364 research outputs found
A Survey on Homomorphic Encryption Schemes: Theory and Implementation
Legacy encryption systems depend on sharing a key (public or private) among
the peers involved in exchanging an encrypted message. However, this approach
poses privacy concerns. Especially with popular cloud services, the control
over the privacy of the sensitive data is lost. Even when the keys are not
shared, the encrypted material is shared with a third party that does not
necessarily need to access the content. Moreover, untrusted servers, providers,
and cloud operators can keep identifying elements of users long after users end
the relationship with the services. Indeed, Homomorphic Encryption (HE), a
special kind of encryption scheme, can address these concerns as it allows any
third party to operate on the encrypted data without decrypting it in advance.
Although this extremely useful feature of the HE scheme has been known for over
30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE)
scheme, which allows any computable function to perform on the encrypted data,
was introduced by Craig Gentry in 2009. Even though this was a major
achievement, different implementations so far demonstrated that FHE still needs
to be improved significantly to be practical on every platform. First, we
present the basics of HE and the details of the well-known Partially
Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which
are important pillars of achieving FHE. Then, the main FHE families, which have
become the base for the other follow-up FHE schemes are presented. Furthermore,
the implementations and recent improvements in Gentry-type FHE schemes are also
surveyed. Finally, further research directions are discussed. This survey is
intended to give a clear knowledge and foundation to researchers and
practitioners interested in knowing, applying, as well as extending the state
of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the
survey that is being submitted to ACM CSUR and has been uploaded to arXiv for
feedback from stakeholder
Comparison analysis and efficient implementation of reconciliation-based RLWE key exchange protocol
Error reconciliation is an important technique for Learning With Error (LWE) and Ring-LWE (RLWE)-based constructions. In this paper, we present a comparison analysis on two error reconciliation-based RLWE key exchange protocols: Ding et al. in 2012 (DING12) and Bos et al. in 2015 (BCNS15). We take them as examples to explain core idea of error reconciliation, building key exchange over RLWE problem, implementation, real-world performance and compare them comprehensively. We also analyse a LWE key exchange “Frodo” that uses an improved error reconciliation mechanism in BCNS15. To the best of our knowledge, our work is the first to present at least 128-bit classic (80-bit quantum) and 256-bit classic (>200-bit quantum) secure parameter choices for DING12 with efficient portable C/C++ implementations. Benchmark shows that our efficient implementation is 11x faster than BCNS15 and one key exchange execution only costs 0.07ms on a 4-year-old middle range CPU. Error reconciliation is 1.57x faster than BCNS15
Privacy-Aware Processing of Biometric Templates by Means of Secure Two-Party Computation
The use of biometric data for person identification and access control is gaining more and more popularity. Handling biometric data, however, requires particular care, since biometric data is indissolubly tied to the identity of the owner hence raising important security and privacy issues. This chapter focuses on the latter, presenting an innovative approach that, by relying on tools borrowed from Secure Two Party Computation (STPC) theory, permits to process the biometric data in encrypted form, thus eliminating any risk that private biometric information is leaked during an identification process. The basic concepts behind STPC are reviewed together with the basic cryptographic primitives needed to achieve privacy-aware processing of biometric data in a STPC context. The two main approaches proposed so far, namely homomorphic encryption and garbled circuits, are discussed and the way such techniques can be used to develop a full biometric matching protocol described. Some general guidelines to be used in the design of a privacy-aware biometric system are given, so as to allow the reader to choose the most appropriate tools depending on the application at hand
Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities
The rise of quantum computers exposes vulnerabilities in current public key
cryptographic protocols, necessitating the development of secure post-quantum
(PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches,
covering the constructional design, structural vulnerabilities, and offer
security assessments, implementation evaluations, and a particular focus on
side-channel attacks. We analyze global standardization processes, evaluate
their metrics in relation to real-world applications, and primarily focus on
standardized PQ schemes, selected additional signature competition candidates,
and PQ-secure cutting-edge schemes beyond standardization. Finally, we present
visions and potential future directions for a seamless transition to the PQ
era
Unified Description for Network Information Hiding Methods
Until now hiding methods in network steganography have been described in
arbitrary ways, making them difficult to compare. For instance, some
