discrete subgroup

Lattice Coding & Crypto Meeting

Lattice-based approaches are emerging as a common theme in modern cryptography and coding theory. In communications, they are indispensable mathematical tools to construct powerful error-correction codes achieving the capacity of wireless channels. In cryptography, they are used to building lattice-based schemes with provable security, better asymptotic efficiency, resilience against quantum attacks and new functionalities such as fully homomorphic encryption.

This meeting — on 18 January 2017 — is aimed at connecting the two communities in the UK with a common interest in lattices, with a long-term goal of building a synergy of the two fields. It will consist of several talks on related topics, with a format that will hopefully encourage interaction.


11:00–12:30 Wouter Castryck: Remarks on the error distributions in ring-based LWE

The existing literature contains several ring-based variants of the Learning With Errors problem, all of which are often referred to as Ring-LWE, a habit which has led to some confusion in the recent past. The main difference lies in the choice of the probability distribution from which the errors are to be sampled. We will briefly compare the main versions, such as Poly-LWE and “proper” Ring-LWE as introduced by Lyubashevsky et al., and discuss some pitfalls that arise when mixing things up. This is joint work with Ilia Iliashenko and Frederik Vercauteren.

13:30–15:00 | Victor Beresnevich: Randomness and determinism in Diophantine approximation: small linear forms, lattice flows and some applications

The main goal of this talk is to discuss a variety of concepts and facts in the theory of Diophantine approximation. To motivate this discussion I will begin by exposing some (unexpected to myself) examples of the use of Diophantine approximation in a relatively recent development on interference alignment. I will discuss its link to Diophantine approximation on manifolds, a fast developing and relatively modern area of metric (probabilistic) number theory. More broadly, I will present an account of classical metric and non-metric results and techniques. Finally, I will describe a technique originating from a paper by Kleinbock and Marguis (1998) on estimating the probability that a lattice picked at random and subject to functional constraints has a small non-zero point.

15:30–16:30 | Ana Costache: Fixed Point Arithmetic in SHE Scheme

We begin by introducing the context of ring-based somewhat homomorphic schemes and discuss some optimisations. This starts with introducing the RLWR hard problem and its relation to lattices. We investigate fixed-point arithmetic in ring-based homomorphic encryption schemes. Downlin et al. present two fixed-point numbers representations; we analyse and show them to be isomorphic, by presenting an explicit isomorphism between the two. Given input bounds on fixed-point numbers and scalars, we achieve lower bounds for the ring dimensions needed to support complex homomorphic operations. As an application, we investigate homomorphic image processing and, specifically, Fourier Transforms.

17:00-18:30 Anne-Maria Ernvall-Hytönen: Secrecy Function and Comparing Lattices

In this talk, I will first explain how theta functions of lattices appear in analysing which lattices are good for coset coding in wiretap channels. I will then explain what ia the secrecy gain of a lattice, and what is the conjecture of Belfiore and Sole for unimodular lattices, and how it has been generalised for l-modular lattices. I will then explain how this conjecture can be approached for both in the unimodular case, and for various values of l. Finally, I will explain about the problems in using secrecy gains in comparing lattices.


Room 611 (Dennis Gabor Seminar Room)
Department of Electrical and Electronic Engineering
Imperial College London
South Kensington
London SW7 2AZ


Everyone is welcome. Two caveats:

  1. Speakers are told the audience is somewhat familiar with lattices.
  2. Please send us an email at c.ling@imperial.ac.uk, so that the size of the room fits with the number of participants.