Ring-LWE:applications to cryptography and their efficient realization

© Springer International Publishing AG 2016. The persistent progress of quantum computing with algorithms of Shor and Proos and Zalka has put our present RSA and ECC based public key cryptosystems at peril. There is a flurry of activity in cryptographic research community to replace classical cryptography schemes with their post-quantum counterparts. The learning with errors problem introduced by Oded Regev offers a way to design secure cryptography schemes in the post-quantum world. Later for efficiency LWE was adapted for ring polynomials known as Ring-LWE. In this paper we discuss some of these ring-LWE based schemes that have been designed. We have also drawn comparisons of different implementations of those schemes to illustrate their evolution from theoretical proposals to practically feasible schemes

An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices

In this paper, we study the Learning With Errors problem and its binary variant, where secrets and errors are binary or taken in a small interval. We introduce a new variant of the Blum, Kalai and Wasserman algorithm, relying on a quantization step that generalizes and fine-tunes modulus switching. In general this new technique yields a significant gain in the constant in front of the exponent in the overall complexity. We illustrate this by solving p within half a day a LWE instance with dimension n = 128, modulus $q = n^2$, Gaussian noise $\alpha = 1/(\sqrt{n/\pi} \log^2 n)$ and binary secret, using $2^{28}$ samples, while the previous best result based on BKW claims a time complexity of $2^{74}$ with $2^{60}$ samples for the same parameters. We then introduce variants of BDD, GapSVP and UniqueSVP, where the target point is required to lie in the fundamental parallelepiped, and show how the previous algorithm is able to solve these variants in subexponential time. Moreover, we also show how the previous algorithm can be used to solve the BinaryLWE problem with n samples in subexponential time $2^{(\ln 2/2+o(1))n/\log \log n}$. This analysis does not require any heuristic assumption, contrary to other algebraic approaches; instead, it uses a variant of an idea by Lyubashevsky to generate many samples from a small number of samples. This makes it possible to asymptotically and heuristically break the NTRU cryptosystem in subexponential time (without contradicting its security assumption). We are also able to solve subset sum problems in subexponential time for density $o(1)$, which is of independent interest: for such density, the previous best algorithm requires exponential time. As a direct application, we can solve in subexponential time the parameters of a cryptosystem based on this problem proposed at TCC 2010.Comment: CRYPTO 201

A Subfield Lattice Attack on Overstretched NTRU Assumptions:Cryptanalysis of Some FHE and Graded Encoding Schemes

International audienc

Impact of facial conformation on canine health: Brachycephalic Obstructive Airway Syndrome

The domestic dog may be the most morphologically diverse terrestrial mammalian species known to man; pedigree dogs are artificially selected for extreme aesthetics dictated by formal Breed Standards, and breed-related disorders linked to conformation are ubiquitous and diverse. Brachycephaly–foreshortening of the facial skeleton–is a discrete mutation that has been selected for in many popular dog breeds e.g. the Bulldog, Pug, and French Bulldog. A chronic, debilitating respiratory syndrome, whereby soft tissue blocks the airways, predominantly affects dogs with this conformation, and thus is labelled Brachycephalic Obstructive Airway Syndrome (BOAS). Despite the name of the syndrome, scientific evidence quantitatively linking brachycephaly with BOAS is lacking, but it could aid efforts to select for healthier conformations. Here we show, in (1) an exploratory study of 700 dogs of diverse breeds and conformations, and (2) a confirmatory study of 154 brachycephalic dogs, that BOAS risk increases sharply in a non-linear manner as relative muzzle length shortens. BOAS only occurred in dogs whose muzzles comprised less than half their cranial lengths. Thicker neck girths also increased BOAS risk in both populations: a risk factor for human sleep apnoea and not previously realised in dogs; and obesity was found to further increase BOAS risk. This study provides evidence that breeding for brachycephaly leads to an increased risk of BOAS in dogs, with risk increasing as the morphology becomes more exaggerated. As such, dog breeders and buyers should be aware of this risk when selecting dogs, and breeding organisations should actively discourage exaggeration of this high-risk conformation in breed standards and the show ring

Learning strikes again: The case of the DRS signature scheme

Lattice signature schemes generally require particular care when it comes to preventing secret information from leaking through signature transcript. For example, the Goldreich-Goldwasser-Halevi (GGH) signature scheme and the NTRUSign scheme were completely broken by the parallelepiped-learning attack of Nguyen and Regev (Eurocrypt 2006). Several heuristic countermeasures were also shown vulnerable to similar statistical attacks.At PKC 2008, Plantard, Susilo and Win proposed a new variant of GGH, informally arguing resistance to such attacks. Based on this variant, Plantard, Sipasseuth, Dumondelle and Susilo proposed a concrete signature scheme, called DRS, that has been accepted in the round 1 of the NIST post-quantum cryptography project.In this work, we propose yet another statistical attack and demonstrate a weakness of the DRS scheme: one can recover some partial information of the secret key from sufficiently many signatures. One difficulty is that, due to the DRS reduction algorithm, the relation between the statistical leak and the secret seems more intricate. We work around this difficulty by training a statistical model, using a few features that we designed according to a simple heuristic analysis.While we only recover partial information on the secret key, this information is easily exploited by lattice attacks, significantly decreasing their complexity. Concretely, we claim that, provided that signatures are available, the secret key may be recovered using BKZ-138 for the first set of DRS parameters submitted to the NIST. This puts the security level of this parameter set below 80-bits (maybe even 70-bits), to be compared to an original claim of 128-bits.</p

