39 Hits in 3.1 sec

On the security of the multivariate ring learning with errors problem

Carl Bootland, Wouter Castryck, Frederik Vercauteren
2020 The Open Book Series  
The Multivariate Ring Learning with Errors (m-RLWE) problem was introduced in 2015 by Pedrouzo-Ulloa, Troncoso-Pastoriza and Pérez-González.  ...  not the product) and where the noise increases with the square-root of the degree of the other components.  ...  Acknowledgements This work was supported in part by the Research Council KU Leuven grants C14/18/067 and STG/17/019 as well as by the Research Foundation Flanders (FWO) through the WOG Coding Theory and  ... 
doi:10.2140/obs.2020.4.57 fatcat:tyyqfdghvna3nhvrlk26jncrzy

FHEW: Bootstrapping Homomorphic Encryption in Less Than a Second [chapter]

Léo Ducas, Daniele Micciancio
2015 Lecture Notes in Computer Science  
Bootstrapping in the latest implementation of FHE, the HElib library of Halevi and Shoup (Crypto 2014), requires about half an hour.  ...  We present a new method to homomorphically compute simple bit operations, and refresh (bootstrap) the resulting output, which runs on a personal computer in just about half a second.  ...  Opinions, findings and conclusions or recommendations expressed in this material are those of the author(s) and do not necessarily reflect the views of DARPA or NSF.  ... 
doi:10.1007/978-3-662-46800-5_24 fatcat:pzev7g7ix5e5tgp6kz4ydw6aue

Three's Compromised Too: Circular Insecurity for Any Cycle Length from (Ring-)LWE [chapter]

Navid Alamati, Chris Peikert
2016 Lecture Notes in Computer Science  
To overcome this, we introduce a new "tensored" variant of LWE which provides the desired commutativity, and which we prove is actually equivalent to plain LWE.  ...  ., schemes that are CPA or even CCA secure but not 2-circular secure-under a variety of well-studied assumptions (SXDH, decision linear, and LWE).  ...  For positive integer dimensions n, m, modulus q, and error distribution χ over Z, the decision-LWE n,q,χ,m problem is to distinguish, with non-negligible advantage, between (A; b t = s t A + e t ) where  ... 
doi:10.1007/978-3-662-53008-5_23 fatcat:xlv7wvkb6nfttefkbqcjbmufry

Large FHE Gates from Tensored Homomorphic Accumulator [chapter]

Guillaume Bonnoron, Léo Ducas, Max Fillinger
2018 Lecture Notes in Computer Science  
Looking more precisely at the complexity of each step, we note an imbalance between the cost of the linear and non-linear steps.  ...  Parameter Constraints and Efficiency.  ...  The rounding error r = [x] − x is subgaussian with parameter 1. Let us write k = Q /t / Q/t .  ... 
doi:10.1007/978-3-319-89339-6_13 fatcat:6mo3gghylna57b72atba7d7wsi

On Security of Fiat-Shamir Signatures over Lattice in the Presence of Randomness Leakage [article]

Yuejun Liu, Yongbin Zhou, Shuo Sun, Tianyu Wang, Rui Zhang
2019 IACR Cryptology ePrint Archive  
-Our attack is reduced to the Fiat-Shamir integer learning with error (FS-ILWE) problem, which is a variant of the mathematical problem ILWE [12] .  ...  To this end, we present a generic key recovery attack that relies on minimum leakage of randomness, and then theoretically connect it to a variant of Integer-LWE (ILWE) problem.  ... 
dblp:journals/iacr/LiuZSWZ19 fatcat:lxmgzvmgljb37j6yqetuovo5ki

Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts [chapter]

Pierrick Méaux, Anthony Journault, François-Xavier Standaert, Claude Carlet
2016 Lecture Notes in Computer Science  
We conclude the paper with open problems related to the large design space opened by these new constructions. Introduction Purpose: calculus delegation.  ...  We also propose an instantiation of the filter function designed to exploit recent (3rd-generation) FHE schemes, where the error growth is quasi-additive when adequately multiplying ciphertexts with the  ...  We are highly grateful to Sébastien Duval, Virginie Lallemand and Yann Rotella for sharing their ideas about guess and determine attacks before the publication of this paper, which allowed us to modify  ... 
doi:10.1007/978-3-662-49890-3_13 fatcat:gnqowjpeezem7crgxck7jkav34

Pseudorandom Functions and Lattices [chapter]

Abhishek Banerjee, Chris Peikert, Alon Rosen
2012 Lecture Notes in Computer Science  
Central to our results is a new "derandomization" technique for the learning with errors (LWE) problem which, in effect, generates the error terms deterministically.  ...  In addition, they are the first low-depth PRFs that have no known attack by efficient quantum algorithms.  ...  matrix with independent subgaussian entries.  ... 
doi:10.1007/978-3-642-29011-4_42 fatcat:3bduuvtlkrcdpfg2ilo5wywk44

Faster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds [chapter]

Ilaria Chillotti, Nicolas Gama, Mariya Georgieva, Malika Izabachène
2016 Lecture Notes in Computer Science  
Finally, we provide an alternative practical analysis of LWE based scheme, which directly relates the security parameter to the error rate of LWE and the entropy of the LWE secret key.  ...  We notice that the internal product of GSW can be replaced by a simpler external product between a GSW and an LWE ciphertext.  ...  Learning With Error problem The Learning With Errors (LWE) problem was introduced by Regev in 2005 [25] .  ... 
doi:10.1007/978-3-662-53887-6_1 fatcat:t4z76ghccbbulot4ousstoan7a

