9 research outputs found
Challenges for Ring-LWE
As lattice cryptography becomes more widely used in practice, there is
an increasing need for further cryptanalytic effort and
higher-confidence security estimates for its underlying computational
problems. Of particular interest is a class of problems used in many
recent implementations, namely, Learning With Errors (LWE), its more
efficient ring-based variant Ring-LWE, and their ``deterministic
error\u27\u27 counterparts Learning With Rounding (LWR) and Ring-LWR.
To facilitate such analysis, in this work we give a broad collection
of challenges for concrete Ring-LWE and Ring-LWR instantiations over
cyclotomics rings. The challenges cover a wide variety of
instantiations, involving two-power and non-two-power cyclotomics;
moduli of various sizes and arithmetic forms; small and large numbers
of samples; and error distributions satisfying the bounds from
worst-case hardness theorems related to ideal lattices, along with
narrower errors that still appear to yield hard instantiations. We
estimate the hardness of each challenge by giving the approximate
Hermite factor and BKZ block size needed to solve it via
lattice-reduction attacks.
A central issue in the creation of challenges for LWE-like problems is
that dishonestly generated instances can be much harder to solve than
properly generated ones, or even impossible. To address this, we
devise and implement a simple, non-interactive, publicly verifiable
protocol which gives reasonably convincing evidence that the
challenges are properly distributed, or at least not much harder than
claimed
Simple Encrypted Arithmetic Library - SEAL v2.1
Achieving fully homomorphic encryption was a longstanding open problem in cryptography until it was resolved by Gentry in 2009. Soon after, several homomorphic encryption schemes were proposed. The early homomorphic encryption schemes were extremely impractical, but recently new implementations, new data encoding techniques, and a better understanding of the applications have started to change the situation. In this paper we introduce the most recent version (v2.1) of Simple Encrypted Arithmetic Library - SEAL, a homomorphic encryption library developed by Microsoft Research, and describe some of its core functionality
Algebraic aspects of solving Ring-LWE, including ring-based improvements in the Blum-Kalai-Wasserman algorithm
We provide a reduction of the Ring-LWE problem to Ring-LWE problems in
subrings, in the presence of samples of a restricted form (i.e. such
that is restricted to a multiplicative coset of the subring). To create and
exploit such restricted samples, we propose Ring-BKW, a version of the
Blum-Kalai-Wasserman algorithm which respects the ring structure. Off-the-shelf
BKW dimension reduction (including coded-BKW and sieving) can be used for the
reduction phase. Its primary advantage is that there is no need for
back-substitution, and the solving/hypothesis-testing phase can be
parallelized. We also present a method to exploit symmetry to reduce table
sizes, samples needed, and runtime during the reduction phase. The results
apply to two-power cyclotomic Ring-LWE with parameters proposed for practical
use (including all splitting types).Comment: 25 pages; section on advanced keying significantly extended; other
minor revision
How to validate the secret of a Ring Learning with Errors (RLWE) key
We use the signal function from RLWE key exchange to derive an efficient zero knowledge authentication protocol to validate an RLWE key with secret and error in the Random Oracle Model (ROM). With this protocol, a verifier can validate that a key presented to him by a prover is of the form with small and that the prover knows . We accompany the description of the protocol with proof to show that it has negligible soundness and completeness error. The soundness of our protocol relies directly on the hardness of the RLWE problem. The protocol is applicable for both LWE and RLWE but we focus on the RLWE based protocol for efficiency and practicality. We also present a variant of the main protocol with a commitment scheme to avoid using the ROM
Polar Coding for Ring-LWE-Based Public Key Encryption
Cryptographic constructions based on (RLWE) have emerged as one of the front runners for the standardization of post quantum public key cryptography. As the standardization process continues, optimizing specific parts of proposed schemes becomes a worthwhile endeavor. In this work we focus on using error correcting codes to alleviate a natural trade-off present in most schemes; namely, we would like a wider error distribution to increase security, but a wider error distribution comes at the cost of an increased probability of decryption error. The motivation of this work is to improve the security level of RLWE-based public key encryption (PKE) while keeping the target decryption failure rate (DFR) achievable using error-correcting codes. Specifically, we explore how to implement a family member of error correcting codes, known as polar codes, in RLWE-based PKE schemes in order to effectively lower the DFR. The dependency existing in the additive noise term is handled by mapping every error term (e.g., ) under canonical embedding to the space where a product in the number field gives rise to a coordinate-wise product in . An attempt has been made to make the modulation constellation (message basis) fit in with the canonical basis. Furthermore, we exploit the actuality of some error terms known by the decoder to further lower the DFR. Using our method, the DFR is expected to be as low as for code rate 0.25, and binomial parameter as is exactly the setting of the post-quantum scheme NewHope; DFR is for code rate 0.25, . This new DFR margin enables us to improve the security level by compared with NewHope. Moreover, polar encoding and decoding have quasi-linear complexity and they can be implemented in constant time
PELTA -- Shielding Multiparty-FHE against Malicious Adversaries
Multiparty fully homomorphic encryption (MFHE) schemes enable multiple parties to efficiently compute functions on their sensitive data while retaining confidentiality. However, existing MFHE schemes guarantee data confidentiality and the correctness of the computation result only against honest-but-curious adversaries. In this work, we provide the first practical construction that enables the verification of MFHE operations in zero-knowledge, protecting MFHE from malicious adversaries. Our solution relies on a combination of lattice-based commitment schemes and proof systems which we adapt to support both modern FHE schemes and their implementation optimizations. We implement our construction in PELTA. Our experimental evaluation shows that PELTA is one to two orders of magnitude faster than existing techniques in the literature
Simply safe lattice cryptography
Lattice cryptography has many compelling features, like security under worst-case hardness assumptions, apparent security against quantum attacks, efficiency and parallelism, and powerful constructions like fully homomorphic encryption. While standard constructions such as lattice-based key exchange are starting to be deployed in real-world scenarios, the most powerful lattice cryptosystems are still limited to research prototypes. This is due in part to the difficulty of implementing, instantiating, and using these schemes. In this work we present a collection of tools to facilitate broader use of lattice cryptography by improving accessibility and usability. The foundation of this work is Λ∘λ, a general-purpose software framework for lattice cryptography. The Λ∘λ library has several features which distinguish it from prior implementations, including high-level abstractions for lattice operations, advanced functionality needed for applications like homomorphic encryption, and safe interfaces. Many efficient lattice cryptosystems are based on the relatively new Learning With Errors over Rings (Ring-LWE) problem. In order to attract cryptanalytic effort and improve concrete security estimates for this widely used problem, we publish challenges for Ring-LWE and the related Learning With Rounding over Rings problem. Unlike challenges for other cryptographic problems like integer factorization, a dishonest challenger can make Ring-LWE challenges which are much harder to solve than properly generated ones. Thus we propose and implement a non-interactive, publicly verifiable cut-and-choose protocol which provides reasonably convincing evidence that the challenges are properly generated. Finally, we introduce ALCHEMY, a domain-specific language and compiler for homomorphic computations. In existing implementations of homomorphic encryption, users must manually represent a desired plaintext computation as a much more complex sequence of operations on ciphertexts. ALCHEMY automates most of the steps in this process, which dramatically reduces the expertise needed to use homomorphic encryption.Ph.D