Abstracts and Biographies
Title: Quantum Communications in Portugal
Speaker: Catarina Bastos (Slides)
Bio: Head of Secure Communications and Quantum Technologies Division; Catarina Bastos, PhD in Physics, has become an expert in models using quantum physics to explain different physical aspects of the universe. In 2017 she started in Deimos Engenharia, working in several ESA projects. Recently, she became the Head of Secure Communications and Quantum Technologies Division, leading the Quantum Communications team, coordinating two European projects DISCRETION, a quantum enabled SDN for European Defence and PTQCI, the 1st segment of EuroQCI in Portugal.
Abstract: In this talk I will present the status on quantum communications in Portugal. From the Laboratory to the operational network what has been done through the main actors in industry, academia and public institutions in Portugal. Starting with the development of national technology under a European Defence project, DISCRETION, to the deployment of the first EuroQCI (the European Quantum Communication Infrastructure) segment in Portugal, PTQCI. I will show that quantum communications is no longer a science project, but it is on the heart of sovereignty in Europe.
Title: Efficient Fully Homomorphic Encryption with Polynomial Noise Overhead
Speaker: Antonio Guimarães (Slides)
Bio: Antonio Guimarães is a postdoctoral researcher at IMDEA Software Institute in Madrid, Spain. His research interests include all practical aspects of Fully Homomorphic Encryption (FHE), with particular focus on verifiable FHE, fast bootstrapping algorithms, and efficient homomorphic evaluation of cryptographic primitives.
Abstract: Fully Homomorphic Encryption (FHE) is a powerful cryptographic primitive that enables computation directly on encrypted data. The most efficient FHE schemes to date exploit "single-instruction multiple-data" (SIMD) techniques to improve performance, i.e., they perform operations on multiple messages simultaneously to lower their amortized cost. However, these schemes require parameters to be superpolynomially large in the security level, which limits their security and practicality. Specifically, they rely on the hardness of approximate lattice problems with superpolynomial approximation factors, which is a significantly stronger assumption than what is required, for example, for lattice-based public-key encryption. Lightweight FHE schemes, such as TFHE, avoid these problems, but they lack (or have very limited) SIMD capabilities, hindering performance in large-scale applications. In 2018, Micciancio and Sorrell (ICALP'18) introduced the concept of "amortized bootstrapping" as a method to construct FHE with SIMD capabilities and polynomially large parameters. Many follow-ups ensued since then, but their approach remained purely theoretical until recently.
In this talk, we will first provide a high-level overview of existing approaches for constructing FHE schemes with polynomially bounded parameters. We will then discuss "amortized bootstrapping" techniques, which enable SIMD capabilities for these schemes. We will focus particularly on the constructions from GPV23 (Asiacrypt 2023), where we first established the feasibility of this approach, and from GP25 (CCS 2025), where we first demonstrated its concrete practicality. Notably, our latest solution achieves performance improvements of up to 39 times over state-of-the-art libraries such as TFHE-rs.
Title: From Bell nonlocality to verifiable quantum cryptography and computation
Speaker: Mafalda Almeida (Slides)
Bio: Mafalda L. Almeida is Principal Manager of R&D in the Quantum Cryptography Team at Quantinuum. Her current research focuses on developing quantum cryptographic protocols that demonstrate quantum advantage while remaining practical for near-term implementation, with a particular emphasis on (semi-)device-independent approaches. More broadly, her interests span the security of quantum communication and computation, exploring both theoretical foundations and applied perspectives.
Abstract: Processing information encoded in quantum systems opens a new world of opportunities and challenges. What began as a theoretical curiosity has evolved into a mature research field, attracting significant attention not only in academia but also in industry. Major tech companies such as Google, IBM, and AWS, among others, have established dedicated quantum divisions, signalling the growing importance of quantum technologies.
