Your search keyword '"ring-LWE"' showing total 83 results

51. Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware

Author

Pöppelmann, Thomas, Güneysu, Tim, Hutchison, David, Series editor, Kanade, Takeo, Series editor, Kittler, Josef, Series editor, Kleinberg, Jon M., Series editor, Kobsa, Alfred, Series editor, Mattern, Friedemann, Series editor, Mitchell, John C., Series editor, Naor, Moni, Series editor, Nierstrasz, Oscar, Series editor, Pandu Rangan, C., Series editor, Steffen, Bernhard, Series editor, Terzopoulos, Demetri, Series editor, Tygar, Doug, Series editor, Weikum, Gerhard, Series editor, Lange, Tanja, editor, Lauter, Kristin, editor, and Lisoněk, Petr, editor

Published

2014

52. A New Ring-Based SPHF and PAKE Protocol on Ideal Lattices.

Author

Karbasi, Amir Hassani, Atani, Reza Ebrahimi, and Atani, Shahabaddin Ebrahimi

Subjects

SYSTEMS on a chip, LEARNING, THEORY of knowledge

Abstract

Smooth Projective Hash Functions (SPHFs) as a specific pattern of zero knowledge proof system are fundamental tools to build many efficient cryptographic schemes and protocols. As an application of SPHFs, Password-Based Authenticated Key Exchange (PAKE) protocol is well-studied area in the last few years. In 2009, Katz and Vaikuntanathan described the first lattice-based PAKE using the Learning With Errors (LWE) problem. In this work, we present a new efficient ring-based smooth projective hash function \(Ring-SPHF)" using Lyubashevsky, Peikert, and Regev's dual-style cryptosystem based on the Learning With Errors over Rings (Ring-LWE) problem. Then, using our ring-SPHF, we propose an efficient password-based authenticated key exchange \(Ring-PAKE)" protocol over rings whose security relies on ideal lattice assumptions. [ABSTRACT FROM AUTHOR]

Published

2019

53. HEPCloud: An FPGA-Based Multicore Processor for FV Somewhat Homomorphic Function Evaluation.

Author

Sinha Roy, Sujoy, Jarvinen, Kimmo, Vliegen, Jo, Vercauteren, Frederik, and Verbauwhede, Ingrid

Subjects

*MULTICORE processors, *FIELD programmable gate arrays, *CENTRAL processing units, *COMPUTER architecture, *CRYPTOGRAPHY

Abstract

In this paper, we present an FPGA based hardware accelerator ‘ $\mathsf{HEPCloud}$ ’ for homomorphic evaluations of medium depth functions which has applications in cloud computing. Our $\mathsf{HEPCloud}$ architecture supports the polynomial ring based homomorphic encryption scheme FV for a ring-LWE parameter set of dimension $2^{15}$ , modulus size 1,228-bit, and a standard deviation 50. This parameter-set offers a multiplicative depth 36 and at least 85 bit security. The processor of $\mathsf{HEPCloud}$ is composed of multiple parallel cores. To achieve fast computation time for such a large parameter-set, various optimizations in both algorithm and architecture levels are performed. For fast polynomial multiplications, we use CRT with NTT and achieve two dimensional parallelism in $\mathsf{HEPCloud}$ . We optimize the BRAM access, use a fast Barrett like polynomial reduction method, optimize the cost of CRT, and design a fast divide-and-round unit. Beside parallel processing, we apply pipelining strategy in several of the sequential building blocks to reduce the impact of sequential computations. Finally, we implement $\mathsf{HEPCloud}$ on a medium-size Xilinx Virtex 6 FPGA board ML605 board and measure its on-board performance. To store the ciphertexts during a homomorphic function evaluation, we use the large DDR3 memory of the ML605 board. Our FPGA-based implementation of $\mathsf{HEPCloud}$ computes a homomorphic multiplication in 26.67 s, of which the actual computation takes only 3.36 s and the rest is spent for off-chip memory access. It requires about 37,551 s to evaluate the SIMON-64/128 block cipher, but the per-block timing is only about 18 s because $\mathsf{HEPCloud}$ processes 2,048 blocks simultaneously. The results show that FPGA-based acceleration of homomorphic function evaluations is feasible, but fast memory interface is crucial for the performance. [ABSTRACT FROM AUTHOR]

