16 research outputs found
The Asymptotic Complexity of Coded-BKW with Sieving Using Increasing Reduction Factors
The Learning with Errors problem (LWE) is one of the main candidates for
post-quantum cryptography. At Asiacrypt 2017, coded-BKW with sieving, an
algorithm combining the Blum-Kalai-Wasserman algorithm (BKW) with lattice
sieving techniques, was proposed. In this paper, we improve that algorithm by
using different reduction factors in different steps of the sieving part of the
algorithm. In the Regev setting, where and , the asymptotic complexity is ,
improving the previously best complexity of . When a quantum
computer is assumed or the number of samples is limited, we get a similar level
of improvement.Comment: Longer version of a paper to be presented at ISIT 2019. Updated after
comments from the peer-review process. Includes an appendix with a proof of
Theorem
Π Π°Π·ΡΠ°Π±ΠΎΡΠΊΠ° ΠΈ Π°Π½Π°Π»ΠΈΠ· ΠΎΡΠ°ΠΊΡΠ»Π° Π΄Π»Ρ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΠΌ Π°ΡΠ°ΠΊΠΈ Π½Π° ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΡΠ΅ΡΠΊΡΡ ΡΠΈΡΡΠ΅ΠΌΡ NTRU Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° ΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎΠ³ΠΎ ΠΏΠΎΠΈΡΠΊΠ°
Π ΡΠΈΠ»Ρ ΡΠ°Π·Π²ΠΈΡΠΈΡ ΠΊΠ²Π°Π½ΡΠΎΠ²ΡΡ
Π²ΡΡΠΈΡΠ»Π΅Π½ΠΈΠΉ Π²ΠΎΠ·Π½ΠΈΠΊΠ°Π΅Ρ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎΡΡΡ Π² ΡΠ°Π·ΡΠ°Π±ΠΎΡΠΊΠ΅ ΠΈ Π°Π½Π°Π»ΠΈΠ·Π΅ ΠΊΡΠΈΠΏΡΠΎΡΠΈΡΡΠ΅ΠΌ, ΡΡΡΠΎΠΉΡΠΈΠ²ΡΡ
ΠΊ Π°ΡΠ°ΠΊΠ°ΠΌ Ρ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°Π½ΠΈΠ΅ΠΌ ΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎΠ³ΠΎ ΠΊΠΎΠΌΠΏΡΡΡΠ΅ΡΠ°βΠ°Π»Π³ΠΎΡΠΈΡΠΌΠΎΠ² ΠΏΠΎΡΡΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎΠΉ ΠΊΡΠΈΠΏΡΠΎΠ³ΡΠ°ΡΠΈΠΈ. Π‘ΡΠΎΠΉΠΊΠΎΡΡΡ ΠΌΠ½ΠΎΠ³ΠΈΡ
ΠΈΠ·Π²Π΅ΡΡΠ½ΡΡ
ΠΏΠΎΡΡΠΊΠ²Π°Π½ΡΠΎΠ²ΡΡ
ΠΊΡΠΈΠΏΡΠΎΡΠΈΡΡΠ΅ΠΌ, ΠΎΡΠ½ΠΎΠ²Π°Π½Π½ΡΡ
Π½Π° ΡΠ΅ΠΎΡΠΈΠΈ ΡΠ΅ΡΡΡΠΎΠΊ, Π±Π°Π·ΠΈΡΡΠ΅ΡΡΡ Π½Π° ΡΠ»ΠΎΠΆΠ½ΠΎΡΡΠΈ ΡΠ΅ΡΠ΅Π½ΠΈΡ ΠΏΡΠΎΠ±Π»Π΅ΠΌΡ Π½Π°Ρ
ΠΎΠΆΠ΄Π΅Π½ΠΈΡ ΠΊΡΠ°ΡΡΠ°ΠΉΡΠ΅Π³ΠΎ Π²Π΅ΠΊΡΠΎΡΠ° Π² ΡΠ΅ΡΠ΅ΡΠΊΠ΅ (SVP). Π Π°Π·ΡΠ°Π±ΠΎΡΠ°Π½Π° ΠΈ ΠΏΡΠΎΠ°Π½Π°Π»ΠΈΠ·ΠΈΡΠΎΠ²Π°Π½Π° ΠΌΠΎΠ΄Π΅Π»Ρ ΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎΠ³ΠΎ ΠΎΡΠ°ΠΊΡΠ»Π°, Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΠΎΠ³ΠΎ Π΄Π»Ρ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ Π³ΠΈΠ±ΡΠΈΠ΄Π½ΠΎΠ³ΠΎ ΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎ-ΠΊΠ»Π°ΡΡΠΈΡΠ΅ΡΠΊΠΎΠ³ΠΎ Π°Π»Π³ΠΎΡΠΈΡΠΌΠ° ΡΠ΅ΡΠ΅Π½ΠΈΡ Π·Π°Π΄Π°ΡΠΈ SVP. ΠΠ° ΠΏΡΠΈΠΌΠ΅ΡΠ΅ ΠΏΠΎΡΡΠΊΠ²Π°Π½ΡΠΎΠ²ΠΎΠΉ ΠΊΡΠΈΠΏΡΠΎΡΠΈΡΡΠ΅ΠΌΡ Ρ ΠΎΡΠΊΡΡΡΡΠΌ ΠΊΠ»ΡΡΠΎΠΌ NTRU, ΡΠ²Π»ΡΡΡΠ΅ΠΉΡΡ ΡΠΈΠ½Π°Π»ΠΈΡΡΠΎΠΌ ΡΡΠ΅ΡΡΠ΅Π³ΠΎ ΡΠ°ΡΠ½Π΄Π° ΠΊΠΎΠ½ΠΊΡΡΡΠ° NIST, ΠΏΠΎΠ»ΡΡΠ΅Π½Ρ Π²Π΅ΡΡ
Π½ΠΈΠ΅ ΠΎΡΠ΅Π½ΠΊΠΈ Π½Π° ΡΠΈΡΠ»ΠΎ ΠΊΡΠ±ΠΈΡ ΠΈ Π³Π»ΡΠ±ΠΈΠ½Ρ ΡΡ
