Filters

472 Hits in 2.3 sec

### How (Not) to Instantiate Ring-LWE [chapter]

Chris Peikert
2016 Lecture Notes in Computer Science
This holds for the ring of integers in any number field, so the rings themselves are not the source of insecurity in the vulnerable instantiations.  ...  In all cases, the insecurity of an instantiation is due to the fact that the error distribution is insufficiently "well spread" relative to the ring.  ...  I thank Léo Ducas, Kristin Lauter, Vadim Lyubashevsky, Oded Regev, and Katherine Stange for many valuable discussions and comments on topics related to this work.  ...

### How to Garble Arithmetic Circuits

Benny Applebaum, Yuval Ishai, Eyal Kushilevitz
2011 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science
The security of our construction relies on the intractability of the learning with errors (LWE) problem.  ...  construction transforms a boolean circuit C : {0, 1} n → {0, 1} m into a "garbled circuit"Ĉ along with n pairs of k-bit keys, one for each input bit, such thatĈ together with the n keys corresponding to  ...  While we do not know how to implement the primitive over finite fields (nor can we rule out the existence of such an implementation), we implement a similar primitive over the integers under the LWE assumption  ...

### How to Garble Arithmetic Circuits

Benny Applebaum, Yuval Ishai, Eyal Kushilevitz
2014 SIAM journal on computing (Print)
The security of our construction relies on the intractability of the learning with errors (LWE) problem.  ...  construction transforms a boolean circuit C : {0, 1} n → {0, 1} m into a "garbled circuit" Ĉ along with n pairs of k-bit keys, one for each input bit, such that Ĉ together with the n keys corresponding to  ...  While we do not know how to implement the primitive over finite fields (nor can we rule out the existence of such an implementation), we implement a similar primitive over the integers under the LWE assumption  ...

### NTRUCCA: How to Strengthen NTRUEncrypt to Chosen-Ciphertext Security in the Standard Model [chapter]

Ron Steinfeld, San Ling, Josef Pieprzyk, Christophe Tartary, Huaxiong Wang
2012 Lecture Notes in Computer Science
Huaxiong (2012) NTRUCCA : how to strengthen NTRUEncrypt to chosenciphertext security in the standard model. Abstract.  ...  To our knowledge, our result gives the rst IND-CCA2 secure variant of NTRUEncrypt in the standard model, based on standard cryptographic assumptions.  ...  Until very recently, it was unknown how to instantiate the most ecient scheme from [1] based on Ring-LWE with a poly-time reduction from worstcase problems in ideal lattices, but this has now been resolved  ...

### Compact and provably secure lattice-based signatures in hardware

James Howe, Ciara Rafferty, Ayesha Khalid, Maire O'Neill
2017 2017 IEEE International Symposium on Circuits and Systems (ISCAS)
In this paper, the first hardware design of the provably secure Ring-LWE digital signature scheme, Ring-TESLA, is presented, targeting a Xilinx Spartan-6 FPGA.  ...  Lattice-based cryptography is a quantum-safe alternative to existing classical asymmetric cryptography, such as RSA and ECC, which may be vulnerable to future attacks in the event of the creation of a  ...  However, the hardness assumptions of NTRU is not related to the hardness of worst-case lattice problems, a useful property of Ring-LWE [8] .  ...

### Standard Lattice-Based Key Encapsulation on Embedded Devices

James Howe, Tobias Oder, Markus Krausz, Tim Güneysu
2018 Transactions on Cryptographic Hardware and Embedded Systems
Our results contribute to the practical evaluation of a post-quantum standardization candidate.  ...  Due to the large parameters, standard latticebased schemes have long been considered impractical on embedded devices.  ...  We would also like to thank the anonymous reviewers for their very valuable and helpful feedback.  ...

### Encoding Functions with Constant Online Rate, or How to Compress Garbled Circuit Keys

Benny Applebaum, Yuval Ishai, Eyal Kushilevitz, Brent Waters
2015 SIAM journal on computing (Print)
Specifically, we show how to encode any polynomial-time computable function f : {0, 1} n → {0, 1} m(n) with online rate of 1+o(1) and with nearly linear online computation.  ...  These constructions can be based on the decisional Diffie-Hellman assumption (DDH), the Learning with Errors assumption (LWE), or the RSA assumption.  ...  We do not know how to get similar results from general (non-affine) succinct REs.  ...

### An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation [chapter]

Sedat Akleylek, Nina Bindel, Johannes Buchmann, Juliane Krämer, Giorgia Azzurra Marson
2016 Lecture Notes in Computer Science
However, their parameters are not chosen according to their provided security reduction, i.e., the instantiation is not provably secure.  ...  To this end, we provide a tight security reduction for the new scheme from the ring learning with errors problem which allows for provably secure and efficient instantiations.  ...  which are chosen according to the given security reduction, cf. Section ??. Nevertheless, we achieve good performance with respect to time and space.  ...

