The lectures will start from 14:00 to 17:00 including 30 minutes break in between.
The tentative schedule is as follows:
- Digital signatures
-- definitions, practical applications
-- signatures from one-way functions
-- random oracles and full-domain hash
-- the Fiat-Shamir heuristic, Schnorr signatures
- Lattice-based signatures: introduction
-- post-quantum signatures
-- early failed attempts
-- the LWE and SIS problems
-- tree-based signatures from lattices
- Lattice-based signatures: constructions
-- Lyubashevsky's Fiat-Shamir with aborts framework
-- SIS vs LWE
-- BLISS and variants
-- overview hash-and-sign signatures
- Fault attacks on lattice-based signatures
-- the threat of physical attacks
-- loop-abort faults on BLISS
-- loop-abort faults on DLP
-- possible countermeasures
- Side-channel attacks on lattice-based signatures
-- side-channels and cache timing attacks
-- side-channel analysis of BLISS
-- the masking countermeasure
-- masking GLP