2 research outputs found
Криптоаналіз алгоритму цифрового підпису «Вершина»
У роботi розглянуто алгоритм цифрового пiдпису
CRYSTALS-Dilithium, який слугував прототипом для нового алгоритму
цифрового пiдпису «Вершина». Також наведено особливостi проекту
нацiонального стандарту цифрового пiдпису та побудови алгоритму
«Вершина». У ходi аналiзу алгоритму обчислено очiкувану кiлькiсть
iтерацiй, яку повинен виконати алгоритм для формування правильного
пiдпису. Викладено основнi теоретичнi вiдомостi про структуру
Фiат-Шамiра з перериваннями та її стiйкiсть у квантовiй та класичнiй
моделях обчислень. Отриманi власнi результати стiйкостi алгоритму
«Вершина» до атаки пiдробки без використання повiдомлення у
класичнiй i квантовiй моделях обчислень. Стйкiсть алгоритму «Вершина»
до атаки вiдновлення ключа грунтується на припущеннi складностi задачi
MLWE, а стiйкiсть до екзистенцiйної пiдробки пiдпису грунтується на
припущеннi складностi задачi MSIS. Вiдповiдно у роботi обчислено
очiкуваний рiвень складностi розв’язку задач SIS та LWE, до яких iснує
зведення задач MSIS та MLWE.
Метою роботи є оцiнка стiйкостi алгоритму цифрового пiдпису
«Вершина» та аналiз складових алгоритмiв проекту нацiонального
стандарту цифрового пiдпису та режимiв його роботи.
Об’єктом дослiдження є процеси перетворення iнформацiї в
алгоритмi цифрового пiдпису «Вершина».
Предметом дослiдження є стiйкiсть алгоритму цифрового
пiдпису «Вершина» до криптоаналізу.In the thesis is reviewed the CRYSTALS-Dilithium digital signature
algorithm, which was selected as a prototype for the new «Vershyna» digital
signature algorithm. The features of the project of the national standard of
digital signature and construction of the algorithm «Vershyna» are also given.
During the analysis of the project was calculated the expected number of
repetitions that the algorithm must go through to form a correct signature.
The main theoretical information about the structure of Fiat-Shamir with
interruptions and its stability in quantum and classical random oracle models
is presented. We obtain our own results of the resistance of the «Vershyna»
algorithm to the attack without the use of a message in classical and quantum
oracle models. The resistance of the «Vershyna» algorithm to a key recovery
attack is based on the assumption of the hardness of the MLWE problem, and
resilience to existential signature forgery is based on the assumption of the
hardness of the MSIS problem. In this thesis is calculated the expected level
of hardness of SIS and LWE problems, to which there is a reductions
from MSIS and MLWE problems.
The purpose of the thesis is to analyze the resistance to
cryptanalysis of the proposed «Vershyna» digital signature algorithm and to
analyze the constituent algorithms of the standard and modes of the digital
signature scheme.
The research object is the processes of information transformation in
the «Vershyna» digital signature.
The research subject is the resistance to cryptanalysis of
the «Vershyna» digital signature
CRPSF and NTRU Signatures over cyclotomic fields
Classical NTRUEncrypt is one of the fastest known lattice-based encryption schemes. Its counterpart, NTRUSign, also has many advantages, such as moderate key sizes, high efficiency and potential of resisting attacks from quantum computers. However, like classical NTRUEncrypt, the security of NTRUSign is also heuristic. Whether we can relate the security of NTRUSign to the worst-case lattice problems like NTRUEncrypt is still an open problem.
Our main contribution is that we propose a detailed construction of Collision Resistance Preimage Sampleable Functions CRPSF over any cyclotomic field based on NTRU. By using GPV\u27s construction, we can give a provably secure NTRU Signature scheme NTRUSign, which is strongly existentially unforgeable under adaptive chosen-message attacks in the quantum random oracle model. The security of CRPSF NTRUSign is reduced to the corresponding ring small integer solution problem Ring-SIS. More precisely, the security of our scheme is based on the worst-case approximate shortest independent vectors problem SIVP over ideal lattices. For any fixed cyclotomic field, we give a probabilistic polynomial time PPT key generation algorithm which shows how to extend the secret key of NTRUEncrypt to the secret key of NTRUSign. This algorithm is important for constructions of many cryptographic primitives based on NTRU, for example, CRPSF, NTRUSign, identity-based encryption and identity-based signature.
We also delve back into former construction of NTRUEncrypt, give a much tighter reduction from decision dual-Ring-LWE problem (where the secret is chosen form the codifferent ideal) to decision primal-Ring-LWE problem (where the secret is chosen form the ring of integers) and give a provably secure NTRUEncrypt over any cyclotomic ring. Some useful results about -ary lattices, regularity and uniformity of distribution of the public keys of NTRUEncrypt are also extended to more general algebraic fields