Π΅ΠΌΡ, ΡΡΠ΅Π±ΡΠ΅ΠΌΡΠ΅ Π΄Π»Ρ ΡΠ΅Π°Π»ΠΈΠ·Π°ΡΠΈΠΈ Π΄Π°Π½Π½ΠΎΠ³ΠΎ ΠΎΡΠ°ΠΊΡΠ»Π°, Π² Π·Π°Π²ΠΈΡΠΈΠΌΠΎΡΡΠΈ ΠΎΡ ΠΏΠ°ΡΠ°ΠΌΠ΅ΡΡΠΎΠ² ΠΊΡΠΈΠΏΡΠΎΡΠΈΡΡΠ΅ΠΌΡ. Due to the development of quantum computing, there is a need for the development and analysis of cryptosystems resistant to attacks using a quantum computer (post-quantum cryptography algorithms). The security of many well-known post-quantum cryptosystems based on lattice theory depends on the complexity of solving the shortest vector problem (SVP). In the paper, a model of the quantum oracle which is required for the implementation of the hybrid quantum-classical algorithm for solving SVP is proposed and analyzed. For the public key post-quantum cryptosystem NTRU which is the finalist of the third round of the NIST competition, upper bounds for the number of qubits and the depth of the scheme are obtained. The bounds are based on the proposed model of the quantum oracle
The nearest-colattice algorithm
In this work, we exhibit a hierarchy of polynomial time algorithms solving
approximate variants of the Closest Vector Problem (CVP). Our first
contribution is a heuristic algorithm achieving the same distance tradeoff as
HSVP algorithms, namely for a random
lattice of rank . Compared to the so-called Kannan's embedding
technique, our algorithm allows using precomputations and can be used for
efficient batch CVP instances. This implies that some attacks on lattice-based
signatures lead to very cheap forgeries, after a precomputation. Our second
contribution is a proven reduction from approximating the closest vector with a
factor to the Shortest Vector
Problem (SVP) in dimension .Comment: 19 pages, presented at the Algorithmic Number Theory Symposium (ANTS
2020
New Public-Key Crypto-System EHT
In this note, an LWE problem with a hidden trapdoor is introduced. It is used to construct an efficient public-key crypto-system EHT. The new system is significantly different from LWE based NIST candidates like FrodoKEM. The performance of EHT compares favorably with FrodoKEM
Faster Sieving for Shortest Lattice Vectors Using Spherical Locality-Sensitive Hashing
Recently, it was shown that angular locality-sensitive hashing (LSH) can be used to significantly speed up lattice sieving, leading to heuristic time and space complexities for solving the shortest vector problem (SVP) of . We study the possibility of applying other LSH methods to sieving, and show that with the recent spherical LSH method of Andoni et al.\ we can heuristically solve SVP in time and space . We further show that a practical variant of the resulting SphereSieve is very similar to Wang et al.'s two-level sieve, with the key difference that we impose an order on the outer list of centers. Keywords: lattices, shortest vector problem, sieving algorithms, (approximate) nearest neighbor problem, locality-sensitive hashin
Improved Classical and Quantum Algorithms for Subset-Sum
We present new classical and quantum algorithms for solving random subset-sum
instances. First, we improve over the Becker-Coron-Joux algorithm (EUROCRYPT
2011) from downto
, using more general representations with
values in .
