Learning with Errors is easy with quantum samples

Learning with Errors is one of the fundamental problems in computational learning theory and has in the last years become the cornerstone of post-quantum cryptography. In this work, we study the quantum sample complexity of Learning with Errors and show that there exists an efficient quantum learning algorithm (with polynomial sample and time complexity) for the Learning with Errors problem where the error distribution is the one used in cryptography. While our quantum learning algorithm does not break the LWE-based encryption schemes proposed in the cryptography literature, it does have some interesting implications for cryptography: first, when building an LWE-based scheme, one needs to be careful about the access to the public-key generation algorithm that is given to the adversary; second, our algorithm shows a possible way for attacking LWE-based encryption by using classical samples to approximate the quantum sample state, since then using our quantum learning algorithm would solve LWE

Accélérateurs matériels sécurisés pour la cryptographie post-quantique

Shor's quantum algorithm can be used to efficiently solve the integer factorisation problem and the discrete logarithm in certain groups. The security of the most commonly used public key cryptographic protocols relies on the conjectured hardness of exactly these mathematical problems. A sufficiently large quantum computer could therefore pose a threat to the confidentiality and authenticity of secure digital communication. Post quantum cryptography relies on mathematical problems that are computationally hard for quantum computers, such as Learning with Errors (LWE) and its variants RLWE and MLWE. In this thesis, we present and compare FPGA implementations of LWE, RLWE and MLWE based public key encryption algorithms. We discuss various trade-offs between security, computation time and hardware cost. The implementations are parallelized in order to obtain maximal speed-up. We show that MLWE has the best performance in terms of computation time and area utilization, and can be parallelized more efficiently than RLWE. We also discuss hardware security and propose countermeasures against side channel attacks for RLWE. We consider countermeasures from the state of the art, such as masking and blinding, and propose improvements to these algorithms. Moreover, we propose new countermeasures based on redundant number representation and the random shuffling of operations. All countermeasures are implemented on FPGA to compare their cost and computation time overhead. Our proposed protection based on redundant number representation is particularly flexible, in the sens that it can be implemented for various degrees of protection at various costs.L'algorithme quantique de Shor peut être utilisé pour résoudre le problème de factorisation de grands entiers et le logarithme discret dans certains groupes. La sécurité des protocols cryptographiques à clé publique les plus répandus dépend de l'hypothèse que ces problèmes mathématiques soient difficiles à résoudre. Un ordinateur quantique suffisamment puissant pourrait donc constituer une menace pour la confidentialité et l'authenticité de la communication numérique sécurisée. La cryptographie post-quantique est basée sur des problèmes mathématiques qui sont difficile à résoudre même pour les ordinateurs quantiques, tels que Learning with Errors (LWE) et ses variants RLWE et MLWE. Dans cette thèse, nous présentons et comparons des implantations sur FPGA des algorithmes de chiffrement à clé publique. Nous discutons des compromis entre la sécurité, le temps de calcul et le coût en surface. Les implantations sont parallélisées afin d'obtenir une accélération plus importante. En outre, nous discutons de la sécurité matérielle des implantations, et proposons des protections contre des attaques par canaux auxilliares. Nous considerons des contremesures de l'état de l'art, telles que le masquage et le blindage, et proposons des améliorations à ces algorithmes. Nous proposons également de nouvelles protections basées sur la représentation redondante des nombres et sur des permutations aléatoires des opérations de calcul. Toutes ces protections sont implantées sur FPGA dans le but de comparer leur coût en surface et le surcoût en temps de calcul

Secure hardware accelerators for post-quantum cryptography

L'algorithme quantique de Shor peut être utilisé pour résoudre le problème de factorisation de grands entiers et le logarithme discret dans certains groupes. La sécurité des protocols cryptographiques à clé publique les plus répandus dépend de l'hypothèse que ces problèmes mathématiques soient difficiles à résoudre. Un ordinateur quantique suffisamment puissant pourrait donc constituer une menace pour la confidentialité et l'authenticité de la communication numérique sécurisée. La cryptographie post-quantique est basée sur des problèmes mathématiques qui sont difficile à résoudre même pour les ordinateurs quantiques, tels que Learning with Errors (LWE) et ses variants RLWE et MLWE. Dans cette thèse, nous présentons et comparons des implantations sur FPGA des algorithmes de chiffrement à clé publique. Nous discutons des compromis entre la sécurité, le temps de calcul et le coût en surface. Les implantations sont parallélisées afin d'obtenir une accélération plus importante. En outre, nous discutons de la sécurité matérielle des implantations, et proposons des protections contre des attaques par canaux auxilliares. Nous considerons des contremesures de l'état de l'art, telles que le masquage et le blindage, et proposons des améliorations à ces algorithmes. Nous proposons également de nouvelles protections basées sur la représentation redondante des nombres et sur des permutations aléatoires des opérations de calcul. Toutes ces protections sont implantées sur FPGA dans le but de comparer leur coût en surface et le surcoût en temps de calcul.Shor's quantum algorithm can be used to efficiently solve the integer factorisation problem and the discrete logarithm in certain groups. The security of the most commonly used public key cryptographic protocols relies on the conjectured hardness of exactly these mathematical problems. A sufficiently large quantum computer could therefore pose a threat to the confidentiality and authenticity of secure digital communication. Post quantum cryptography relies on mathematical problems that are computationally hard for quantum computers, such as Learning with Errors (LWE) and its variants RLWE and MLWE. In this thesis, we present and compare FPGA implementations of LWE, RLWE and MLWE based public key encryption algorithms. We discuss various trade-offs between security, computation time and hardware cost. The implementations are parallelized in order to obtain maximal speed-up. We show that MLWE has the best performance in terms of computation time and area utilization, and can be parallelized more efficiently than RLWE. We also discuss hardware security and propose countermeasures against side channel attacks for RLWE. We consider countermeasures from the state of the art, such as masking and blinding, and propose improvements to these algorithms. Moreover, we propose new countermeasures based on redundant number representation and the random shuffling of operations. All countermeasures are implemented on FPGA to compare their cost and computation time overhead. Our proposed protection based on redundant number representation is particularly flexible, in the sens that it can be implemented for various degrees of protection at various costs