In this talk, I will introduce Quantinuum, a full-stack quantum computing company that also houses a quantum cryptography research team. Our interests range from more standard protocols—such as quantum randomness generation and certification—to more unconventional ones, including quantum position verification.
I will highlight the advantages of the device-independent framework for practical cryptographic applications, particularly in providing security against both device imperfections and malicious adversaries.
Finally, I will discuss the challenge of verifying that a remote quantum computer is genuinely performing quantum operations. A recent breakthrough in this area involves compiled nonlocal games, which transform Bell games—which can be seen as multi-prover interactive protocols with no communication between the provers—into single-prover interactive protocols based on quantum homomorphic encryption schemes. This development enables powerful results in nonlocality, such as proofs of quantumness and self-testing, to be applied in the verification of quantum computations.
Title: How Modern Cryptography Breaks in Practice
Speaker: Filipe Casal (Slides)
Bio: Filipe Casal is a principal security engineer at Trail of Bits. He specializes in security reviews of advanced cryptography, including threshold signature schemes, multi-party computation protocols, fully homomorphic encryption schemes for organizations such as Zama and large-scale zero-knowledge systems for teams such as Scroll and Aleo. Besides manual code review, he employs formal method tools, such as TLA+ and ProVerif, to verify algorithms and custom protocols. In support of these engagements, he also builds custom tooling for implementers and auditors, including ZKDocs, an interactive guide to zero-knowledge proof systems and related primitives; Amarna, a static analyzer and linter for the Cairo programming language; and weAudit, a collaborative code review extension for VSCode.
Before joining Trail of Bits, he served as an invited assistant professor at the University of Lisbon, where he taught and researched type theory, satisfiability procedures, and probabilistic logics for security applications.
Abstract: Modern cryptographic systems often fail in predictable ways. From the familiar flawed Fiat–Shamir transformations to the more obscure threshold key-destruction attacks, we will survey some of the most common catastrophic bugs we repeatedly encounter in security reviews of modern cryptography. While these failures are frequently blamed on implementation mistakes, they are usually caused by an underspecified protocol or a hand-waved paragraph in the primary literature. For each class, we will compare the real-world failure to its violated assumption and draw lessons for robust protocol design and specification practices.
Title: Digital signature schemes from isogeny-based cryptography
Speaker: Maria Corte-Real Santos (Slides)
Bio: "Maria is a postdoctoral researcher at CNRS and ENS de Lyon, in the Unité de Mathématiques pures et appliquées (UMPA), working with Benjamin Wesolowski. Her main research interests are post-quantum cryptography, specifically isogeny-based cryptography, and computational number theory. Previously, she completed her PhD at University College London under the supervision of Philipp Jovanovic and Sarah Meiklejohn. Maria is a contributor of the SQIsign submission to NIST's call for alternative post-quantum secure signature schemes, which has progressed to Round 2. She is also co-organiser of The Isogeny Club, an online seminar series for young researchers in isogeny-based cryptography. Maria is passionate about promoting diversity, inclusion, and gender equality within the cryptography community, co-organising Crossfyre 2023, and the Decrypting Diversity Summit 2025."
Abstract: Most public-key cryptography that is deployed in today’s systems is susceptible to attacks by quantum computers. With increasing investment in the development of large-scale quantum computers, it is important to develop cryptography that is secure against both classical and quantum attacks. Considering this, in 2016, NIST began an effort to standardise post-quantum secure key exchange mechanisms and signature schemes. In this talk, we will focus on signature schemes built from a particular type of post-quantum cryptography: isogeny-based cryptography.
After a gentle introduction on isogenies, we will present two signature schemes: SQIsign and PRISM. SQIsign is the only isogeny-based signature scheme that was submitted to NIST's recent alternate call for signatures. On the other hand, PRISM is a much newer and simpler construction, built using the hash-and-sign paradigm.
Though these signature schemes are not as efficient as, for example, lattice-based constructions, they boast the smallest combined signature and public key sizes. Throughout the talk, we will compare the two, discussing their potential advantages and drawbacks.
