Filters








472 Hits in 2.3 sec

How (Not) to Instantiate Ring-LWE [chapter]

Chris Peikert
2016 Lecture Notes in Computer Science  
This holds for the ring of integers in any number field, so the rings themselves are not the source of insecurity in the vulnerable instantiations.  ...  In all cases, the insecurity of an instantiation is due to the fact that the error distribution is insufficiently "well spread" relative to the ring.  ...  I thank Léo Ducas, Kristin Lauter, Vadim Lyubashevsky, Oded Regev, and Katherine Stange for many valuable discussions and comments on topics related to this work.  ... 
doi:10.1007/978-3-319-44618-9_22 fatcat:yndp4zo73jbczibngeyzpd6e5e

How to Garble Arithmetic Circuits

Benny Applebaum, Yuval Ishai, Eyal Kushilevitz
2011 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science  
The security of our construction relies on the intractability of the learning with errors (LWE) problem.  ...  construction transforms a boolean circuit C : {0, 1} n → {0, 1} m into a "garbled circuit"Ĉ along with n pairs of k-bit keys, one for each input bit, such thatĈ together with the n keys corresponding to  ...  While we do not know how to implement the primitive over finite fields (nor can we rule out the existence of such an implementation), we implement a similar primitive over the integers under the LWE assumption  ... 
doi:10.1109/focs.2011.40 dblp:conf/focs/ApplebaumIK11 fatcat:pkzcfake7bdq3lypifmq43czty

How to Garble Arithmetic Circuits

Benny Applebaum, Yuval Ishai, Eyal Kushilevitz
2014 SIAM journal on computing (Print)  
The security of our construction relies on the intractability of the learning with errors (LWE) problem.  ...  construction transforms a boolean circuit C : {0, 1} n → {0, 1} m into a "garbled circuit" Ĉ along with n pairs of k-bit keys, one for each input bit, such that Ĉ together with the n keys corresponding to  ...  While we do not know how to implement the primitive over finite fields (nor can we rule out the existence of such an implementation), we implement a similar primitive over the integers under the LWE assumption  ... 
doi:10.1137/120875193 fatcat:y2ffhu4msvhyhowz7njcqn6dpu

NTRUCCA: How to Strengthen NTRUEncrypt to Chosen-Ciphertext Security in the Standard Model [chapter]

Ron Steinfeld, San Ling, Josef Pieprzyk, Christophe Tartary, Huaxiong Wang
2012 Lecture Notes in Computer Science  
Huaxiong (2012) NTRUCCA : how to strengthen NTRUEncrypt to chosenciphertext security in the standard model. Abstract.  ...  To our knowledge, our result gives the rst IND-CCA2 secure variant of NTRUEncrypt in the standard model, based on standard cryptographic assumptions.  ...  Until very recently, it was unknown how to instantiate the most ecient scheme from [1] based on Ring-LWE with a poly-time reduction from worstcase problems in ideal lattices, but this has now been resolved  ... 
doi:10.1007/978-3-642-30057-8_21 fatcat:5pcdq34otjbexajswvgq5gyi64

Compact and provably secure lattice-based signatures in hardware

James Howe, Ciara Rafferty, Ayesha Khalid, Maire O'Neill
2017 2017 IEEE International Symposium on Circuits and Systems (ISCAS)  
In this paper, the first hardware design of the provably secure Ring-LWE digital signature scheme, Ring-TESLA, is presented, targeting a Xilinx Spartan-6 FPGA.  ...  Lattice-based cryptography is a quantum-safe alternative to existing classical asymmetric cryptography, such as RSA and ECC, which may be vulnerable to future attacks in the event of the creation of a  ...  However, the hardness assumptions of NTRU is not related to the hardness of worst-case lattice problems, a useful property of Ring-LWE [8] .  ... 
doi:10.1109/iscas.2017.8050566 dblp:conf/iscas/HoweRKO17 fatcat:cxdf3fic3nceranlqobzsoukhe

Standard Lattice-Based Key Encapsulation on Embedded Devices

James Howe, Tobias Oder, Markus Krausz, Tim Güneysu
2018 Transactions on Cryptographic Hardware and Embedded Systems  
Our results contribute to the practical evaluation of a post-quantum standardization candidate.  ...  Due to the large parameters, standard latticebased schemes have long been considered impractical on embedded devices.  ...  We would also like to thank the anonymous reviewers for their very valuable and helpful feedback.  ... 
doi:10.13154/tches.v2018.i3.372-393 dblp:journals/tches/HoweOKG18 fatcat:st44pel5lje3fao6qxu2lgbzoa

Encoding Functions with Constant Online Rate, or How to Compress Garbled Circuit Keys

Benny Applebaum, Yuval Ishai, Eyal Kushilevitz, Brent Waters
2015 SIAM journal on computing (Print)  
Specifically, we show how to encode any polynomial-time computable function f : {0, 1} n → {0, 1} m(n) with online rate of 1+o(1) and with nearly linear online computation.  ...  These constructions can be based on the decisional Diffie-Hellman assumption (DDH), the Learning with Errors assumption (LWE), or the RSA assumption.  ...  We do not know how to get similar results from general (non-affine) succinct REs.  ... 
doi:10.1137/130929643 fatcat:pwv2vdym4jeptaawxgca2pygxe

An Efficient Lattice-Based Signature Scheme with Provably Secure Instantiation [chapter]

