362 research outputs found
Lattice Gaussian Sampling by Markov Chain Monte Carlo: Bounded Distance Decoding and Trapdoor Sampling
Sampling from the lattice Gaussian distribution plays an important role in
various research fields. In this paper, the Markov chain Monte Carlo
(MCMC)-based sampling technique is advanced in several fronts. Firstly, the
spectral gap for the independent Metropolis-Hastings-Klein (MHK) algorithm is
derived, which is then extended to Peikert's algorithm and rejection sampling;
we show that independent MHK exhibits faster convergence. Then, the performance
of bounded distance decoding using MCMC is analyzed, revealing a flexible
trade-off between the decoding radius and complexity. MCMC is further applied
to trapdoor sampling, again offering a trade-off between security and
complexity. Finally, the independent multiple-try Metropolis-Klein (MTMK)
algorithm is proposed to enhance the convergence rate. The proposed algorithms
allow parallel implementation, which is beneficial for practical applications.Comment: submitted to Transaction on Information Theor
Implementation and evaluation of improved Gaussian sampling for lattice trapdoors
We report on our implementation of a new Gaussian sampling algorithm for lattice trapdoors. Lattice trapdoors are used in a wide array of lattice-based cryptographic schemes including digital signatures, attributed-based encryption, program obfuscation and others. Our implementation provides Gaussian sampling for trapdoor lattices with prime moduli, and supports both single- and multi-threaded execution. We experimentally evaluate our implementation through its use in the GPV hash-and-sign digital signature scheme as a benchmark. We compare our design and implementation with prior work reported in the literature. The evaluation shows that our implementation 1) has smaller space requirements and faster runtime, 2) does not require multi-precision floating-point arithmetic, and 3) can be used for a broader range of cryptographic primitives than previous implementations
Ring Signature from Bonsai Tree: How to Preserve the Long-Term Anonymity
Signer-anonymity is the central feature of ring signatures, which enable a
user to sign messages on behalf of an arbitrary set of users, called the ring,
without revealing exactly which member of the ring actually generated the
signature. Strong and long-term signer-anonymity is a reassuring guarantee for
users who are hesitant to leak a secret, especially if the consequences of
identification are dire in certain scenarios such as whistleblowing. The notion
of \textit{unconditional anonymity}, which protects signer-anonymity even
against an infinitely powerful adversary, is considered for ring signatures
that aim to achieve long-term signer-anonymity. However, the existing
lattice-based works that consider the unconditional anonymity notion did not
strictly capture the security requirements imposed in practice, this leads to a
realistic attack on signer-anonymity.
In this paper, we present a realistic attack on the unconditional anonymity
of ring signatures, and formalize the unconditional anonymity model to strictly
capture it. We then propose a lattice-based ring signature construction with
unconditional anonymity by leveraging bonsai tree mechanism. Finally, we prove
the security in the standard model and demonstrate the unconditional anonymity
through both theoretical proof and practical experiments
Contributions to Latticeโbased Cryptography
Postโquantum cryptography (PQC) is a new and fastโgrowing part of Cryptography. It focuses on developing cryptographic algorithms and protocols that resist quantum adversaries (i.e., the adversaries who have access to quantum computers). To construct a new PQC primitive, a designer must use a mathematical problem intractable for the quantum adversary. Many intractability assumptions are being used in PQC. There seems to be a consensus in the research community that the most promising are intractable/hard problems in lattices. However, latticeโbased cryptography still needs more research to make it more efficient and practical. The thesis contributes toward achieving either the novelty or the practicality of latticeโ based cryptographic systems
Recommended from our members
Post-quantum blockchain for internet of things domain
This thesis was submitted for the award of Doctor of Philosophy and was awarded by Brunel University LondonIn the evolving realm of quantum computing, emerging advancements reveal substantial challenges and threats to existing cryptographic infrastructures, particularly impacting blockchain technologies. These are pivotal for securing the Internet of Things (IoT) ecosystems. The traditional blockchain structures, integral to myriad IoT applications, are susceptible to potential quantum computations, emphasizing an urgent need for innovations in post-quantum blockchain solutions to reinforce security in the expansive domain of IoT.
This PhD thesis delves into the crucial exploration and meticulous examination of the development and implementation of post-quantum blockchain within the IoT landscape, focusing on the incorporation of advanced post-quantum cryptographic algorithms in Hyperledger Fabric, a forefront blockchain platform renowned for its versatility and robustness. The primary aim is to discern viable post-quantum cryptographic solutions capable of fortifying blockchain systems against impending quantum threats enhancing security and reliability in IoT applications.
