Our regular Crypto Café seminars take place every other Tuesday,10 am-10:50 am during the semester. We invite local and international experts on topics in Mathematics and Computer Science related to Cryptography and Information Security.
Come and join us for freshly brewed coffee and interesting conversations on the most exciting topics in cryptography.
Where: SE-43 (Charles E. Schmidt College of Science) - Room 271
https://researchseminars.org/seminar/CryptoCafe
You can catch up on any missed meetings by following the link below:
Spring 2026, Crypto Cafe Schedule:
April 14, 2026, 10:00 am Science Building (SE-43), room 271
Speaker: Christophe Petit, Ph. D., (Université libre de Bruxelles (ULB) and University of Birmingham)
Title: Quantum Security of the Vectorization Problem with Shifted Inputs +Zoom (click here)
Abstract: Cryptographic group actions provide a basis for simple post-quantum generalizations of many cryptographic protocols based on the discrete logarithm problem (DLP). However, many advanced group action-based protocols do not solely rely on the core group action problem (the so-called vectorization problem), but also on variants of this problem, to either improve efficiency or enable new functionalities. In particular, the security of the CSI-SharK threshold signature protocol relies on the hardness of the Vectorization Problem with Shifted Inputs where (in DLP formalism) the adversary not only receives g and g^x, but also g^{xc} for multiple known values of c.
A natural open question is whether the extra data provided to the adversary in this variant allows them to solve the underlying problem more efficiently. In this paper, we revisit the concrete quantum security of this problem. We start from a quantum multiple hidden shift algorithm of Childs and van Dam, which to the best of our knowledge was never applied in cryptography before. We specify algorithms for its subroutines and we provide concrete complexity estimates for both these subroutines and the overall algorithm. We apply our analysis to the CSI-SharK protocol. In prior analyses based on Kuperberg’s algorithms, group action evaluations contributed to a significant part of the overall T-gate cost. For CSI-SharK suggested parameters, our new approach requires significantly fewer calls to the group action evaluation subroutine, leading to significant complexity improvements overall. We describe two instances of our approach, one which lowers the T-gate complexity, and the other the QRAM requirements. We obtain significant speedups – even in both metrics simultaneously – and we quantify the degradation of the quantum security of the protocol when the number of curves in the public key increases.
This is based on joint work with Paul Frixons, Valerie Gilchrist, Péter Kutas and Simon Merz and Lam Pham
Bio: Christophe Petit is an Associate Professor at the University of Birmingam and the Free University of Brussels. His research interests are in cryptography, particularly cryptanalysis and mathematical aspects.
March 31, 2026, 10:00 am Science Building (SE-43), room 271
Speaker: Calvin Abou Haidar, Ph.D., NTT Social Informatics Laboratories in Tokyo
Title: Rowhammer: how to break FALCON with one bitflip +Zoom (click here)
Abstract: The Rowhammer attack is a fault-injection technique leveraging the density of RAM modules to trigger persistent hardware bit flips that can be used for probing or modifying protected data. In this paper, we show that Falcon, the hash-and-sign signature scheme over NTRU lattices selected by NIST for standardization, is vulnerable to an attack using Rowhammer. Falcon's Gaussian sampler is the core component of its security, as it allows to provably decorrelate the short basis used for signing and the generated signatures. Other schemes, lacking this guarantee (such as NTRUSign, GGH or more recently Peregrine) were proven insecure. However, performing efficient and secure lattice Gaussian sampling has proved to be a difficult task, fraught with numerous potential vulnerabilities to be exploited. To avoid timing attacks, a common technique is to use distribution tables that are traversed to output a sample. The official Falcon implementation uses this technique, employing a hardcoded reverse cumulative distribution table (RCDT). Using Rowhammer, we target Falcon's RCDT to trigger a very small number of targeted bit flips, and prove that the resulting distribution is sufficiently skewed to perform a key recovery attack. Namely, we show that a single targeted bit flip suffices to fully recover the signing key, given a few hundred million signatures, with more bit flips enabling key recovery with fewer signatures. Interestingly, the Nguyen–Regev parallelepiped learning attack that broke NTRUSign, GGH and Peregrine does not readily adapt to this setting unless the number of bit flips is very large. However, we show that combining it with principal component analysis (PCA) yields a practical attack. This vulnerability can also be triggered with other types of persistent fault attacks on memory like optical faults. We suggest cheap countermeasures that largely mitigate it, including rejecting signatures that are unusually short.
BIO: Calvin About Haidar was a PhD student at ENS Lyon under the supervision of Damien Stehlé and Alain Passelègue. His main topics of research are lattice-based constructions of basic cryptographic primitives and recently side-channel attacks on post-quantum schemes. He is now a Post-Doc at NTT Social Informatics Laboratories in Tokyo, working under the supervision of Mehdi Tibouchi.
March 17, 2026, 10:00 am Science Building (SE-43), room 271
Speaker: Maryam Taghi Zadeh , Florida Atlantic University
Title: Hardware-Software Co-Design of XMSS Post-Quantum Digital Signature on FPGA +Zoom (click here)
Abstract: With the growing demand for quantum-resistant cryptographic solutions, hash-based signature schemes such as XMSS (eXtended Merkle Signature Scheme) have emerged as strong candidates for post-quantum security. In this work, we present a hardware-software co-design implementation of XMSS on the PYNQ-Z2 FPGA platform, where the computationally intensive SHAKE-256 hash core is offloaded to the programmable logic fabric while the higher-level signature control flow is managed by the ARM processor. The hardware accelerator is integrated with the software layer through an AXI interface, enabling efficient data transfer and synchronization. We explore multiple architectural optimizations including multi-round-per-cycle configurations, achieving notable improvements in clock frequency alongside reductions in overall signing latency and improved resource utilization. The results demonstrate that FPGA-based co-design is a practical and efficient approach for deploying post-quantum cryptography in embedded and IoT environments.
