Your search keyword '"ring-lwe"' showing total 9 results

1. (In)Security of Ring-LWE Under Partial Key Exposure

Author

Dana Dachman-Soled, Huijing Gong, Aria Shahverdi, and Mukul Kulkarni

Subjects

leakage resilience, Computer science, Applied Mathematics, 010102 general mathematics, lattice-based cryptography, 68p25, 0102 computer and information sciences, Leakage resilience, Ring (chemistry), Topology, 01 natural sciences, Computer Science Applications, 03g10, Computational Mathematics, partial key exposure, 010201 computation theory & mathematics, QA1-939, Key (cryptography), ring-lwe, Lattice-based cryptography, 0101 mathematics, 94a60, Mathematics

Abstract

We initiate the study of partial key exposure in Ring-LWE (RLWE)-based cryptosystems. Specifically, we (1) Introduce the search and decision Leaky R-LWE assumptions (Leaky R-SLWE, Leaky R-DLWE), to formalize the hardness of search/decision RLWE under leakage of some fraction of coordinates of the NTT transform of the RLWE secret. (2) Present and implement an efficient key exposure attack that, given certain 1/4-fraction of the coordinates of the NTT transform of the RLWE secret, along with samples from the RLWE distribution, recovers the full RLWE secret for standard parameter settings. (3) Present a search-to-decision reduction for Leaky R-LWE for certain types of key exposure. (4) Propose applications to the security analysis of RLWE-based cryptosystems under partial key exposure.

Published

2020

2. Towards a Ring Analogue of the Leftover Hash Lemma

Author

Huijing Gong, Dana Dachman-Soled, Aria Shahverdi, and Mukul Kulkarni

Subjects

Discrete mathematics, Ring (mathematics), leakage resilience, Computer science, Applied Mathematics, Leftover hash lemma, 010102 general mathematics, lattice-based cryptography, 0102 computer and information sciences, Leakage resilience, 68p25, 01 natural sciences, Computer Science Applications, Computational Mathematics, 03g10, regularity lemma, 010201 computation theory & mathematics, QA1-939, Lattice-based cryptography, ring-lwe, 0101 mathematics, 94a60, Mathematics, Computer Science::Cryptography and Security

Abstract

The leftover hash lemma (LHL) is used in the analysis of various lattice-based cryptosystems, such as the Regev and Dual-Regev encryption schemes as well as their leakage-resilient counterparts. The LHL does not hold in the ring setting, when the ring is far from a field, which is typical for efficient cryptosystems. Lyubashevsky et al. (Eurocrypt ’13) proved a “regularity lemma,” which can be used instead of the LHL, but applies only for Gaussian inputs. This is in contrast to the LHL, which applies when the input is drawn from any high min-entropy distribution. Our work presents an approach for generalizing the “regularity lemma” of Lyubashevsky et al. to certain conditional distributions. We assume the input was sampled from a discrete Gaussian distribution and consider the induced distribution, given side-channel leakage on the input. We present three instantiations of our approach, proving that the regularity lemma holds for three natural conditional distributions.

Published

2020

3. FPGA-Based Hardware Accelerator for Leveled Ring-LWE Fully Homomorphic Encryption

Author

Luogeng Tian, Yang Su, Chen Yang, and Bailong Yang

Subjects

polynomial multiplication, Speedup, General Computer Science, Computer science, Pipeline (computing), Clock rate, 02 engineering and technology, Parallel computing, Encryption, BGV scheme, Privacy-preserving, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, ring-LWE, hardware accelerator, Virtex, business.industry, General Engineering, Homomorphic encryption, 020206 networking & telecommunications, leveled fully homomorphic encryption, Hardware acceleration, 020201 artificial intelligence & image processing, Multiplication, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, lcsh:TK1-9971, Learning with errors

