389 research outputs found

    Contributions to Lattice–based Cryptography

    Get PDF
    Post–quantum cryptography (PQC) is a new and fast–growing part of Cryptography. It focuses on developing cryptographic algorithms and protocols that resist quantum adversaries (i.e., the adversaries who have access to quantum computers). To construct a new PQC primitive, a designer must use a mathematical problem intractable for the quantum adversary. Many intractability assumptions are being used in PQC. There seems to be a consensus in the research community that the most promising are intractable/hard problems in lattices. However, lattice–based cryptography still needs more research to make it more efficient and practical. The thesis contributes toward achieving either the novelty or the practicality of lattice– based cryptographic systems

    Vector Encoding over Lattices and Its Applications

    Get PDF
    In this work, we design a new lattice encoding structure for vectors. Our encoding can be used to achieve a packed FHE scheme that allows some SIMD operations and can be used to improve all the prior IBE schemes and signatures in the series. In particular, with respect to FHE setting, our method improves over the prior packed GSW structure of Hiromasa et al. (PKC \u2715), as we do not rely on a circular assumption as required in their work. Moreover, we can use the packing and unpacking method to extract each single element, so that the homomorphic operation supports element-wise and cross-element-wise computation as well. In the IBE scenario, we improves over previous constructions supporting O(Λ)O(\Lambda)-bit length identity from lattices substantially, such as Yamada (Eurocrypt \u2716), Katsumata, Yamada (Asiacrypt \u2716) and Yamada (Crypto \u2717), by shrinking the master public key to three matrices from standard Learning With Errors assumption. Additionally, our techniques from IBE can be adapted to construct a compact digital signature scheme, which achieves existential unforgeability under the standard Short Integer Solution (SIS) assumption with small polynomial parameters

    Envisioning the Future of Cyber Security in Post-Quantum Era: A Survey on PQ Standardization, Applications, Challenges and Opportunities

    Full text link
    The rise of quantum computers exposes vulnerabilities in current public key cryptographic protocols, necessitating the development of secure post-quantum (PQ) schemes. Hence, we conduct a comprehensive study on various PQ approaches, covering the constructional design, structural vulnerabilities, and offer security assessments, implementation evaluations, and a particular focus on side-channel attacks. We analyze global standardization processes, evaluate their metrics in relation to real-world applications, and primarily focus on standardized PQ schemes, selected additional signature competition candidates, and PQ-secure cutting-edge schemes beyond standardization. Finally, we present visions and potential future directions for a seamless transition to the PQ era

    Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and Bilinear Maps

    Get PDF
    In this paper, we present new adaptively secure identity-based encryption (IBE) schemes. One of the distinguishing property of the schemes is that it achieves shorter public parameters than previous schemes. Both of our schemes follow the general framework presented in the recent IBE scheme of Yamada (Eurocrypt 2016), employed with novel techniques tailored to meet the underlying algebraic structure to overcome the difficulties arising in our specific setting. Specifically, we obtain the following: - Our first scheme is proven secure under the ring learning with errors (RLWE) assumption and achieves the best asymptotic space efficiency among existing schemes from the same assumption. The main technical contribution is in our new security proof that exploits the ring structure in a crucial way. Our technique allows us to greatly weaken the underlying hardness assumption (e.g., we assume the hardness of RLWE with a fixed polynomial approximation factor whereas Yamada\u27s scheme requires a super-polynomial approximation factor) while improving the overall efficiency. - Our second IBE scheme is constructed on bilinear maps and is secure under the 33-computational bilinear Diffie-Hellman exponent assumption. This is the first IBE scheme based on the hardness of a computational/search problem, rather than a decisional problem such as DDH and DLIN on bilinear maps with sub-linear public parameter size

