Filters








51 Hits in 1.1 sec

Secure Parameters for SWIFFT [chapter]

Johannes Buchmann, Richard Lindner
2009 Lecture Notes in Computer Science  
Second, we propose a parameter generation algorithm for SWIFFT where the main parameter n can be any integer in the image of Euler's totient function, and not necessarily a power of 2 as before.  ...  The SWIFFT compression functions, proposed by Lyubashevsky et al. at FSE 2008, are very efficient instantiations of generalized compact knapsacks for a specific set of parameters.  ...  Acknowledgments We would like to thank Chris Peikert and Alon Rosen for helpful advice and encouragement.  ... 
doi:10.1007/978-3-642-10628-6_1 fatcat:goeut3y7vfbblgjpmcdznugqn4

An Efficient Post-Quantum One-Time Signature Scheme [chapter]

Kassem Kalach, Reihaneh Safavi-Naini
2016 Lecture Notes in Computer Science  
Therefore, in particular, they are not suitable for resource-constraint devices. Many widely used signature schemes are not post-quantum.  ...  They have found diverse applications including forward security and broadcast authentication.  ...  The authors would like to thank Anne Broadbent for her comments on an earlier version of this paper, Andreas Hülsing for helping in the security proof, John Schanck for discussions on lattices, and Fang  ... 
doi:10.1007/978-3-319-31301-6_20 fatcat:mevu4kqwgbeu7h647btvy3rrp4

Post-quantum cryptography: lattice signatures

Johannes Buchmann, Richard Lindner, Markus Rückert, Michael Schneider
2009 Computing  
This survey provides a comparative overview of lattice-based signature schemes with respect to security and performance.  ...  Furthermore, we explicitly show how to construct a competitive and provably secure Merkle-tree signature scheme solely based on worst-case lattice problems.  ...  Thus, we consider GMSS-SWIFFT-LM secure and practical even for larger security parameters. Organization.  ... 
doi:10.1007/s00607-009-0042-y fatcat:umo37odrn5dgfgio6k4fnpvbj4

Improved Zero-Knowledge Identification with Lattices [chapter]

Pierre-Louis Cayrel, Richard Lindner, Markus Rückert, Rosemberg Silva
2010 Lecture Notes in Computer Science  
Efficiency improvement for NTRU. In A. Alkassar and J. H. Siekmann, editors, Sicherheit 2008: Sicherheit, Schutz und Zuverlässigkeit. Konferenzband der 4.  ...  These parameters are later shown to be far more secure than the standard SWIFFT parameters.  ...  The same assumption was used for the SWIFFT hash function, which is secure for much smaller parameters than those required by Lyubashevsky.  ... 
doi:10.1007/978-3-642-16280-0_1 fatcat:qphlhyww45avzim6wyo7bvnira

Analyzing Progressive-BKZ Lattice Reduction Algorithm

Md. Mokammel Haque, Mohammad Obaidur Rahman
2019 International Journal of Computer Network and Information Security  
Then, we attempt to find pseudo-collision in SWIFFT hash function and show that a different set of parameters produces a special shape of Gram-Schmidt norms other than the predicted Geometric Series Assumptions  ...  Progressive approach (gradually increasing block size) of this algorithm has been attempted in several works for better performance but actual analysis of this approach has never been reported.  ...  The usual parameters choice for SWIFFT are = 16, = 64 and = 257. A.  ... 
doi:10.5815/ijcnis.2019.01.04 fatcat:dat3ekajxfh5zkuikwehlxvrd4

Interpreting Hash Function Security Proofs [chapter]

Juraj Šarinay
2010 Lecture Notes in Computer Science  
While the authors of FSB, MQ-HASH and SWIFFT(X) prove existence of nontrivial lower bounds on security, we show that the quantification of the bounds limits the practical significance of the proofs.  ...  We provide a concrete security treatment of several "provably secure" hash functions. Interpreting arguments behind MQ-HASH, FSB, SWIFFTX and VSH we identify similar lines of reasoning.  ...  Acknowledgements The author would like to thank Arjen Lenstra, Martijn Stam, Kenny Paterson and the anonymous reviewers for useful comments on the text.  ... 
doi:10.1007/978-3-642-16280-0_8 fatcat:pyzahjszpzgw7kxzyt7kwurc3e

Improved Combinatorial Algorithms for the Inhomogeneous Short Integer Solution Problem

Shi Bai, Steven D. Galbraith, Liangze Li, Daniel Sheffield
2018 Journal of Cryptology  
include: applying the Hermite normal form (HNF) to get faster algorithms; a heuristic analysis of the HGJ and BCJ algorithms in the case of density greater than one; an improved cryptanalysis of the SWIFFT  ...  hash function; a new method that exploits symmetries to speed up algorithms for Ring-SIS in some cases.  ...  Acknowledgements We thank the reviewers for their detailed comments and suggestions.  ... 
doi:10.1007/s00145-018-9304-1 fatcat:5r7r3ggrjvcgtepl3iaddgwody

Towards Efficient Arithmetic for Lattice-Based Cryptography on Reconfigurable Hardware [chapter]

Thomas Pöppelmann, Tim Güneysu
2012 Lecture Notes in Computer Science  
We give instantiations of recently proposed parameter sets for homomorphic and public-key encryption.  ...  For a parameter set of a SHE scheme (n=1024,p=1061093377) our implementation performs 9063 polynomial multiplications per second on a mid-range Spartan-6.  ...  in O(n 2 ) for the security parameter n [42] .  ... 
doi:10.1007/978-3-642-33481-8_8 fatcat:53fo5qtatbe4nifvlaku7nxlvm

