Crypto Café

(back to Crypto Café main page)


Past Presentations

September 12, 2023, SE 43, room 215, 10 am +Zoom (click here)

Speaker :  Paul Zimmermann, Directeur de Recherche at INRIA/LORIA (Nancy, France)

Bio : Paul Zimmermann's research interests include asymptotically fast arithmetic, computer algebra and computational number theory. Together with Richard Brent, he has written the book "Modern Computer Arithmetic," and he has coordinated the book "Computational Mathematics with SageMath." He has contributed to some of the record computations in integer factorization and discrete logarithm. He is the author or co-author of several computer packages, including the GNU MPFR library providing arithmetic on floating-point numbers with correct rounding, and CADO-NFS, an implementation of the number field sieve for integer factorization. His latest project is CORE-MATH, an implementation of mathematical functions with correct rounding for the IEEE 754 standard formats.

Title : Deciphering Charles Quint (A diplomatic letter from 1547)

: An unknown and almost fully encrypted letter written in 1547 by Emperor Charles V to his ambassador at the French Court, Jean de Saint-Mauris, was identified in a public library, the Bibliothèque Stanislas (Nancy, France). As no decryption of this letter was previously published or even known, a team of cryptographers and historians gathered together to study the letter and its encryption system. First, multiple approaches and methods were tested in order to decipher the letter without any other specimen. Then, the letter has now been inserted within the whole correspondence between Charles and Saint-Mauris, and the key has been consolidated thanks to previous key reconstructions. Finally, the decryption effort enabled us to uncover the content of the letter and investigate more deeply both cryptanalysis challenges and encryption methods.

Video Recording

August 29, 2023, SE43 - room 215, 10am +Zoom (click here)

Speaker:  Adam A Yergovich

Bio:  Adam Yergovich works for the Department of State, Bureau of Diplomatic Security as a Regional Cyber Security Officer currently stationed in Fort Lauderdale Florida.  He has previously been stationed in Frankfurt Germany, Bangkok Thailand, and Moscow Russia but traveled extensively within those regions.  He graduated from from the University of California Davis with a degree in Computer Science and Engineering and worked for several years designing single board computers for a small California company before joining State.  

Title:  Challenges in Securing a Worldwide Enterprise Network Footprint - The Basics from Australia to Zimbabwe.  

Abstract:  Many modern theories on Information Security rely on sophisticated and efficient infrastructure we take for granted in developed countries.  When operating in nearly every country in the world it is necessary to focus on the basics.  There might be questionable infrastructure or even openly hostile host nations, but basic "hygiene" is often the best roadmap to securing information and communication - and often the most neglected.

Video Recording

May 17, 2023, SE-43, Room 215;  11:00 a.m.  +Zoom:   (click here)

Speaker:             Rick Hensbergen   (, Founder)

Title:  Performance of penetration testing to secure cloud-based solutions

Video Recording

April 24, 2023, SE-43, Room 215;  11:00 a.m.  +Zoom:  (click here)

Speaker:     Ryan Keegan (University of California, San Diego).

Bio   :  Keegan Ryan is a 4th year PhD student advised by Prof. Nadia Heninger at the University of California, San Diego. His research interests include practical cryptanalysis of real-world systems, particularly problems involving lattice reduction.

Title:  Fast Practical Lattice Reduction through Iterated Compression

Abstract:  We introduce a new lattice basis reduction algorithm with approximation guarantees analogous to the LLL algorithm and practical performance that far exceeds the current state of the art. We achieve these results by iteratively applying precision management techniques within a recursive algorithm structure and show the stability of this approach. We analyze the asymptotic behavior of our algorithm, and show that the heuristic running time is  O(nω(C+n)1+ε)  for lattices of dimension  n,  ω∈  (2,3] bounding the cost of size reduction, matrix multiplication, and QR factorization, and  C  bounding the  log  of the condition number of the input basis  B. This yields a running time of  O(nω(p + n)1+ε)  for precision  p=O(log|B|max)  in common applications. Our algorithm is fully practical, and we have published our implementation. We experimentally validate our heuristic, give extensive benchmarks against numerous classes of cryptographic lattices, and show that our algorithm significantly outperforms existing implementations.