Abstract

Fully homomorphic encryption (FHE) allows arbitrary computation on encrypted data and has great potential in privacy-preserving cloud computing and securely outsource computational tasks. However, the excessive computation complexity is the key limitation that restricting the practical application of FHE. In this paper we proposed a FPGA-based high parallelism architecture to accelerate the FHE schemes based on the ring learning with errors (RLWE) problem, specifically, we presented a fast implementation of leveled fully homomorphic encryption scheme BGV. In order to reduce the computation latency and improve the performance, we applied both circuit-level and block-level pipeline strategies to improve clock frequency, and as a result, enhance the processing speed of polynomial multipliers and homomorphic evaluation functions. At the same time, multiple polynomial multipliers and modular reduction units were deployed in parallel to further improve the hardware performance. Finally, we implemented and tested our architecture on a Virtex UltraScale FPGA platform. Runing at 150MHz, our implementation achieved $4.60\times \sim 9.49\times $ speedup with respect to the optimized software implementation on Intel i7 processor running at 3.1GHz for homomorphic encryption and decryption, and the throughput was increased by $1.03\times \sim 4.64\times $ compared to the hardware implementation of BGV. While compared to the hardware implementation of FV, the throughput of our accelerator also achieved $5.05\times $ and $167.3\times $ speedup for homomorphic addition and homomorphic multiplication operation respectively.

Published

2020

4. High Efficiency Ring-LWE Cryptoprocessor Using Shared Arithmetic Components

Author

Tuy Nguyen Tan, Tram Thi Bao Nguyen, and Hanho Lee

Subjects

Adder, Polynomial, Computer Networks and Communications, Computer science, Computation, shared arithmetic components, lcsh:TK7800-8360, 02 engineering and technology, Encryption, Multiplier (Fourier analysis), Secure cryptoprocessor, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Arithmetic, Hardware_ARITHMETICANDLOGICSTRUCTURES, Field-programmable gate array, ring-LWE, business.industry, cryptoprocessor, lcsh:Electronics, 020208 electrical & electronic engineering, 020202 computer hardware & architecture, pipelined, multiple-path delay feedback, Hardware and Architecture, Control and Systems Engineering, Signal Processing, Multiplier (economics), business, Learning with errors

Abstract

A high efficiency architecture for ring learning with errors (ring-LWE) cryptoprocessor using shared arithmetic components is presented in this paper. By applying a novel approach for sharing number theoretic transform (NTT) polynomial multiplier and polynomial adder in encryption and decryption operations, the total number of polynomial multipliers and polynomial adders used in the proposed ring-LWE cryptoprocessor are reduced. In addition, the processing time of NTT polynomial multiplier is speeded up by employing multiple-path delay feedback (MDF) architecture and deploying pipelined technique between all stages of NTT processes. As a result, the proposed architecture offers a great reduction in terms of the hardware complexity and computation latency compared with existing works. The implementation result for the proposed ring-LWE cryptoprocessor on Virtex-7 FPGA board using Xilinx VIVADO shows a significant decrease in the number of slices and LUTs compared with previous works. Moreover, the proposed ring-LWE cryptoprocessor offers higher throughput and efficiency than its predecessors.

Published

2020

5. CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes

Author

Nicolas Gama, Christina Boura, Dimitar Jetchev, Mariya Georgieva, Laboratoire de Mathématiques de Versailles (LMV), Université de Versailles Saint-Quentin-en-Yvelines (UVSQ)-Université Paris-Saclay-Centre National de la Recherche Scientifique (CNRS), Cryptologie symétrique, cryptologie fondée sur les codes et information quantique (COSMIQ), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Inpher, and Ecole Polytechnique Fédérale de Lausanne (EPFL)

Subjects

TFHE, 2010 Mathematics Subject Classification: 94A60, Computer science, 0102 computer and information sciences, 02 engineering and technology, Topology, 01 natural sciences, Floating point computation, Chimera (genetics), [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Ring-LWE, 0202 electrical engineering, electronic engineering, information engineering, QA1-939, 94a60, Applied Mathematics, Homomorphic encryption, Fully homomorphic encryption, HEAAN, Computer Science Applications, Computational Mathematics, Lattice based cryptography, 010201 computation theory & mathematics, B/FV, 020201 artificial intelligence & image processing, Lattice-based cryptography, Mathematics

Abstract

This paper proposes a practical hybrid solution for combining and switching between three popular Ring-LWE-based FHE schemes: TFHE, B/FV and HEAAN. This is achieved by first mapping the different plaintext spaces to a common algebraic structure and then by applying efficient switching algorithms. This approach has many practical applications. First and foremost, it becomes an integral tool for the recent standardization initiatives of homomorphic schemes and common APIs. Then, it can be used in many real-life scenarios where operations of different nature and not achievable within a single FHE scheme have to be performed and where it is important to efficiently switch from one scheme to another. Finally, as a byproduct of our analysis we introduce the notion of a FHE module structure, that generalizes the notion of the external product, but can certainly be of independent interest in future research in FHE.