### Encoding Functions with Constant Online Rate or How to Compress Garbled Circuits Keys [chapter]

Benny Applebaum, Yuval Ishai, Eyal Kushilevitz, Brent Waters
2013 Lecture Notes in Computer Science
Specifically, we show how to encode any polynomial-time computable function f : {0, 1} n → {0, 1} m(n) with online rate of 1+o(1) and with nearly linear online computation.  ...  These constructions can be based on the decisional Diffie-Hellman assumption (DDH), the Learning with Errors assumption (LWE), or the RSA assumption.  ...  We do not know how to get similar results from general (non-affine) succinct REs.  ...

### Compact, Scalable, and Efficient Discrete Gaussian Samplers for Lattice-Based Cryptography

Ayesha Khalid, James Howe, Ciara Rafferty, Francesco Regazzoni, Maire O'Neill
2018 2018 IEEE International Symposium on Circuits and Systems (ISCAS)
COMBINER x 1 + kx 2 L2 L1 L1 … CDT TABLE COMBINER L0 L0 BINARY SEARCH STATE MACHINE x 1 x 2 k′ k This also applies to Ring-LWE, Ring-SIS, Module-LWE, and Module-SIS based  ...  BLISS-III and BLISS-IV as well as BCNS and Ring-LWE parameters can also all share the same base sampler.  ...

### The Ring-LWE Problem in Lattice-Based Cryptography: The Case of Twisted Embeddings

Jheyne N Ortiz, Robson R de Araujo, Diego F Aranha, Sueli I R Costa, Ricardo Dahab
2021 Entropy
We prove that Twisted Ring-LWE is secure by providing a security reduction from Ring-LWE to Twisted Ring-LWE in both search and decision forms.  ...  Although these weak instances are not addressed by worst-case hardness theorems, enabling other ring instantiations enlarges the scope of possible applications and favors the diversification of security  ...  Author Contributions: All authors contributed to the study conception and design.  ...

### Efficient Scalable Constant-Round MPC via Garbled Circuits [chapter]

Aner Ben-Efraim, Yehuda Lindell, Eran Omri
2017 Lecture Notes in Computer Science
Our constructions use key-homomorphic pseudorandom functions (one based on DDH and the other on Ring-LWE) and are concretely efficient.  ...  In recent work, it was shown that this protocol can be efficiently instantiated for semi-honest adversaries (Ben-Efraim et al., ACM CCS 2016).  ...  Acknowledgements We would like to thank Shalev Keren, Moria Farbstein and Lior Koskas for helping with the code, and to thank Shai Halevi and Vadim Lyubashevsky for helpful discussions on LWE.  ...

### Privacy-Preserving Logistic Regression with Distributed Data Sources via Homomorphic Encryption

Yoshinori AONO, Takuya HAYASHI, Le Trieu PHONG, Lihua WANG
2016 IEICE transactions on information and systems
Indeed, we instantiate our system with Paillier, LWE-based, and ring-LWE-based encryption schemes, highlighting the merits and demerits of each instantiation.  ...  Besides examining the costs of computation and communication, we carefully test our system over real datasets to demonstrate its utility.  ...  to use additively homomorphic encryption with the homomorphism-aware logistic regression. (3) We show how to instantiate our system with Paillier, LWE-based, and ring-LWE-based encryption, and highlight  ...

### Compact Lattice Signatures

Dipayan Das, Vishal Saraswat
2018 Proceedings of the 15th International Joint Conference on e-Business and Telecommunications
., 2017) to bring lattice-based signature schemes at par with the traditional number-theoretic signature schemes.  ...  However, the trade-off between the signature size and the key size, time for a signature generation, and the practical and provable security is not necessarily the optimal.  ...  We are thankful to Kajla Basu for her support.  ...

### SPRING: Fast Pseudorandom Functions from Rounded Ring Products [chapter]

Abhishek Banerjee, Hai Brenner, Gaëtan Leurent, Chris Peikert, Alon Rosen
2015 Lecture Notes in Computer Science
One instantiation uses a generator matrix of a binary BCH error-correcting code to "determinstically extract" nearly random bits from a (biased) rounded subset-product.  ...  In this work we give two concrete and practically efficient instantiations of the BPR design, which we call SPRING, for "subset-product with rounding over a ring."  ...  with errors" (ring-LWE) problem [LPR10] is hard in R p .  ...
« Previous Showing results 1 — 15 out of 472 results