Video Recording

April 10, 2023, SE-43, Room 215;  11:00 am 

Speaker:  Cariel Cohen (CTO at  Securily)    (FLYER)

Bio:   With over 20 years of experience in the cybersecurity industry, our speaker is a co-founder and passionate coder with a love for cryptography, authentication and patents. He has extensive experience working with major public corporations, including Aqua Security, Sony Pictures, and 5B Technologies. Throughout his career, he has been dedicated to ethical hacking and compliance, ensuring that businesses remain secure and compliant in the face of emerging cybersecurity threats.

Title:  Securing Cloud Business Applications: A Practical Approach to Cybersecurity and Compliance

Abstract:   This topic explores practical approaches to securing business applications and addressing cybersecurity and compliance challenges faced by businesses in today's dynamic digital landscape. Cariel will share insights on best practices for securing cloud workloads, data, and applications, including implementing access controls, training employees on cybersecurity awareness, and protecting data against a variety of risks. Attendees will gain valuable knowledge and practical solutions that are used in helping businesses thrive in the face of emerging cybersecurity threats and ever-changing compliance requirements.

Video Recording

March 27, 2023, SE-43, Room 215:  11:00 am    

Speaker: David J. Wu (The University of Texas at Austin)

Bio: David Wu is an assistant professor in the Department of Computer Science at the University of Texas at Austin. He is broadly interested in applied and theoretical cryptography as well as computer security. Previously, David received a PhD in computer science from Stanford University in 2018 and was an assistant professor at the University of Virginia from 2019 to 2021. He has received the NSF CAREER Award, the Microsoft Research Faculty Fellowship, and a Google Research Scholar Award. His work has been recognized with a Best Paper Award at CRYPTO (2022), two Best Young-Researcher Paper Awards at CRYPTO (2017, 2018) and an Outstanding Paper Award at ESORICS (2016).

Title:  Succinct Vector, Polynomial, and Functional Commitments from Lattices

Abstract: In a functional commitment scheme, a user can commit to an input x and later on, open it to an arbitrary function evaluation f(x). We require that both the commitment and the opening be short. Important special cases of functional commitments include vector commitments and polynomial commitments. In this talk, I will introduce a new lattice-based framework for constructing functional commitments that supports functions computable by arbitrary (bounded-depth) Boolean circuits. Our constructions rely on a new falsifiable "basis-augmented SIS" assumption that we introduce, which can be viewed as a new "q-type" variant of the standard SIS assumption.
(Joint work with Hoeteck Wee)

Video Recording

March 13, 2023, SE-43, Room 215: 11:00 am

Speaker:    Corentin Jeudy    (IRISA, Rennes Cedex, France)

Title: On the Secret Distributions in Module Learning With Errors

Abstract:     The Module Learning With Errors (M-LWE) problem is a core assumption of lattice-based cryptography, and it underlies the security of the future post-quantum cryptography standards Kyber and Dilithium selected by NIST. The problem is parameterized by a secret distribution as well as an error distribution. There is a gap between the choices of those distributions for theoretical hardness results (uniform secret modulo q) and practical schemes (small bounded secret). In this talk, we narrow this gap by presenting three results focused on the secret distribution. We show that both search and decision M-LWE remain hard when the secret distribution is uniform over small bounded secret, provided that the rank is larger by a log(q) factor. We then show the hardness of search M-LWE for more general secret distributions carrying sufficient entropy.

This talk is based on the published papers "On the Hardness of Module Learning With Errors with Short Distributions" (Journal of Cryptology 2023) and "Entropic Hardness of Module-LWE from Module-NTRU" (Indocrypt 2022) which are joint works with Katharina Boudgoust, Adeline Roux-Langlois and Weiqiang Wen.

Video Recording

February 27, 2023, SE-43, Room 215:  11:00 am

Speaker: Mila Anastasova, Florida Atlantic University

Title:  Time-Efficient Finite Field Microarchitecture Design for Curve448 and Ed448 on Cortex-M4.

