Speaker: Hans Heum

Title: Cryptographic Group Actions in a Quantum World

Abstract: The Group Action formalism generalizes the familiar discrete-logarithm based hardness assumptions in such a way that post-quantum security can be recovered. In particular, post-quantum group actions have been shown to be instantiable from isogeny-based cryptography, such as CSIDH and more recently PEGASIS. Thus, many useful results from the world of Diffie-Hellman assumptions can be ported to a post-quantum setting. 

Some such results are only known to hold in generic models like the Generic Group Model (GGM) and the Algebraic Group Model (AGM), in which the groups are idealized in one of two ways. Recent works have ported these models to the setting of group actions, giving the Generic Group Action Model (GGAM) and the Algebraic Group Action Model (AGAM). But much like how post-quantum security requires going from the classical to the quantum random oracle model (QROM) when modelling hash functions, we would often need quantum variants of the GGAM and the AGAM to be able to argue post-quantum security for group actions. Coming up with sound definitions of these models, however, has turned out to be more challenging than expected.

In this talk I will introduce group actions, then survey the attempts that have been made so far at defining quantum generic models for them, and the challenges that each attempt has faced—together with some ideas for how we might try to resolve them.

Based on ongoing work with Doreen Riepel.