1,981 Hits in 7.1 sec

A detailed analysis of the hybrid lattice-reduction and meet-in-the-middle attack

Thomas Wunderer
2019 Journal of Mathematical Cryptology  
Over the past decade, the hybrid lattice-reduction and meet-in-the middle attack (called hybrid attack) has been used to evaluate the security of many lattice-based cryptographic schemes such as NTRU,  ...  In this work, we present an improved runtime analysis of the hybrid attack that is based on more reasonable assumptions.  ...  Acknowledgment: We thank Florian Göpfert and John Schanck for helpful discussions and comments. Funding: This work has been co-funded by the DFG as part of project P1 within the CRC 1119 CROSSING.  ... 
doi:10.1515/jmc-2016-0044 fatcat:nrodgfu2ezcfzoffn6duaxwatm

On the Hardness of LWE with Binary Error: Revisiting the Hybrid Lattice-Reduction and Meet-in-the-Middle Attack [chapter]

Johannes Buchmann, Florian Göpfert, Rachel Player, Thomas Wunderer
2016 Lecture Notes in Computer Science  
We achieve this by applying the Howgrave-Graham attack on NTRU, which is a combination of lattice techniques and a Meet-in-the-Middle approach, to this setting.  ...  We additionally present a complete and improved analysis of the attack, using analytic techniques.  ...  This work has been co-funded by the DFG as part of project P1 within the CRC 1119 CROSSING. We thank Sean Murphy for useful discussions and comments.  ... 
doi:10.1007/978-3-319-31517-1_2 fatcat:epgsz3tw7zebpky2zmedyaxtr4

How to Meet Ternary LWE Keys [article]

Alexander May
2021 IACR Cryptology ePrint Archive  
The presumably best attack on these schemes is a hybrid attack that combines lattice reduction techniques with Odlyzko's Meet-in-the-Middle approach.  ...  We leave it is an open question whether our new Meetin-the-Middle attack in combination with lattice reduction can be used to speed up the hybrid attack.  ...  Acknowledgements: The author wants to thank Elena Kirshanova, John Schank and Andre Esser for discussions and estimations concerning lattice reduction and the Hybrid attack, and the anonymous reviewers  ... 
dblp:journals/iacr/May21 fatcat:zk3r7kpzvjdy5dhy7bzqbpf5si

Choosing Parameters for NTRUEncrypt [chapter]

Jeff Hoffstein, Jill Pipher, John M. Schanck, Joseph H. Silverman, William Whyte, Zhenfei Zhang
2017 Lecture Notes in Computer Science  
We describe a methods for generating parameter sets and calculating security estimates for NTRUEncrypt.  ...  Analyses are provided for the standardized product-form parameter sets from IEEE 1363.1-2008 and for the NTRU Challenge parameter sets.  ...  A meet in the middle search is also possible on a basis that has been preprocessed for the hybrid attack as in Equation 5 .  ... 
doi:10.1007/978-3-319-52153-4_1 fatcat:mkfd36bhebbkrosxklwpthtggm

A Hybrid Lattice Basis Reduction and Quantum Search Attack on LWE [chapter]

Florian Göpfert, Christine van Vredendaal, Thomas Wunderer
2017 Lecture Notes in Computer Science  
In the case of lattice-based cryptography, currently existing quantum attacks are mainly classical attacks, carried out with quantum basis reduction as subroutine.  ...  We further show that our Quantum Hybrid Attack improves upon the Classical Hybrid Attack in the case of LWE with binary error.  ...  We also give a detailed analysis of the Quantum Hybrid Attack and optimize the attack parameters selection.  ... 
doi:10.1007/978-3-319-59879-6_11 fatcat:343hw4m3cnaalhfxdrea6lxolu

Q-NTRU Cryptosystem for IoT Applications

Omar Sapti Guma'a, Qasim Mohammed Hussein, Ziyad Tariq Mustafa Al-Ta'i
2019 Journal of Southwest Jiaotong University  
Interesting in the Internet of things (IoT) has begun to grow rapidly since it deals with the everyday needs of humans and becomes dealing with a huge amount of personal information.  ...  This expansion is accompanied by a number of challenges; one of them is the need for solving the problem of security challenges by using algorithms with high security and the adversaries unable to attack  ...  Meet-in-the-middle attack: Odlyzko proposed the meet-in-the-middle attack [35] for NTRU cryptosystem and this attack was further developed by Silverman [36] .  ... 
doi:10.35741/issn.0258-2724.54.4.15 fatcat:x6wobwkpvncc3kggkukl2n5bdi

spKEX: An optimized lattice-based key exchange [article]

Sauvik Bhattacharya, Óscar García-Morchón, Ronald Rietman, Ludo Tolhuizen
2017 IACR Cryptology ePrint Archive  
In particular, the Learning with Errors (LWE) problem [23] is a hard mathematical problem with quantum reductions to the worst-case hard lattice problems GapSVP and SIVP [23] and classical reductions to  ...  In one of the flavors of LWE, the attacker is given many pairs (a i , {b i = a i s+e i (mod q)}) and his task is to recover s, where a i and s are randomly chosen vectors from a uniform distribution and  ...  We thank Zhenfei Zhang for fruitful discussions on the hybrid attack.  ... 
dblp:journals/iacr/BhattacharyaGRT17 fatcat:7rye6atmgrautk2lohhsso3xou

