340 research outputs found
Cryptanalysis of Compact-LWE
As an invited speaker of the ACISP 2017 conference, Dongxi Liu recently
introduced a new lattice-based encryption scheme (joint work with Li, Kim
and Nepal) designed for lightweight IoT applications, and announced plans
to submit it to the NIST postquantum competition. The new scheme is based
on a variant of standard LWE called Compact-LWE, but is claimed to
achieve high security levels in considerably smaller dimensions than
usual lattice-based schemes. In fact, the proposed parameters, allegedly
suitable for 138-bit security, involve the Compact-LWE assumption in
dimension only 13.
In this note, we show that this particularly aggressive choice of
parameters fails to achieve the stated security level. More precisely, we
show that ciphertexts in the new encryption scheme can be decrypted using
the public key alone with >99.9% probability in a fraction of a second
on a standard PC, which is not quite as fast as legitimate decryption,
but not too far off
Compact-LWE-MQ^{H}: Public Key Encryption without Hardness Assumptions
Modern public key encryption relies on various hardness assumptions for its security. Hardness assumptions may cause security uncertainty, for instance, when a hardness problem is no longer hard or the best solution to a hard problem might not be publicly released.
In this paper, we propose a public key encryption scheme Compact-LWE-MQ^{H} to
demonstrate the feasibility of constructing public key encryption without relying on hardness assumptions. Instead, its security is based on problems that are called factually hard. The two factually hard problems we propose in this work are stratified system of linear and quadratic equations, and layered learning with relatively big errors. The factually hard problems are characterized by their layered structures, which ensure that the secrets at a lower layer can only be recovered after the secrets in a upper layer have been found {\it correctly} (i.e., leading to consistent lower layer secrets, not necessarily the original upper layer ones). On the other hand, without knowing the secrets in the lower layer, the upper layer subproblem can only be solved by exhaustive search.
Based on the structure of factually hard problems, we prove that without brute-force search the adversary cannot recover plaintexts or correct private key, and then discuss CPA-security and CCA-security of Compact-LWE-MQ^{H}. We have implemented Compact-LWE-MQ^{H} with a number of lines of SageMath code. Simplicity of Compact-LWE-MQ^{H} makes it easy for understanding, cryptanalysis, and implementation.
In our configuration for 128-bit security, the dimensional parameter is ( has the same meaning as in LWE). For such a tiny parameter, the current analysis tools like LLL lattice reduction algorithm are already efficient enough to perform attacks if the security claim of Compact-LWE-MQ^{H} does not hold. That is, the security of Compact-LWE-MQ^{H} is not assumed with the capability of cryptanalysis tools. SageMath code of verifying Compact-LWE-MQ^{H} security is also included in Appendix
Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities
The rise of quantum computers exposes vulnerabilities in current public key
cryptographic protocols, necessitating the development of secure post-quantum
(PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches,
covering the constructional design, structural vulnerabilities, and offer
security assessments, implementation evaluations, and a particular focus on
side-channel attacks. We analyze global standardization processes, evaluate
their metrics in relation to real-world applications, and primarily focus on
standardized PQ schemes, selected additional signature competition candidates,
and PQ-secure cutting-edge schemes beyond standardization. Finally, we present
visions and potential future directions for a seamless transition to the PQ
era
Indistinguishability Obfuscation from Well-Founded Assumptions
In this work, we show how to construct indistinguishability obfuscation from
subexponential hardness of four well-founded assumptions. We prove:
Let be arbitrary
constants. Assume sub-exponential security of the following assumptions, where
is a security parameter, and the parameters below are
large enough polynomials in :
- The SXDH assumption on asymmetric bilinear groups of a prime order ,
- The LWE assumption over with subexponential
modulus-to-noise ratio , where is the dimension of the LWE
secret,
- The LPN assumption over with polynomially many LPN samples
and error rate , where is the dimension of the LPN
secret,
- The existence of a Boolean PRG in with stretch
,
Then, (subexponentially secure) indistinguishability obfuscation for all
polynomial-size circuits exists
Cryptanalysis of Compact-LWE and Related Lightweight Public Key Encryption
In the emerging Internet of Things (IoT), lightweight public key cryptography plays an essential role in security and privacy protection. With the approach of quantum computing era, it is important to design and evaluate lightweight quantum-resistant cryptographic algorithms applicable to IoT. LWE-based cryptography is a widely used and well-studied family of postquantum cryptographic constructions whose hardness is based on worst-case lattice problems. To make LWE friendly to resource-constrained IoT devices, a variant of LWE, named Compact-LWE, was proposed and used to design lightweight cryptographic schemes. In this paper, we study the so-called Compact-LWE problem and clarify that under certain parameter settings it can be solved in polynomial time. As a consequence, our result leads to a practical attack against an instantiated scheme based on Compact-LWE proposed by Liu et al. in 2017
NewHope: A Mobile Implementation of a Post-Quantum Cryptographic Key Encapsulation Mechanism
NIST anticipates the appearance of large-scale quantum computers by 2036 [34], which will threaten widely used asymmetric algorithms, National Institute of Standards and Technology (NIST) launched a Post-Quantum Cryptography Standardization Project to find quantum-secure alternatives. NewHope post-quantum cryptography (PQC) key encapsulation mechanism (KEM) is the only Round 2 candidate to simultaneously achieve small key values through the use of a security problem with sufficient confidence its security, while mitigating any known vulnerabilities. This research contributes to NIST project’s overall goal by assessing the platform flexibility and resource requirements of NewHope KEMs on an Android mobile device. The resource requirements analyzed are transmission size as well as scheme runtime, central processing unit (CPU), memory, and energy usage. Results from each NewHope KEM instantiations are compared amongst each other, to a baseline application, and to results from previous work. NewHope PQC KEM was demonstrated to have sufficient flexibility for mobile implementation, competitive performance with other PQC KEMs, and to have competitive scheme runtime with current key exchange algorithms
- …