Implementing a Toolkit for Ring-LWE Based Cryptography in Arbitrary Cyclotomic Number Fields

Recent research in the field of lattice-based cryptography, especially on the topic of the ring-based primitive ring-LWE, provided efficient and practical ring-based cryptographic schemes, which can compete with more traditional number-theoretic ones. In the case of ring-LWE these cryptographic schemes operated mainly in power-of-two cyclotomics, which vastly restricted the variety of possible applications. Due to the toolkit for ring-LWE of Lyubashevsky, Peikert and Regev, there are now cryptographic schemes that operate in arbitrary cyclotomics, with no loss in their underlying hardness guarantees, and only little loss computational efficiency. Next to some further refinements and explanations of the theory and additional implementation notes, we provide the - as far as we know - first implementation of the toolkit of Lyubashevsky, Peikert and Regev. This includes a complete framework with fast and modular algorithms that can be used to build cryptographic schemes around ring-LWE. Our framework is easy to use, open source and has only little third party dependencies. For demonstration purposes we implemented two public-key cryptographic schemes using our framework. The complete source code is available at https://github.com/CMMayer/Toolkit-for-Ring-LWE.git

Learning with Errors is easy with quantum samples

Learning with Errors is one of the fundamental problems in computational learning theory and has in the last years become the cornerstone of post-quantum cryptography. In this work, we study the quantum sample complexity of Learning with Errors and show that there exists an efficient quantum learning algorithm (with polynomial sample and time complexity) for the Learning with Errors problem where the error distribution is the one used in cryptography. While our quantum learning algorithm does not break the LWE-based encryption schemes proposed in the cryptography literature, it does have some interesting implications for cryptography: first, when building an LWE-based scheme, one needs to be careful about the access to the public-key generation algorithm that is given to the adversary; second, our algorithm shows a possible way for attacking LWE-based encryption by using classical samples to approximate the quantum sample state, since then using our quantum learning algorithm would solve LWE

Integration of post-quantum cryptography in the TLS protocol (LWE Option)

Dissertação de mestrado em Computer ScienceWith the possibility of quantum computers making an appearance, possibly capable of breaking several well established and widespread crytposystems (especially those that implement public key cryptography), necessity has arisen to create new cryptographic algorithms which remain safe even against adversaries using quantum computers. Several algorithms based on different mathematical problems have been proposed which are considered to be hard to solve with quantum computers. In recent years, a new lattice-based mathematical problem called Learning With Errors (and its variant Ring - Learning With Errors) was introduced, and several cryptosystems based on this problem were introduced, some of which are becoming practical enough to compete with traditional schemes that have been used for decades. The primary focus in this work is the implementation of two Ring - Learning With Errors based schemes (one key exchange mechanism and one digital signature scheme) on the TLS protocol via the OpenSSL library as a way of checking their overall viability in real-world scenarios, by comparing them to classical schemes implementing the same functionalities.Com a possibilidade do surgimento dos primeiros computadores quânticos, possivelmente capazes de quebrar muitos dos cripto-sistemas bem difundidos e considerados seguros, tornou-se necessário tomar precauções com a criação de novas técnicas criptográficas que visam manter as suas propriedades de segurança mesmo contra adversários que usem computadores quânticos. Existem já muitas propostas de algoritmos baseados em problemas matemáticos distintos que são considerados difíceis de resolver recorrendo a computadores quânticos. Recentemente, foi introduzido um novo problema baseado em reticulados denominado de Learning With Errors (e a sua variante Ring - Learning With Errors), e consequentemente foram propostos vários cripto-sistemas baseados nesse problema, alguns dos quais começam já a ser utilizáveis ao ponto de poderem ser comparados com os esquemas clássicos usados há décadas. O foco principal neste trabalho é a implementação de dois esquemas baseados no problema Ring - Learning With Errors (mais precisamente, um esquema de troca de chaves e uma assinatura digital) no protocolo TLS através da sua integração no OpenSSL como forma de verificar a sua viabilidade em contextos reais, comparando-os com esquemas clássicos que implementem as mesmas funcionalidades

Algebraic aspects of solving Ring-LWE, including ring-based improvements in the Blum-Kalai-Wasserman algorithm

We provide a reduction of the Ring-LWE problem to Ring-LWE problems in subrings, in the presence of samples of a restricted form (i.e. $(a,b)$ such that $a$ is restricted to a multiplicative coset of the subring). To create and exploit such restricted samples, we propose Ring-BKW, a version of the Blum-Kalai-Wasserman algorithm which respects the ring structure. Off-the-shelf BKW dimension reduction (including coded-BKW and sieving) can be used for the reduction phase. Its primary advantage is that there is no need for back-substitution, and the solving/hypothesis-testing phase can be parallelized. We also present a method to exploit symmetry to reduce table sizes, samples needed, and runtime during the reduction phase. The results apply to two-power cyclotomic Ring-LWE with parameters proposed for practical use (including all splitting types).Comment: 25 pages; section on advanced keying significantly extended; other minor revision

Wyner-Ziv reconciliation for key exchange based on Ring-LWE

We consider a key encapsulation mechanism (KEM) based on ring-LWE where reconciliation is performed on an N-dimensional lattice using Wyner-Ziv coding. More precisely, we consider Barnes-Wall lattices and use Micciancio and Nicolosi's bounded distance decoder with polynomial complexity O(N log(N)^2). We show that in the asymptotic regime for large N, the achievable key rate is Θ(log N) bits per dimension, while the error probability P_e ≈ O(e −Nε). Unlike previous works, our scheme does not require a dither