1,317 research outputs found
Three\u27s Compromised Too: Circular Insecurity for Any Cycle Length from (Ring-)LWE
Informally, a public-key encryption scheme is
\emph{-circular secure} if a cycle of~ encrypted secret keys
(\pkcenc_{\pk_{1}}(\sk_{2}), \pkcenc_{\pk_{2}}(\sk_{3}), \ldots,
\pkcenc_{\pk_{k}}(\sk_{1}))
is indistinguishable from encryptions of zeros. Circular security has
applications in a wide variety of settings, ranging from security of
symbolic protocols to fully homomorphic encryption. A fundamental
question is whether standard security notions like IND-CPA/CCA imply
-circular security.
For the case , several works over the past years have constructed
counterexamples---i.e., schemes that are CPA or even CCA secure but
not -circular secure---under a variety of well-studied assumptions
(SXDH, decision linear, and LWE). However, for the only known
counterexamples are based on strong general-purpose obfuscation
assumptions.
In this work we construct -circular security counterexamples for
any based on (ring-)LWE. Specifically:
\begin{itemize}
\item for any constant , we construct a counterexample based on
-dimensional (plain) LWE for \poly(n) approximation factors;
\item for any k=\poly(\lambda), we construct one based on degree-
ring-LWE for at most subexponential factors.
\end{itemize}
Moreover, both schemes are -circular insecure for
.
Notably, our ring-LWE construction does not immediately translate to
an LWE-based one, because matrix multiplication is not commutative. To
overcome this, we introduce a new ``tensored\u27\u27 variant of LWE which
provides the desired commutativity, and which we prove is actually
equivalent to plain LWE
Learning with Errors is easy with quantum samples
Learning with Errors is one of the fundamental problems in computational
learning theory and has in the last years become the cornerstone of
post-quantum cryptography. In this work, we study the quantum sample complexity
of Learning with Errors and show that there exists an efficient quantum
learning algorithm (with polynomial sample and time complexity) for the
Learning with Errors problem where the error distribution is the one used in
cryptography. While our quantum learning algorithm does not break the LWE-based
encryption schemes proposed in the cryptography literature, it does have some
interesting implications for cryptography: first, when building an LWE-based
scheme, one needs to be careful about the access to the public-key generation
algorithm that is given to the adversary; second, our algorithm shows a
possible way for attacking LWE-based encryption by using classical samples to
approximate the quantum sample state, since then using our quantum learning
algorithm would solve LWE
A Survey on Homomorphic Encryption Schemes: Theory and Implementation
Legacy encryption systems depend on sharing a key (public or private) among
the peers involved in exchanging an encrypted message. However, this approach
poses privacy concerns. Especially with popular cloud services, the control
over the privacy of the sensitive data is lost. Even when the keys are not
shared, the encrypted material is shared with a third party that does not
necessarily need to access the content. Moreover, untrusted servers, providers,
and cloud operators can keep identifying elements of users long after users end
the relationship with the services. Indeed, Homomorphic Encryption (HE), a
special kind of encryption scheme, can address these concerns as it allows any
third party to operate on the encrypted data without decrypting it in advance.
Although this extremely useful feature of the HE scheme has been known for over
30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE)
scheme, which allows any computable function to perform on the encrypted data,
was introduced by Craig Gentry in 2009. Even though this was a major
achievement, different implementations so far demonstrated that FHE still needs
to be improved significantly to be practical on every platform. First, we
present the basics of HE and the details of the well-known Partially
Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which
are important pillars of achieving FHE. Then, the main FHE families, which have
become the base for the other follow-up FHE schemes are presented. Furthermore,
the implementations and recent improvements in Gentry-type FHE schemes are also
surveyed. Finally, further research directions are discussed. This survey is
intended to give a clear knowledge and foundation to researchers and
practitioners interested in knowing, applying, as well as extending the state
of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the
survey that is being submitted to ACM CSUR and has been uploaded to arXiv for
feedback from stakeholder
- âŠ