Lattice-based Cryptosystems on FPGA: Parallelization and Comparison using HLS

International audienceThis paper deals with hardware implementations for lattice-based cryptography. Various CPA and CCA secure algorithms for LWE, RLWE and MLWE problems have been studied, parallelized, implemented and compared on FPGA using high-level synthesis. The impact of PRNG choices on the implementations performances and costs is also evaluated. HLS allows us to compare various sets of algorithms, architectures and parameters with a reduced design effort. Our results are often similar to state-of-the-art for various speed and cost trade-offs. Sometimes we obtain better results thanks to the exploration of numerous architecture and algorithm optimizations

Comparaison d'algorithmes de réduction modulaire en HLS sur FPGA

National audienceDans ce travail, nous comparons différents algorithmes de réduction modulaire implantés en synthèse de haut niveau sur FPGA pour des applications de cryptographie asymétrique. Nous étudions comment effectuer les réductions modulaires en fonction des tailles et formes (parti-culières/quelconques) des moduli, du type et du nombre des autres opérations arithmétiques impliquées. Pour cela, nous développons une bibliothèque C, qui sera distribuée sous licence libre, d'arithmétique modulaire pour la cryptographie asymétrique. Mots-clés : arithmétique modulaire, conception en synthèse de haut niveau, exploration d'architectures et d'algorithmes, circuit FPGA

Multidimensional interventions to increase life-space mobility in older adults ranging from nursing home residents to community-dwelling: a systematic scoping review

Background Life-space mobility (LSM) is an important aspect of older adults’ real-life mobility. Studies have shown that restricted LSM is a risk factor for many adverse outcomes such as low quality of life and mortality. Therefore, an increasing number of interventions aim to enhance LSM. However, the intervention approaches differ in terms of their type/content, duration, targeted populations, but also in terms of their outcome measures and assessment tools. Especially the latter impairs the comparability of studies with otherwise similar interventional approaches and thus also the interpretation of their results. Therefore, this systematic scoping review aims to provide an overview of the intervention components, assessment tools, and effectiveness of studies aiming to improve LSM in older adults. Methods A systematic literature search was carried out in PubMed and Web of Science. We considered studies in older adults of any design that included an intervention approach and at least one outcome of LSM. Results 27 studies were included in the review. These studies analyzed healthy community-dwelling as well as frail older adults in need of care or rehabilitation and nursing home residents with a mean age between 64 and 89. The percentage of female participants ranged from 3 to 100%. The types of interventions were of the following: physical, counseling, multidimensional, miscellaneous. Multidimensional interventions consisting of physical interventions plus any of the following or a combination of counseling/education/motivation/information appear to be most effective in increasing LSM. Older adults with mobility impairments were more responsive to these multidimensional interventions compared to healthy older adults. Most of the studies used the questionnaire-based Life-Space Assessment to quantify LSM. Conclusions This systematic scoping review provides a comprehensive overview of a heterogenous stock of literature investigating LSM-related interventions in older adults. Future meta-analyses are needed to provide a quantitative evaluation of the effectiveness of LSM interventions and recommendations.ISSN:1471-231

Evidence-based yet still challenging! Research on physical activity in old age

Preserving functional health and quality-of-life in old age is a major goal and global challenge in public health. The high rate of sedentary behavior that is characteristic of the older adult population exacerbates impairments of physiological and structural systems that are typically seen in the aging process. Achieving an understanding of the profound influence of physical activity on all aspects of health in old age is the driving force behind the emergence of "physical activity in old age" as a growing area of research. Accumulated evidence implies that being physically active and exercising is far superior to other optimal aging facilitators. Yet this area of research faces numerous constraints and obstacles. This commentary addresses some of these challenges, primarily the heterogeneity of the aging process, which induces both inter- and intra-individual differences among aged individuals, heterogeneity in assessment tools, unjustified inclusion/exclusion criteria and insufficient recruitment strategies, difficulties in implementing research results in real-world conditions, and rudimentary exploitation of innovative technology. We explain the importance of establishing a network of multidisciplinary scientists and stakeholders to propose consensus-based goals and scientifically evidenced wide-ranging plans for dealing with these challenges. In addition, we suggest work directions for this network