Cyclotomic Polynomials in Ring-LWE Homomorphic Encryption Schemes

Homomorphic Encryption has been considered the \u27Holy Grail of Cryptography\u27 since the discovery of secure public key cryptography in the 1970s. In 2009, a long-standing question about whether fully homomorphic encryption is theoretically plausible was affirmatively answered by Craig Gentry and his bootstrapping construction. Gentry\u27s breakthrough has initiated a surge of new research in this area, one of the most promising ideas being the Learning With Errors (LWE) problem posed by Oded Regev\u27s. Although this problem has proved to be versatile as a basis for homomorphic encryption schemes, the large key sizes result in a quadratic overhead making this inefficient for practical purposes. In order to address this efficiency issue, Oded Regev, Chris Peikert and Vadim Lyubashevsky ported the LWE problem to a ring setting, thus calling it the Ring Learning with Errors (Ring-LWE) problem. The underlying ring structure of the Ring-LWE problem is $\mathbb{Z}[x]/\Phi_m(x)$ where $\Phi_m(x)$ is the $m$th cyclotomic polynomial. The hardness of this problem is based on special properties of cyclotomic number fields. In this thesis, we explore the properties of lattices and algebraic number fields, in particular, cyclotomic number fields which make them a good choice to be used in the Ring-LWE problem setting. The biggest crutch in homomorphic encryption schemes till date is performing homomorphic multiplication. As the noise term in the resulting ciphertext grows multiplicatively, it is very hard to recover the original ciphertext after a certain number of multiplications without compromising on efficiency. We investigate the efficiency of an implemented cryptosystem based on the Ring-LWE hardness and measure the performance of homomorphic multiplication by varying different parameters such as the cipherspace cyclotomic index and the underlying ring $\mathbb{Z}_p$

Algorithmic enumeration of ideal classes for quaternion orders

We provide algorithms to count and enumerate representatives of the (right) ideal classes of an Eichler order in a quaternion algebra defined over a number field. We analyze the run time of these algorithms and consider several related problems, including the computation of two-sided ideal classes, isomorphism classes of orders, connecting ideals for orders, and ideal principalization. We conclude by giving the complete list of definite Eichler orders with class number at most 2.Comment: 39 pages, includes 2 tables; corrections made to Table 8.

Artin's primitive root conjecture -a survey -

This is an expanded version of a write-up of a talk given in the fall of 2000 in Oberwolfach. A large part of it is intended to be understandable by non-number theorists with a mathematical background. The talk covered some of the history, results and ideas connected with Artin's celebrated primitive root conjecture dating from 1927. In the update several new results established after 2000 are also discussed.Comment: 87 pages, 512 references, to appear in Integer

Number Field Sieve with Provable Complexity

In this thesis we give an in-depth introduction to the General Number Field Sieve, as it was used by Buhler, Lenstra, and Pomerance, before looking at one of the modern developments of this algorithm: A randomized version with provable complexity. This version was posited in 2017 by Lee and Venkatesan and will be preceded by ample material from both algebraic and analytic number theory, Galois theory, and probability theory.Comment: MSc Thesis, 113 pages, 1 tabl

Linear groups and computation

Funding: A. S. Detinko is supported by a Marie Skłodowska-Curie Individual Fellowship grant (Horizon 2020, EU Framework Programme for Research and Innovation).We present an exposition of our ongoing project in a new area of applicable mathematics: practical computation with finitely generated linear groups over infinite fields. Methodology and algorithms available for practical computation in this class of groups are surveyed. We illustrate the solution of hard mathematical problems by computer experimentation. Possible avenues for further progress are discussed.PostprintPeer reviewe

Deterministic polynomial factoring over finite fields: A uniform approach via P-schemes

We introduce a family of combinatorial objects called P-schemes, where P is a collection of subgroups of a finite group G. A P-scheme is a collection of partitions of right coset spaces H\G, indexed by H ∈ P, that satisfies a list of axioms. These objects generalize the classical notion of association schemes as well as m-schemes (Ivanyos et al., 2009). We apply the theory of P-schemes to deterministic polynomial factoring over finite fields: suppose f(X) ∈ Z[X] and a prime number pare given, such that f(X) :=f(X) modpfactorizes into n =deg(f)distinct linear factors over the finite field F_p. We show that, assuming the generalized Riemann hypothesis (GRH), f(X)can be completely factorized in deterministic polynomial time if the Galois group G of f(X)is an almost simple primitive permutation group on the set of roots of f(X), and the socle of Gis a subgroup of Sym(k)for kup to 2^O(√log n). This is the first deterministic polynomial-time factoring algorithm for primitive Galois groups of superpolynomial order. We prove our result by developing a generic factoring algorithm and analyzing it using P-schemes. We also show that the main results achieved by known GRH-based deterministic polynomial factoring algorithms can be derived from our generic algorithm in a uniform way. Finally, we investigate the schemes conjecturein Ivanyos et al. (2009), and formulate analogous conjectures associated with various families of permutation groups. We show that these conjectures form a hierarchy of relaxations of the original schemes conjecture, and their positive resolutions would imply deterministic polynomial-time factoring algorithms for various families of Galois groups under GRH

Ring-LWE: Enhanced Foundations and Applications

Ring Learning With Errors assumption has become an important building block in many modern cryptographic applications, such as (fully) homomorphic encryption and post-quantum cryptosystems like the recently announced NIST CRYSTALS-Kyber public key encryption scheme. In this thesis, we provide an enhanced security foundation for Ring-LWE based cryptosystems and demonstrate their practical potential in real world applications. Enhanced Foundation. We extend the known pseudorandomness of Ring-LWE to be based on ideal lattices of non Dedekind domains. In earlier works of Lyubashevsky, Perkert and Regev (EUROCRYPT 2010), and Peikert, Regev and Stephens-Davidowitz (STOC 2017), the hardness of RLWE was established on ideal lattices of ring of integers of number fields, which are known to be Dedekind domains. These works extended Regev's (STOC 2005) quantum polynomial-time reduction for LWE, thus allowing more efficient and more structured cryptosystems. However, the additional algebraic structure of ideals of Dedekind domains leaves open the possibility that such ideal lattices are not as hard as general lattices. We show that, the Ring-LWE hardness can be based on the polynomial ring, which is potentially be a strict sub-ring of the ring of integers of a number field, and hence not be a Dedekind domain. We present a novel proof technique that builds an algebraic theory for general such rings that also include cyclotomic rings. We also recommend a ``twisted'' cyclotomic field as an alternative for the cyclotomic field used in CRYSTALS-Kyber, as it leads to a more efficient implementation and is based on hardness of ideals in a non Dedekind domain. We leverages the polynomial nature of Ring-LWE, and introduce XSPIR, a new symmetrically private information retrieval (SPIR) protocol, which provides a stronger security guarantee than existing efficient PIR protocols. Like other PIR protocol, XSPIR allows a client to retrieve a specific entry from a server's database without revealing which entry is retrieved. Moreover, the semi-honest client learns no additional information about the database except for the retrieved entry. We demonstrate through analyses and experiments that XSPIR has only a slight overhead compared to state-of-the-art PIR protocols, and provides a stronger security guarantee while enabling the client to perform more complicated queries than simple retrievals

Linear groups and computation

We present an exposition of our ongoing project in a new area of applicable mathematics: practical computation with finitely generated linear groups over infinite fields. Methodology and algorithms available for this class of groups are surveyed. We illustrate the solution of hard mathematical problems by computer experimentation. Possible avenues for further progress are discussed