Title: From Quantum Channels to Physical Unclonability: Grounding Cryptography in the Physical World
Speaker: Paulo Mateus (Slides)
Bio: Paulo Mateus obtained his doctorate in Mathematics from Instituto Superior Técnico and was a Postdoc at the University of Pennsylvania. He was awarded the IBM scientific prize, Portugal, in 2005 for his habilitation thesis. Currently he is a Professor from the Mathematics Department of Instituto Superior Técnico and a researcher at Instituto de Telecomunicações. In 2006, he founded and presently coordinates the Security and Quantum Information Group. His research is focused on using quantum resources for security and communication and has been author and co-author of more than 50 peer-reviewed international journal publications in mathematics. He has coordinated several national and international projects and has been guest editor of Logic Journal of the IGPL, IEEE Communications, and part of the program committee of several workshops and conferences. He was invited by the Hungarian (OTKA), Czech (GACR) science foundations, as well as by the Israeli Ministry of Science and Technology, to be a member of the evaluation board for their national projects and postdocs. He was a member of the Managing Board of the European Network and Information Security Agency, vice-president of Centro Internacional de Matemática, and a consultant for the Portuguese National Security Agency.
Abstract: As cryptography evolves beyond traditional mathematical assumptions, the physical world offers powerful new resources for building secure protocols. In this talk, we explore a broad landscape of cryptographic primitives—including digital signatures, oblivious transfer, and more—whose security is grounded not in computational hardness, but in the fundamental laws of physics. We examine how quantum channels enable information-theoretic security guarantees, while relativistic constraints thwart adversaries by leveraging the limits of information propagation in space-time. Physical Unclonable Functions (PUFs), meanwhile, provide practical hardware-based security rooted in the uniqueness and unpredictability of physical systems. Together, these approaches enable cryptographic functionalities far beyond quantum key distribution (QKD), such as unforgeable quantum signatures, secure multi-party computation, and robust authentication. We will survey state-of-the-art protocols, discuss recent experimental advances, and highlight open challenges in harnessing physical assumptions to realize the next generation of cryptographic systems.
Title: A Stroll Through Provable Security: Real-vs-Ideal Models and Ideal Functionalities
Speaker: Bernardo Portela (Slides)
Bio: Hi, I'm Bernardo Portela, an assistant professor at the Faculty of Sciences of the University of Porto. I teach courses on cryptography, trusted hardware, systems security, and the occasional introduction to programming. Alongside teaching, I'm a researcher at the High-Assurance Software Laboratory (HASLab), a research center that focuses on building trustworthy and secure software for high-assurance systems.
My main passion is cryptography, especially provable security. I've worked on cryptographic hardware — developing formal models that help us reason about the security of trusted hardware and design demonstrably secure systems — and on secure computation, particularly multi-party computation and searchable encryption. Currently, my research explores secure computation for trustworthy Conflict-free Replicated Data Types (CRDTs), novel algorithms for Oblivious RAM in distributed networks, and privacy-preserving countermeasures to protect federated learning environments against adversarial input manipulation.
Abstract: Provable security provides an essential framework for reasoning about cryptographic protocol security. Definitions such as IND-CPA, UF-CMA, and Key Secrecy have matured over decades and become the de facto standard. However, the direct adaptation of these notions to secure computation is often suboptimal. Real-world protocols require a wide range of security guarantees simultaneously, driving the development of models such as the real-versus-ideal world paradigm. Rather than enforcing a concrete security property, this approach formally demonstrates that a system is "as secure as" an idealized functionality. While this notion is elegant for many problems, the definition of what is an "ideal functionality" can grow in complexity rapidly. In this talk, I will broadly cover the methodology of modern provable security; discuss a bit the nuances of these alternatives; and illustrate how this challenge is particularly acute in weak consistency protocols, where establishing the bounds of a "correct result" itself is non-trivial.