The research comprehensively evaluates various post-quantum public-key generation and digital signature algorithms, performing detailed analyses of their computational time and memory usage to identify optimal candidates. Furthermore, the thesis proposes an innovative lattice-based digital signature scheme Fast-Fourier Lattice-based Compact Signature over NTRU (Falcon), which leverages the Monte Carlo Markov Chain (MCMC) algorithm as a trapdoor sampler to augment its security attributes.
The research introduces a post-quantum version of the Hyperledger Fabric blockchain that integrates post-quantum signatures. The system utilizes the Open Quantum Safe (OQS) library, rigorously tested against NIST round 3 candidates for optimal performance. The study highlights the capability to manage IoT data securely on the post-quantum Hyperledger Fabric blockchain through the Message Queue Telemetry Transport (MQTT) protocol. Such a configuration ensures safe data transfer from IoT sensors directly to the blockchain nodes, securing the processing and recording of sensor data within the node ledger. The research addresses the multifaceted challenges of quantum computing advancements and significantly contributes to establishing secure, efficient, and resilient post-quantum blockchain infrastructures tailored explicitly for the IoT domain. These findings are instrumental in elevating the security paradigms of IoT systems against quantum vulnerabilities and catalysing innovations in post-quantum cryptography and blockchain technologies.
Furthermore, this thesis introduces strategies for the optimization of performance and scalability of post-quantum blockchain solutions and explores alternative, energy-efficient consensus mechanisms such as the Raft and Stellar Consensus Protocol (SCP), providing sustainable alternatives to the conventional Proof-of-Work (PoW) approach.
A critical insight emphasized throughout this thesis is the imperative of synergistic collaboration among academia, industry, and regulatory bodies. This collaboration is pivotal to expedite the adoption and standardization of post-quantum blockchain solutions, fostering the development of interoperable and standardized technologies enriched with robust security and privacy frameworks for end users.
In conclusion, this thesis furnishes profound insights and substantial contributions to implementing post-quantum blockchain in the IoT domain. It delineates original contributions to the knowledge and practices in the field, offering practical solutions and advancing the state-of-the-art in post-quantum cryptography and blockchain research, thereby paving the way for a secure and resilient future for interconnected IoT systems
์ก์ํค๋ฅผ ๊ฐ์ง๋ ์ ์๊ธฐ๋ฐ ๋ํ์ํธ์ ๊ดํ ์ฐ๊ตฌ
ํ์๋
ผ๋ฌธ(๋ฐ์ฌ)--์์ธ๋ํ๊ต ๋ํ์ :์์ฐ๊ณผํ๋ํ ์๋ฆฌ๊ณผํ๋ถ,2020. 2. ์ฒ์ ํฌ.ํด๋ผ์ฐ๋ ์์ ๋ฐ์ดํฐ ๋ถ์ ์์ ์๋๋ฆฌ์ค๋ ๋ํ์ํธ์ ๊ฐ์ฅ ํจ๊ณผ์ ์ธ ์์ฉ ์๋๋ฆฌ์ค ์ค ํ๋์ด๋ค. ๊ทธ๋ฌ๋, ๋ค์ํ ๋ฐ์ดํฐ ์ ๊ณต์์ ๋ถ์๊ฒฐ๊ณผ ์๊ตฌ์๊ฐ ์กด์ฌํ๋ ์ค์ ํ์ค์ ๋ชจ๋ธ์์๋ ๊ธฐ๋ณธ์ ์ธ ์๋ณตํธํ์ ๋ํ ์ฐ์ฐ ์ธ์๋ ์ฌ์ ํ ํด๊ฒฐํด์ผ ํ ๊ณผ์ ๋ค์ด ๋จ์์๋ ์ค์ ์ด๋ค. ๋ณธ ํ์๋
ผ๋ฌธ์์๋ ์ด๋ฌํ ๋ชจ๋ธ์์ ํ์ํ ์ฌ๋ฌ ์๊ตฌ์ฌํญ๋ค์ ํฌ์ฐฉํ๊ณ , ์ด์ ๋ํ ํด๊ฒฐ๋ฐฉ์์ ๋
ผํ์๋ค.
