43 research outputs found

    Homomorphic Encryption and Cryptanalysis of Lattice Cryptography

    Get PDF
    The vast amount of personal data being collected and analyzed through internet connected devices is vulnerable to theft and misuse. Modern cryptography presents several powerful techniques that can help to solve the puzzle of how to harness data for use while at the same time protecting it---one such technique is homomorphic encryption that allows computations to be done on data while it is still encrypted. The question of security for homomorphic encryption relates to the broader field of lattice cryptography. Lattice cryptography is one of the main areas of cryptography that promises to be secure even against quantum computing. In this dissertation, we will touch on several aspects of homomorphic encryption and its security based on lattice cryptography. Our main contributions are: 1. proving some heuristics that are used in major results in the literature for controlling the error size in bootstrapping for fully homomorphic encryption, 2. presenting a new fully homomorphic encryption scheme that supports k-bit arbitrary operations and achieves an asymptotic ciphertext expansion of one, 3. thoroughly studying certain attacks against the Ring Learning with Errors problem, 4. precisely characterizing the performance of an algorithm for solving the Approximate Common Divisor problem

    Algorithms for CRT-variant of Approximate Greatest Common Divisor Problem

    Get PDF
    The approximate greatest common divisor problem (ACD) and its variants have been used to construct many cryptographic primitives. In particular, variants of the ACD problem based on Chinese remainder theorem (CRT) are exploited in the constructions of a batch fully homomorphic encryption to encrypt multiple messages in one ciphertext. Despite the utility of the CRT-variant scheme, the algorithms to solve its security foundation have not been studied well compared to the original ACD based scheme. In this paper, we propose two algorithms for solving the CCK-ACD problem, which is used to construct a batch fully homomorphic encryption over integers. To achieve the goal, we revisit the orthogonal lattice attack and simultaneous Diophantine approximation algorithm. Both two algorithms take the same time complexity 2O~(γ(ηρ)2)2^{\tilde{O}(\frac{\gamma}{(\eta-\rho)^2})} up to a polynomial factor to solve the CCK-ACD problem for the bit size of samples γ\gamma, secret primes η\eta, and error bound ρ\rho. Compared to Chen and Nguyen\u27s algorithm in Eurocrypt\u27 12, which takes O~(2ρ/2)\tilde{O}(2^{\rho/2}) complexity, our algorithm gives the first parameter condition related to η\eta and γ\gamma size. We also report the experimental results for our attack upon several parameters. From the results, we can see that our algorithms work well both in theoretical and experimental terms

    Critical Perspectives on Provable Security: Fifteen Years of Another Look Papers

    Get PDF
    We give an overview of our critiques of “proofs” of security and a guide to our papers on the subject that have appeared over the past decade and a half. We also provide numerous additional examples and a few updates and errata

    Structural Nonlinear Invariant Attacks on T-310: Attacking Arbitrary Boolean Functions

    Get PDF
    Recent papers show how to construct polynomial invariant attacks for block ciphers, however almost all such results are somewhat weak: invariants are simple and low degree and the Boolean functions tend by very simple if not degenerate. Is there a better more realistic attack, with invariants of higher degree and which is likely to work with stronger Boolean functions? In this paper we show that such attacks exist and can be constructed explicitly through on the one side, the study of Fundamental Equation of eprint/2018/807, and on the other side, a study of the space of Annihilators of any given Boolean function. The main contribution of this paper is that to show that the ``product attack\u27\u27 where the invariant polynomial is a product of simpler polynomials is interesting and quite powerful. Our approach is suitable for backdooring a block cipher in presence of an arbitrarily strong Boolean function not chosen by the attacker. The attack is constructed using excessively simple paper and pencil maths. We also outline a potential application to Data Encryption Standard (DES)

    On the Existence of Non-Linear Invariants and Algebraic Polynomial Constructive Approach to Backdoors in Block Ciphers

    Get PDF
    In this paper we study cryptanalysis with non-linear polynomials cf. Eurocrypt’95 (adapted to Feistel ciphers at Crypto 2004). Previously researchers had serious difficulties in making such attacks work. Even though this is less general than a general space partitioning attack (FSE’97), a polynomial algebraic approach has enormous advantages. Properties are more intelligible and algebraic computational methods can be applied in order to discover or construct the suitable properties. In this paper we show how round invariants can be found for more or less any block cipher, by solving a certain surprisingly simple single algebraic equation (or two). Then if our equation has solutions, which is far from being obvious, it will guarantee that some polynomial invariant will work for an arbitrarily large number of encryption rounds. This paper is a proof of concept showing that it IS possible, for at least one specific quite complex real-life cipher to construct in a systematic way, a non-linear component and a variety of non-linear polynomial invariants holding with probability 1 for any number of rounds and any key/IV. Thus we are able to weaken a block cipher in a permanent and pervasive way. An example of a layered attack with two stages is also shown. Moreover we show that sometimes our equation reduces to zero, and this leads to yet stronger invariants, which work for any Boolean function including the original historical one used in 1970-1990

    Lizard: Cut off the Tail! Practical Post-Quantum Public-Key Encryption from LWE and LWR

    Get PDF
    The LWE problem has been widely used in many constructions for post-quantum cryptography due to its strong security reduction from the worst-case of lattice hard problems and its lightweight operations. The PKE schemes based on the LWE problem have a simple and fast decryption, but the encryption phase is rather slow due to large parameter size for the leftover hash lemma or expensive Gaussian samplings. In this paper, we propose a novel PKE scheme, called Lizard, without relying on either of them. The encryption procedure of Lizard first combines several LWE samples as in the previous LWE-based PKEs, but the following step to re-randomize this combination before adding a plaintext is different: it removes several least significant bits of each component of the computed vector rather than adding an auxiliary error vector. Lizard is IND-CPA secure under the hardness assumptions of the LWE and LWR problems, and its variant achieves IND-CCA security in the quantum random oracle model. Our approach accelerates encryption speed to a large extent and also reduces the size of ciphertexts, and Lizard is very competitive for applications requiring fast encryption and decryption phases. In our single-core implementation on a laptop, the encryption and decryption of IND-CCA Lizard with 256-bit plaintext space under 128-bit quantum security take 0.014 and 0.027 milliseconds, which are comparable to those of NTRU. To achieve these results, we further take some advantages of sparse small secrets
    corecore