4 research outputs found
Partial Key Exposure in Ring-LWE-Based Cryptosystems: Attacks and Resilience
We initiate the study of partial key exposure in ring-LWE-based cryptosystems.
Specifically, we
- Introduce the search and decision Leaky-RLWE assumptions (Leaky-SRLWE, Leaky-DRLWE), to formalize the hardness of search/decision RLWE under leakage of some fraction of coordinates of the NTT transform of the RLWE secret and/or error.
- Present and implement an efficient key exposure attack that, given certain -fraction of the coordinates of the NTT transform of the RLWE secret, along with RLWE instances,
recovers the full RLWE secret for standard parameter settings.
- Present a search-to-decision reduction for Leaky-RLWE for certain types of key exposure.
- Analyze the security of NewHope key exchange under partial key exposure of -fraction of the secrets and error.
We show that, assuming that Leaky-DRLWE is hard for these parameters, the shared key (which is then hashed using a random oracle) is computationally indistinguishable from a random variable with average min-entropy , conditioned on transcript and leakage, whereas without leakage the min-entropy is
Finding Most Likely Solutions
As a framewrok for simple but basic statistical inference
problems we introduce a genetic Most Likely Solution problem, a task
of finding a most likely solution (MLS in short) for a given problem
instance under some given probability model. Although many MLS
problems are NP-hard, we propose, for these problems, to study their
average-case complexity under their assumed probability models. We
show three examples of MLS problems, and explain that “message passing
algorithms” (e.g., belief propagation) work reasonably well for these
problems. Some of the technical results of this paper are from the author’s
recent work [WY06, OW06]
Finding Most Likely Solutions
As a framewrok for simple but basic statistical inferenceproblems we introduce a genetic Most Likely Solution problem, a taskof finding a most likely solution (MLS in short) for a given probleminstance under some given probability model. Although many MLSproblems are NP-hard, we propose, for these problems, to study theiraverage-case complexity under their assumed probability models. Weshow three examples of MLS problems, and explain that “message passingalgorithms” (e.g., belief propagation) work reasonably well for theseproblems. Some of the technical results of this paper are from the author’srecent work [WY06, OW06]