Scientific

Learning with Errors (LWE) is a hard math problem with algebraic structure, underpinning many proposed Post-Quantum Cryptosystems (PQC). The only PQC key exchange standardized by NIST is based on module LWE, and current publicly available PQC Homomorphic Encryption (HE) libraries are based on ring LWE. The security of LWE-based PQ cryptosystems is critical, but certain implementation choices could weaken them. One such choice is sparse binary secrets, desirable for PQ HE schemes for efficiency reasons.
This talk presents novel machine learning-based attacks against LWE schemes with sparse binary secrets. Our initial work, SALSA, demonstrated a proof of concept machine learning-based attack on LWE with sparse binary secrets in small dimensions (n<=128) and small Hamming weights (h<5). Our more recent work, PICANTE and VERDE, recovers secrets in much larger dimensions (up to n=512) and with larger Hamming weights (roughly n/10, and up to h=60 for n=350, h=63 for n=512). We achieve this dramatic improvement via a novel preprocessing step, which allows us to generate training data from a linear number of eavesdropped LWE samples (4n) and changes the distribution of the data to improve transformer training. We also improve the secret recovery methods of SALSA and introduce a novel cross-attention recovery mechanism allowing us to read off the secret directly from the trained models. In VERDE, we extend the attack to apply to sparse ternary and Gaussian secrets. While PICANTE does not threaten NIST’s proposed LWE standards, it demonstrates significant improvement over SALSA and could scale further, highlighting the need for future investigation.

Speaker Bio:
Kristin Lauter is an American mathematician and cryptographer whose research interest is broadly in application of number theory and algebraic geometry in cryptography. She is particularly known for her work in the area of elliptic curve cryptography. She was a researcher at Microsoft Research in Redmond, Washington, from 1999 - 2021, and the head of the Cryptography Group from 2008 - 2021; her group developed Microsoft SEAL. In April 2021, Lauter joined Facebook AI Research (FAIR) as the West Coast Head of Research Science. She became the President-Elect of the Association for Women in Mathematics in February 2014 and served as President from 2015 - 2017.

The study of ocean waves, particularly surface waves, is crucial for predicting and preparing for natural disasters such as tsunamis. Although ocean waves naturally occur in three dimensions, there are instances when they can be analyzed within a two-dimensional framework. For example, waves that propagate from the epicenter of a storm can be treated as unidirectional. In this presentation, we will examine periodic traveling waves that occur at the free surface of an ideal (incompressible and inviscid) two-dimensional fluid of infinite depth. Specifically, we will introduce surface waves of permanent shape, also known as Stokes waves and discuss their stability.

Graphical and Digraphical Regular Representations (GRRs and DRRs) are a concrete way to visualise the regular action of a group, using graphs. More precisely, a GRR or DRR on the group G is a (di)graph whose automorphism group is isomorphic to the regular action of G on itself by right-multiplication.

For a (di)graph to be a DRR or GRR on G, it must be a Cayley (di)graph on G. Whenever the group G admits an automorphism that fixes the connection set of the Cayley (di)graph setwise, this induces a nontrivial graph automorphism that fixes the identity vertex, which means that the (di)graph is not a DRR or GRR. Checking whether or not there is any group automorphism that fixes a particular connection set can be done very quickly and easily compared with checking whether or not any nontrivial graph automorphism fixes some vertex, so it would be nice to know if there are circumstances under which the simpler test is enough to guarantee whether or not the Cayley graph is a GRR or DRR. I will present a number of results on this question.

This is based on joint work with Dave Morris and with Gabriel Verret.

Mathematical biomedicine is an area of research where questions that arise in medicine are addressed by mathematical methods. Each such question needs first to be represented by a network with nodes that includes the biological entities that will be used to address the medical question. This network is then converted into a dynamical system for these entities, with parameters that need to be computed, or estimated. Simulations of the model are first used to validate the model, and then to address the specific question. I will give some examples, mostly from my recent work, including cancer drug resistance, side effects and metastasis, autoimmune diseases, and chronic and diabetic wounds, where the dynamical systems are PDEs. In each example, I will write explicitly the biological network, but will not the details of the corresponding PDE system.

An Azumaya algebra is something that is "locally" isomorphic to a matrix algebra. By varying the sense of "locally", we arrive at different incarnations of the concept. The motivating example is that of central simple algebras over a field. In this talk, I will concentrate on the topological aspects of the idea. I will give examples and show that the flexibility of topology allows one to produce counterexamples in algebra. At the end, I will mention some problems I do not know how to solve.