Abstract: The elliptic curve family of schemes has the lowest computational latency, memory use, energy consumption, and bandwidth requirements, making it the most preferred public key method for adoption into network protocols. Being suitable for embedded devices and applicable for key exchange and authentication, ECC is assuming a prominent position in the field of IoT cryptography. The attractive properties of the relatively new curve Curve448 contribute to its inclusion in the TLS1.3 protocol and pique the interest of academics and engineers aiming at studying and optimizing the schemes. When addressing low-end IoT devices, however, the literature indicates little work on these curves. In this presentation, we present an efficient design for both protocols based on Montgomery curve Curve448 and its birationally equivalent Edwards curve Ed448 used for key agreement and digital signature algorithm, specifically the X448 function and the Ed448 DSA, relying on efficient low-level arithmetic operations targeting the ARM-based Cortex-M4 platform. Our design performs point multiplication, the base of the Elliptic Curve Diffie Hellman (ECDH), in 3,2KCCs, resulting in more than 48% improvement compared to the best previous work based on Curve448, and performs sign and verify, the main operations of the Edwards curves Digital Signature Algorithm (EdDSA), in 6,038KCCs and 7,404KCCs, showing a speedup of around 11% compared to the counterparts. We present our novel modular multiplication and squaring architectures reaching ∼ 25% and ∼ 35% faster runtime than the previous best-reported results, respectively, based on Curve448 key exchange counterparts, and ∼ 13% and ∼ 25% better latency results than the Ed448-based digital signature counterparts targeting Cortex-M4 platform.

Video Recording

February 13, 2023, SE-43, Room 215; 11:30 a.m. 

Speaker:   Dr. Bill Brumley, Tampere University, Finland

Title:   Side Channel Analysis and Lattice Attacks

Abstract:   Lattice attacks are a typical endgame for side channel attacks targeting digital signature schemes. During the procurement phase, the attacker queries digital signatures, messages, and corresponding side channel traces, then tries to extract secret information from these traces and  apply lattice methods to recover the private key. But in practice, these traces are often incomplete and/or noisy, complicating theoretical models for applying lattices. In this talk, I discuss some of the lattice attack techniques developed over the years, and outline a few interesting open problems that highlight the gap between theory and practice for applied side channel attacks powered by lattice methods.

Video Recording

January 30, 2023, SE-43, Room 215; 11:00 a.m.

Speaker: Dr. Veronika Kuchta, Florida Atlantic University

Title:  Proof Systems and ZK-SNARKs

Abstract:      Zero-knowledge proof (ZKP) systems allow a prover holding some secret witness  for a statement x satisfying some NP relation R, to prove knowledge of w to a verifier (the soundness property), without revealing any information on w to the verifier (the zero-knowledge property) beyond that revealed by the NP statement x known to the verifier.   

ZKPs have a myriad of applications in privacy-preserving cryptographic protocols. For statements with large witnesses w, the main limitation of   classical ZKPs is that their proof size is proportional to the witness size. To support such applications like verifiable computation and privacy-preserving cryptocurrencies it is desirable to have succinct ZKPs in which  the proof (or argument) size is only  polylogarithmic in the witness size. This requirement induced constructions of Zero-Knowledge Succinct Non-interactive ARgument of Knowledge  (ZK-SNARK).  

In this presentation we will look at different approaches to designing efficient ZK-SNARKs from information-theoretical proof system especially focusing on lattice-based and hash-based ZK-SNARK constructions.

Video Recording

December 14, 2022, SE-43, Room 215;1:00 p.m.

Speaker: Jianfeng Xie, Department of Electrical and Computer Engineering, Villanova University (BIO)
Hardware Acceleration for Post-Quantum Cryptography: Algorithmic Derivation, and Architectural Innovation
Abstract:  :
Post-quantum cryptography (PQC) has drawn significant attention from various communities recently as the existing public-key cryptosystems such as Rivest Shamir Adleman (RSA) and Elliptic Curve Cryptography (ECC) are proven to be vulnerable to the large-scale quantum computers executing Shor’s algorithm. The National Institute of Standards and Technology (NIST) has already started the PQC standardization process, and hardware acceleration for PQC algorithms is one of the recent focused topics. In this talk, I follow this trend to introduce several interesting methods to accelerate the PQC algorithms on the hardware platform. Specifically, this talk will present the hardware
implementation methods from the aspects of both algorithmic derivation and architectural innovation. Implementation techniques for a lightweight PQC scheme is also covered in this talk. I hope that this talk will facilitate more research to help the PQC standardization and further development.


October 18, 2022, SE-43, Room 215; 4:00 p.m.

