253 research outputs found
μ‘μν€λ₯Ό κ°μ§λ μ μκΈ°λ° λνμνΈμ κ΄ν μ°κ΅¬
νμλ
Όλ¬Έ(λ°μ¬)--μμΈλνκ΅ λνμ :μμ°κ³Όνλν μ리과νλΆ,2020. 2. μ²μ ν¬.ν΄λΌμ°λ μμ λ°μ΄ν° λΆμ μμ μλ리μ€λ λνμνΈμ κ°μ₯ ν¨κ³Όμ μΈ μμ© μλλ¦¬μ€ μ€ νλμ΄λ€. κ·Έλ¬λ, λ€μν λ°μ΄ν° μ 곡μμ λΆμκ²°κ³Ό μꡬμκ° μ‘΄μ¬νλ μ€μ νμ€μ λͺ¨λΈμμλ κΈ°λ³Έμ μΈ μ볡νΈνμ λν μ°μ° μΈμλ μ¬μ ν ν΄κ²°ν΄μΌ ν κ³Όμ λ€μ΄ λ¨μμλ μ€μ μ΄λ€. λ³Έ νμλ
Όλ¬Έμμλ μ΄λ¬ν λͺ¨λΈμμ νμν μ¬λ¬ μꡬμ¬νλ€μ ν¬μ°©νκ³ , μ΄μ λν ν΄κ²°λ°©μμ λ
Όνμλ€.
λ¨Όμ , κΈ°μ‘΄μ μλ €μ§ λν λ°μ΄ν° λΆμ μ루μ
λ€μ λ°μ΄ν° κ°μ μΈ΅μλ μμ€μ κ³ λ €νμ§ λͺ»νλ€λ μ μ μ°©μνμ¬, μ μκΈ°λ° μνΈμ λνμνΈλ₯Ό κ²°ν©νμ¬ λ°μ΄ν° μ¬μ΄μ μ κ·Ό κΆνμ μ€μ νμ¬ ν΄λΉ λ°μ΄ν° μ¬μ΄μ μ°μ°μ νμ©νλ λͺ¨λΈμ μκ°νμλ€. λν μ΄ λͺ¨λΈμ ν¨μ¨μ μΈ λμμ μν΄μ λνμνΈ μΉνμ μΈ μ μκΈ°λ° μνΈμ λνμ¬ μ°κ΅¬νμκ³ , κΈ°μ‘΄μ μλ €μ§ NTRU κΈ°λ°μ μνΈλ₯Ό νμ₯νμ¬ module-NTRU λ¬Έμ λ₯Ό μ μνκ³ μ΄λ₯Ό κΈ°λ°μΌλ‘ ν μ μκΈ°λ° μνΈλ₯Ό μ μνμλ€.
λμ§Έλ‘, λνμνΈμ 볡νΈν κ³Όμ μλ μ¬μ ν λΉλ°ν€κ° κ΄μ¬νκ³ μκ³ , λ°λΌμ λΉλ°ν€ κ΄λ¦¬ λ¬Έμ κ° λ¨μμλ€λ μ μ ν¬μ°©νμλ€. μ΄λ¬ν μ μμ μ체μ 보λ₯Ό νμ©ν μ μλ 볡νΈν κ³Όμ μ κ°λ°νμ¬ ν΄λΉ κ³Όμ μ λνμνΈ λ³΅νΈνμ μ μ©νμκ³ , μ΄λ₯Ό ν΅ν΄ μ볡νΈνμ λν μ°μ°μ μ κ³Όμ μ μ΄λ κ³³μλ ν€κ° μ μ₯λμ§ μμ μνλ‘ μνν μ μλ μνΈμμ€ν
μ μ μνμλ€.
