664 research outputs found
Chosen-ciphertext security from subset sum
We construct a public-key encryption (PKE) scheme whose
security is polynomial-time equivalent to the hardness of the Subset Sum problem. Our scheme achieves the standard notion of indistinguishability against chosen-ciphertext attacks (IND-CCA) and can be used to encrypt messages of arbitrary polynomial length, improving upon a previous construction by Lyubashevsky, Palacio, and Segev (TCC 2010) which achieved only the weaker notion of semantic security (IND-CPA) and whose concrete security decreases with the length of the message being encrypted. At the core of our construction is a trapdoor technique which originates in the work of Micciancio and Peikert (Eurocrypt 2012
Attacks on the Search-RLWE problem with small errors
The Ring Learning-With-Errors (RLWE) problem shows great promise for
post-quantum cryptography and homomorphic encryption. We describe a new attack
on the non-dual search RLWE problem with small error widths, using ring
homomorphisms to finite fields and the chi-squared statistical test. In
particular, we identify a "subfield vulnerability" (Section 5.2) and give a new
attack which finds this vulnerability by mapping to a finite field extension
and detecting non-uniformity with respect to the number of elements in the
subfield. We use this attack to give examples of vulnerable RLWE instances in
Galois number fields. We also extend the well-known search-to-decision
reduction result to Galois fields with any unramified prime modulus q,
regardless of the residue degree f of q, and we use this in our attacks. The
time complexity of our attack is O(nq2f), where n is the degree of K and f is
the residue degree of q in K. We also show an attack on the non-dual (resp.
dual) RLWE problem with narrow error distributions in prime cyclotomic rings
when the modulus is a ramified prime (resp. any integer). We demonstrate the
attacks in practice by finding many vulnerable instances and successfully
attacking them. We include the code for all attacks
Naor-Yung paradigm with shared randomness and applications
The Naor-Yung paradigm (Naor and Yung, STOCâ90) allows to generically boost security under chosen-plaintext attacks (CPA) to security against chosen-ciphertext attacks (CCA) for public-key encryption (PKE) schemes. The main idea is to encrypt the plaintext twice (under independent public keys), and to append a non-interactive zero-knowledge (NIZK) proof that the two ciphertexts indeed encrypt the same message. Later work by Camenisch, Chandran, and Shoup (Eurocryptâ09) and Naor and Segev (Cryptoâ09 and SIAM J. Comput.â12) established that the very same techniques can also be used in the settings of key-dependent message (KDM) and key-leakage attacks (respectively). In this paper we study the conditions under which the two ciphertexts in the Naor-Yung construction can share the same random coins. We find that this is possible, provided that the underlying PKE scheme meets an additional simple property. The motivation for re-using the same random coins is that this allows to design much more efficient NIZK proofs. We showcase such an improvement in the random oracle model, under standard complexity assumptions including Decisional Diffie-Hellman, Quadratic Residuosity, and Subset Sum. The length of the resulting ciphertexts is reduced by 50%, yielding truly efficient PKE schemes achieving CCA security under KDM and key-leakage attacks. As an additional contribution, we design the first PKE scheme whose CPA security under KDM attacks can be directly reduced to (low-density instances of) the Subset Sum assumption. The scheme supports keydependent messages computed via any affine function of the secret ke
A New Provably Secure Cryptosystem Using Dedekind Domain Direct Product Approach
We would like to prevent, detect, and protect communication and information systems' attacks, which include unauthorized reading of a message of file and traffic analysis or active attacks, such as modification of messages or files, and denial of service by providing cryptographic techniques. If we prove that an encryption algorithm is based on mathematical NP-hard problems, we can prove its security. In this paper, we present a new NTRU-Like public-key cryptosystem with security provably based on the worst-case hardness of the approximate lattice problems (NP-hard problems) in some structured lattices (ideal lattices) in order to attain the applicable objectives of preserving the confidentiality of communication and information system resources (includes hardware, software, firmware, information/data, and telecommunications). Our proposed scheme is an improvement of ETRU cryptosystem. ETRU is an NTRU-Like public-key cryptosystem based on the Eisenstein integers Z [f_3 ] where f_3 is a primitive cube root of unity. ETRU has heuristic security and it has no proof of security. We show that our cryptosystem has security stronger than that of ETRU, over cartesian product of dedekind domains and extended cyclotomic polynomials. We prove the security of our main algorithm from the R-SIS and R-LWE problems as NP-hard problems
An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices
In this paper, we study the Learning With Errors problem and its binary
variant, where secrets and errors are binary or taken in a small interval. We
introduce a new variant of the Blum, Kalai and Wasserman algorithm, relying on
a quantization step that generalizes and fine-tunes modulus switching. In
general this new technique yields a significant gain in the constant in front
of the exponent in the overall complexity. We illustrate this by solving p
within half a day a LWE instance with dimension n = 128, modulus ,
Gaussian noise and binary secret, using
samples, while the previous best result based on BKW claims a time
complexity of with samples for the same parameters. We then
introduce variants of BDD, GapSVP and UniqueSVP, where the target point is
required to lie in the fundamental parallelepiped, and show how the previous
algorithm is able to solve these variants in subexponential time. Moreover, we
also show how the previous algorithm can be used to solve the BinaryLWE problem
with n samples in subexponential time . This
analysis does not require any heuristic assumption, contrary to other algebraic
approaches; instead, it uses a variant of an idea by Lyubashevsky to generate
many samples from a small number of samples. This makes it possible to
asymptotically and heuristically break the NTRU cryptosystem in subexponential
time (without contradicting its security assumption). We are also able to solve
subset sum problems in subexponential time for density , which is of
independent interest: for such density, the previous best algorithm requires
exponential time. As a direct application, we can solve in subexponential time
the parameters of a cryptosystem based on this problem proposed at TCC 2010.Comment: CRYPTO 201
Public-Key Encryption Schemes with Auxiliary Inputs
7th Theory of Cryptography Conference, TCC 2010, Zurich, Switzerland, February 9-11, 2010. ProceedingsWe construct public-key cryptosystems that remain secure even when the adversary is given any computationally uninvertible function of the secret key as auxiliary input (even one that may reveal the secret key information-theoretically). Our schemes are based on the decisional Diffie-Hellman (DDH) and the Learning with Errors (LWE) problems.
As an independent technical contribution, we extend the Goldreich-Levin theorem to provide a hard-core (pseudorandom) value over large fields.National Science Foundation (U.S.) (Grant CCF-0514167)National Science Foundation (U.S.) (Grant CCF-0635297)National Science Foundation (U.S.) (Grant NSF-0729011)Israel Science Foundation (700/08)Chais Family Fellows Progra
- âŠ