Efficient Regular Scalar Multiplication on the Jacobian of Hyperelliptic Curve over Prime Field Based on Divisor Splitting

We consider in this paper scalar multiplication algorithms over a hyperelliptic curve which are immune against simple power analysis and timing attack. To reach this goal we adapt the regular modular exponentiation based on multiplicative splitting presented in JCEN 2017 to scalar multiplication over a hyperelliptic curve. For hyperelliptic curves of genus g = 2 and 3, we provide an algorithm to split the base divisor as a sum of two divisors with smaller degree. Then we obtain an algorithm with a regular sequence of doubling always followed by an addition with a low degree divisor. We also provide efficient formulas to add such low degree divisors with a divisor of degree g. A complexity analysis and implementation results show that the proposed approach is better than the classical Double-and-add-always approach for scalar multiplication

Efficient randomized regular modular exponentiation using combined Montgomery and Barrett multiplications

Copyright 2016 by SCITEPRESS - Science and Technology Publications, Lda. All rights reserved.Cryptographic operations performed on an embedded device are vulnerable to side channel analysis and particularly to differential and correlation power analysis. The basic protection against such attacks is to randomize the data all along the cryptographic computations. In this paper we present a modular multiplication algorithm which can be used for randomization. We show that we can use it to randomize the modular exponentiation of the RSA cryptosystem. The proposed randomization is free of computation and induces a level of randomization from 210 to 215 for practical RSA modulus size

LLL for ideal lattices re-evaluation of the security of Gentry-Halevi\u27s FHE scheme

The LLL algorithm, named after its inventors, Lenstra, Lenstra and Lovász, is one of themost popular lattice reduction algorithms in the literature. In this paper, we propose the first variant of LLL algorithm that is dedicated for ideal lattices, namely, the iLLL algorithm. Our iLLL algorithm takes advantage of the fact that within LLL procedures, previously reduced vectors can be re-used for further reductions. Using this method, we prove that the iLLL is at least as fast as the LLL algorithm, and it outputs a basis with the same quality. We also provide a heuristic approach that accelerates the re-use method. As a result, in practice, our algorithm can be approximately eight times faster than LLL algorithm for typical scenarios where lattice dimension is between 100 and 150. When applying our algorithm to the Gentry–Halevi’s fully homomorphic challenges, we are able to solve the toy challenge within 24 days using a 2.66GHz CPU, while with the classical LLL algorithm, it takes 32 days. Further, assuming a 4.0GHz CPU, we predict to reduce the basis in 15.7 years for the small challenges, while previous best prediction was 45 years

On Polynomial Modular Number Systems over Z/pZ\mathbb{Z}/p\mathbb{Z}

Polynomial Modular Number System (PMNS) is a convenient number system for modular arithmetic, introduced in 2004. The main motivation was to accelerate arithmetic modulo an integer $p$. An existence theorem of PMNS with specific properties was given. The construction of such systems relies on sparse polynomials whose roots modulo $p$ can be chosen as radices of this kind of positional representation. However, the choice of those polynomials and the research of their roots are not trivial. In this paper, we introduce a general theorem on the existence of PMNS and we provide bounds on the size of the digits used to represent an integer modulo $p$. Then, we present classes of suitable polynomials to obtain systems with an efficient arithmetic. Finally, given a prime $p$, we evaluate the number of roots of polynomials modulo $p$ in order to give a number of PMNS bases we can reach. Hence, for a fixed prime $p$, it is possible to get numerous PMNS, which can be used efficiently for different applications based on large prime finite fields, such as those we find in cryptography, like RSA, Diffie-Hellmann key exchange and ECC (Elliptic Curve Cryptography)