Published

2018

54. IoT application protection against power analysis attack.

Author

Moon, Jaegeun, Jung, Im Y., and Park, Jong Hyuk

Subjects

*INTERNET of things, *QUANTUM computing, *PUBLIC key cryptography, *EAVESDROPPING, *RSA algorithm, *PREVENTION

Abstract

The era of the Internet of Things (IoT) has arrived and much information is transmitted through various small IoT devices. Public key cryptography can be used in the present internet environment to avoid eavesdropping. The well-known public key cryptography, Rivest–Shamir–Adleman cryptography and Elliptic Curve Cryptography are apt to be broken when quantum computing is introduced. Therefore, lattice-based cryptography has been proposed as a new public key cryptography to replace them. The Ring-LWE scheme has been proposed to implement lattice-based cryptography. To apply the scheme to IoT devices using 8-bit, 32-bit, or 64-bit microcontrollers, optimization is inevitable. Further, the 8-bit environment is more important for small IoT devices. However, Ring-LWE may be vulnerable to side-channel attacks. This paper analyzes the attack scenario and tenders a countermeasure through bit checking for IoT applications using 8-bit microcontrollers. [ABSTRACT FROM AUTHOR]

Published

2018

55. A Resource-Efficient and Side-Channel Secure Hardware Implementation of Ring-LWE Cryptographic Processor.

Author

Liu, Dongsheng, Zhang, Cong, Lin, Hui, Chen, Yuyang, and Zhang, Mingyu

Subjects

*MULTIPLE access protocols (Computer network protocols), *FIELD programmable gate arrays, *ELLIPTIC curve cryptography

Abstract

Lattice-based cryptography has shown great potential due to its resistance against quantum attacks. With the security requirements for high-precision Gaussian sampling and complex polynomial multiplication over rings, as well as storage of large public-keys, it is extremely challengeable but important to implement lattice-based schemes on resources constrained devices. In this paper, a resource-efficient and side-channel secure Ring-LWE cryptographic processor is presented. A discrete Gaussian sampler with constant response time, high precision, and large distribution tails is designed. The proposed Gaussian sampler is proven to be secure against side-channel timing attack according to the timing analysis attack results on a FPGA-based testing platform. A universal module MPE (Modular Processing Element) is designed to carry out all basic modular operations for Ring-LWE cryptography with high speed. The prototype verification is performed on the Xilinx Spartan-6 FPGA platform. The processor can execute an encryption/decryption operation on a 256-bit message in 4.5/0.9 ms whilst it consumes only 1307 LUTs, 889 FFs, 4 BRAMs, and none DSP module. Compared with other related hardware implementations, the Ring-LWE processor is advantageous not only in hardware efficiency but also in secure protection against side-channel attacks. [ABSTRACT FROM AUTHOR]

Published

2019

56. Practical CCA2-Secure and Masked Ring-LWE Implementation

Author

Tobias Oder, Tobias Schneider, Thomas Pöppelmann, and Tim Güneysu

Subjects

Ideal Lattices, ring-LWE, CCA2 security, Masking, Hiding, Sampling, Computer engineering. Computer hardware, TK7885-7895, Information technology, T58.5-58.64

Abstract

During the last years public-key encryption schemes based on the hardness of ring-LWE have gained significant popularity. For real-world security applications assuming strong adversary models, a number of practical issues still need to be addressed. In this work we thus present an instance of ring-LWE encryption that is protected against active attacks (i.e., adaptive chosen-ciphertext attacks) and equipped with countermeasures against side-channel analysis. Our solution is based on a postquantum variant of the Fujisaki-Okamoto (FO) transform combined with provably secure first-order masking. To protect the key and message during decryption, we developed a masked binomial sampler that secures the re-encryption process required by FO. Our work shows that CCA2-secured RLWE-based encryption can be achieved with reasonable performance on constrained devices but also stresses that the required transformation and handling of decryption errors implies a performance overhead that has been overlooked by the community so far. With parameters providing 233 bits of quantum security, our implementation requires 4,176,684 cycles for encryption and 25,640,380 cycles for decryption with masking and hiding countermeasures on a Cortex-M4F. The first-order security of our masked implementation is also practically verified using the non-specific t-test evaluation methodology.

