New Digital Signature Algorithm EHTv2

Every public-key encryption/decryption algorithm where the set of possible plain-texts is identical to the set of possible cipher-texts may be converted into a digital signature algorithm. That is quite different in the lattice (code)-based public-key cryptography. The decryption algorithm on a random input produces a valid plain-text, that is a signature, with a negligible probability. That explains why it is so difficult to construct a new secure and efficient lattice-based digital signature system. Though several solutions are known and taking part in the NIST Post Quantum Standardisation Process there is still a need to construct digital signature algorithms based on new principles. In this work, a new and efficient digital signature algorithm is suggested. Its design is simple and transparent. Its security is based on the hardness of an approximate closest vector problem in the maximum norm for some q-ary lattices. The signature is several times shorter than that provided by the NIST Selected Digital Signature Algorithms with comparable security level, while the public key size is larger

Cryptanalysis of ITRU

ITRU cryptosystem is a public key cryptosystem and one of the known variants of NTRU cryptosystem. Instead of working in a truncated polynomial ring, ITRU cryptosystem is based on the ring of integers. The authors claimed that ITRU has better features comparing to the classical NTRU, such as having a simple parameter selection algorithm, invertibility, and successful message decryption, and better security. In this paper, we present an attack technique against the ITRU cryptosystem, and it is mainly based on a simple frequency analysis on the letters of ciphertexts

Cryptanalysis of the Randomized Version of a Lattice-Based Signature Scheme from PKC'08

International audienceIn PKC'08, Plantard, Susilo and Win proposed a lattice-based signature scheme, whose security is based on the hardness of the closest vector problem with the infinity norm (CVP∞). This signature scheme was proposed as a countermeasure against the Nguyen-Regev attack, which improves the security and the efficiency of the Goldreich, Goldwasser and Halevi scheme (GGH). Furthermore, to resist potential side channel attacks, the authors suggested modifying the determinis-tic signing algorithm to be randomized. In this paper, we propose a chosen message attack against the randomized version. Note that the randomized signing algorithm will generate different signature vectors in a relatively small cube for the same message, so the difference of any two signature vectors will be relatively short lattice vector. Once collecting enough such short difference vectors, we can recover the whole or the partial secret key by lattice reduction algorithms, which implies that the randomized version is insecure under the chosen message attack

Ring-LWE:applications to cryptography and their efficient realization

© Springer International Publishing AG 2016. The persistent progress of quantum computing with algorithms of Shor and Proos and Zalka has put our present RSA and ECC based public key cryptosystems at peril. There is a flurry of activity in cryptographic research community to replace classical cryptography schemes with their post-quantum counterparts. The learning with errors problem introduced by Oded Regev offers a way to design secure cryptography schemes in the post-quantum world. Later for efficiency LWE was adapted for ring polynomials known as Ring-LWE. In this paper we discuss some of these ring-LWE based schemes that have been designed. We have also drawn comparisons of different implementations of those schemes to illustrate their evolution from theoretical proposals to practically feasible schemes

A Survey on Homomorphic Encryption Schemes: Theory and Implementation

Legacy encryption systems depend on sharing a key (public or private) among the peers involved in exchanging an encrypted message. However, this approach poses privacy concerns. Especially with popular cloud services, the control over the privacy of the sensitive data is lost. Even when the keys are not shared, the encrypted material is shared with a third party that does not necessarily need to access the content. Moreover, untrusted servers, providers, and cloud operators can keep identifying elements of users long after users end the relationship with the services. Indeed, Homomorphic Encryption (HE), a special kind of encryption scheme, can address these concerns as it allows any third party to operate on the encrypted data without decrypting it in advance. Although this extremely useful feature of the HE scheme has been known for over 30 years, the first plausible and achievable Fully Homomorphic Encryption (FHE) scheme, which allows any computable function to perform on the encrypted data, was introduced by Craig Gentry in 2009. Even though this was a major achievement, different implementations so far demonstrated that FHE still needs to be improved significantly to be practical on every platform. First, we present the basics of HE and the details of the well-known Partially Homomorphic Encryption (PHE) and Somewhat Homomorphic Encryption (SWHE), which are important pillars of achieving FHE. Then, the main FHE families, which have become the base for the other follow-up FHE schemes are presented. Furthermore, the implementations and recent improvements in Gentry-type FHE schemes are also surveyed. Finally, further research directions are discussed. This survey is intended to give a clear knowledge and foundation to researchers and practitioners interested in knowing, applying, as well as extending the state of the art HE, PHE, SWHE, and FHE systems.Comment: - Updated. (October 6, 2017) - This paper is an early draft of the survey that is being submitted to ACM CSUR and has been uploaded to arXiv for feedback from stakeholder

Дослідження криптографічних атак на схеми електронного цифрового підпису в фактор-кільцях зрізаних поліномів

