# Méga séminaire

#### Séminaire AMAC: CASC

7/07/2021 - 08:30 ABBPSS IMAG 106

We will have no fewer than *six* talks from PhD students and master's students from the team. 8:30 ~ 10:00: First session ==================== Florentina Şoiman --------------------- The forking effect * This study introduces the forking effect. The forking effect represents the impact suffered by a cryptocurrency, when its underlying Blockchain splits giving rise to a new coin. The focus of this paper is twofold; first, we show that forks issued during stable times tend to worsen the measured market efficiency of their parent coin, but reduce its illiquidity, Value-at-Risk (VaR) and volatility. At the same time, the forks issued during the 2017-2018 bubble increase the overall risk; they however improve the efficiency of their parent coin. In the second part of this study, we compare the financial characteristics of the parent coin with the new ones, resulting from the fork. The forked coins show higher illiquidity, VaR and volatility, as well as worse efficiency than their parent, for multiple time horizons. Furthermore, our results show that the VaR, volatility, illiquidity and efficiency are worse for the recent forks compared to the early ones. Nicolas Bordes ------------------ Fast verification of masking scheme in characteristic two * Masking is a countermeasure against side-channel attacks that aims to introduce noise during computation by splitting sensitive data using a secret-sharing scheme and making computations on the sharing instead of the original data. In this talk, we will recall the basic concepts of masking, the d-probing model and the composable security models resulting from it. Then we will present a tool that is more efficient than the state of the art at verifying high-order masking scheme. Finally, we will give an overview of an attempt at implementing a masking scheme in practice and how to concretely measure and detect side-channel leakages of such an implementation. Hippolyte Signargout ------------------------ Computing the Characteristic Polynomial of Generic Toeplitz-like and Hankel-like Matrices * New algorithms are presented for computing annihilating polynomials of Toeplitz, Hankel, and more generally Toeplitz+Hankeg-like matrices over a field. Our approach follows works on Coppersmith’s block Wiedemann method with structured projections, which have been recently successfully applied for computing the bivariate resultant. A first baby steps/giant steps approach—directly derived using known techniques on structured matrices—gives a randomized Monte Carlo algorithm for the minimal polynomial of an n × n Toeplitz or Hankel-like matrix of displacement rank α using O ̃ (n^(ω−c (ω)) α^c (ω)) arithmetic operations, where ω is the exponent of matrix multiplication and c (2.373) ≈ 0.523 for the best known value of ω. For generic Toeplitz+Hankeg-like matrices a second algorithm computes the characteristic polynomial; in particular, when the displacement rank is considered constant, its cost is O ̃ (n^(2−1/ω). Previous algorithms required O (n^2) operations while the exponents presented here are respectively less than 1.86 and 1.58 with the best known estimate for ω. 10:00 ~ 10:30: Coffee break ===================== 10:30 ~ 12:00 Second session ======================= Loïk Assekour ---------------- Multiparty computation: linear algebra in constant rounds of communications * In Multiparty computation (MPC), a number ell of players want to solve problems together. Each player have a private input and they want to compute a function without revealing any information about their private input. MPC has been introduced by Yao (1982-1986) in the case of 2 players with protocols based on garbled circuit and then developed in the case of more players by Goldreich, Micali and Wigderson (1987). Since then many MPC protocols have appeared based on secret sharing, oblivious transfer or homomorphic encryption.The use of MPC protocols have an important drawback: communications are very expensive. Bar-Ilan and Beaver (1989) show (theoretically) how to obtain constant rounds protocols for all the NC1 functions. We will focus on the resolution in constant rounds of several problems of linear algebra like computing rank, solving linear equations. Our protocols will be based on Bar-Ilan/Beaver techniques and a smart construction introduced by Cramer, Kiltz and Padrò (2007) Thomas Piras ---------------- Leading the way to an implementation of Threshold EC-DSA using the Castagnos and Laguillaumie framework * A threshold signature scheme allow a set of parties that do not trust each other, to collectively sign documents under a common public key. Using a secret sharing mechanism, the secret key is distributed among the participating parties. Such a system is called a (t, n)-threshold, where n is the total number of users and t the threshold number. Given that t < n, at least t + 1 users are required to issue a valid signature, while a coalition of t or less users cannot. In this internship we take a look at the threshold EC-DSA protocol introduced in the paper "Bandwidth-efficient threshold EC-DSA" by Castagnos and al. This protocol relies on the Castagnos and Laguillaumie framework which is a linearly homomorphic cryptosystem based on the decisional Diffie–Hellman (DDH) problem in a certain group G that contains a subgroup F, where solving the DL problem is easy. Dorian Biichlé ---------------- Analysis of information-set decoding algorithms for random linear [1280,640] codes over GF(2) * Information-set decoding is a class of coding theory algorithms that aims to find low-weight codewords in a random linear code. This problem is known to be NP-hard for binary codes, and has possible application in cryptography, where some cryptosystems rely on its hardness for their security. In this talk we analyse the different practical costs of some information-set decoding algorithms when applied to the context of [1280, 640] binary codes.