publications describe classical channel characteristics, such as robustness and
bandwidth, while others describe the embedding of hidden information. We
introduce the first unified description of hiding methods in network
steganography. Our description method is based on a comprehensive analysis of
the existing publications in the domain. When our description method is applied
by the research community, future publications will be easier to categorize,
compare and extend. Our method can also serve as a basis to evaluate the
novelty of hiding methods proposed in the future.Comment: 24 pages, 7 figures, 1 table; currently under revie
A Practical Second-Order Fault Attack against a Real-World Pairing Implementation
Several fault attacks against pairing-based
cryptography have been described theoretically in recent
years. Interestingly, none of these have been practically
evaluated. We accomplished this task and prove that fault
attacks against pairing-based cryptography are indeed
possible and are even practical — thus posing a serious
threat. Moreover, we successfully conducted a second-order fault attack against an open source implementation
of the eta pairing on an AVR XMEGA A1. We injected
the first fault into the computation of the Miller Algorithm
and applied the second fault to skip the final exponentiation completely. We introduce a low-cost setup that
allowed us to generate multiple independent faults in one
computation. The setup implements these faults by clock
glitches which induce instruction skips. With this setup we
conducted the first practical fault attack against a complete
pairing computation
Bootstrapping in FHEW-like Cryptosystems
FHEW and TFHE are fully homomorphic encryption (FHE) cryptosystems that can evaluate arbitrary Boolean circuits on encrypted data by bootstrapping after each gate evaluation. The FHEW cryptosystem was originally designed based on standard (Ring, circular secure) LWE assumptions, and its initial implementation was able to run bootstrapping in less than 1 second. The TFHE cryptosystem used somewhat stronger assumptions, such as (Ring, circular secure) LWE over the torus with binary secret distribution, and applied several other optimizations to reduce the bootstrapping runtime to less than 0.1 second. Up to now, the gap between the underlying security assumptions prevented a fair comparison of the cryptosystems for the same security settings.
We present a unified framework that includes the original and extended variants of both FHEW and TFHE cryptosystems, and implement it in the open-source PALISADE lattice cryptography library using modular arithmetic. Our analysis shows that the main distinction between the cryptosystems is the bootstrapping procedure used: Alperin-Sherif--Peikert (AP) for FHEW vs. Gama--Izabachene--Nguyen--Xie (GINX) for TFHE. All other algorithmic optimizations in TFHE equally apply to both cryptosystems. The GINX bootstrapping method makes essential the use of binary secrets, and cannot be directly applied to other secret distributions. In the process of comparing the two schemes, we present a simple, lightweight method to extend GINX bootstrapping (e.g., as employed by TFHE) to ternary uniform and Gaussian secret distributions, which are included in the HE community security standard. Our comparison of the AP and GINX bootstrapping methods for different secret distributions suggests that the TFHE/GINX cryptosystem provides better performance for binary and ternary secrets while FHEW/AP is faster for Gaussian secrets. We make a recommendation to consider the variants of FHEW and TFHE cryptosystems based on ternary and Gaussian secrets for standardization by the HE community
Breaking pairing-based cryptosystems using pairing over
There are many useful cryptographic schemes, such as ID-based encryption,
short signature, keyword searchable encryption, attribute-based encryption,
functional encryption, that use a bilinear pairing.
It is important to estimate the security of such pairing-based cryptosystems in cryptography.
The most essential number-theoretic problem in pairing-based cryptosystems is
the discrete logarithm problem (DLP)
because pairing-based cryptosystems are no longer secure once the underlining DLP is broken.
One efficient bilinear pairing is the pairing defined over a supersingular
elliptic curve on the finite field for a positive integer .
The embedding degree of the pairing is ;
thus, we can reduce the DLP over on to that over the finite field .
In this paper, for breaking the pairing over , we discuss
solving the DLP over by using the function field sieve (FFS),
which is the asymptotically fastest algorithm for solving a DLP
over finite fields of small characteristics.
We chose the extension degree because it has been intensively used in benchmarking
tests for the implementation of the pairing,
and the order (923-bit) of is substantially larger than
the previous world record (676-bit) of solving the DLP by using the FFS.
We implemented the FFS for the medium prime case (JL06-FFS),
and propose several improvements of the FFS,
for example, the lattice sieve for JL06-FFS and the filtering adjusted to the Galois action.
Finally, we succeeded in solving the DLP over .
The entire computational time of our improved FFS requires about 148.2 days using 252 CPU cores.
Our computational results contribute to the secure use of pairing-based cryptosystems with the pairing
- …