λ§μ§λ§μΌλ‘, λνμνΈμ ꡬ체μ μΈ μμ μ± νκ° λ°©λ²μ κ³ λ €νμλ€. μ΄λ₯Ό μν΄ λνμνΈκ° κΈ°λ°νκ³ μλ μ΄λ₯Έλ° Learning With Errors (LWE) λ¬Έμ μ μ€μ μ μΈ λν΄μ±μ λ©΄λ°ν λΆμνμκ³ , κ·Έ κ²°κ³Ό κΈ°μ‘΄μ 곡격 μκ³ λ¦¬μ¦λ³΄λ€ νκ· μ μΌλ‘ 1000λ°° μ΄μ λΉ λ₯Έ 곡격 μκ³ λ¦¬μ¦λ€μ κ°λ°νμλ€. μ΄λ₯Ό ν΅ν΄ νμ¬ μ¬μ©νκ³ μλ λνμνΈ νλΌλ―Έν°κ° μμ νμ§ μμμ 보μκ³ , μλ‘μ΄ κ³΅κ²© μκ³ λ¦¬μ¦μ ν΅ν νλΌλ―Έν° μ€μ λ°©λ²μ λν΄μ λ
Όνμλ€.Secure data analysis delegation on cloud is one of the most powerful application that homomorphic encryption (HE) can bring. As the technical level of HE arrive at practical regime, this model is also being considered to be a more serious and realistic paradigm. In this regard, this increasing attention requires more versatile and secure model to deal with much complicated real world problems.
First, as real world modeling involves a number of data owners and clients, an authorized control to data access is still required even for HE scenario. Second, we note that although homomorphic operation requires no secret key, the decryption requires the secret key. That is, the secret key management concern still remains even for HE. Last, in a rather fundamental view, we thoroughly analyze the concrete hardness of the base problem of HE, so-called Learning With Errors (LWE). In fact, for the sake of efficiency, HE exploits a weaker variant of LWE whose security is believed not fully understood.
For the data encryption phase efficiency, we improve the previously suggested NTRU-lattice ID-based encryption by generalizing the NTRU concept into module-NTRU lattice. Moreover, we design a novel method that decrypts the resulting ciphertext with a noisy key. This enables the decryptor to use its own noisy source, in particular biometric, and hence fundamentally solves the key management problem. Finally, by considering further improvement on existing LWE solving algorithms, we propose new algorithms that shows much faster performance. Consequently, we argue that the HE parameter choice should be updated regarding our attacks in order to maintain the currently claimed security level.1 Introduction 1
1.1 Access Control based on Identity 2
1.2 Biometric Key Management 3
1.3 Concrete Security of HE 3
1.4 List of Papers 4
2 Background 6
2.1 Notation 6
2.2 Lattices 7
2.2.1 Lattice Reduction Algorithm 7
2.2.2 BKZ cost model 8
2.2.3 Geometric Series Assumption (GSA) 8
2.2.4 The Nearest Plane Algorithm 9
2.3 Gaussian Measures 9
2.3.1 Kullback-Leibler Divergence 11
2.4 Lattice-based Hard Problems 12
2.4.1 The Learning With Errors Problem 12
2.4.2 NTRU Problem 13
2.5 One-way and Pseudo-random Functions 14
3 ID-based Data Access Control 16
3.1 Module-NTRU Lattices 16
3.1.1 Construction of MNTRU lattice and trapdoor 17
3.1.2 Minimize the Gram-Schmidt norm 22
3.2 IBE-Scheme from Module-NTRU 24
3.2.1 Scheme Construction 24
3.2.2 Security Analysis by Attack Algorithms 29
3.2.3 Parameter Selections 31
3.3 Application to Signature 33
4 Noisy Key Cryptosystem 36
4.1 Reusable Fuzzy Extractors 37
4.2 Local Functions 40
4.2.1 Hardness over Non-uniform Sources 40
4.2.2 Flipping local functions 43
4.2.3 Noise stability of predicate functions: Xor-Maj 44
4.3 From Pseudorandom Local Functions 47
4.3.1 Basic Construction: One-bit Fuzzy Extractor 48
4.3.2 Expansion to multi-bit Fuzzy Extractor 50
4.3.3 Indistinguishable Reusability 52
4.3.4 One-way Reusability 56
4.4 From Local One-way Functions 59
5 Concrete Security of Homomorphic Encryption 63
5.1 Albrecht's Improved Dual Attack 64
5.1.1 Simple Dual Lattice Attack 64
5.1.2 Improved Dual Attack 66
5.2 Meet-in-the-Middle Attack on LWE 69
5.2.1 Noisy Collision Search 70
5.2.2 Noisy Meet-in-the-middle Attack on LWE 74
5.3 The Hybrid-Dual Attack 76
5.3.1 Dimension-error Trade-o of LWE 77
