Chiffrement avancé à partir du problème Learning With Errors

National audienceLe problèmeLearning With Errors (LWE) est algorithmiquement difficile pour des instances aléatoires. Il a été introduit par Oded Regev en 2005 et, depuis lors, il s'est avéré très utile pour construire des primitives cryptographiques, pour assurer la confidentialité de l'information. Dans ce chapitre, nous présenterons le problème LWE et illustrerons sa richesse, en décrivant des schémas de chiffrement avancés pouvant être prouvés au moins aussi sûrs que LWE est difficile. Nous rappellerons le concept fondamental de chiffrement, puis nous nous focaliserons sur les notions de chiffrement fondé sur l'identité et de chiffrement par attributs

Implementing Candidate Graded Encoding Schemes from Ideal Lattices

International audienceMultilinear maps have become popular tools for designing cryptographic schemes since a first approximate realisation candidate was proposed by Garg, Gentry and Halevi (GGH). This construction was later improved by Langlois, Stehlé and Steinfeld who proposed GGHLite which offers smaller parameter sizes. In this work, we provide the first implementation of such approximate multilinear maps based on ideal lattices. Implementing GGH-like schemes naively would not allow instantiating it for non-trivial parameter sizes. We hence propose a strategy which reduces parameter sizes further and several technical improvements to allow for an efficient implementation. In particular, since finding a prime ideal when generating instances is an expensive operation, we show how we can drop this requirement. We also propose algorithms and implementations for sampling from discrete Gaussians, for inverting in some Cyclotomic number fields and for computing norms of ideals in some Cyclotomic number rings. Due to our improvements we were able to compute a multilinear jigsaw puzzle for κ " 52 (resp. κ " 38) and λ " 52 (resp. λ " 80)

Revisiting Preimage Sampling for Lattices

Preimage Sampling is a fundamental process in lattice-based cryptography whose performance directly affects the one of the cryptographic mechanisms that rely on it. In 2012, Micciancio and Peikert proposed a new way of generating trapdoors (and an associated preimage sampling procedure) with very interesting features. Unfortunately, in some applications such as digital signatures, the performance may not be as competitive as other approaches like Fiat-Shamir with Aborts. We first revisit the Lyubashevsky-Wichs (LW) sampler for Micciancio-Peikert (MP) trapdoors which leverages rejection sampling but suffered from strong parameter requirements that hampered performance. We propose an improved analysis which yields much more compact parameters. This leads to gains on the preimage size of about 60% over the LW sampler, and up to 30% compared to the original MP sampling technique. It sheds a new light on the LW sampler hoping to open promising perspectives for the efficiency of advanced lattice-based constructions relying on such mechanisms. We then show that we can leverage the special shape of the resulting preimages to design the first lattice-based aggregate signature supporting public aggregation and that achieves relevant compression compared to the concatenation of individual signatures. Our scheme is proven secure in the aggregate chosen-key model coined by Boneh et al. in 2003, based on the well-studied assumptions Module Learning With Errors and Module Short Integer Solution

Lattice-based Group Signature Scheme with Verier-local Revocation

Support of membership revocation is a desirable functionality for any group signature scheme. Among the known revocation approaches, verifier-local revocation (VLR) seems to be the most flexible one, because it only requires the verifiers to possess some up-to-date revocation information, but not the signers. All of the contemporary VLR group signatures operate in the bilinear map setting, and all of them will be insecure once quantum computers become a reality. In this work, we introduce the first lattice-based VLR group signature, and thus, the first such scheme that is believed to be quantum-resistant. In comparison with existing lattice-based group signatures, our scheme has several noticeable advantages: support of membership revocation, logarithmic-size signatures, and milder hardness assumptions. In the random oracle model, our scheme is proven secure based on the hardness of the SIVP_O(n^{2.5}) problem in general lattices. Moreover, our construction works without relying on public-key encryption schemes, which is an intriguing feature for group signatures

Lattice-based (Partially) Blind Signature without Restart

We present in this paper a blind signature and its partially blind variant based on lattices assumptions. Blind signature is a cornerstone in privacy-oriented cryptography and we propose the first lattice based scheme without restart. Compare to related work, the key idea of our construction is to provide a trapdoor to the signer in order to let him perform some gaussian pre-sampling during the signature generation process, preventing this way to restart from scratch the whole protocol. We prove the security of our scheme under the ring k-SIS assumption, in the random oracle model. We also explain security issues in the other existing lattice-based blind signature schemes. Finally, we propose a partially blind variant of our scheme, which is done with no supplementary cost, as the number of elements generated and exchanged during the signing protocol is exactly the same

DNA Polymerase Epsilon Deficiency Causes IMAGe Syndrome with Variable Immunodeficiency.