    Still Wrong Use of Pairings in Cryptography

    Get PDF
    Several pairing-based cryptographic protocols are recently proposed with a wide variety of new novel applications including the ones in emerging technologies like cloud computing, internet of things (IoT), e-health systems and wearable technologies. There have been however a wide range of incorrect use of these primitives. The paper of Galbraith, Paterson, and Smart (2006) pointed out most of the issues related to the incorrect use of pairing-based cryptography. However, we noticed that some recently proposed applications still do not use these primitives correctly. This leads to unrealizable, insecure or too inefficient designs of pairing-based protocols. We observed that one reason is not being aware of the recent advancements on solving the discrete logarithm problems in some groups. The main purpose of this article is to give an understandable, informative, and the most up-to-date criteria for the correct use of pairing-based cryptography. We thereby deliberately avoid most of the technical details and rather give special emphasis on the importance of the correct use of bilinear maps by realizing secure cryptographic protocols. We list a collection of some recent papers having wrong security assumptions or realizability/efficiency issues. Finally, we give a compact and an up-to-date recipe of the correct use of pairings.Comment: 25 page

    Zero-Knowledge Arguments for Matrix-Vector Relations and Lattice-Based Group Encryption

    Get PDF
    International audienceGroup encryption (GE) is the natural encryption analogue of group signatures in that it allows verifiably encrypting messages for some anonymous member of a group while providing evidence that the receiver is a properly certified group member. Should the need arise, an opening authority is capable of identifying the receiver of any ciphertext. As introduced by Kiayias, Tsiounis and Yung (Asiacrypt'07), GE is motivated by applications in the context of oblivious retriever storage systems, anonymous third parties and hierarchical group signatures. This paper provides the first realization of group encryption under lattice assumptions. Our construction is proved secure in the standard model (assuming interaction in the proving phase) under the Learning-With-Errors (LWE) and Short-Integer-Solution (SIS) assumptions. As a crucial component of our system, we describe a new zero-knowledge argument system allowing to demonstrate that a given ciphertext is a valid encryption under some hidden but certified public key, which incurs to prove quadratic statements about LWE relations. Specifically, our protocol allows arguing knowledge of witnesses consisting of X ∈ Z m×n q , s ∈ Z n q and a small-norm e ∈ Z m which underlie a public vector b = X · s + e ∈ Z m q while simultaneously proving that the matrix X ∈ Z m×n q has been correctly certified. We believe our proof system to be useful in other applications involving zero-knowledge proofs in the lattice setting

    Adaptively Secure Identity-Based Encryption from Lattices with Asymptotically Shorter Public Parameters

    Get PDF
    In this paper, we present two new adaptively secure identity-based encryption (IBE) schemes from lattices. The size of the public parameters, ciphertexts, and private keys are O~(n2κ1/d)\tilde{O}(n^2 \kappa^{1/d}), O~(n)\tilde{O}(n), and O~(n)\tilde{O}(n) respectively. Here, nn is the security parameter, κ\kappa is the length of the identity, and dd is a flexible constant that can be set arbitrary (but will affect the reduction cost). Ignoring the poly-logarithmic factors hidden in the asymptotic notation, our schemes achieve the best efficiency among existing adaptively secure IBE schemes from lattices. In more detail, our first scheme is anonymous, but proven secure under the LWE assumption with approximation factor nω(1)n^{\omega(1)}. Our second scheme is not anonymous, but proven adaptively secure assuming the LWE assumption for all polynomial approximation factors. As a side result, based on a similar idea, we construct an attribute-based encryption scheme for branching programs that simultaneously satisfies the following properties for the first time: Our scheme achieves compact secret keys, the security is proven under the LWE assumption with polynomial approximation factors, and the scheme can deal with unbounded length branching programs

