash function? So, it is a function which takes an input of arbitrary size and outputs a fixed size. From a security point of view, it should be hard to solve any of the three following problems: first, find an input with a given hash which is what we call preimage attacks; find an input with the same hash as a given ...
Voir la vidéo
Label UNT Vidéocours

le
(7m19s)

## 1.1. Introduction I - Cryptography

... cryptosystem, and the security proof for the McEliece cryptosystem. We will talk about generic attack, message attack, in other words. This course will be given by Nicolas *Sendrier.* Then, we'll give structural attacks or key attacks, and at the end, we will talk...
Voir la vidéo
Label UNT Vidéocours

le
(5m51s)

## 1.2. Introduction II - Coding Theory

In this session, we will give a brief introduction to Coding Theory. Claude Shannon's paper from 1948 entitled "A Mathematical Theory of Communication" gave birth to the disciplines of Information Theory and Coding Theory. The main goal of these disciplines is efficient transfer of reliable information. To be efficient, the transfer of information must not require a big amount of time and effort. To be reliable, the transmitted and received data must resemble. However, during the transmission over a noisy channel, the information will be damaged. So, it has become necessary to develop ways of detecting when an error has ...
Voir la vidéo
Label UNT Vidéocours

le
(8m14s)

## 1.6. Decoding (A Difficult Problem)

The process of correcting errors and obtaining back the message is called decoding. In this sequence, we will focus on this process, the decoding. We would like that the decoder of the received vector, which is the encoding of the original message plus a certain vector, is again the original message, for every message and every reasonable noisy pattern. The basis of decoding is the following principle, called Minimum Distance Decoding. Given a received vector, we look for a codeword that minimizes the Hamming distance with the received vector One of ...
Voir la vidéo