A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem

We use the learning with errors (LWE) problem to build a new simple and provably secure key exchange scheme. The basic idea of the construction can be viewed as certain extension of Diffie-Hellman problem with errors. The mathematical structure behind comes from the commutativity of computing a bilinear form in two different ways due to the associativity of the matrix multiplications:$$(\mathbf{x}^t \times \mathbf{A})\times \mathbf{y}=\mathbf{x}^t \times (\mathbf{A}\times \mathbf{y}),$$ where $\mathbf{x,y}$ are column vectors and $\mathbf{A}$ is a square matrix. We show that our new schemes are more efficient in terms of communication and computation complexity compared with key exchange schemes or key transport schemes via encryption schemes based on the LWE problem. Furthermore, we extend our scheme to the ring learning with errors (RLWE) problem, resulting in small key size and better efficiency

Post-Quantum Secure Remote Password Protocol from RLWE Problem

Secure Remote Password (SRP) protocol is an augmented Password-based Authenticated Key Exchange (PAKE) protocol based on discrete logarithm problem (DLP) with various attractive security features. Compared with basic PAKE protocols, SRP does not require server to store user\u27s password and user does not send password to server to authenticate. These features are desirable for secure client-server applications. SRP has gained extensive real-world deployment, including Apple iCloud, 1Password etc. However, with the advent of quantum computer and Shor\u27s algorithm, classic DLP-based public key cryptography algorithms are no longer secure, including SRP. Motivated by importance of SRP and threat from quantum attacks, we propose a RLWE-based SRP protocol (RLWE-SRP) which inherit advantages from SRP and elegant design from RLWE key exchange. We also present parameter choice and efficient portable C++ implementation of RLWE-SRP. Implementation of our 209-bit secure RLWE-SRP is more than 3x faster than 112-bit secure original SRP protocol, 5.5x faster than 80-bit secure J-PAKE and 14x faster than two 184-bit secure RLWE-based PAKE protocols with more desired properties

Clean air for some : Unintended spillover effects of regional air pollution policies

China has enacted a number of ambitious pollution control policies to mitigate air pollution in urban areas. Unintended side effects of these policies to other environmental policy arenas and regions have largely been ignored. To bridge this gap, we use a multiregional input-output model in combination with an atmospheric chemical transport model to simulate clean air policy scenarios and evaluate their environmental impacts on primary PM2.5 and secondary precursor emissions, as well as CO2 emissions and water consumption, in the target region and spillover effects to other regions. Our results show that the reduction in primary PM2.5 and secondary precursor emissions in the target regions comes at the cost of increasing emissions especially in neighboring provinces. Similarly, co-benefits of lower CO2 emissions and reduced water consumption in the target region are achieved at the expense of higher impacts elsewhere, through outsourcing production to less developed regions in China

Comparison analysis and efficient implementation of reconciliation-based RLWE key exchange protocol

Error reconciliation is an important technique for Learning With Error (LWE) and Ring-LWE (RLWE)-based constructions. In this paper, we present a comparison analysis on two error reconciliation-based RLWE key exchange protocols: Ding et al. in 2012 (DING12) and Bos et al. in 2015 (BCNS15). We take them as examples to explain core idea of error reconciliation, building key exchange over RLWE problem, implementation, real-world performance and compare them comprehensively. We also analyse a LWE key exchange “Frodo” that uses an improved error reconciliation mechanism in BCNS15. To the best of our knowledge, our work is the first to present at least 128-bit classic (80-bit quantum) and 256-bit classic (>200-bit quantum) secure parameter choices for DING12 with efficient portable C/C++ implementations. Benchmark shows that our efficient implementation is 11x faster than BCNS15 and one key exchange execution only costs 0.07ms on a 4-year-old middle range CPU. Error reconciliation is 1.57x faster than BCNS15

Leakage of Signal function with reused keys in RLWE key exchange

In this paper, we show that the signal function used in Ring-Learning with Errors (RLWE) key exchange could leak information to find the secret $s$ of a reused public key $p=as+2e$. This work is motivated by an attack proposed in \cite{cryptoeprint:2016:085} and gives an insight into how public keys reused for long term in RLWE key exchange protocols can be exploited. This work specifically focuses on the attack on the KE protocol in \cite{Ding} by initiating multiple sessions with the honest party and analyze the output of the signal function. Experiments have confirmed the success of our attack in recovering the secret

Efficient Implementation of Password-Based Authenticated Key Exchange from RLWE and Post-Quantum TLS

Two post-quantum password-based authenticated key exchange (PAKE) protocols were proposed at CT-RSA 2017. Following this work, we give much more efficient and portable C++ implementation of these two protocols. We also choose more compact parameters providing 200-bit security. Compared with original implementation, we achieve 21.5x and 18.5x speedup for RLWE-PAK and RLWE-PPK respectively. Compare with quantum-vulnerable J-PAKE protocol, we achieve nearly 8x speedup. We also integrate RLWE-PPK into TLS to construct a post-quantum TLS ciphersuite. This allows simpler key management, mutual authentication and resistant to phishing attack. Benchmark shows that our ciphersuite is indeed practical

Contrasting suitability and ambition in regional carbon mitigation

Substantially enhancing carbon mitigation ambition is a crucial step towards achieving the Paris climate goal. Yet this attempt is hampered by poor knowledge on the potential cost and benefit of emission mitigation for each emitter. Here we use a global economic model to assess the mitigation costs for 27 major emitting countries and regions, and further contrast the costs against the potential benefits of mitigation valued as avoided social cost of carbon and the mitigation ambition of each region. We find a strong negative spatial correlation between cost and benefit of mitigating each ton of carbon dioxide. Meanwhile, the relative suitability of carbon mitigation, defined as the ratio of normalized benefit to normalized cost, also shows a considerable geographical mismatch with the mitigation ambition of emitters indicated in their first submitted nationally determined contributions. Our work provides important information to improve concerted climate action and formulate more efficient carbon mitigation strategies