    Towards Tightly Secure Short Signature and IBE

    Get PDF
    Constructing short signatures with tight security from standard assumptions is a long-standing open problem. We present an adaptively secure, short (and stateless) signature scheme, featuring a constant security loss relative to a conservative hardness assumption, Short Integer Solution (SIS), and the security of a concretely instantiated pseudorandom function (PRF). This gives a class of tightly secure short lattice signature schemes whose security is based on SIS and the underlying assumption of the instantiated PRF. Our signature construction further extends to give a class of tightly and adaptively secure ``compact Identity-Based Encryption (IBE) schemes, reducible with constant security loss from Regev\u27s vanilla Learning With Errors (LWE) hardness assumption and the security of a concretely instantiated PRF. Our approach is a novel combination of a number of techniques, including Katz and Wang signature, Agrawal et al.\ lattice-based secure IBE, and Boneh et al.\ key-homomorphic encryption. Our results, at the first time, eliminate the dependency between the number of adversary\u27s queries and the security of short signature/IBE schemes in the context of lattice-based cryptography. They also indicate that tightly secure PRFs (with constant security loss) would imply tightly, adaptively secure short signature and IBE schemes (with constant security loss)

    Post-Quantum Secure Deterministic Wallet: Stateless, Hot/Cold Setting, and More Secure

    Get PDF
    Since the invention of Bitcoin, cryptocurrencies have gained huge popularity. Crypto wallet, as the tool to store and manage the cryptographic keys, is the primary entrance for the public to access cryptocurrency funds. Deterministic wallet is an advanced wallet mech- anism that has been proposed to achieve some appealing virtues, such as low-maintenance, easy backup and recovery, supporting functionali- ties required by cryptocurrencies, and so on. But deterministic wallets still have a long way to be practical in quantum world, and there are also some gaps in the classic world, since there are the following prob- lems waiting to be solved. Firstly, the relying on the state, i.e., stateful. The stateful deterministic wallet scheme must internally maintain and keep refreshing synchronously a state which makes the implementation in practice become more complex. And once one of the states is leaked, thereafter the security notion of unlinkability is cannot be guaranteed (referred to as the weak security notion of forward unlinkability). The second problem is vulnerable. There are security shortfalls in previous works, they suffer a vulnerability when a minor fault happens (say, one derived key is compromised somehow), then the damage is not limited to the leaked derived key, instead, it spreads to the master key and the whole system collapses. Thirdly, the falling short in supporting hot/cold setting. The hot/cold setting is a widely adopted method to effectively reduce the exposure chance of secret keys and hence improving the se- curity of the deterministic wallet system. The last problem is the relying on the weak security notion of unforgeability, in which the adversary is only allowed to query and forge the signatures w.r.t. the public keys that were assigned by the challenger. In this work, we present a new deterministic wallet scheme in quantum world, which is stateless, supports hot/cold setting, satisfiies stronger security notions, and is more efficient. In particular, we reformalize the syntax and security models for deterministic wallets, capturing the func- tionality and security requirements imposed by the practice in cryptocur- rency. Then we propose a deterministic wallet construction and prove its security in the quantum random oracle model. Finally, we show our wal- let scheme is more practicable by analyzing an instantiation of our wallet scheme based on the signature scheme Falcon

    Asymptotically Compact Adaptively Secure Lattice IBEs and Verifiable Random Functions via Generalized Partitioning Techniques

    Get PDF
    In this paper, we focus on the constructions of adaptively secure identity-based encryption (IBE) from lattices and verifiable random function (VRF) with large input spaces. Existing constructions of these primitives suffer from low efficiency, whereas their counterparts with weaker guarantees (IBEs with selective security and VRFs with small input spaces) are reasonably efficient. We try to fill these gaps by developing new partitioning techniques that can be performed with compact parameters and proposing new schemes based on the idea. - We propose new lattice IBEs with poly-logarithmic master public key sizes, where we count the number of the basic matrices to measure the size. Our constructions are proven secure under the LWE assumption with polynomial approximation factors. They achieve the best asymptotic space efficiency among existing schemes that depend on the same assumption and achieve the same level of security. - We also propose several new VRFs on bilinear groups. In our first scheme, the size of the proofs is poly-logarithmic in the security parameter, which is the smallest among all the existing schemes with similar properties. On the other hand, the verification keys are long. In our second scheme, the size of the verification keys is poly-logarithmic, which is the smallest among all the existing schemes. The size of the proofs is sub-linear, which is larger than our first scheme, but still smaller than all the previous schemes
    • …
    corecore