Speaker : Shi Bai, Florida Atlantic University
Title : Subfield and sublattice algorithms for variants of NTRU
Abstract : The NTRU problem introduced by Hoffstein,  Pipher and Silverman is one of the fundamental problems in lattice-based cryptography. It has been used extensively as a security foundation, for public-key encryption, signatures, fully homomorphic encryption and many others. It has been realized that certain variants of NTRU such as the overstretched NTRU (NTRU variant with a large modulus) are easier than expected. The general strategy is to solve 'part' of the secret in a subfield or sublattice and then recover the full solution.  In this talk, we will survey and compare several subfield and sublattice algorithms for overstretched NTRU, and also give some concrete estimates for breaking them.


September 13, 2022, SE-43, Room 215; 4:00 p.m.

Speaker : Sulani Thakshila, Florida Atlantic University
Title : MNTRU Signatures
Abstract : The NTRU cryptosystem is a computational problem introduced in 1996 based  on lattices. Module-NTRU lattices generalize NTRU lattices and possess more benefits on the flexibility of ring dimension. In this talk, I will present Fiat-Shamir signatures based on the inhomogeneous variant of Module-NTRU problem. I will present two signature schemes. The first scheme is a lossy identification scheme secure in the QROM. The second scheme is a BLISS-like signature secure in the classic ROM.

August 31, 2022, SE-43, Room 215; 5:00 p.m.

Speaker : Francesco Sica, Florida Atlantic University
Title : A Note on Torsion Point Attacks
Abstract : A technical lemma is being used in attacks on the supersingular isogeny problem with torsion points (SSI-T) à la Petit, which propagates an error. In this talk, I will explain how Lemma 6 in Petit’s Asiacrypt 2017 paper is incorrect and how this can be fixed to make his attack work in theory as well as in practice.

April 14, 2022, SE-43, Room 215; 10:00 a.m.

Speaker : Emrah Karagoz, Florida Atlantic University
Title : Correlation Power Analysis on AES
Abstract : The main goal of side channel attacks is to gain physical information (such as timing information, power consumption, electromagnetic leaks etc.) from a cryptographic algorithm implemented on a computer device, and to obtain the cryptographic keys by using this information. Power analysis is a type of side channel attack in which the attacker aims to extract the cryptographic keys by studying the power consumption of the device. On the other hand, AES (Advanced Encryption Standard) is a symmetric algorithm standardized by NIST in 2001, and it has been deployed mostly everywhere to encrypt the sensitive data because of its strong cryptographic security. In this presentation, we will explain how correlation power analysis works on AES so that an attacker can extract the AES key very easily, and therefore we will point out that the implementation of a cryptographic algorithm is as important as its cryptographic security.

March 31, 2022, SE-43, Room 215; 10:00 a.m.

Speaker : Tovohery Randrianarisoa, Florida Atlantic University
Title : On Linear Complexity of Finite Sequences: Coding Theory and Applications to Cryptography
Abstract : We define two metrics on vector spaces over a finite field using the linear complexity of finite sequences. We then develop coding theory notions for these metrics and study their properties.  We show how to reduce the problem of finding codewords with given Hamming weight into a problem of finding a vector of a given linear complexity. This implies that our new metric can be used for cryptography in a similar way to what is currently done in the code-based setting with Hamming metric. Recently, Feneuil et al. presented a signature scheme with codes with Hamming metric using a multiparty computation approach. We show that by transforming their work into a setting with linear complexity as metric, we can improve the speed of signing by eliminating all the interpolations steps in the process.

March 17, 2022, SE-43, Room 215; 10:00 a.m.

Speaker : Abhraneel Dutta, Florida Atlantic University
Title : Two Constant Time Polynomial Inversion Algorithms for Post-Quantum Cryptosystems
Abstract : A very common primitive in code-based cryptography is computing the inverse of a binary polynomial over a binary polynomial ring and making such algorithms constant time helps achieve the prevention against timing side channel attacks. This presentation will focus on a brief introduction to two recent time polynomial inversion algorithms which are capable to run in constant time: Bernstein-Yang's "SafeGCD" polynomial inversion, based on the Extended GCD algorithm and constant time Itoh-Tsuji Inversion (ITI) derived from Fermat's Little Theorem.

March 3, 2022, SE-43, Room 215; 10:00 a.m.

Speaker : Edoardo Persichetti, Florida Atlantic University
Title : Code-based Signatures: New Approaches and Research Directions
Abstract : Code-based cryptography is one of the main areas of research within the context of quantum-secure communication. Yet, designing an efficient and secure code-based signature scheme has been a challenging problem for the last few decades. In this talk, I will summarize some of the long history of code-based signatures, and then illustrate current work and future research directions for this important topic.