A Decade of Lattice Cryptography

Chris Peikert
2016 Foundations and Trends® in Theoretical Computer Science  
The main focus is on the foundational short integer solution (SIS) and learning with errors (LWE) problems (and their more efficient ring-based variants), their provable hardness assuming the worst-case  ...  Attractive features of lattice cryptography include apparent resistance to quantum attacks (in contrast with most number-theoretic cryptography), high asymptotic efficiency and parallelism, security under  ...  I warmly thank Vadim Lyubashevsky, Dieter van Melkebeek, Oded Regev, Noah Stephens-Davidowitz, Madhu Sudan, and an anonymous reviewer for many valuable comments on earlier drafts.  ... 
doi:10.1561/0400000074 fatcat:5orjj3lrufdalfufl7ju6rnz3e

On the Leakage Resilience of Ideal-Lattice Based Public Key Encryption [article]

Dana Dachman-Soled, Huijing Gong, Mukul Kulkarni, Aria Shahverdi
2017 IACR Cryptology ePrint Archive  
We consider the setting where R is the ring of integers of the m-th cyclotomic number field, for m which is a power-of-two, and the Ring-LWE modulus is set to q ≡ 1 mod m.  ...  This is the common setting used in practice and is desirable in terms of the efficiency and simplicity of the scheme.  ...  The learning with errors (LWE) problem was introduced by Regev [37] , who showed a worst-case to average-case quantum reduction from SIVP γ . 2 To solve the (decision version of the) LWE problem, an attacker  ... 
dblp:journals/iacr/Dachman-SoledGK17 fatcat:gybuz34tpvh2xdzt2t4bdwjqra

Hardness of SIS and LWE with Small Parameters [chapter]

Daniele Micciancio, Chris Peikert
2013 Lecture Notes in Computer Science  
The Short Integer Solution (SIS) and Learning With Errors (LWE) problems are the foundations for countless applications in latticebased cryptography, and are provably as hard as approximate lattice problems  ...  We prove two main results on SIS and LWE with small parameters.  ...  LWE with binary errors is hard.  ... 
doi:10.1007/978-3-642-40041-4_2 fatcat:ds3hfqvpdbhpxm42kbpoee3yrq

Two-Message Key Exchange with Strong Security from Ideal Lattices [chapter]

Zheng Yang, Yu Chen, Song Luo
2018 Lecture Notes in Computer Science  
In particular, we propose a new instantiation of OTKEM from Ring Learning with Errors (Ring-LWE) problem in the standard model. This yields a concrete post-quantum TMKE protocol with strong security.  ...  In this paper, we first revisit the generic two-message key exchange (TMKE) scheme (which will be referred to as KF) introduced by Kurosawa and Furukawa (CT-RSA 2014).  ...  In order to resist with the quantum computer attacks, we introduce a new KEM scheme (for our TMKE construction) based on the presumed hardness of the Ring Learning with Error (Ring-LWE) problem.  ... 
doi:10.1007/978-3-319-76953-0_6 fatcat:pl6ftjnpovaopb7njb3ucrvevy

Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller [chapter]

Daniele Micciancio, Chris Peikert
2012 Lecture Notes in Computer Science  
Our methods involve a new kind of trapdoor, and include specialized algorithms for inverting LWE, randomly sampling SIS preimages, and securely delegating trapdoors.  ...  We give new methods for generating and using "strong trapdoors" in cryptographic lattices, which are simultaneously simple, efficient, easy to implement (even in parallel), and asymptotically optimal with  ...  Other statistical instantiations are presented in the full version. for some s = αq, where α > 0 is an LWE relative error rate (and typically αq > √ n). Clearly, D is 0-subgaussian with parameter αq.  ... 
doi:10.1007/978-3-642-29011-4_41 fatcat:xykbsklp2vasbl3ybrt5hxyudy

New techniques for multi-value homomorphic evaluation and applications [article]

Sergiu Carpov, Malika Izabachène, Victor Mollimard
2018 IACR Cryptology ePrint Archive  
The security of our scheme relies on the LWE assumption over the torus.  ...  We have implemented the proposed method and were able to evaluate an arbitrary 6-to-6 LUTs under 1.6 seconds.  ...  If X and X are two independent σ and σ subgaussian variables, then for all α, γ ∈ R, αX + γX is α 2 σ 2 + γ 2 σ 2 -subgaussian. All the errors in this document will follow subgaussian distributions.  ... 
dblp:journals/iacr/CarpovIM18 fatcat:ceyngnikarclfgvrv62ugsf77m

Improved lattice-based CCA2-secure PKE in the standard model

Jiang Zhang, Yu Yu, Shuqin Fan, Zhenfeng Zhang
2020 Science China Information Sciences  
several nice algebraic properties of the tag-based lattice trapdoor and the LWE problem (such as unique witness and additive homomorphism).  ...  PKE from lattices by using the generic BCHK transform (SIAM J Comput, 2006) with a cost of introducing extra overheads to both computation and storage for the use of other primitives such as signatures  ...  Related work and discussion Along with the introduction of the LWE problem, Regev [47] proposed the first LWE-based PKE, which can only encrypt a 1-bit message.  ... 
doi:10.1007/s11432-019-9861-3 fatcat:gis5on5e3bdsjfcthex2rwgi6e
« Previous Showing results 1 — 15 out of 39 results