20 research outputs found
Security considerations for Galois non-dual RLWE families
We explore further the hardness of the non-dual discrete variant of the
Ring-LWE problem for various number rings, give improved attacks for certain
rings satisfying some additional assumptions, construct a new family of
vulnerable Galois number fields, and apply some number theoretic results on
Gauss sums to deduce the likely failure of these attacks for 2-power cyclotomic
rings and unramified moduli
Algebraic aspects of solving Ring-LWE, including ring-based improvements in the Blum-Kalai-Wasserman algorithm
We provide a reduction of the Ring-LWE problem to Ring-LWE problems in
subrings, in the presence of samples of a restricted form (i.e. such
that is restricted to a multiplicative coset of the subring). To create and
exploit such restricted samples, we propose Ring-BKW, a version of the
Blum-Kalai-Wasserman algorithm which respects the ring structure. Off-the-shelf
BKW dimension reduction (including coded-BKW and sieving) can be used for the
reduction phase. Its primary advantage is that there is no need for
back-substitution, and the solving/hypothesis-testing phase can be
parallelized. We also present a method to exploit symmetry to reduce table
sizes, samples needed, and runtime during the reduction phase. The results
apply to two-power cyclotomic Ring-LWE with parameters proposed for practical
use (including all splitting types).Comment: 25 pages; section on advanced keying significantly extended; other
minor revision
SALSA: Attacking Lattice Cryptography with Transformers
Currently deployed public-key cryptosystems will be vulnerable to attacks by
full-scale quantum computers. Consequently, "quantum resistant" cryptosystems
are in high demand, and lattice-based cryptosystems, based on a hard problem
known as Learning With Errors (LWE), have emerged as strong contenders for
standardization. In this work, we train transformers to perform modular
arithmetic and combine half-trained models with statistical cryptanalysis
techniques to propose SALSA: a machine learning attack on LWE-based
cryptographic schemes. SALSA can fully recover secrets for small-to-mid size
LWE instances with sparse binary secrets, and may scale to attack real-world
LWE-based cryptosystems.Comment: Extended version of work published at NeurIPS 202
Usability of structured lattices for a post-quantum cryptography: practical computations, and a study of some real Kummer extensions
Lattice-based cryptography is an excellent candidate for post-quantum cryptography, i.e. cryptosystems which are resistant to attacks run on quantum computers. For efficiency reason, most of the constructions explored nowadays are based on structured lattices, such as module lattices or ideal lattices. The security of most constructions can be related to the hardness of retrieving a short element in such lattices, and one does not know yet to what extent these additional structures weaken the cryptosystems. A related problem – which is an extension of a classical problem in computational number theory – called the Short Principal Ideal Problem (or SPIP), consists of finding a short generator of a principal ideal. Its assumed hardness has been used to build some cryptographic schemes. However it has been shown to be solvable in quantum polynomial time over cyclotomic fields, through an attack which uses the Log-unit lattice of the field considered. Later, practical results showed that multiquadratic fields were also weak to this strategy.
The main general question that we study in this thesis is To what extent can structured lattices be used to build a post-quantum cryptography
NTRU in Quaternion Algebras of Bounded Discriminant
The NTRU assumption provides one of the most prominent problems on which to base post-quantum cryptography. Because of the efficiency and security of NTRU-style schemes, structured variants have been proposed, using modules. In this work, we create a structured form of NTRU using lattices obtained from orders in cyclic division algebras of index 2, that is, from quaternion algebras. We present a public-key encryption scheme, and show that its public keys are statistically close to uniform. We then prove IND-CPA security of a variant of our scheme when the discriminant of the quaternion algebra is not too large, assuming the hardness of Learning with Errors in cyclic division algebras
Algebraic lattices and applications to codes and cryptography
Orientador: Sueli Irene Rodrigues CostaTese (doutorado) - Universidade Estadual de Campinas, Instituto de Matemática EstatĂstica e Computação CientĂficaResumo: Neste trabalho estudamos a aplicação de reticulados algĂ©bricos a diferentes contextos. Ao todo, quatro objetivos norteiam esta tese. O primeiro objetivo consiste na construção de reticulados com boa densidade de centro via submĂłdulos de anĂ©is de inteiros de corpos de nĂşmeros algĂ©bricos. Nesse contexto, concluĂmos a construção algĂ©brica do reticulado , para qualquer , e estudamos a sua distância produto mĂnima, bem como a de . AlĂ©m disso, calculamos a expressĂŁo da forma traço associada a corpos de nĂşmeros abelianos de grau primo Ămpar ramificado, a qual está relacionada Ă densidade de centro de reticulados algĂ©bricos obtidos via o mergulho de Minkowski. O segundo objetivo se trata da análise de situações em que reticulados algĂ©bricos sĂŁo bem arredondados. Provamos que em cada dimensĂŁo prima Ămpar existem infinitos reticulados algĂ©bricos nĂŁo equivalentes entre si que sĂŁo bem arredondados. O terceiro objetivo Ă© apresentar a aplicabilidade e a atualidade dos reticulados algĂ©bricos no contexto da criptografia pĂłs-quântica. AlĂ©m de resumir os avanços recentes da criptografia via reticulados, propomos a utilização de reticulados algĂ©bricos obtidos via o mergulho torcido a este contexto e provamos que a dificuldade de quebra da segurança do sistema proposto está associada Ă dificuldade de solucionar o problema anel-LWE. Por fim, o quarto objetivo trata do estudo dos reticulados logarĂtmicos, com especial destaque ao raio de cobertura atravĂ©s das unidades de qualquer