A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
Filters
On the security of the multivariate ring learning with errors problem
2020
The Open Book Series
Preserved Fulltext
The Multivariate Ring Learning with Errors (m-RLWE) problem was introduced in 2015 by Pedrouzo-Ulloa, Troncoso-Pastoriza and Pérez-González. ...
not the product) and where the noise increases with the square-root of the degree of the other components. ...
Acknowledgements This work was supported in part by the Research Council KU Leuven grants C14/18/067 and STG/17/019 as well as by the Research Foundation Flanders (FWO) through the WOG Coding Theory and ...
doi:10.2140/obs.2020.4.57
fatcat:tyyqfdghvna3nhvrlk26jncrzy
FHEW: Bootstrapping Homomorphic Encryption in Less Than a Second
[chapter]
2015
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2015; you can also visit the original URL.
The file type is application/pdf.
Bootstrapping in the latest implementation of FHE, the HElib library of Halevi and Shoup (Crypto 2014), requires about half an hour. ...
We present a new method to homomorphically compute simple bit operations, and refresh (bootstrap) the resulting output, which runs on a personal computer in just about half a second. ...
Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA or NSF. ...
doi:10.1007/978-3-662-46800-5_24
fatcat:pzev7g7ix5e5tgp6kz4ydw6aue
Three's Compromised Too: Circular Insecurity for Any Cycle Length from (Ring-)LWE
[chapter]
2016
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
To overcome this, we introduce a new "tensored" variant of LWE which provides the desired commutativity, and which we prove is actually equivalent to plain LWE. ...
., schemes that are CPA or even CCA secure but not 2-circular secure-under a variety of well-studied assumptions (SXDH, decision linear, and LWE). ...
For positive integer dimensions n, m, modulus q, and error distribution χ over Z, the decision-LWE n,q,χ,m problem is to distinguish, with non-negligible advantage, between (A; b t = s t A + e t ) where ...
doi:10.1007/978-3-662-53008-5_23
fatcat:xlv7wvkb6nfttefkbqcjbmufry
Large FHE Gates from Tensored Homomorphic Accumulator
[chapter]
2018
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
Looking more precisely at the complexity of each step, we note an imbalance between the cost of the linear and non-linear steps. ...
Parameter Constraints and Efficiency. ...
The rounding error r = [x] − x is subgaussian with parameter 1. Let us write k = Q /t / Q/t . ...
doi:10.1007/978-3-319-89339-6_13
fatcat:6mo3gghylna57b72atba7d7wsi
On Security of Fiat-Shamir Signatures over Lattice in the Presence of Randomness Leakage
[article]
2019
IACR Cryptology ePrint Archive
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
-Our attack is reduced to the Fiat-Shamir integer learning with error (FS-ILWE) problem, which is a variant of the mathematical problem ILWE [12] . ...
To this end, we present a generic key recovery attack that relies on minimum leakage of randomness, and then theoretically connect it to a variant of Integer-LWE (ILWE) problem. ...
dblp:journals/iacr/LiuZSWZ19
fatcat:lxmgzvmgljb37j6yqetuovo5ki
Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts
[chapter]
2016
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
We conclude the paper with open problems related to the large design space opened by these new constructions. Introduction Purpose: calculus delegation. ...
We also propose an instantiation of the filter function designed to exploit recent (3rd-generation) FHE schemes, where the error growth is quasi-additive when adequately multiplying ciphertexts with the ...
We are highly grateful to Sébastien Duval, Virginie Lallemand and Yann Rotella for sharing their ideas about guess and determine attacks before the publication of this paper, which allowed us to modify ...
doi:10.1007/978-3-662-49890-3_13
fatcat:gnqowjpeezem7crgxck7jkav34
Pseudorandom Functions and Lattices
[chapter]
2012
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Central to our results is a new "derandomization" technique for the learning with errors (LWE) problem which, in effect, generates the error terms deterministically. ...
In addition, they are the first low-depth PRFs that have no known attack by efficient quantum algorithms. ...
matrix with independent subgaussian entries. ...
doi:10.1007/978-3-642-29011-4_42
fatcat:3bduuvtlkrcdpfg2ilo5wywk44
Faster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds
[chapter]
2016
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2017; you can also visit the original URL.
The file type is application/pdf.
Finally, we provide an alternative practical analysis of LWE based scheme, which directly relates the security parameter to the error rate of LWE and the entropy of the LWE secret key. ...
We notice that the internal product of GSW can be replaced by a simpler external product between a GSW and an LWE ciphertext. ...
Learning With Error problem The Learning With Errors (LWE) problem was introduced by Regev in 2005 [25] . ...
doi:10.1007/978-3-662-53887-6_1
fatcat:t4z76ghccbbulot4ousstoan7a
A Decade of Lattice Cryptography
2016
Foundations and Trends® in Theoretical Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2016; you can also visit the original URL.
The file type is application/pdf.
The main focus is on the foundational short integer solution (SIS) and learning with errors (LWE) problems (and their more efficient ring-based variants), their provable hardness assuming the worst-case ...