Creating a Challenge for Ideal Lattices

Lattice-based cryptography is one of the candidates in the area of post-quantum cryptography. Cryptographic schemes with security reductions to hard lattice problems (like the Shortest Vector Problem SVP) offer an alternative to recent number theory-based schemes. In order to guarantee asymptotic efficiency, most lattice-based schemes are instantiated using polynomial rings over integers. These lattices are called \u27ideal lattices\u27. It is assumed that the hardness of lattice problems in lattices over integer rings remains the same as in regular lattices. In order to prove or disprove this assumption, we instantiate random ideal lattices that allow to test algorithms that solve SVP and its approximate version. The Ideal Lattice Challenge allows online submission of short vectors to enter a hall of fame for full comparison. We adjoin a set of first experiments and a first comparison of ideal and regular lattices

Broadcast encryption with dealership

In this paper, we introduce a new cryptographic primitive called broadcast encryption with dealership. This notion, which has never been discussed in the cryptography literature, is applicable to many realistic broadcast services, for example subscription-based television service. Specifically, the new primitive enables a dealer to bulk buy the access to some products (e.g., TV channels) from the broadcaster, and hence, it will enable the dealer to resell the contents to the subscribers with a cheaper rate. Therefore, this creates business opportunity model for the dealer. We highlight the security consideration in such a scenario and capture the security requirements in the security model. Subsequently, we present a concrete scheme, which is proven secure under the decisional bilinear Diffie-Hellman exponent and the Diffie-Hellman exponent assumptions

Tight bound on NewHope failure probability

NewHope Key Encapsulation Mechanism (KEM) has been presented at USENIX 2016 by Alchim et al. and is one of the remaining lattice-based candidates to the post-quantum standardization initiated by the NIST. However, despite the relative simplicity of the protocol, the bound on the decapsulation failure probability resulting from the original analysis is not tight. In this work we refine this analysis to get a tight upper-bound on this probability which happens to be much lower than what was originally evaluated. As a consequence we propose a set of alternnative parameters, increasing the security and the compactness of the scheme. However using a smaller modulus prevent the use of a full NTT algorithm to perform multiplications of elements in dimension 512 or 1024. Nonetheless, similarly to previous works, we combine different multiplication algorithms and show that our new parameters are competitive on a constant time vectorized implementation. Our most compact parameters bring a speed- up of 17% (resp. 11%) in performance but allow to gain more than 19% over the bandwidth requirements and to increase the security of 10% (resp. 7%) in dimension 512 (resp. 1024)

On digital signatures based on isomorphism problems: QROM security, ring signatures, and applications

An isomorphism problem asks whether two combinatorial or algebraic structures are essentially the same. Based on the assumed hardness of an isomorphism problem, there is a well-known digital signature design based on the Goldreich-Micali-Widgerson (GMW) zero-knowledge protocol for graph isomorphism and the Fiat-Shamir (FS) transformation. Recently, there is a revival of activities on this design, as witnessed by the schemes SeaSign (Eurocrypt 2019), CSIFiSh (Asiacrypt 2019), LESS (Africacrypt 2020), ATFE (Eurocrypt 2022), and MEDS (Africacrypt 2023). The contributions of this paper are two-folds: the first is about the GMW-FS design in general, and the second is on the ATFE-GMW-FS scheme. First, we study the QROM security and ring signatures of the GMW-FS design in the group action framework. We distil properties of the underlying isomorphism problem for the GMW-FS design to be secure in the quantum random oracle model (QROM). We also show that this design supports a linkable ring signature construction following the work of Beullens, Katsumata and Pintore (Asiacrypt 2020). Second, we apply the above results to prove the security of the ATFE-GMW-FS scheme in the QROM model. We then describe a linkable ring signature scheme based on it, and provide an implementation of the ring signature scheme. Preliminary experiments suggest that our scheme is competitive among existing post-quantum ring signatures. We also discuss the parameter choices of the ATFE-GMW-FS scheme based on the recent attack by Beullens (Cryptology ePrint Archive, Paper 2022/1528), and the MPC-in-the-head construction for general group actions by Joux (Cryptology ePrint Archive, Paper 2023/664)