March 2, 2020, SE-43, Room 215; 4:00 p.m.

Speaker : Roger Wiegand, University of Nebraska
Title : Iterated blowups of two-dimensional regular local rings
Abstract : A major component of the resolution of surface singularities is the blowing up of singular points on the surface.  It turns out that blowing up yields interesting results even when the surface is smooth. In this talk we will discuss two types of blowups, say, A and B.  In either case, we start with a field F and two algebraically independent elements a and b. We write F[a,b]__ for the local ring obtained by inverting the elements of  F[a,b] that are not in the maximal ideal (a,b). Type A replaces the ring F[a,b]__ by the ring F[a,b/a]__ , and type B replaces the ring F[a,b]__ by F[a/b,b]__ .  Suppose we have a sequence of positive integers  [a_0,a_1,a_2,…]. We start with the localized polynomial ring  F[x,y]__ and do A a_0 times, then B a_1 times, then A a_2 times, then B  a_3 times, and so on. This gives an infinite strictly increasing chain of rings, all with the same quotient field  F(x,y). It is known that the union V of these rings is a valuation ring. I will show that the value group of this ring is Z + Zg, where  Z is the additive group of integers and g is the irrational number obtained as the value of the continued fraction represented by the given sequence.  This is joint work with Sylvia Wiegand and was inspired by discussions we had with Karen Smith back in 1996. This work has considerable overlap with Mark Spivakovsky’s Ph.D. thesis and with more recent work by Karen’s Ph.D. students David Bruce, Molly Logue, and Robert Walker.


February 24, 2020, SE-43, Room 215; 4:00 p.m.

Speaker: Floyd Johnson, Florida Atlantic University
Title: An Introduction to Quantum Key Distribution
Abstract: Quantum mechanics was one of the greatest scientific breakthroughs of the last century with applications still being found.  Since the 1970’s mathematicians and physicists have been exploring how quantum mechanics can be used in cryptography to achieve previously thought impossible results.  In this talk, we will give an overview of the problem of key establishment and how quantum phenomena can be used to achieve a secure key establishment.


February 10, 2020, SE-43, Room 215; 4:00 p.m.

Speaker : Ryann Cartor, Clemson University
Title : All in the C* Family
Abstract : The cryptosystem C*, first proposed and studied by Matsumoto and Imai and introduced in EUROCRYPT '88, is the predecessor of all of the so-called "big field'' schemes of multivariate cryptography.  This scheme has since been broken, which has led to the introduction of modifiers. The introduction of the numerous modifiers of multivariate schemes has produced several variants that stay faithful to the central structure of the original.  From the tumultuous history of C* derivatives, we now see only a very few survivors in the cryptonomy. In this work, we revisit the roots of multivariate cryptography, investigating the viability of C* schemes, in general, under the entire multidimensional array of the principal modifiers.  We reveal that there is a nontrivial space of combinations of modifiers that produce viable schemes resistant to all known attacks. This solution space of seemingly secure C* variants offers trade-offs in multiple dimensions of performance, revealing a family that can be optimized for disparate applications. 

January 27, 2020, SE-43, Room 215; 4:00 p.m.

Speaker : Shaun Miller, Florida Atlantic University
Title : Behavior of a Lattice Basis During Reduction
Abstract : Lattice reduction algorithms aim to produce short, almost orthogonal basis vectors. Theoretical estimates are given for the expected behavior of a basis vector's length during reduction. These estimates will be compared to the lengths obtained experimentally after a brief introduction to the motivation behind lattice-based cryptanalysis. 


December 2, 2019, SE-43, Room 215; 4:00 p.m.

Speaker: Paolo Santini, Università Politecnica delle Marche
Title: Reaction attacks on cryptosystems based on codes with sparse parity-checks
Abstract: The concept of sparsity is central in code-based cryptography: hard problems from coding theory are based on the difficulty of finding vectors with a small weight, satisfying some given relations. Furthermore, codes with a sparse representation admit efficient decoding algorithms and seem to be natural candidates for cryptographic schemes. However, currently known decoding techniques are characterized by some failure probability, which can be exploited by an adversary to mount so-called reaction attacks. In this talk, I will speak about Low-Density Parity-Check (LDPC) codes and Low-Rank Parity-Check (LRPC) codes, two families of codes that, despite being defined over different metrics, share many similarities. I will briefly describe how such codes can be decoded, how they can be used to instantiate cryptosystems and how such schemes can be attacked through reaction attacks. 