Attractive features of lattice cryptography include apparent resistance to quantum attacks (in contrast with most number-theoretic cryptography), high asymptotic efficiency and parallelism, security under ...
I warmly thank Vadim Lyubashevsky, Dieter van Melkebeek, Oded Regev, Noah Stephens-Davidowitz, Madhu Sudan, and an anonymous reviewer for many valuable comments on earlier drafts. ...
doi:10.1561/0400000074
fatcat:5orjj3lrufdalfufl7ju6rnz3e
On the Leakage Resilience of Ideal-Lattice Based Public Key Encryption
[article]
2017
IACR Cryptology ePrint Archive
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
We consider the setting where R is the ring of integers of the m-th cyclotomic number field, for m which is a power-of-two, and the Ring-LWE modulus is set to q ≡ 1 mod m. ...
This is the common setting used in practice and is desirable in terms of the efficiency and simplicity of the scheme. ...
The learning with errors (LWE) problem was introduced by Regev [37] , who showed a worst-case to average-case quantum reduction from SIVP γ . 2 To solve the (decision version of the) LWE problem, an attacker ...
dblp:journals/iacr/Dachman-SoledGK17
fatcat:gybuz34tpvh2xdzt2t4bdwjqra
Hardness of SIS and LWE with Small Parameters
[chapter]
2013
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2018; you can also visit the original URL.
The file type is application/pdf.
The Short Integer Solution (SIS) and Learning With Errors (LWE) problems are the foundations for countless applications in latticebased cryptography, and are provably as hard as approximate lattice problems ...
We prove two main results on SIS and LWE with small parameters. ...
LWE with binary errors is hard. ...
doi:10.1007/978-3-642-40041-4_2
fatcat:ds3hfqvpdbhpxm42kbpoee3yrq
Two-Message Key Exchange with Strong Security from Ideal Lattices
[chapter]
2018
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
In particular, we propose a new instantiation of OTKEM from Ring Learning with Errors (Ring-LWE) problem in the standard model. This yields a concrete post-quantum TMKE protocol with strong security. ...
In this paper, we first revisit the generic two-message key exchange (TMKE) scheme (which will be referred to as KF) introduced by Kurosawa and Furukawa (CT-RSA 2014). ...
In order to resist with the quantum computer attacks, we introduce a new KEM scheme (for our TMKE construction) based on the presumed hardness of the Ring Learning with Error (Ring-LWE) problem. ...
doi:10.1007/978-3-319-76953-0_6
fatcat:pl6ftjnpovaopb7njb3ucrvevy
Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller
[chapter]
2012
Lecture Notes in Computer Science
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2019; you can also visit the original URL.
The file type is application/pdf.
Our methods involve a new kind of trapdoor, and include specialized algorithms for inverting LWE, randomly sampling SIS preimages, and securely delegating trapdoors. ...
We give new methods for generating and using "strong trapdoors" in cryptographic lattices, which are simultaneously simple, efficient, easy to implement (even in parallel), and asymptotically optimal with ...
Other statistical instantiations are presented in the full version. for some s = αq, where α > 0 is an LWE relative error rate (and typically αq > √ n). Clearly, D is 0-subgaussian with parameter αq. ...
doi:10.1007/978-3-642-29011-4_41
fatcat:xykbsklp2vasbl3ybrt5hxyudy
New techniques for multi-value homomorphic evaluation and applications
[article]
2018
IACR Cryptology ePrint Archive
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2022; you can also visit the original URL.
The file type is application/pdf.
The security of our scheme relies on the LWE assumption over the torus. ...
We have implemented the proposed method and were able to evaluate an arbitrary 6-to-6 LUTs under 1.6 seconds. ...
If X and X are two independent σ and σ subgaussian variables, then for all α, γ ∈ R, αX + γX is α 2 σ 2 + γ 2 σ 2 -subgaussian. All the errors in this document will follow subgaussian distributions. ...
dblp:journals/iacr/CarpovIM18
fatcat:ceyngnikarclfgvrv62ugsf77m
Improved lattice-based CCA2-secure PKE in the standard model
2020
Science China Information Sciences
Preserved Fulltext
A copy of this work was available on the public web and has been preserved in the Wayback Machine. The capture dates from 2021; you can also visit the original URL.
The file type is application/pdf.
several nice algebraic properties of the tag-based lattice trapdoor and the LWE problem (such as unique witness and additive homomorphism). ...
PKE from lattices by using the generic BCHK transform (SIAM J Comput, 2006) with a cost of introducing extra overheads to both computation and storage for the use of other primitives such as signatures ...
Related work and discussion Along with the introduction of the LWE problem, Regev [47] proposed the first LWE-based PKE, which can only encrypt a 1-bit message. ...
doi:10.1007/s11432-019-9861-3
fatcat:gis5on5e3bdsjfcthex2rwgi6e
« Previous
Showing results 1 — 15 out of 39 results