One of the main techniques obtaining authentication is using digital signatures. Research of posquantum digital signatures now acquired urgency because of the potential appearance of quantum computer. Lattice based cryptosystems have several advantages, among which are resistance to quantum cryptanalysis. Therefore, the question of security of lattice based signatures requires detailed analysis. A model of forgery attack using annihilating polynomials against NTRUSign with strengthened parameters and perturbations is proposed. Also we analyse the effectiveness of NTRUSign counterfeiting in practice. The experimental estimates of NTRUSign enhanced parameter settings to this type of threat are considered. The practical value of the obtained results is the experimental evidence that the effectiveness of attack is not significantly reduced by increasing the signature parameter.Одним из важных средств получения услуг аутентификации является электронная подпись. Исследование постквантовых электронных подписей в настоящее время приобретают актуальность из-за возможности возникновения квантового компьютера. Криптосистемы на решетках имеют ряд преимуществ, среди которых основной является устойчивость от квантового криптоанализа. Поэтому вопросы безопасности подписей на решетках требует детального анализа. Предложена модель атаки подделки подписи NTRUSign с помощью аннулирующих полиномов на схему с пертурбациями с усиленными параметрами. Анализируется эффективность подделки NTRUSign на практике. Обосновываются экспериментальные оценки защищенности усиленных параметров подписи NTRUSign от указанного типа угрозы. Практическая ценность полученных результатов заключается в экспериментальном доказательстве того, что эффективность атаки незначительно уменьшается от увеличения параметров подписи.Одним із важливих засобів отримання послуг аутентифікації є електронний підпис. Дослідження постквантових електронних підписів нині набувають актуальності через можливість виникнення квантового комп'ютера. Криптосистеми на решітках мають ряд переваг, серед яких основною є стійкість від квантового криптоаналізу. Тому питання безпеки підписів на решітках потребує детального вивчення. Запропоновано модель атаки підробки електронного цифрового підпису на решітках NTRUSign за допомогою анулюючих поліномів на схему із пертурбаціями з посиленими параметрами. Досліджено ефективність підробки підпису на NTRUSign та наведено практичні приклади успішної атаки. Отримано експериментальні дані, які показують, що алгоритм підпису при використанні техніки пертурбацій не покращує захисту від досліджуваного виду підробки. Обґрунтовуються оцінки захищеності електронного цифрового підпису NTRUSign із застосуванням техніки пертурбації з посиленими параметрами від дослідженого типу загрози. Практична цінність отриманих результатів полягає в експериментальному доведенні того, що ефективність атаки не суттєво зменшується від збільшення параметрів підпису

Practical Lattice Cryptosystems: NTRUEncrypt and NTRUMLS

Public key cryptography, as deployed on the internet today, stands on shaky ground. For over twenty years now it has been known that the systems in widespread use are insecure against adversaries equipped with quantum computers -- a fact that has largely been discounted due to the enormous challenge of building such devices. However, research into the development of quantum computers is accelerating and is producing an abundance of positive results that indicate quantum computers could be built in the near future. As a result, individuals, corporations and government entities are calling for the deployment of new cryptography to replace systems that are vulnerable to quantum cryptanalysis. Few satisfying schemes are to be found. This work examines the design, parameter selection, and cryptanalysis of a post-quantum public key encryption scheme, NTRUEncrypt, and a related signature scheme, NTRUMLS. It is hoped that this analysis will prove useful in comparing these schemes against other candidates that have been proposed to replace existing infrastructure

Post-quantum cryptography

Cryptography is essential for the security of online communication, cars and implanted medical devices. However, many commonly used cryptosystems will be completely broken once large quantum computers exist. Post-quantum cryptography is cryptography under the assumption that the attacker has a large quantum computer; post-quantum cryptosystems strive to remain secure even in this scenario. This relatively young research area has seen some successes in identifying mathematical operations for which quantum algorithms offer little advantage in speed, and then building cryptographic systems around those. The central challenge in post-quantum cryptography is to meet demands for cryptographic usability and flexibility without sacrificing confidence.</p

Cryptanalysis of an NTRU-based Proxy Encryption Scheme from ASIACCS\u2715

In ASIACCS 2015, Nuñez, Agudo, and Lopez proposed a proxy re-encryption scheme, NTRUReEncrypt, based on NTRU, which allows a proxy to translate ciphertext under the delegator\u27s public key into a re-encrypted ciphertext that can be decrypted correctly by delegatee\u27s private key. In addition to its potential resistance to quantum algorithm, the scheme was also considered to be efficient. However, in this paper we point out that the re-encryption process will increase the decryption error, and the increased decryption error will lead to a reaction attack that enables the proxy to recover the private key of the delegator and the delegatee. Moreover, we also propose a second attack which enables the delegatee to recover the private key of the delegator when he collects enough re-encrypted ciphertexts from a same message. We reevaluate the security of NTRUReEncrypt, and also give suggestions and discussions on potential mitigation methods