Filters








187 Hits in 9.7 sec

A Hybrid Lattice Basis Reduction and Quantum Search Attack on LWE [chapter]

Florian Göpfert, Christine van Vredendaal, Thomas Wunderer
2017 Lecture Notes in Computer Science  
Our quantum attack is based on Howgrave-Graham's Classical Hybrid Attack and is suitable for LWE instances in recent cryptographic proposals.  ...  In this work, we propose a new quantum attack on the learning with errors (LWE) problem, whose hardness is the foundation for many modern lattice-based cryptographic constructions.  ...  So far the only existing quantum attacks on LWE are classical attacks where the basis reduction subroutine is replaced by quantum basis reduction.  ... 
doi:10.1007/978-3-319-59879-6_11 fatcat:343hw4m3cnaalhfxdrea6lxolu

Revisiting the Hybrid attack on sparse and ternary secret LWE [article]

Yongha Son, Jung Hee Cheon
2019 IACR Cryptology ePrint Archive  
This use of small secret also benefits to attack algorithms against LWE, and currently LWEbased cryptosystems including homomorphic encryptions (HE) set parameters based on the attack complexity of those  ...  previous analysis for the hybrid attack in line with LWE setting.  ...  It is well-known that for NTRU, a hybrid of lattice reduction and meetin-the-middle attack (the hybrid attack from now) was proposed by [29] , and this is still considered as one of the most powerful  ... 
dblp:journals/iacr/SonC19 fatcat:xp2e7mhxdjbo3lbnn52j7ee6xa

spKEX: An optimized lattice-based key exchange [article]

Sauvik Bhattacharya, Óscar García-Morchón, Ronald Rietman, Ludo Tolhuizen
2017 IACR Cryptology ePrint Archive  
In particular, the Learning with Errors (LWE) problem [23] is a hard mathematical problem with quantum reductions to the worst-case hard lattice problems GapSVP and SIVP [23] and classical reductions to  ...  In one of the flavors of LWE, the attacker is given many pairs (a i , {b i = a i s+e i (mod q)}) and his task is to recover s, where a i and s are randomly chosen vectors from a uniform distribution and  ...  We thank Zhenfei Zhang for fruitful discussions on the hybrid attack.  ... 
dblp:journals/iacr/BhattacharyaGRT17 fatcat:7rye6atmgrautk2lohhsso3xou

Lizard: Cut Off the Tail! A Practical Post-quantum Public-Key Encryption from LWE and LWR [chapter]

Jung Hee Cheon, Duhyeong Kim, Joohee Lee, Yongsoo Song
2018 Lecture Notes in Computer Science  
The Learning with Errors (LWE) is one of the most promising primitive for post-quantum cryptography due to its strong security reduction from the worst-case of NP-hard problems and its lightweight operations  ...  In this paper, we propose a novel PKE without relying on either of them. For encryption, we first combine several LWE instances as in the previous LWE-based PKEs.  ...  The authors would like to thank Leo Ducas, Andrey Kim, Kyoohyung Han, Junbeom Shin, and Estsoft for valuable discussions.  ... 
doi:10.1007/978-3-319-98113-0_9 fatcat:iois4ha23ndnncav35gtuiuxam

How to Meet Ternary LWE Keys [article]

Alexander May
2021 IACR Cryptology ePrint Archive  
The presumably best attack on these schemes is a hybrid attack that combines lattice reduction techniques with Odlyzko's Meet-in-the-Middle approach.  ...  We leave it is an open question whether our new Meetin-the-Middle attack in combination with lattice reduction can be used to speed up the hybrid attack.  ...  Acknowledgements: The author wants to thank Elena Kirshanova, John Schank and Andre Esser for discussions and estimations concerning lattice reduction and the Hybrid attack, and the anonymous reviewers  ... 
dblp:journals/iacr/May21 fatcat:zk3r7kpzvjdy5dhy7bzqbpf5si

Hybrid dual attack on LWE with arbitrary secrets

Lei Bi, Xianhui Lu, Junjie Luo, Kunpeng Wang, Zhenfei Zhang
2022 Cybersecurity  
A new and interesting result from our analysis shows that for most cryptographic use cases a hybrid dual attack outperforms a standalone dual attack, regardless of the secret distribution.  ...  Prior to our work, hybrid attacks are only considered for sparse and/or small secrets.  ...  Acknowledgements We would like to thank the anonymous reviewers and editors for detailed comments and useful feedback.  ... 
doi:10.1186/s42400-022-00115-y fatcat:mdekw7lc3bdghgpjlfd2j7iksm

Hybrid Dual Attack on LWE with Arbitrary Secrets [article]

Lei Bi, Xianhui Lu, Junjie Luo, Kunpeng Wang, Zhenfei Zhang
2021 IACR Cryptology ePrint Archive  
A new and interesting result from our analysis shows that for most cryptographic use cases a hybrid dual attack outperforms a standalone dual attack, regardless of the secret distribution.  ...  Prior to our work, hybrid attacks are only considered for sparse and/or small secrets.  ...  When given as input some basis of a lattice, a lattice reduction algorithm is to find a basis that consists of relatively short and relatively pairwise orthogonal vectors.  ... 
dblp:journals/iacr/BiLLWZ21 fatcat:zkftzednzbb6jdtr4yvxrteg64

On a hybrid approach to solve binary-LWE [article]