Published

2020

6. An efficient full dynamic group signature scheme over ring

Author

Yiru Sun, Yanyan Liu, and Bo Wu

Subjects

lcsh:Computer engineering. Computer hardware, Theoretical computer science, Computer Networks and Communications, Computer science, Group signature, Dynamic, 0211 other engineering and technologies, lcsh:TK7885-7895, Cryptography, 02 engineering and technology, Merkle tree, lcsh:QA75.5-76.95, Public-key cryptography, Ring-LWE, Artificial Intelligence, 020204 information systems, 0202 electrical engineering, electronic engineering, information engineering, 021110 strategic, defence & security studies, Ring (mathematics), business.industry, Trusted third party, Hash tree, Tree (data structure), lcsh:Electronic computers. Computer science, business, Merkle Tree, Software, Information Systems

Abstract

The group signature scheme is an important primitive in cryptography, it allows members in a group to generate signatures anonymously on behalf of the whole group. In view of the practical application of such schemes, it is necessary to allow users’ registration and revocation when necessary, which makes the construction of dynamic group signature schemes become a significant direction. On the basis of (Ling et al., Lattice-based group signatures: achieving full dynamicity with ease, 2017), we present the first full dynamic group signature scheme over ring, and under the premise of ensuring security, the efficiency of the scheme is improved mainly from the following three aspects: the size of keys, the dynamic construction of a Merkle hash tree that used to record the information of registered users, and the reuse of the leaves in this tree. In addition, the public and secret keys of both group manager and trace manager are generated by a trusted third party, which prevents the situation that the two managers generate their respective public key and secret key maliciously. Compared with the counterpart of the scheme in (Ling et al., Lattice-based group signatures: achieving full dynamicity with ease, 2017) over ring, the expected space complexity of the Merkle tree used in our work down almost by half, and the computational complexity of its update has been reduced by a notch because of the dynamic construction of the hash tree.

Published

2019

7. A Note on Ring-LWE Security in the Case of Fully Homomorphic Encryption

Author

Caroline Fontaine, Guillaume Bonnoron, Lab-STICC_TB_CID_SFIIS, Laboratoire des sciences et techniques de l'information, de la communication et de la connaissance (Lab-STICC), École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-Université européenne de Bretagne - European University of Brittany (UEB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS)-École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Télécom Bretagne-Institut Brestois du Numérique et des Mathématiques (IBNM), Université de Brest (UBO)-Université européenne de Bretagne - European University of Brittany (UEB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS), Département lmage et Traitement Information (IMT Atlantique - ITI), IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-Institut Mines-Télécom [Paris] (IMT), Institut Mines-Télécom [Paris] (IMT)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), Institut Mines-Télécom [Paris] (IMT)-École Nationale d'Ingénieurs de Brest (ENIB)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-Centre National de la Recherche Scientifique (CNRS)-Université Bretagne Loire (UBL), Chaire cyberdéfense systèmes navals (Ecole Navale, IMT-Atlantique, THALES, DCNS), École Nationale d'Ingénieurs de Brest (ENIB)-Université de Bretagne Sud (UBS)-Université de Brest (UBO)-École Nationale Supérieure de Techniques Avancées Bretagne (ENSTA Bretagne)-Institut Mines-Télécom [Paris] (IMT)-Centre National de la Recherche Scientifique (CNRS)-Université Bretagne Loire (UBL)-IMT Atlantique Bretagne-Pays de la Loire (IMT Atlantique), and Institut Mines-Télécom [Paris] (IMT)

Subjects

Ring (mathematics), Computer science, business.industry, Concrete security, Homomorphic encryption, 020206 networking & telecommunications, Cryptography, 02 engineering and technology, Computer security, computer.software_genre, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Ring-LWE, Implementation, 0202 electrical engineering, electronic engineering, information engineering, 020201 artificial intelligence & image processing, business, [SPI.SIGNAL]Engineering Sciences [physics]/Signal and Image processing, computer

Abstract

International audience; Evaluating the practical security of Ring-LWE based cryptography has attracted lots of efforts recently. Indeed, some differences from the standard LWE problem enable new attacks. In this paper we discuss the security of Ring-LWE as found in Fully Homomorphic Encryption (FHE) schemes. These FHE schemes require parameters of very special shapes, that an attacker might use to its advantage. First we present the specificities of this case and recall state-of-the-art attacks, then we derive a new special-purpose attack. Our experiments show that this attack has unexpected performance and confirm that we need to study the security of special parameters sets carefully.