November 18, 2019, SE-43, Room 215; 4:00 p.m.

Speaker : Tran Ngo, Florida Atlantic University
Title : Mersenne Cryptography system
Abstract : In this talk, I will present a cryptosystem based on Mersenne Numbers by Divesh Aggarwal, Antoine Joux, Anupam Prakash, and Miklos Santha in May 2017. The scheme was attacked by [BCGN17] and [dBDJdW17] several months later, and it was reintroduced in November 2017. 

Video Recording

November 4, 2019, SE-43, Room 215; 4:00 p.m.

Speaker: Abhraneel Dutta, Florida Atlantic University
Title: A New Elliptic Curve Scalar Multiplication Algorithm
Abstract: Cryptographic applications of elliptic curve scalar multiplication can be widely seen in the Diffie-Hellman key exchange and elliptic curve digital signature algorithms. I will first review some basic algorithms for scalar multiplication and explain how some of the irregularities in these algorithms can be exploited by side-channel attacks. Second, I will introduce the signed digit representation of scalars and signed aligned column (SAC) encoding algorithms. These algorithms provide some protection against simple power analysis attacks but are limited in the sense that they are based on the binary representation of scalars. In the last part of my talk, I will present our work on the full generalization of signed digit representations and SAC encodings. I will discuss some theoretical results and evaluate them in a cryptographic setting. 

Video Recording

October 21, 2019, SE-43, Room 215; 4:00 p.m.

Speaker : Emrah Karagoz, Florida Atlantic University
Title : Knapsack Problem: Is it Post-Quantum Secure?
Abstract : The Knapsack Problem has been popular in cryptography since the Merkle–Hellman knapsack cryptosystem was announced in 1978, which was one of the first public-key cryptosystems, but had a very short life and was broken in 1982. Although it was discouraged with this failure and beside of the rising popularity of RSA, there are many other proposed algorithms such as the Chor-Rivest Cryptosystem, which are still secure. Even though the Knapsack Problem is an NP-hard problem, and therefore believed to be a good candidate for Post Quantum secure algorithms, there was no submission based on Knapsack Problem in the NIST competition. We are still waiting (or maybe studying)! In this talk, we will discuss the cryptographic aspects of the Knapsack Problem towards the Post-Quantum Secure World. 

Video Recording

October 7, 2019, SE-43, Room 215; 4:00 p.m.

Speaker: Shaun Miller, Florida Atlantic University
Title: A brief introduction to quantum circuits
Abstract: To implement quantum algorithms like Shor's and Grover's, we need to be able to translate classical loops to quantum circuits. I will give an introduction to bra-ket notation as well as quantum circuits. We will use this knowledge to translate a classical while loop into a conditioned quantum loop. 

Video Recording

September 23, 2019, SE-43, Room 215; 4:00 p.m.

Speaker : Edoardo Persichetti, Florida Atlantic University
Title : Research Challenges in Code-Based Cryptography
Abstract : In this talk, I will present the area of code-based cryptography, one of the most active and exciting areas of research within post-quantum cryptography. After a brief introduction, I will discuss some research avenues and open problems. Everyone welcome! 

Video Recording

September 9, 2019, SE-43, Room 215; 4:00 p.m.

Speaker: Shi Bai, Florida Atlantic University
Title: Lattice attacks for variants of LWE
Abstract: The learning with errors (LWE) problem introduced by Regev (STOC'05) is one of the fundamental problems in lattice-based cryptography. It has been used extensively as a security foundation, for public-key encryption, signatures, fully homomorphic encryption (FHE), pseudorandom functions (PRF) and many others. One standard strategy to solve the LWE problem is to reduce it to a unique SVP (uSVP) problem via Kannan's embedding and then apply a lattice reduction to solve the uSVP problem. In this talk, we will discuss and compare various lattice algorithms for solving LWE, and then give some concrete estimates for breaking various variants of LWE (e.g. generic, small secrets, restricted samples). In the end, we will discuss some recent developments on algorithms for solving LWE. 

Video Recording