15 research outputs found
Ramanujan graphs in cryptography
In this paper we study the security of a proposal for Post-Quantum
Cryptography from both a number theoretic and cryptographic perspective.
Charles-Goren-Lauter in 2006 [CGL06] proposed two hash functions based on the
hardness of finding paths in Ramanujan graphs. One is based on
Lubotzky-Phillips-Sarnak (LPS) graphs and the other one is based on
Supersingular Isogeny Graphs. A 2008 paper by Petit-Lauter-Quisquater breaks
the hash function based on LPS graphs. On the Supersingular Isogeny Graphs
proposal, recent work has continued to build cryptographic applications on the
hardness of finding isogenies between supersingular elliptic curves. A 2011
paper by De Feo-Jao-Pl\^{u}t proposed a cryptographic system based on
Supersingular Isogeny Diffie-Hellman as well as a set of five hard problems. In
this paper we show that the security of the SIDH proposal relies on the
hardness of the SIG path-finding problem introduced in [CGL06]. In addition,
similarities between the number theoretic ingredients in the LPS and Pizer
constructions suggest that the hardness of the path-finding problem in the two
graphs may be linked. By viewing both graphs from a number theoretic
perspective, we identify the similarities and differences between the Pizer and
LPS graphs.Comment: 33 page
Homomorphic Encryption without Gaussian Noise
We propose a Somewhat Homomorphic Encryption (SHE) scheme based on the Learning With Rounding (LWR) problem. The LWR problem is somewhat similar to the more classical Learning With Errors (LWE) and was proposed as a deterministic variant of it and setting up an LWR instance does not require the generation of gaussian noise. Thus our SHE scheme can be instantiated without the need for expensive Gaussian noise sampling. Our initial scheme provides lower ciphertext sizes for small plaintext spaces than existing leading schemes such as BGV
Optimizations and Trade-offs for HElib
In this work, we investigate the BGV scheme as implemented
in HElib. We begin by performing an implementation-specific noise analysis of BGV. This allows us to derive much tighter bounds than what
was previously done. To confirm this, we compare our bounds against the state of the art. We find that, while our bounds are at most bits off the experimentally observed values, they are as much as bits tighter than previous work. Finally, to illustrate the importance of our results, we propose new and optimised parameters for HElib. In HElib, the special modulus is chosen to be times larger than the current ciphertext modulus . For a ratio of subsequent ciphertext moduli (a very common choice in HElib), we can optimise by up to bits. This means that we can either enable more multiplications without having to switch to larger parameters, or reduce the size of the evaluation keys, thus reducing on communication costs in relevant applications. We argue that our results are near-optimal
On the precision loss in approximate homomorphic encryption
Since its introduction at Asiacrypt 2017, the CKKS approximate homomorphic encryption scheme has become one of the most widely used and implemented homomorphic encryption schemes. Due to the approximate nature of the scheme, application developers using CKKS must ensure that the evaluation output is within a tolerable error of the corresponding plaintext computation. Choosing appropriate parameters requires a good understanding of how the noise will grow through the computation. A strong understanding of the noise growth is also necessary to limit the performance impact of mitigations to the attacks on CKKS presented by Li and Micciancio (Eurocrypt 2021).
In this work we present a comprehensive noise analysis of CKKS, that considers noise coming both from the encoding and homomorphic operations. Our main contribution is the first average-case analysis for CKKS noise, and we also introduce refinements to prior worst-case noise analyses. We develop noise heuristics both for the original CKKS scheme and the RNS variant presented at SAC 2018. We then evaluate these heuristics by comparing the predicted noise growth with experiments in the HEAAN and FullRNS-HEAAN libraries, and by comparing with a worst-case noise analysis as done in prior work. Our findings show mixed results: while our new analyses lead to heuristic estimates that more closely model the observed noise growth than prior approaches, the new heuristics sometimes slightly underestimate the observed noise growth. This evidences the need for implementation-specific noise analyses for CKKS, which recent work has shown to be effective for implementations of similar schemes
BRAKE: Biometric Resilient Authenticated Key Exchange
Biometric data are uniquely suited for connecting individuals to their digital identities. Deriving cryptographic key exchange from successful biometric authentication therefore gives an additional layer of trust compared to password-authenticated key exchange. However, biometric data are sensitive personal data that need to be protected on a long-term basis. Furthermore, efficient feature extraction and comparison components resulting in high intra-subject tolerance and inter-subject distinguishability, documented with good biometric performance, need to be applied in order to prevent zero-effort impersonation attacks.
In this work, we present a novel protocol for Biometric Resilient Authenticated Key Exchange that fulfils the above requirements of biometric information protection compliant with the international ISO/IEC 24745 standard. In our protocol, we present a novel modification of unlinkable fuzzy vault schemes that allows their connection with oblivious pseudo-random functions to achieve resilient protection against offline attacks crucial for the protection of biometric data. Our protocol is independent of the biometric modality and can be implemented based on the security of discrete logarithms as well as lattices. We provide an open-source implementation of both instantiations of our protocol which achieve real-time efficiency with transaction times of less than one second from the image capture to the completed key exchange