During genome replication, polymerase epsilon (Pol ε) acts as the major leading-strand DNA polymerase. Here we report the identification of biallelic mutations in POLE, encoding the Pol ε catalytic subunit POLE1, in 15 individuals from 12 families. Phenotypically, these individuals had clinical features closely resembling IMAGe syndrome (intrauterine growth restriction [IUGR], metaphyseal dysplasia, adrenal hypoplasia congenita, and genitourinary anomalies in males), a disorder previously associated with gain-of-function mutations in CDKN1C. POLE1-deficient individuals also exhibited distinctive facial features and variable immune dysfunction with evidence of lymphocyte deficiency. All subjects shared the same intronic variant (c.1686+32C>G) as part of a common haplotype, in combination with different loss-of-function variants in trans. The intronic variant alters splicing, and together the biallelic mutations lead to cellular deficiency of Pol ε and delayed S-phase progression. In summary, we establish POLE as a second gene in which mutations cause IMAGe syndrome. These findings add to a growing list of disorders due to mutations in DNA replication genes that manifest growth restriction alongside adrenal dysfunction and/or immunodeficiency, consolidating these as replisome phenotypes and highlighting a need for future studies to understand the tissue-specific development roles of the encoded proteins

Cryptographie reposant sur les réseaux Euclidiens - Fondations de sécurité et Constructions

Lattice-based cryptography is a branch of cryptography exploiting the presumed hardness of some well-known problems on lattices. Its main advantages are its simplicity, efficiency, and apparent security against quantum computers. The principle of the security proofs in lattice-based cryptography is to show that attacking a given scheme is at least as hard as solving a particular problem, as the Learning with Errors problem (LWE) or the Small Integer Solution problem (SIS). Then, by showing that those two problems are at least as hard to solve than a hard problem on lattices, presumed polynomial time intractable, we conclude that the constructed scheme is secure.In this thesis, we improve the foundation of the security proofs and build new cryptographic schemes. We study the hardness of the SIS and LWE problems, and of some of their variants on integer rings of cyclotomic fields and on modules on those rings. We show that there is a classical hardness proof for the LWE problem (Regev's prior reduction was quantum), and that the module variants of SIS and LWE are also hard to solve. We also give two new lattice-based group signature schemes, with security based on SIS and LWE. One is the first lattice-based group signature with logarithmic signature size in the number of users. And the other construction allows another functionality, verifier-local revocation. Finally, we improve the size of some parameters in the work on cryptographic multilinear maps of Garg, Gentry and Halevi in 2013.La cryptographie reposant sur les réseaux Euclidiens est une branche récente de la cryptographie dans laquelle la sécurité des primitives repose sur la difficulté présumée de certains problèmes bien connus dans les réseaux Euclidiens. Le principe de ces preuves est de montrer que réussir une attaque contre une primitive est au moins aussi difficile que de résoudre un problème particulier, comme le problème Learning With Errors (LWE) ou le problème Small Integer Solution (SIS). En montrant que ces problèmes sont au moins aussi difficiles à résoudre qu'un problème difficile portant sur les réseaux, présumé insoluble en temps polynomial, on en conclu que les primitives construites sont sûres. Nous avons travaillé sur l'amélioration de la sécurité et des constructions de primitives cryptographiques. Nous avons étudié la difficulté des problèmes SIS et LWE et de leurs variantes structurées sur les anneaux d'entiers de corps cyclotomiques, et les modules libres sur ceux-ci. Nous avons montré d'une part qu'il existe une preuve de difficulté classique pour le problème LWE (la réduction existante de Regev en 2005 était quantique), d'autre part que les variantes sur les modules sont elles-aussi difficiles. Nous avons aussi proposé deux nouvelles variantes de signatures de groupe dont la sécurité repose sur SIS et LWE. L'une est la première reposant sur les réseaux et ayant une taille et une complexité poly-logarithmique en le nombre d'utilisateurs. La seconde construction permet de plus la révocation d'un membre du groupe. Enfin, nous avons amélioré la taille de certains paramètres dans le travail sur les applications multilinéaires cryptographiques de Garg, Gentry et Halevi

Using Structured Variants in Lattice-Based Cryptography

École thématiqu