5.3.2 Our Hybrid Attack 79
5.4 The Hybrid-Primal Attack 82
5.4.1 The Primal Attack on LWE 83
5.4.2 The Hybrid Attack for SVP 86
5.4.3 The Hybrid-Primal attack for LWE 93
5.4.4 Complexity Analysis 96
5.5 Bit-security estimation 102
5.5.1 Estimations 104
5.5.2 Application to PKE 105
6 Conclusion 108
Abstract (in Korean) 120Docto
An RNS variant of fully homomorphic encryption over integers
In 1978, the concept of privacy homomorphism was introduced by Rivest et al. Since then, homomorphic cryptosystems have gathered researchers' attention. Most of the early schemes were either partially homomorphic or not secure. The question then arose: was fully homomorphic encryption (FHE) scheme possible? And if so, would it have a practical worth? About thirty years later, Gentry, in his pioneering work, constructed the first fully homomorphic encryption scheme. The scheme's security was based on worst-case problems over ideal lattices along with a sparse subset-sum problem. A conceptually simpler scheme was proposed in 2010 by Dijk, Gentry, Halevi, and Vaikuntanathan (DGHV). The scheme is over integers instead of ideal lattices, and its security is based on the hardness of the approximate great common divisor problem (A-GCD). Afterward, different techniques were proposed to reduce ciphertext noise growth and to compress the public key size in order to enhance the practicality of FHE. Moreover, Coron et al. proposed and implemented a scale-invariant of the DGHV scheme (SI-DGHV) and a number of optimization techniques including modulus switching (MS). However, FHE over integers is still far from practical. To this end, this work proposes a residue number system (RNS) variant to FHE of SI-DGHV, which is also applicable to the DGHV scheme. The proposed scheme exploits properties of RNS to perform the required operations over relatively small moduli in parallel. The RNS variant enhances the timing of the original scheme. The variant scheme also improves the original scheme's security, since the former relies only on the hardness of the A-GCD problem and eliminates the need for the sparse-subset-sum problem used in the original MS procedure. Moreover, the public key elements that are required for the MS method is slightly reduced in the RNS variant. Finally, our analysis of the RNS variant reveals a different linear relationship between the noise and the multiplication depth
InstaHide: Instance-hiding Schemes for Private Distributed Learning
How can multiple distributed entities collaboratively train a shared deep net
on their private data while preserving privacy? This paper introduces
InstaHide, a simple encryption of training images, which can be plugged into
existing distributed deep learning pipelines. The encryption is efficient and
applying it during training has minor effect on test accuracy.
InstaHide encrypts each training image with a "one-time secret key" which
consists of mixing a number of randomly chosen images and applying a random
pixel-wise mask. Other contributions of this paper include: (a) Using a large
public dataset (e.g. ImageNet) for mixing during its encryption, which improves
security. (b) Experimental results to show effectiveness in preserving privacy
against known attacks with only minor effects on accuracy. (c) Theoretical
analysis showing that successfully attacking privacy requires attackers to
solve a difficult computational problem. (d) Demonstrating that use of the
pixel-wise mask is important for security, since Mixup alone is shown to be
insecure to some some efficient attacks. (e) Release of a challenge dataset
https://github.com/Hazelsuko07/InstaHide_Challenge
Our code is available at https://github.com/Hazelsuko07/InstaHideComment: ICML 202
- β¦