๋จผ์ , ๊ธฐ์กด์ ์๋ ค์ง ๋ํ ๋ฐ์ดํฐ ๋ถ์ ์๋ฃจ์
๋ค์ ๋ฐ์ดํฐ ๊ฐ์ ์ธต์๋ ์์ค์ ๊ณ ๋ คํ์ง ๋ชปํ๋ค๋ ์ ์ ์ฐฉ์ํ์ฌ, ์ ์๊ธฐ๋ฐ ์ํธ์ ๋ํ์ํธ๋ฅผ ๊ฒฐํฉํ์ฌ ๋ฐ์ดํฐ ์ฌ์ด์ ์ ๊ทผ ๊ถํ์ ์ค์ ํ์ฌ ํด๋น ๋ฐ์ดํฐ ์ฌ์ด์ ์ฐ์ฐ์ ํ์ฉํ๋ ๋ชจ๋ธ์ ์๊ฐํ์๋ค. ๋ํ ์ด ๋ชจ๋ธ์ ํจ์จ์ ์ธ ๋์์ ์ํด์ ๋ํ์ํธ ์นํ์ ์ธ ์ ์๊ธฐ๋ฐ ์ํธ์ ๋ํ์ฌ ์ฐ๊ตฌํ์๊ณ , ๊ธฐ์กด์ ์๋ ค์ง NTRU ๊ธฐ๋ฐ์ ์ํธ๋ฅผ ํ์ฅํ์ฌ module-NTRU ๋ฌธ์ ๋ฅผ ์ ์ํ๊ณ ์ด๋ฅผ ๊ธฐ๋ฐ์ผ๋ก ํ ์ ์๊ธฐ๋ฐ ์ํธ๋ฅผ ์ ์ํ์๋ค.
๋์งธ๋ก, ๋ํ์ํธ์ ๋ณตํธํ ๊ณผ์ ์๋ ์ฌ์ ํ ๋น๋ฐํค๊ฐ ๊ด์ฌํ๊ณ ์๊ณ , ๋ฐ๋ผ์ ๋น๋ฐํค ๊ด๋ฆฌ ๋ฌธ์ ๊ฐ ๋จ์์๋ค๋ ์ ์ ํฌ์ฐฉํ์๋ค. ์ด๋ฌํ ์ ์์ ์์ฒด์ ๋ณด๋ฅผ ํ์ฉํ ์ ์๋ ๋ณตํธํ ๊ณผ์ ์ ๊ฐ๋ฐํ์ฌ ํด๋น ๊ณผ์ ์ ๋ํ์ํธ ๋ณตํธํ์ ์ ์ฉํ์๊ณ , ์ด๋ฅผ ํตํด ์๋ณตํธํ์ ๋ํ ์ฐ์ฐ์ ์ ๊ณผ์ ์ ์ด๋ ๊ณณ์๋ ํค๊ฐ ์ ์ฅ๋์ง ์์ ์ํ๋ก ์ํํ ์ ์๋ ์ํธ์์คํ
์ ์ ์ํ์๋ค.
๋ง์ง๋ง์ผ๋ก, ๋ํ์ํธ์ ๊ตฌ์ฒด์ ์ธ ์์ ์ฑ ํ๊ฐ ๋ฐฉ๋ฒ์ ๊ณ ๋ คํ์๋ค. ์ด๋ฅผ ์ํด ๋ํ์ํธ๊ฐ ๊ธฐ๋ฐํ๊ณ ์๋ ์ด๋ฅธ๋ฐ Learning With Errors (LWE) ๋ฌธ์ ์ ์ค์ ์ ์ธ ๋ํด์ฑ์ ๋ฉด๋ฐํ ๋ถ์ํ์๊ณ , ๊ทธ ๊ฒฐ๊ณผ ๊ธฐ์กด์ ๊ณต๊ฒฉ ์๊ณ ๋ฆฌ์ฆ๋ณด๋ค ํ๊ท ์ ์ผ๋ก 1000๋ฐฐ ์ด์ ๋น ๋ฅธ ๊ณต๊ฒฉ ์๊ณ ๋ฆฌ์ฆ๋ค์ ๊ฐ๋ฐํ์๋ค. ์ด๋ฅผ ํตํด ํ์ฌ ์ฌ์ฉํ๊ณ ์๋ ๋ํ์ํธ ํ๋ผ๋ฏธํฐ๊ฐ ์์ ํ์ง ์์์ ๋ณด์๊ณ , ์๋ก์ด ๊ณต๊ฒฉ ์๊ณ ๋ฆฌ์ฆ์ ํตํ ํ๋ผ๋ฏธํฐ ์ค์ ๋ฐฉ๋ฒ์ ๋ํด์ ๋
ผํ์๋ค.Secure data analysis delegation on cloud is one of the most powerful application that homomorphic encryption (HE) can bring. As the technical level of HE arrive at practical regime, this model is also being considered to be a more serious and realistic paradigm. In this regard, this increasing attention requires more versatile and secure model to deal with much complicated real world problems.
