68 research outputs found
Attack on Fully Homomorphic Encryption over the Integers
This paper presents a heuristic attack on the fully homomorphic encryption
over the integers by using lattice reduction algorithm. Our result shows that
the FHE in [DGHV10] is not secure for some parameter settings. We also present
an improvement scheme to avoid the lattice attack in this paper.Comment: 24 page
Cryptanalysis of the Smart-Vercauteren and Gentry-Halevi’s Fully Homomorphic Encryption
For the fully homomorphic encryption schemes in [SV10, GH11], this paper presents attacks to solve equivalent secret key and directly recover plaintext from ciphertext for lattice dimensions n=2048 by using lattice reduction algorithm. According to the average-case behavior of LLL in [NS06], their schemes are also not secure for n=8192
Integer Version of Ring-LWE and its Applications
In this work, we describe an integer version of ring-LWE over the polynomial rings and prove that its hardness is equivalent to one of the polynomial ring-LWE. Moreover, we also present a public key cryptosystem using this variant of the polynomial ring-LWE
Fully Homomorphic Encryption, Approximate Lattice Problem and LWE
In this paper, we first introduce a new concept of approximate lattice problem (ALP), which is an extension of learning with errors (LWE). Next, we propose two ALP-based public key encryption schemes. Then, we construct two new fully homomorphic encryption scheme (FHE) based on respectively approximate principal ideal lattice problem with related modulus (APIP-RM) and approximate lattice problem with related modulus (ALP-RM). Moreover, we also extend our ALP-RM-based FHE to the ALP problem with unrelated modulus (ALP-UM).
Our work is different from previous works in three aspects:
(1)We extend the LWE problem to the ALP problem. This ALP problem is similar to the closest vector problem in lattice. We believe that this problem is independent of interest.
(2)We construct a new FHE by using a re-randomizing method, which is different from the squashing decryption in previous works.
(3)The expansion rate is merely O(k) with k a security parameter in Our FHE, which can be improved to O(logk) by using dimension reduction [BV11], whereas all previous schemes are at least O(k*logk) [BV11, Gen11, LNV11]. Our method can also decrease a factor k of the expansion rate in their schemes
Ideal Multilinear Maps Based on Ideal Lattices
Cryptographic multilinear maps have many applications, such as multipartite key exchange and software obfuscation. However, the encodings of three current constructions are noisy and their multilinearity levels are fixed and bounded in advance. In this paper, we describe a candidate construction of ideal multilinear maps by using ideal lattices, which supports arbitrary multilinearity levels. The security of our construction depends on new hardness assumptions
Cryptanalysis of Simple Matrix Scheme for Encryption
Recently, Tao et al. presented a new simple and efficient
multivariate pubic key encryption scheme based on matrix multiplica-
tion, which is called Simple Matrix Scheme or ABC. Using linearization
method, we propose a polynomial time algorithm, which directly solves
an equivalent private key from the public key of ABC. Furthermore, our
attack can also be applied to the variants of ABC since these variants
have the same algebraic structure as the ABC scheme. Therefore, the
ABC cryptosystem and its variants are insecure
Multilinear Maps Using Ideal Lattices without Encodings of Zero
Garg, Gentry and Halevi (GGH) described the first candidate multilinear maps using ideal lattices. However, Hu and Jia recently presented an efficient attack for two applications based on the GGH map, multipartite Diffie-Hellman key exchange and an instance of witness encryption using 3-exact cover problem. In this paper, we describe a modification construction of multilinear maps from ideal lattices without encodings of zero by introducing random matrices to avoid the zeroing attack problem. The security of our construction depends upon new hardness assumption, which is seemingly closely related to hardness problems of lattices. Furthermore, we present multipartite Diffie-Hellman key exchange protocol using our construction, and an instance of witness encryption using 3-exact cover problem based on a variant of our construction
Variation of GGH15 Multilinear Maps
Recently, Coron presented an attack of GGH15 multilinear maps, which breaks the multipartite Diffie-Hellman key exchange protocol based on GGH15. In this paper, we describe a variation of GGH15, which seems to thwart known attacks
Multilinear maps via secret ring
Garg, Gentry and Halevi (GGH13) described the first candidate multilinear maps using ideal lattices. However, Hu and Jia recently presented an efficient attack on the GGH13 map, which breaks the multipartite key exchange (MPKE) and witness encryption (WE) based on GGH13. In this work, we describe a new variant of GGH13 using secret ring, which preserves the origin functionality of GGH13. The security of our variant depends upon the following new hardness problem. Given the determinant of the circular matrix of some element in a secret ring, the problem is to find this secret ring and reconstruct this element
New Fully Homomorphic Encryption over the Integers
We first present a fully homomorphic encryption scheme over the integers, which modifies the fully homomorphic encryption scheme in [vDGHV10]. The security of our scheme is merely based on the hardness of finding an approximate-GCD problem over the integers, which is given a list of integers perturbed by the small error noises, removing the assumption of the sparse subset sum problem in the origin scheme [vDGHV10].
Then, we construct a new fully homomorphic encryption scheme, which extends the above scheme from approximate GCD over the ring of integers to approximate principal ideal lattice over the polynomial integer ring. The security of our scheme depends on the hardness of the decisional approximate principle ideal lattice polynomial (APIP), given a list of approximate multiples of a principal ideal lattice. At the same time, we also provide APIP-based fully homomorphic encryption by introducing the sparse subset sum problem.
Finally, we design a new fully homomorphic encryption scheme, whose security is based on the hardness assumption of approximate lattice problem and the decisional SSSP
- …