Thomas Espitau, Antoine Joux, Natalia Kharchenko
2020 IACR Cryptology ePrint Archive  
This approach offers a trade-off between the cost of lattice reduction and the complexity of the search part which allows to speed up the attack.  ...  More precisely, we use the dual attack on a projected sublattice, which allows generating instances of the LWE problem with a slightly bigger noise that correspond to a fraction of the secret key.  ...  A lattice reduction algorithm is an algorithm which, given as input some basis of the lattice, finds a basis that consists of relatively short and relatively pairwiseorthogonal vectors.  ... 
dblp:journals/iacr/EspitauJK20 fatcat:t7pegp647ndh7effnxivjmzxoq

Post-quantum Key Exchange for the Internet and the Open Quantum Safe Project [chapter]

Douglas Stebila, Michele Mosca
2017 Lecture Notes in Computer Science  
We review two protocols for quantum-resistant key exchange based on lattice problems: BCNS15, based on the ring learning with errors problem, and Frodo, based on the learning with errors problem.  ...  Designing public key cryptosystems that resist attacks by quantum computers is an important area of current cryptographic research and standardization.  ...  Acknowledgements Research on LWE and ring-LWE based key exchange discussed in this paper includes joint work with Joppe W.  ... 
doi:10.1007/978-3-319-69453-5_2 fatcat:lhen3goh6rb4nft6ui6p4gjuoa

Lighting the Way to a Smart World: Lattice-Based Cryptography for Internet of Things [article]

Rui Xu, Chi Cheng, Yue Qin, Tao Jiang
2018 arXiv   pre-print
As a promising candidate for the future post-quantum cryptography standard, lattice-based cryptography enjoys the advantages of strong security guarantees and high efficiency, which make it extremely suitable  ...  In this paper, we summarize the advantages of lattice-based cryptography and the state of art of their implementations for IoT devices.  ...  These are well encapsulated average problems enjoying a worst-case to average-case reduction which states that SIS and LWE are hard on average (for a random instance) unless the related problems on lattices  ... 
arXiv:1805.04880v1 fatcat:327pcoavungejelvhpvd3ofwky

Public-key cryptosystems from the worst-case shortest vector problem

Chris Peikert
2009 Proceedings of the 41st annual ACM symposium on Symposium on theory of computing - STOC '09  
Our main technical innovation is a reduction from variants of the shortest vector problem to corresponding versions of the "learning with errors" (LWE) problem; previously, only a quantum reduction of  ...  on lattices.  ...  Acknowledgments I thank Vadim Lyubashevsky, Daniele Micciancio, Oded Regev, and the anonymous STOC reviewers for very helpful discussions and comments.  ... 
doi:10.1145/1536414.1536461 dblp:conf/stoc/Peikert09 fatcat:23ygv3hvgreshdh2bwobrimb6m

lattice based cryptography.pdf

ganesh E N
2022 figshare.com  
As a promising candidate for the future post-quantum cryptography standard, lattice-based cryptography enjoys the advantages of strong security guarantees and high efficiency, which make it extremely suitable  ...  In this paper, we summarize the advantages of lattice-based cryptography and the state of art of their implementations for IoT devices  ...  These are well encapsulated average problems enjoying a worst-case to average-case reduction which states that SIS and LWE are hard on average (for a random instance) unless the related problems on lattices  ... 
doi:10.6084/m9.figshare.19802590.v1 fatcat:5ksga2srmrh33fcnizsicdrvte

A Decade of Lattice Cryptography

Chris Peikert
2016 Foundations and Trends® in Theoretical Computer Science  
Attractive features of lattice cryptography include apparent resistance to quantum attacks (in contrast with most number-theoretic cryptography), high asymptotic efficiency and parallelism, security under  ...  The main focus is on the foundational short integer solution (SIS) and learning with errors (LWE) problems (and their more efficient ring-based variants), their provable hardness assuming the worst-case  ...  I warmly thank Vadim Lyubashevsky, Dieter van Melkebeek, Oded Regev, Noah Stephens-Davidowitz, Madhu Sudan, and an anonymous reviewer for many valuable comments on earlier drafts.  ... 
doi:10.1561/0400000074 fatcat:5orjj3lrufdalfufl7ju6rnz3e

Lattice-based Key Sharing Schemes - A Survey [article]

Prasanna Ravi, James Howe, Anupam Chattopadhyay, Shivam Bhasin
2020 IACR Cryptology ePrint Archive  
general algorithmic frameworks, practical implementation aspects and physical attack security, with special focus on lattice-based key sharing schemes competing in the NIST's standardization process.  ...  Lattice-based cryptography offers a very attractive alternative to traditional public-key cryptography mainly due to the variety of lattice-based schemes offering varying flavors of security and efficiency  ...  Primal attack typically works by solving the search-LWE problem as a unique SVP on the same lattice.  ... 
dblp:journals/iacr/RaviHCB20 fatcat:gwfp7xfzbbgxnldzbngfc4ru7q

On Ideal Lattices and Learning with Errors over Rings [chapter]

Vadim Lyubashevsky, Chris Peikert, Oded Regev
2010 Lecture Notes in Computer Science  
Specifically, we show that the ring-LWE distribution is pseudorandom, assuming that worst-case problems on ideal lattices are hard for polynomial-time quantum algorithms.  ...  A main open question was whether LWE and its applications could be made truly efficient by exploiting extra algebraic structure, as was done for lattice-based hash functions (and related primitives).  ...  We thank Damien Stehlé for useful discussions, and for sharing with us, together with Ron Steinfeld, Keisuke Tanaka, and Keita Xagawa, an early draft of their result.  ... 
doi:10.1007/978-3-642-13190-5_1 fatcat:htckcqetq5ehhkqjjrw4xmaqui
« Previous Showing results 1 — 15 out of 187 results