First, as real world modeling involves a number of data owners and clients, an authorized control to data access is still required even for HE scenario. Second, we note that although homomorphic operation requires no secret key, the decryption requires the secret key. That is, the secret key management concern still remains even for HE. Last, in a rather fundamental view, we thoroughly analyze the concrete hardness of the base problem of HE, so-called Learning With Errors (LWE). In fact, for the sake of efficiency, HE exploits a weaker variant of LWE whose security is believed not fully understood.
For the data encryption phase efficiency, we improve the previously suggested NTRU-lattice ID-based encryption by generalizing the NTRU concept into module-NTRU lattice. Moreover, we design a novel method that decrypts the resulting ciphertext with a noisy key. This enables the decryptor to use its own noisy source, in particular biometric, and hence fundamentally solves the key management problem. Finally, by considering further improvement on existing LWE solving algorithms, we propose new algorithms that shows much faster performance. Consequently, we argue that the HE parameter choice should be updated regarding our attacks in order to maintain the currently claimed security level.1 Introduction 1
1.1 Access Control based on Identity 2
1.2 Biometric Key Management 3
1.3 Concrete Security of HE 3
1.4 List of Papers 4
2 Background 6
2.1 Notation 6
2.2 Lattices 7
2.2.1 Lattice Reduction Algorithm 7
2.2.2 BKZ cost model 8
2.2.3 Geometric Series Assumption (GSA) 8
2.2.4 The Nearest Plane Algorithm 9
2.3 Gaussian Measures 9
2.3.1 Kullback-Leibler Divergence 11
2.4 Lattice-based Hard Problems 12
2.4.1 The Learning With Errors Problem 12
2.4.2 NTRU Problem 13
2.5 One-way and Pseudo-random Functions 14
3 ID-based Data Access Control 16
3.1 Module-NTRU Lattices 16
3.1.1 Construction of MNTRU lattice and trapdoor 17
3.1.2 Minimize the Gram-Schmidt norm 22
3.2 IBE-Scheme from Module-NTRU 24
3.2.1 Scheme Construction 24
3.2.2 Security Analysis by Attack Algorithms 29
3.2.3 Parameter Selections 31
3.3 Application to Signature 33
4 Noisy Key Cryptosystem 36
4.1 Reusable Fuzzy Extractors 37
4.2 Local Functions 40
4.2.1 Hardness over Non-uniform Sources 40
4.2.2 Flipping local functions 43
4.2.3 Noise stability of predicate functions: Xor-Maj 44
4.3 From Pseudorandom Local Functions 47
4.3.1 Basic Construction: One-bit Fuzzy Extractor 48
4.3.2 Expansion to multi-bit Fuzzy Extractor 50
4.3.3 Indistinguishable Reusability 52
4.3.4 One-way Reusability 56
4.4 From Local One-way Functions 59
5 Concrete Security of Homomorphic Encryption 63
5.1 Albrecht's Improved Dual Attack 64
5.1.1 Simple Dual Lattice Attack 64
5.1.2 Improved Dual Attack 66
5.2 Meet-in-the-Middle Attack on LWE 69
5.2.1 Noisy Collision Search 70
5.2.2 Noisy Meet-in-the-middle Attack on LWE 74
5.3 The Hybrid-Dual Attack 76
5.3.1 Dimension-error Trade-o of LWE 77
5.3.2 Our Hybrid Attack 79
5.4 The Hybrid-Primal Attack 82
5.4.1 The Primal Attack on LWE 83
5.4.2 The Hybrid Attack for SVP 86
5.4.3 The Hybrid-Primal attack for LWE 93
5.4.4 Complexity Analysis 96
5.5 Bit-security estimation 102
5.5.1 Estimations 104
5.5.2 Application to PKE 105
6 Conclusion 108
Abstract (in Korean) 120Docto
Towards Compact Identity-based Encryption on Ideal Lattices
Basic encryption and signature on lattices have comparable efficiency to their classical counterparts in terms of speed and key size. However, Identity-based Encryption (IBE) on lattices is much less efficient in terms of compactness, even when instantiated on ideal lattices and in the Random Oracle Model (ROM). This is because the underlying preimage sampling algorithm used to extract the users\u27 secret keys requires huge public parameters. In this work, we specify a compact IBE instantiation for practical use by introducing various optimizations. Specifically, we first propose a modified gadget to make it more suitable for the instantiation of practical IBE. Then, by incorporating our gadget and the non-spherical Gaussian technique, we provide an efficient preimage sampling algorithm, based on which, we give a specification of a compact IBE on ideal lattice. Finally, two parameter sets and a proof-of-concept implementation are presented. Given the importance of the preimage sampling algorithm in lattice-based cryptography, we believe that our technique can also be applied to the practical instantiation of other advanced cryptographic schemes
- โฆ