Next, we improve the state of the art of quantum algorithms for this problem
in several directions. By combining the Howgrave-Graham-Joux algorithm
(EUROCRYPT 2010) and quantum search, we devise an algorithm with asymptotic
cost , lower than the cost of the quantum
walk based on the same classical algorithm proposed by Bernstein, Jeffery,
Lange and Meurer (PQCRYPTO 2013). This algorithm has the advantage of using
\emph{classical} memory with quantum random access, while the previously known
algorithms used the quantum walk framework, and required \emph{quantum} memory
with quantum random access.
We also propose new quantum walks for subset-sum, performing better than the
previous best time complexity of given by
Helm and May (TQC 2018). We combine our new techniques to reach a time
. This time is dependent on a heuristic on
quantum walk updates, formalized by Helm and May, that is also required by the
previous algorithms. We show how to partially overcome this heuristic, and we
obtain an algorithm with quantum time
requiring only the standard classical subset-sum heuristics
Post-quantum cryptosystems for internet-of-things: A survey on lattice-based algorithms
The latest quantum computers have the ability to solve incredibly complex classical cryptography equations particularly to decode the secret encrypted keys and making the network vulnerable to hacking. They can solve complex mathematical problems almost instantaneously compared to the billions of years of computation needed by traditional computing machines. Researchers advocate the development of novel strategies to include data encryption in the post-quantum era. Lattices have been widely used in cryptography, somewhat peculiarly, and these algorithms have been used in both; (a) cryptoanalysis by using lattice approximation to break cryptosystems; and (b) cryptography by using computationally hard lattice problems (non-deterministic polynomial time hardness) to construct stable cryptographic functions. Most of the dominant features of lattice-based cryptography (LBC), which holds it ahead in the post-quantum league, include resistance to quantum attack vectors, high concurrent performance, parallelism, security under worst-case intractability assumptions, and solutions to long-standing open problems in cryptography. While these methods offer possible security for classical cryptosytems in theory and experimentation, their implementation in energy-restricted Internet-of-Things (IoT) devices requires careful study of regular lattice-based implantation and its simplification in lightweight lattice-based cryptography (LW-LBC). This streamlined post-quantum algorithm is ideal for levelled IoT device security. The key aim of this survey was to provide the scientific community with comprehensive information on elementary mathematical facts, as well as to address real-time implementation, hardware architecture, open problems, attack vectors, and the significance for the IoT networks
Finding shortest lattice vectors faster using quantum search
By applying a quantum search algorithm to various heuristic and provable sieve algorithms from the literature, we obtain improved asymptotic quantum results for solving the shortest vector problem on lattices. With quantum computers we can provably find a shortest vector in time 2^1.799n+o(n) , improving upon the classical time complexities of 2^2.465n+o(n) of Pujol and StehlΓ© and the 2^2n+o(n) of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time 2^0.268n+o(n) , improving upon the classical time complexity of 2^0.298n+o(n) of Laarhoven and De Weger. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem.
Keywords: Lattices Shortest vector problem Sieving Quantum searc