Events

Abstract: A (t,n)-threshold signature scheme splits a signing key among "n" participants so that any "t" can jointly produce a valid signature under a single public key, while fewer than "t" cannot. There are three common types of threshold signature schemes: (i) Robust schemes, which guarantee signature production provided at least "t" parties are honest; (ii) Identifiable-abort schemes, which may fail to produce a signature but expose at least one misbehaving signer; and (iii) Simple schemes, which guarantee neither robustness nor identifiable abort, but output a valid signature when "t" honest participants collaborate without deviating from the protocol.

Motivated by NIST's recent emphasis on post-quantum multiparty and threshold designs, this talk presents a new approach to centralized, lattice-based (t,n)-threshold signatures. We first construct a (t,n)-threshold one-time signature and then upgrade it to a many-time scheme by combining it with a long-term signature so that all threshold signatures verify under a single public key.

Abstract:  In this talk, we demonstrate a connection between log-concavity statements and sampling algorithms via high-dimensional expanders and Lorentzian polynomials. To do this, we first discuss two conjectures which were resolved about 5-10 years ago: one on the log-concavity of independent sets of matroids (due to Brändén-Huh and Anari-Liu-Oveis Gharan-Vinzant), and one on efficiently sampling bases of matroids (due to Anari-Liu-Oveis Gharan-Vinzant). From there we will present some new results on generalized graph colorings which extend these and other previous results. In particular, we will discuss how this can be used to obtain log-concavity statements and sampling algorithms for linear extensions of posets. Joint work with Kasper Lindberg and Shayan Oveis Gharan.

Abstract: Suppose that you are given an ordering of the elements of a $k$-connected matroid, and you want to remove the elements one at a time, in the given order, keeping the intermediate matroids as highly connected as possible. How much connectivity can you keep?

Abstract: For all positive integers l and r, we determine the maximum number of elements of a simple rank-r positroid without the rank-2 uniform matroid U(2, l+2) as a minor, and characterize the matroids with the maximum number of elements. This result continues a long line of research into upper bounds on the number of elements of matroids from various classes that forbid U(2, l+2) as a minor, including works of Kung, of Geelen–Nelson, and of Geelen–Nelson–Walsh. This is the first paper to study positroids in this context, and it suggests methods to study similar problems for other classes of matroids, such as gammoids or base-orderable matroids. This project is based on joint work with Zach Walsh.

There will be a pre-seminar presenting relevant background at the beginning graduate level starting at 1:30pm.

Abstract:  FrodoKEM is a lattice-based Key Encapsulation Mechanism (KEM) based on unstructured lattices. From a security point of view this makes it a conservative option to achieve post-quantum security, hence why it is favored over the NIST winners by several European authorities (e.g., German BSI and French ANSSI). Relying on unstructured instead of structured lattices (e.g., CRYSTALS-Kyber) comes at the cost of additional memory usage, which is particularly critical for embedded security applications such as smart cards. For example, prior FrodoKEM-640 implementations (using AES) on Cortex-M4 require more than 80 kB of stack making it impossible to run on embedded systems. In this work, we explore several stack reduction strategies and the resulting time versus memory trade-offs. Concretely, we reduce the stack consumption of FrodoKEM by a factor 2–3× compared to the smallest known implementations with almost no impact on performance. We also present various time-memory trade-offs going as low as 8 kB for all AES parameter sets, and below 4 kB for FrodoKEM-640. By introducing a minor tweak to the FrodoKEM specifications, we additionally reduce the stack consumption down to 8 kB for all the SHAKE versions. As a result, this work enables FrodoKEM on embedded systems.

Abstract: In the space of type A quiver representations, putting rank conditions on the maps cuts out subvarieties called "open quiver loci." These subvarieties are closed under the group action that changes bases in the vector spaces, so their closures define classes in equivariant cohomology, called "quiver polynomials." Knutson, Miller, and Shimozono found a pipe dream formula to compute these polynomials in 2006. To study the geometry of the open quiver loci themselves, we might instead compute "equivariant Chern-Schwartz-MacPherson classes," which interpolate between cohomology classes and Euler characteristic. I will introduce objects called "chained generic pipe dreams" that allow us to compute these CSM classes combinatorially, and along the way give streamlined formulas for quiver polynomials.

There will be a pre-seminar presenting relevant background at the beginning graduate level starting at 1:30pm.