Sedat Akleylek, Nina Bindel, Johannes Buchmann, Juliane Krämer, Giorgia Azzurra Marson
2016 Lecture Notes in Computer Science  
However, their parameters are not chosen according to their provided security reduction, i.e., the instantiation is not provably secure.  ...  To this end, we provide a tight security reduction for the new scheme from the ring learning with errors problem which allows for provably secure and efficient instantiations.  ...  which are chosen according to the given security reduction, cf. Section ??. Nevertheless, we achieve good performance with respect to time and space.  ... 
doi:10.1007/978-3-319-31517-1_3 fatcat:olcpz626wbglvhqaamk2ix7ngu

Encoding Functions with Constant Online Rate or How to Compress Garbled Circuits Keys [chapter]

Benny Applebaum, Yuval Ishai, Eyal Kushilevitz, Brent Waters
2013 Lecture Notes in Computer Science  
Specifically, we show how to encode any polynomial-time computable function f : {0, 1} n → {0, 1} m(n) with online rate of 1+o(1) and with nearly linear online computation.  ...  These constructions can be based on the decisional Diffie-Hellman assumption (DDH), the Learning with Errors assumption (LWE), or the RSA assumption.  ...  We do not know how to get similar results from general (non-affine) succinct REs.  ... 
doi:10.1007/978-3-642-40084-1_10 fatcat:e4bhvkik3vcpfccot3c6omgvtq

Compact, Scalable, and Efficient Discrete Gaussian Samplers for Lattice-Based Cryptography

Ayesha Khalid, James Howe, Ciara Rafferty, Francesco Regazzoni, Maire O'Neill
2018 2018 IEEE International Symposium on Circuits and Systems (ISCAS)  
COMBINER x 1 + kx 2 L2 L1 L1 … CDT TABLE COMBINER L0 L0 BINARY SEARCH STATE MACHINE x 1 x 2 k′ k This also applies to Ring-LWE, Ring-SIS, Module-LWE, and Module-SIS based  ...  BLISS-III and BLISS-IV as well as BCNS and Ring-LWE parameters can also all share the same base sampler.  ... 
doi:10.1109/iscas.2018.8351009 dblp:conf/iscas/KhalidHRRO18 fatcat:uwlrihidqbgd3melpslkeg7qde

The Ring-LWE Problem in Lattice-Based Cryptography: The Case of Twisted Embeddings

Jheyne N Ortiz, Robson R de Araujo, Diego F Aranha, Sueli I R Costa, Ricardo Dahab
2021 Entropy  
We prove that Twisted Ring-LWE is secure by providing a security reduction from Ring-LWE to Twisted Ring-LWE in both search and decision forms.  ...  Although these weak instances are not addressed by worst-case hardness theorems, enabling other ring instantiations enlarges the scope of possible applications and favors the diversification of security  ...  Author Contributions: All authors contributed to the study conception and design.  ... 
doi:10.3390/e23091108 pmid:34573733 fatcat:zwn3lmbkmzhgpk7glr4h3tkapi

Efficient Scalable Constant-Round MPC via Garbled Circuits [chapter]

Aner Ben-Efraim, Yehuda Lindell, Eran Omri
2017 Lecture Notes in Computer Science  
Our constructions use key-homomorphic pseudorandom functions (one based on DDH and the other on Ring-LWE) and are concretely efficient.  ...  In recent work, it was shown that this protocol can be efficiently instantiated for semi-honest adversaries (Ben-Efraim et al., ACM CCS 2016).  ...  Acknowledgements We would like to thank Shalev Keren, Moria Farbstein and Lior Koskas for helping with the code, and to thank Shai Halevi and Vadim Lyubashevsky for helpful discussions on LWE.  ... 
doi:10.1007/978-3-319-70697-9_17 fatcat:cysaevum25bafk56zdb6b4x5gq

Privacy-Preserving Logistic Regression with Distributed Data Sources via Homomorphic Encryption

Yoshinori AONO, Takuya HAYASHI, Le Trieu PHONG, Lihua WANG
2016 IEICE transactions on information and systems  
Indeed, we instantiate our system with Paillier, LWE-based, and ring-LWE-based encryption schemes, highlighting the merits and demerits of each instantiation.  ...  Besides examining the costs of computation and communication, we carefully test our system over real datasets to demonstrate its utility.  ...  to use additively homomorphic encryption with the homomorphism-aware logistic regression. (3) We show how to instantiate our system with Paillier, LWE-based, and ring-LWE-based encryption, and highlight  ... 
doi:10.1587/transinf.2015inp0020 fatcat:erfil7oeyvhwtg6q3xsspiplmu

Compact Lattice Signatures

Dipayan Das, Vishal Saraswat
2018 Proceedings of the 15th International Joint Conference on e-Business and Telecommunications  
., 2017) to bring lattice-based signature schemes at par with the traditional number-theoretic signature schemes.  ...  However, the trade-off between the signature size and the key size, time for a signature generation, and the practical and provable security is not necessarily the optimal.  ...  We are thankful to Kajla Basu for her support.  ... 
doi:10.5220/0006861606560661 dblp:conf/icete/DasS18 fatcat:eawydz6lkzax3azbovor4p5ujm

SPRING: Fast Pseudorandom Functions from Rounded Ring Products [chapter]

Abhishek Banerjee, Hai Brenner, Gaëtan Leurent, Chris Peikert, Alon Rosen
2015 Lecture Notes in Computer Science  
One instantiation uses a generator matrix of a binary BCH error-correcting code to "determinstically extract" nearly random bits from a (biased) rounded subset-product.  ...  In this work we give two concrete and practically efficient instantiations of the BPR design, which we call SPRING, for "subset-product with rounding over a ring."  ...  with errors" (ring-LWE) problem [LPR10] is hard in R p .  ... 
doi:10.1007/978-3-662-46706-0_3 fatcat:dkweldpsoffixdfttdglsuljha
« Previous Showing results 1 — 15 out of 472 results