Inelastic Light Scattering From Correlated Electrons

Inelastic light scattering is an intensively used tool in the study of electronic properties of solids. Triggered by the discovery of high temperature superconductivity in the cuprates and by new developments in instrumentation, light scattering both in the visible (Raman effect) and the X-ray part of the electromagnetic spectrum has become a method complementary to optical (infrared) spectroscopy while providing additional and relevant information. The main purpose of the review is to position Raman scattering with regard to single-particle methods like angle-resolved photoemission spectroscopy (ARPES), and other transport and thermodynamic measurements in correlated materials. Particular focus will be placed on photon polarizations and the role of symmetry to elucidate the dynamics of electrons in different regions of the Brillouin zone. This advantage over conventional transport (usually measuring averaged properties) indeed provides new insights into anisotropic and complex many-body behavior of electrons in various systems. We review recent developments in the theory of electronic Raman scattering in correlated systems and experimental results in paradigmatic materials such as the A15 superconductors, magnetic and paramagnetic insulators, compounds with competing orders, as well as the cuprates with high superconducting transition temperatures. We present an overview of the manifestations of complexity in the Raman response due to the impact of correlations and developing competing orders. In a variety of materials we discuss which observations may be understood and summarize important open questions that pave the way to a detailed understanding of correlated electron systems.Comment: 62 pages, 48 figures, to appear in Rev. Mod. Phys. High-resolution pdf file available at http://onceler.uwaterloo.ca/~tpd/RMP.pd

Shortest vector from lattice sieving: A few dimensions for free

Asymptotically, the best known algorithms for solving the Shortest Vector Problem (SVP) in a lattice of dimension n are sieve algorithms, which have heuristic complexity estimates ranging from (4/3)n+o(n) down to (3/2)n/2+o(n) when Locality Sensitive Hashing techniques are used. Sieve algorithms are however outperformed by pruned enumeration algorithms in practice by several orders of magnitude, despite the larger super-exponential asymptotical complexity 2Θ(n log n) of the latter. In this work, we show a concrete improvement of sieve-type algorithms. Precisely, we show that a few calls to the sieve algorithm in lattices of dimension less than n - d solves SVP in dimension n, where d = Θ(n/ log n). Although our improvement is only sub-exponential, its practical effect in relevant dimensions is quite significant. We implemented it over a simple sieve algorithm with (4/3)n+o(n) complexity, and it outperforms the best sieve algorithms from the literature by a factor of 10 in dimensions 7080. It performs less than an order of magnitude slower than pruned enumeration in the same range. By design, this improvement can also be applied to most other variants of sieve algorithms, including LSH sieve algorithms and tuple-sieve algorithms. In this light, we may expect sieve-techniques to outperform pruned enumeration in practice in the near future

The subconvexity problem for \GL_{2}

Generalizing and unifying prior results, we solve the subconvexity problem for the $L$-functions of \GL_{1} and \GL_{2} automorphic representations over a fixed number field, uniformly in all aspects. A novel feature of the present method is the softness of our arguments; this is largely due to a consistent use of canonically normalized period relations, such as those supplied by the work of Waldspurger and Ichino--Ikeda.Comment: Almost final version to appear in Publ. Math IHES. References updated

The effect of starch-based biomaterials on leukocyte adhesion and activation in vitro

Leukocyte adhesion to biomaterials has long been recognised as a key element to determine their inflammatory potential. Results regarding leukocyte adhesion and activation are contradictory in some aspects of the material’s effect in determining these events. It is clear that together with the wettability or hydrophilicity/hydrophobicity, the roughness of a substrate has a major effect on leukocyte adhesion. Both the chemical and physical properties of a material influence the adsorbed proteins layer which in turn determines the adhesion of cells. In this work polymorphonuclear (PMN) cells and a mixed population of monocytes/macrophages and lymphocytes (mononuclear cells) were cultured separately with a range of starch-based materials and composites with hydroxyapatite (HA). A combination of both reflected light microscopy and scanning electron microscopy (SEM) was used in order to study the leukocyte morphology. The quantification of the enzyme lactate dehydrogenase (LDH) was used to determine the number of viable cells adhered to the polymers. Cell adhesion and activation was characterised by immunocytochemistry based on the expression of several adhesion molecules, crucial in the progress of an inflammatory response. This work supports previous in vitro studies with PMN and monocytes/macrophages, which demonstrated that there are several properties of the materials that can influence and determine their biological response. From our study, monocytes/macrophages and lymphocytes adhere in similar amounts to more hydrophobic (SPCL) and to moderately hydrophilic (SEVA-C) surfaces and do not preferentially adhere to rougher substrates (SCA). Contrarily, more hydrophilic surfaces (SCA) induced higher PMN adhesion and lower activation. In addition, the hydroxyapatite reinforcement induces changes in cell behaviour for some materials but not for others. The observed response to starch-based biodegradable polymers was not significantly different from the control materials. Thus, the results reported herein indicate the low potential of the starch-based biodegradable polymers to induce inflammation especially the HA reinforced composite materials