Reduced memory meet-in-the-middle attack against the NTRU private key

Christine van Vredendaal
2016 LMS Journal of Computation and Mathematics  
NTRU is a public-key cryptosystem introduced at ANTS-III. The two most used techniques in attacking the NTRU private key are meet-in-the-middle attacks and lattice-basis reduction attacks.  ...  Howgrave-Graham combined both techniques in 2007 and pointed out that the largest obstacle to attacks is the memory capacity that is required for the meet-in-the-middle phase.  ...  Hybrid Attack The hybrid lattice-basis reduction and meet-in-the-middle attack [14] mentioned in the introduction works by taking the NTRU lattice and applying lattice-basis reduction to part of the  ... 
doi:10.1112/s1461157016000206 fatcat:pmmtofcvd5gs7p4jt5w54ylgau

Efficient FPGA Implementation of Modular Multiplication and Exponentiation

M Issad, M Anane, B Boudraa, A M Bellemou, N Anane
2020 Malaysian Journal of Computing and Applied Mathematics  
The application for 1024-bits data length shows that the MMM run in 6.24 µs and requires 647 slices. The ME is executed in 6.75 ms, using 2881 slices.  ...  Our objective is to achieve a best trade-off between execution time, occupied area and flexibility.  ...  Meet-in-the-Middle Attack: The goal of a general Meet-In-the-Middle attack, is to find specific elements x,x' in a search space of which it is known that f1(x) = f2(x') search x, x' values ; the unique  ... 
doi:10.37231/myjcam.2020.3.1.37 fatcat:2dfcacmq7rahpbmw5ja7unbptu

On a hybrid approach to solve binary-LWE [article]

Thomas Espitau, Antoine Joux, Natalia Kharchenko
2020 IACR Cryptology ePrint Archive  
This approach offers a trade-off between the cost of lattice reduction and the complexity of the search part which allows to speed up the attack.  ...  In this paper, we investigate the security of the Learning With Error (LWE) problem with small secrets by refining and improving the so-called dual lattice attack.  ...  He proposed to combine a meet-in-the-middle attack with lattice reduction to attack NTRUEncrypt.  ... 
dblp:journals/iacr/EspitauJK20 fatcat:t7pegp647ndh7effnxivjmzxoq

Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches [chapter]

Philip S. Hirschhorn, Jeffrey Hoffstein, Nick Howgrave-Graham, William Whyte
2009 Lecture Notes in Computer Science  
We present the new NTRUEncrypt parameter generation algorithm, which is designed to be secure in light of recent attacks that combine lattice reduction and meet-in-the-middle (MITM) techniques.  ...  The parameters generated from our algorithm have been submitted to several standard bodies and are presented at the end of the paper.  ...  reasonable assumptions) -Provide an exact calculation of the probability p s that a correct guess in the meet-in-the-middle stage of the attack will be recognized as such (this was only experimentally  ... 
doi:10.1007/978-3-642-01957-9_27 fatcat:6j7ncqa57zeg7g3pvswuk6xpka

An efficient quantum meet-in-the-middle attack against NTRU-2005

Hong Wang, Zhi Ma, ChuanGui Ma
2013 Chinese Science Bulletin  
The algorithm is based on meet-in-the-middle attack and a quantum algorithm for searching the fixed weight target.  ...  Compared with the current classical and quantum meet-in-the-middle attacks, our algorithm has lower time and space complexity.  ...  Classical meet-in-the-middle (MITM) attack is a generic cryptanalytic method originally developed from cryptanalysis of block ciphers.  ... 
doi:10.1007/s11434-013-6020-y fatcat:2zno5qvwq5f7zlcgcl2jyq7pai

Hybrid dual attack on LWE with arbitrary secrets

Lei Bi, Xianhui Lu, Junjie Luo, Kunpeng Wang, Zhenfei Zhang
2022 Cybersecurity  
A new and interesting result from our analysis shows that for most cryptographic use cases a hybrid dual attack outperforms a standalone dual attack, regardless of the secret distribution.  ...  We formulate our results into a framework of predicting the performance of the hybrid dual attacks. We also present a few tricks that further improve our attack.  ...  Acknowledgements We would like to thank the anonymous reviewers and editors for detailed comments and useful feedback.  ... 
doi:10.1186/s42400-022-00115-y fatcat:mdekw7lc3bdghgpjlfd2j7iksm

Hybrid Dual Attack on LWE with Arbitrary Secrets [article]

Lei Bi, Xianhui Lu, Junjie Luo, Kunpeng Wang, Zhenfei Zhang
2021 IACR Cryptology ePrint Archive  
A new and interesting result from our analysis shows that for most cryptographic use cases a hybrid dual attack outperforms a standalone dual attack, regardless of the secret distribution.  ...  We formulate our results into a framework of predicting the performance of the hybrid dual attacks. We also present a few tricks that further improve our attack.  ...  We summarize those results in Table 1 . The first work of hybrid attack on LWE [16] combined decoding attack with meet-in-the-middle (MITM) technique.  ... 
dblp:journals/iacr/BiLLWZ21 fatcat:zkftzednzbb6jdtr4yvxrteg64

GLYPH: A New Insantiation of the GLP Digital Signature Scheme [article]

Arjun Chopra
2017 IACR Cryptology ePrint Archive  
We have produced a software implementation of GLYPH, and we place it in the public domain at  ...  In 2012 Güneysu, et al. proposed GLP, a practical and efficient post-quantum digital signature scheme based on the computational hardness of the Ring Learning With Errors problem.  ...  Hybrid attack It is possible to combine a BKZ attack and a meet-in-the-middle attack. A meet-in-the-middle attack is run to recover the final r co-ordinates of s.  ... 
dblp:journals/iacr/Chopra17 fatcat:jorch2smmzcfzbp3mmmydppqxu
« Previous Showing results 1 — 15 out of 1,981 results