Faster and Smoother – VSH Revisited [chapter]

Juraj Šarinay
2011 Lecture Notes in Computer Science  
While the original proofs of security based on hardness of factoring or discrete logarithms are preserved, we can base the security on the k-sum problem studied by Wagner and more recently by Minder &  ...  We reconsider the provably collision resistant Very Smooth Hash and propose a small change in the design aiming to improve both performance and security.  ...  Acknowledgements The author would like to thank Arjen Lenstra, Ron Steinfeld, Scott Contini, Dimitar Jetchev and the anonymous reviewers for useful comments on the text.  ... 
doi:10.1007/978-3-642-22497-3_10 fatcat:gdtoukyf5nd6ph6fktr32pbysy

Improved Zero-Knowledge Identification with Lattices

Pierre-Louis Cayrel, Richard Lindner, Markus Rückert, Rosemberg Silva
2012 Tatra Mountains Mathematical Publications  
The same assumption was used for the SWIFFT hash function, which is secure for much smaller parameters than those proposed by Lyubashevsky. c 2012 Mathematical Institute, Slovak Academy of Sciences. 2010  ...  This improvement leads to lower the communication cost, when comparing both schemes for a given security level.  ...  We are grateful to an anonymous referee for helpful comments.  ... 
doi:10.2478/v10127-012-0038-4 fatcat:xt42dbd7dvg4lhycgdg7slux3e

DiLizium: A Two-Party Lattice-Based Signature Scheme

Jelizaveta Vakarjuk, Nikita Snetkov, Jan Willemson
2021 Entropy  
We also provide a security proof for the two-party signature computation protocol against a classical adversary. Extending this proof to a quantum adversary is subject to future studies.  ...  This allows for more efficient two-party implementation compared with the original but still derives its post-quantum security directly from the Module Learning With Errors and Module Short Integer Solution  ...  It should be noted that this section does not present the exact parameter choice for the scheme and does not argue the bit security of the scheme for these parameters.  ... 
doi:10.3390/e23080989 fatcat:rv4dezl7lrebpo2rntfbrpcvia

Surgical fixation compared with cast immobilisation for adults with a bicortical fracture of the scaphoid waist: the SWIFFT RCT

Joseph Dias, Stephen Brealey, Liz Cook, Caroline Fairhurst, Sebastian Hinde, Paul Leighton, Surabhi Choudhary, Matthew Costa, Catherine Hewitt, Stephen Hodgson, Laura Jefferson, Kanagaratnam Jeyapalan (+9 others)
2020 Health Technology Assessment  
See the NIHR Journals Library website for further project information.  ...  Below-elbow cast immobilisation for 6-10 weeks and urgent fixation of confirmed non-union.  ...  In addition, a general thanks to all those people whose commitment and efforts in the design and conduct of SWIFFT allowed us to successfully complete this study and this final report.  ... 
doi:10.3310/hta24520 pmid:33109331 fatcat:qqdd2cwiwfegjlz6clc2r6amya

Streaming Authenticated Data Structures

Yi Qian, Yupeng Zhang, Xi Chen, Charalampos Papamanthou
2014 Proceedings of the 6th edition of the ACM Workshop on Cloud Computing Security - CCSW '14  
The prover returns the result of the computation and a cryptographic proof for its correctness.  ...  s work and to a practical implementation of a streaming authenticated data structure that employs the efficient SWIFFT hash function, which we show to comply with our abstraction.  ...  Acknowledgments We thank Bobby Bhattacharjee, Youngsam Park, Elaine Shi and Emil Stefanov for many useful discussions.  ... 
doi:10.1145/2664168.2664177 dblp:conf/ccs/QianZCP14 fatcat:flgy3uvlmrg4rlx7fbuygztf4e

How Risky Is the Random-Oracle Model? [chapter]

Gaëtan Leurent, Phong Q. Nguyen
2009 Lecture Notes in Computer Science  
Next, we study the security impact of hash function defects for ROM signatures.  ...  Interestingly, for both of these schemes, a slight modification can prevent these attacks, while preserving the ROM security result.  ...  In [32] , it is noted that for any two inputs x 1 and x 2 such that x 1 + x 2 is a valid input, SWIFFT(x 1 ) + SWIFFT(x 2 ) = SWIFFT(x 1 + x 2 ).  ... 
doi:10.1007/978-3-642-03356-8_26 fatcat:vbjvlxawfzfztgra55nuebyw34

Fast Lattice-Based Encryption: Stretching Spring [chapter]

Charles Bouillaguet, Claire Delaplace, Pierre-Alain Fouque, Paul Kirchner
2017 Lecture Notes in Computer Science  
However, there is no such chain of reductions relating SPRING to lattice problems, because it uses small parameters for efficiency reasons.  ...  Consequently, the heuristic security of SPRING is evaluated using known attacks and the complexity of the best known algorithms for breaking the underlying hard problem.  ...  The choice of the modulus q = 257 is the same than in [LMPR08] for the SWIFFT hash-function.  ... 
doi:10.1007/978-3-319-59879-6_8 fatcat:z5plchfuh5gg3a2ie65l6gwzly
« Previous Showing results 1 — 15 out of 51 results