75 Hits in 3.0 sec

How to Meet Ternary LWE Keys [article]

Alexander May
2021 IACR Cryptology ePrint Archive  
The LWE problem with its ring variants is today the most prominent candidate for building efficient public key cryptosystems resistant to quantum computers.  ...  NTRU-type cryptosystems use an LWE-type variant with small max-norm secrets, usually with ternary coefficients from the set {−1, 0, 1}.  ...  for their valuable suggestions.  ... 
dblp:journals/iacr/May21 fatcat:zk3r7kpzvjdy5dhy7bzqbpf5si

spKEX: An optimized lattice-based key exchange [article]

Sauvik Bhattacharya, Óscar García-Morchón, Ronald Rietman, Ludo Tolhuizen
2017 IACR Cryptology ePrint Archive  
For a quantum security level of 128 bits, our scheme requires 30% lesser bandwidth than the LWE-based key-exchange proposal Frodo [9] and allows for a fast implementation of the key exchange. 8 Acknowledgments  ...  For both LWE and LWR, small-secret and sparse variants are also possible, i.e., ones in which the secret is sampled from a binary or ternary distribution, secrets that are sparse, and secrets that are  ...  We thank Zhenfei Zhang for fruitful discussions on the hybrid attack.  ... 
dblp:journals/iacr/BhattacharyaGRT17 fatcat:7rye6atmgrautk2lohhsso3xou

Achieving secure and efficient lattice-based public-key encryption: the impact of the secret-key distribution [article]

Sauvik Bhattacharya, Óscar García-Morchón, Rachel Player, Ludo Tolhuizen
2019 IACR Cryptology ePrint Archive  
Numerous secret-key distributions exist in the state of the art, including (discrete) Gaussian, binomial, ternary, and fixed-weight ternary.  ...  In this paper, we compare different aspects of secret-key distributions from submissions to the NIST post-quantum standardization effort.  ...  Acknowledgements We thank Thijs Laarhoven for helpful discussions on comparing the entropy and variance of the fixed-weight and symmetric ternary distributions, and for pointing out the possibility of  ... 
dblp:journals/iacr/BhattacharyaGPT19 fatcat:2izq5rrkn5dmnmter4ohkfdvv4

Revisiting the Hybrid attack on sparse and ternary secret LWE [article]

Yongha Son, Jung Hee Cheon
2019 IACR Cryptology ePrint Archive  
previous analysis for the hybrid attack in line with LWE setting.  ...  Moreover, upon our analysis we estimate attack complexity of the hybrid attack for several LWE parameters.  ...  We actually find one public key encryption scheme named Round5 [7] using sparse and ternary secret, and in addition, it also considered the hybrid attack for the security analysis.  ... 
dblp:journals/iacr/SonC19 fatcat:xp2e7mhxdjbo3lbnn52j7ee6xa

Lattice-based Key Sharing Schemes - A Survey [article]

Prasanna Ravi, James Howe, Anupam Chattopadhyay, Shivam Bhasin
2020 IACR Cryptology ePrint Archive  
Sensing the imminent threat from continued advances in quantum computing, NIST has recently initiated a global level standardization process for quantum resistant public-key cryptographic primitives such  ...  as public key encryption, digital signatures and key encapsulation mechanisms.  ...  There are two versions of the LWE problem namely the decision LWE and search LWE problem. The search LWE problem requires to solve for S given polynomially many LWE instances (A,𝑇 ).  ... 
dblp:journals/iacr/RaviHCB20 fatcat:gwfp7xfzbbgxnldzbngfc4ru7q

Bootstrapping in FHEW-like Cryptosystems [article]

Daniele Micciancio, Yuriy Polyakov
2020 IACR Cryptology ePrint Archive  
Our comparison of the AP and GINX bootstrapping methods for different secret distributions suggests that the TFHE/GINX cryptosystem provides better performance for binary and ternary secrets while FHEW  ...  We make a recommendation to consider the variants of FHEW and TFHE cryptosystems based on ternary and Gaussian secrets for standardization by the HE community.  ...  Recommendation for ternary secret key distribution The most efficient case included in the HE Security Standard [2] is based on ternary secret key distribution.  ... 
dblp:journals/iacr/MicciancioP20 fatcat:sokm7hq5k5du7dpvx2oyvmo3uq

SALSA: Attacking Lattice Cryptography with Transformers [article]

Emily Wenger, Mingjie Chen, François Charton, Kristin Lauter
2022 arXiv   pre-print
Currently deployed public-key cryptosystems will be vulnerable to attacks by full-scale quantum computers.  ...  Consequently, "quantum resistant" cryptosystems are in high demand, and lattice-based cryptosystems, based on a hard problem known as Learning With Errors (LWE), have emerged as strong contenders for standardization  ...  For instance, HEAAN uses n = 2 15 , q = 2 628 , ternary secret and Hamming weight 64 [23] . For more on the use of sparse binary secrets in LWE, see [6, 25] .  ... 
arXiv:2207.04785v1 fatcat:zz7yt2g3xrh4bmptfrok2fsbsy

CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM

Joppe Bos, Leo Ducas, Eike Kiltz, T Lepoint, Vadim Lyubashevsky, John M. Schanck, Peter Schwabe, Gregor Seiler, Damien Stehle
2018 2018 IEEE European Symposium on Security and Privacy (EuroS&P)  
We implemented and benchmarked the CCA-secure KEM and key exchange protocols against the ones that are based on LWE and Ring-LWE: we conclude that our schemes are not only as efficient but also feature  ...  This paper introduces Kyber (part of the CRYSTALS -Cryptographic Suite for Algebraic Lattices -package that will be submitted to the NIST call for post-quantum standards), a portfolio of postquantum cryptographic  ...  In a post-quantum setting, the attacker could use Grover's algorithm to search for such an m.  ... 
doi:10.1109/eurosp.2018.00032 dblp:conf/eurosp/BosDKLLSSSS18 fatcat:o7dl5wpwcndarjp3wtm2eqwycm