corpo ciclotĂ´mico. Calculamos uma cota superior para o raio de cobertura de reticulados logarĂtmicos construĂdos atravĂ©s desses corpos. Nas abordagens dentro dos quatro propĂłsitos acima fica ressaltado que ferramentas algĂ©bricas vĂŞm contribuindo de forma eficaz para a produção de reticulados aplicáveis a diversos contextos em teoria de cĂłdigos e criptografiaAbstract: In this work we study applications of algebraic lattices in different contexts. Four goals guide this PhD thesis. The first goal is the construction of lattices with great center density via submodules of the ring of integers of algebraic number fields. In this approach, we obtain the algebraic construction of the lattice , for all , and study its minimum product distance, as well as of the lattice . Besides, we calculate the expression of the trace form associated with abelian number fields of ramified odd prime degree, which is related to the center density of algebraic lattices obtained via the Minkowski embedding. The second goal is the analysis of cases which provide well rounded algebraic lattices. We prove that for each odd prime dimension there exist infinitely many non-equivalent algebraic lattices which are well rounded. The third goal is to present the application of algebraic lattices in the context of the so called post-quantum cryptography. We resume recent advances of lattice cryptography, propose the use of algebraic lattices coming from twisted embedding in this context and prove that the hardness of broking the security of the proposed system is related to the hardness to solve the ring-LWE problem. The fourth goal is the study of logarithmic lattices, specially the analysis of the covering radius of those obtained from units of cyclotomic number fields. We calculate an upper bound of the covering radius of the logarithmic lattices constructed from these fields. In the four objectives described above it is stressed that algebraic tools have good contributions to produce lattices used in coding theory and cryptographyDoutoradoMatematicaDoutor em MatemáticaCAPE
Security Guidelines for Implementing Homomorphic Encryption
Fully Homomorphic Encryption (FHE) is a cryptographic primitive that allows performing arbitrary operations on encrypted data. Since the conception of the idea in [RAD78], it was considered a holy grail of cryptography. After the first construction in 2009 [Gen09], it has evolved to become a practical primitive with strong security guarantees. Most modern constructions are based on well-known lattice problems such as Learning with Errors (LWE). Besides its academic appeal, in recent years FHE has also attracted significant attention from industry, thanks to its applicability to a considerable number of real-world use-cases. An upcoming standardization effort by ISO/IEC aims to support the wider adoption of these techniques. However, one of the main challenges that standards bodies, developers, and end users usually encounter is establishing parameters. This is particularly hard in the case of FHE because the parameters are not only related to the security level of the system, but also to the type of operations that the system is able to handle. In this paper, we provide examples of parameter sets for LWE targeting particular security levels that can be used in the context of FHE constructions. We also give examples of complete FHE parameter sets, including the parameters relevant for correctness and performance, alongside those relevant for security. As an additional contribution, we survey the parameter selection support offered in open-source FHE libraries
Homomorphic Encryption Standard
Homomorphic Encryption is a breakthrough technology which can enable private cloud storage and computation solutions, and many applications have been described in the literature in the last few years. But before Homomorphic Encryption can be adopted in medical, health, and financial sectors to protect data and patient and consumer privacy, it will have to be standardized, most likely by multiple standardization bodies and government agencies. An important part of standardization is broad agreement on security levels for varying parameter sets. Although extensive research and benchmarking has been done in the research community to establish the foundations for this effort, it is hard to find all the information in one place, along with concrete parameter recommendations for applications and deployment.
This document is the first Homomorphic Encryption Standard (HES) approved by the Homomorphicencryption.org community in 2018. It captures the collective knowledge on the state of security of these schemes, specifies the schemes, and recommends a wide selection of parameters to be used for homomorphic encryption at various security levels. We describe known attacks and their estimated running times in order to make these security parameter recommendations
Survey on Fully Homomorphic Encryption, Theory, and Applications
Data privacy concerns are increasing significantly in the context of Internet of Things, cloud services, edge computing, artificial intelligence applications, and other applications enabled by next generation networks. Homomorphic Encryption addresses privacy challenges by enabling multiple operations to be performed on encrypted messages without decryption. This paper comprehensively addresses homomorphic encryption from both theoretical and practical perspectives. The paper delves into the mathematical foundations required to understand fully homomorphic encryption (FHE). It consequently covers design fundamentals and security properties of FHE and describes the main FHE schemes based on various mathematical problems. On a more practical level, the paper presents a view on privacy-preserving Machine Learning using homomorphic encryption, then surveys FHE at length from an engineering angle, covering the potential application of FHE in fog computing, and cloud computing services. It also provides a comprehensive analysis of existing state-of-the-art FHE libraries and tools, implemented in software and hardware, and the performance thereof