Published

2017

8. NTRU prime: reducing attack surface at low cost

Author

Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C., Adams, Carlisle, Camenisch, Jan, Discrete Mathematics, Coding Theory and Cryptology, University of Illinois [Chicago] (UIC), University of Illinois System, Arithmetic and Computing (ARIC), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire de l'Informatique du Parallélisme (LIP), École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Centre National de la Recherche Scientifique (CNRS), Department of mathematics and computing science [Eindhoven], Eindhoven University of Technology [Eindhoven] (TU/e), École normale supérieure - Lyon (ENS Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Lyon (ENS Lyon)-Université Claude Bernard Lyon 1 (UCBL), and Center for Quantum Materials and Technology Eindhoven

Subjects

Computer science, NTRU, Post-quantum cryptography, Karatsuba algorithm, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Cryptography, Soliloquy, Data_CODINGANDINFORMATIONTHEORY, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Prime (order theory), Public-key cryptography, Karatsuba, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Ring-LWE, Vectorization, 0202 electrical engineering, electronic engineering, information engineering, Cryptosystem, [INFO]Computer Science [cs], Ideal lattices, Hardware_ARITHMETICANDLOGICSTRUCTURES, ComputingMilieux_MISCELLANEOUS, Computer Science::Cryptography and Security, Public-key encryption, Mathematics::Commutative Algebra, business.industry, Software implementation, Attack surface, Fast sorting, 010201 computation theory & mathematics, Security, 020201 artificial intelligence & image processing, Lattice-based cryptography, business, computer

Abstract

Several ideal-lattice-based cryptosystems have been broken by recent attacks that exploit special structures of the rings used in those cryptosystems. The same structures are also used in the leading proposals for post-quantum lattice-based cryptography, including the classic NTRU cryptosystem and typical Ring-LWE-based cryptosystems.This paper (1) proposes NTRU Prime, which tweaks NTRU to use rings without these structures; (2) proposes Streamlined NTRU Prime, a public-key cryptosystem optimized from an implementation perspective, subject to the standard design goal of IND-CCA2 security; (3) finds high-security post-quantum parameters for Streamlined NTRU Prime; and (4) optimizes a constant-time implementation of those parameters. The resulting sizes and speeds show that reducing the attack surface has very low cost.KeywordsPost-quantum cryptography Public-key encryption Lattice-based cryptography Ideal lattices NTRU Ring-LWE Security Soliloquy Karatsuba Software implementation Vectorization Fast sorting

Published

2017

9. FHEW: Bootstrapping Homomorphic Encryption in less than a second

Author

Ducas, Léo, Micciancio, D., Ottenhof, F., Oswald, E., and Cryptology

Subjects

Scheme (programming language), Theoretical computer science, Computer science, business.industry, Lattice problem, NAND gate, Homomorphic encryption, 020206 networking & telecommunications, public-key cryptography / FHE, 02 engineering and technology, Encryption, Bottleneck, Bootstrapping (electronics), Ring-LWE, Personal computer, 0202 electrical engineering, electronic engineering, information engineering, bootstrapping, 020201 artificial intelligence & image processing, Arithmetic, business, computer, computer.programming_language, Computer Science::Cryptography and Security

Abstract

The main bottleneck affecting the efficiency of all known fully homomorphic encryption (FHE) schemes is Gentry’s bootstrapping procedure, which is required to refresh noisy ciphertexts and keep computing on encrypted data. Bootstrapping in the latest implementation of FHE, the HElib library of Halevi and Shoup (Crypto 2014), requires about six minutes per batch. We present a new method to homomorphically compute simple bit operations, and refresh (bootstrap) the resulting output, which runs on a personal computer in just about half a second. We present a detailed technical analysis of the scheme (based on the worst-case hardness of standard lattice problems) and report on the performance of our prototype implementation.

Published

2015