On Unpadded NTRU Quantum (In)Security [article]

Théodore Conrad-Frenkiel, Rémi Géraud-Stewart, David Naccache
2021 IACR Cryptology ePrint Archive  
This paper utilizes the techniques used by Regev [Reg09] and Lyubashevsky, Peikert & Regev in the security reduction of LWE and its algebraic variants [LPR13] to exhibit a quantum reduction from the decryption  ...  quantum decryption query.  ...  Note that stronger results are known for LWE [AJOP20]: a single quantum decryption query allows the adversary to recover the full secret key with constant success probability.  ... 
dblp:journals/iacr/Conrad-Frenkiel21 fatcat:yndbzu76encjhimki2a723sq7q

On a hybrid approach to solve binary-LWE [article]

Thomas Espitau, Antoine Joux, Natalia Kharchenko
2020 IACR Cryptology ePrint Archive  
Then, we search for the fraction of the secret key by computing the corresponding noise for each candidate using the newly constructed LWE samples.  ...  More precisely, we use the dual attack on a projected sublattice, which allows generating instances of the LWE problem with a slightly bigger noise that correspond to a fraction of the secret key.  ...  A key advantage of LWE is that it is provably as hard as certain lattice approximation problems in the worst-case [BLP + 13], which are believed to be hard even on a quantum computer.  ... 
dblp:journals/iacr/EspitauJK20 fatcat:t7pegp647ndh7effnxivjmzxoq

Magnifying Side-Channel Leakage of Lattice-Based Cryptosystems with Chosen Ciphertexts: The Case Study of Kyber

Z. Xu, O. Pemberton, S. Roy, D. Oswald
2020 Zenodo  
For the pqm4 implementation, we develop a message-recovery attack that leads to extraction of the full secret-key with between eight and 960 traces (or 184 traces for recovering 98% of the secret-key),  ...  In this paper, we propose EM side-channel attacks with carefully constructed ciphertext on Kyber, a lattice-based key encapsulation mechanism, which is a candidate of NIST Post-Quantum Cryptography standardization  ...  The search LWE problem asks to compute the secret s given several LWE samples.  ... 
doi:10.5281/zenodo.3979188 fatcat:ij42ymvkhngfvjrakzalplw3lm

A Lightweight Implementation of NTRUEncrypt for 8-bit AVR Microcontrollers

H. Cheng, J. Großschädl, P. Rønne, P. Ryan
2020 Zenodo  
We achieved these results thanks to a novel hybrid technique for multiplication in truncated polynomial rings where one of the operands is a sparse ternary polynomial in product form.  ...  Introduced in 1996, NTRUEncrypt is not only one of the earliest but also one of the most scrutinized lattice-based cryptosystems and a serious contender in NIST's ongoing Post-Quantum Cryptography (PQC  ...  growing demand for quantum-secure public-key cryptography.  ... 
doi:10.5281/zenodo.3947856 fatcat:u5pni7gwffgn5i6wiuez7lvjwy

Attribute-Based Functional Encryption on Lattices [chapter]

Xavier Boyen
2013 Lecture Notes in Computer Science  
We introduce a broad lattice manipulation technique for expressive cryptography, and use it to realize functional encryption for access structures from post-quantum hardness assumptions.  ...  Specically, we build an ecient key-policy attribute-based encryption scheme, and prove its security in the selective sense from learning-with-errors intractability in the standard model. 0 This is a longer  ...  Acknowledgments The author would like to thank Dan Boneh for suggesting a simplication of the scheme and its proof by way of the ExtendRight abstraction, and to thank the TCC 2013 program committee for  ... 
doi:10.1007/978-3-642-36594-2_8 fatcat:puklxgbuvza4dfidwgkep7e5li

Parallel Implementation of BDD Enumeration for LWE [chapter]

Elena Kirshanova, Alexander May, Friedrich Wiemer
2016 Lecture Notes in Computer Science  
One of the most attractive problems for post-quantum secure cryptographic schemes is the LWE problem.  ...  Third, we experimentally show weaknesses for a binary matrix LWE proposal of Galbraith.  ...  Acknowledgements We thank Gottfried Herold and the anonymous reviews for their helpful feedback and valuable suggestions.  ... 
doi:10.1007/978-3-319-39555-5_31 fatcat:brroofhtizba7p3konx6edrssq

On the Concrete Security of LWE with Small Secret [article]

Hao Chen, Lynn Chua, Kristin E. Lauter, Yongsoo Song
2020 IACR Cryptology ePrint Archive  
Lattice-based cryptography is currently under consideration for standardization in the ongoing NIST PQC Post-Quantum Cryptography competition, and is used as the basis for Homomorphic Encryption schemes  ...  We also find that many instances of the TU Darmstadt LWE challenges can be solved significantly faster when the secret is chosen from the binary or ternary distributions.  ...  Acknowledgements We would like to thank Shi Bai for helpful discussions, and Kim Laine for his help with setting up the Azure server for the experiments.  ... 
dblp:journals/iacr/ChenCLS20 fatcat:xqcybmtoljc35eavasncpzvpci
« Previous Showing results 1 — 15 out of 75 results