Published

2018

57. A novel combined correlation power analysis (CPA) attack on schoolbook polynomial multiplication in lattice-based cryptosystems

Author

Chuanchao Lu, Yijun Cui, Ayesha Khalid, Chongyan Gu, Chenghua Wang, Weiqiang Liu, Sezer, Sakir, Buchner, Thomas, Becker, Jurgen, Marshall, Andrew, Siddiqui, Fahad, Harbaum, Tanja, and McLaughlin, Kieran

Subjects

Correlation power analysis, Ring-LWE, Side-channel analysis, Hardware and Architecture, Control and Systems Engineering, School-book polynomial multiplier, Electrical and Electronic Engineering, Horizontal CPA (HCPA), Lattice-based cryptography

Abstract

The lattice-based cryptography problems are known to be secure against the quantum computing attacks, till date no known quantum algorithm is able to solve these hard problems in lattices. Their naive implementations on embedded devices are, however, vulnerable to side-channel analysis (SCA) attacks with full key recovery possible via power/EM leakage analysis. This work analyses and attacks the power side channel leakage in the baseline hardware architecture of schoolbook polynomial multiplication, that is an essential component of most of the lattice based cryptography implementations. We first undertake a horizontal correlation power analysis (HCPA) method, optimized to work independent of the precise attack location specification in the schoolbook polynomial multiplier power leakage profile. Inspite of the inherent difficulties in HCPA, the attack is extremely efficient; with an 99.90% accuracy of recovering any one sub secret-key using only a single trace. Next we undertake the vertical correlation power analysis (VCPA) attack on the schoolbook polynomial multiplier power leakage profile, that requires larger number of power traces to analyze the correlation. Finally, we propose a novel combined correlation power analysis (CCPA) method that combines the strengths of both the VCPA and the HCPA to further improve the attacking capability of HCPA. We report a complete secret key recovery with a 100% accuracy by using only 4 power traces.

Published

2022

58. Towards a Ring Analogue of the Leftover Hash Lemma

Author

Huijing Gong, Dana Dachman-Soled, Aria Shahverdi, and Mukul Kulkarni

Subjects

Discrete mathematics, Ring (mathematics), leakage resilience, Computer science, Applied Mathematics, Leftover hash lemma, 010102 general mathematics, lattice-based cryptography, 0102 computer and information sciences, Leakage resilience, 68p25, 01 natural sciences, Computer Science Applications, Computational Mathematics, 03g10, regularity lemma, 010201 computation theory & mathematics, QA1-939, Lattice-based cryptography, ring-lwe, 0101 mathematics, 94a60, Mathematics, Computer Science::Cryptography and Security

Abstract

The leftover hash lemma (LHL) is used in the analysis of various lattice-based cryptosystems, such as the Regev and Dual-Regev encryption schemes as well as their leakage-resilient counterparts. The LHL does not hold in the ring setting, when the ring is far from a field, which is typical for efficient cryptosystems. Lyubashevsky et al. (Eurocrypt ’13) proved a “regularity lemma,” which can be used instead of the LHL, but applies only for Gaussian inputs. This is in contrast to the LHL, which applies when the input is drawn from any high min-entropy distribution. Our work presents an approach for generalizing the “regularity lemma” of Lyubashevsky et al. to certain conditional distributions. We assume the input was sampled from a discrete Gaussian distribution and consider the induced distribution, given side-channel leakage on the input. We present three instantiations of our approach, proving that the regularity lemma holds for three natural conditional distributions.

Published

2020

59. Homomorphic AES evaluation using the modified LTV scheme.

Author

Doröz, Yarkın, Hu, Yin, and Sunar, Berk

Subjects

DATA encryption, SWITCHING theory, ADVANCED Encryption Standard, RING theory, ARTIFICIAL neural networks

Abstract

Since its introduction more than a decade ago the homomorphic properties of the NTRU encryption scheme have gone largely ignored. A variant of NTRU proposed by Stehlé and Steinfeld was recently extended into a full fledged multi-key fully homomorphic encryption scheme by López-Alt, Tromer and Vaikuntanathan (LTV). This NTRU based FHE presents a viable alternative to the currently dominant BGV style FHE schemes. While the scheme appears to be more efficient, a full implementation and comparison to BGV style implementations has been missing in the literature. In this work, we develop a customized implementation of the LTV. First parameters are selected to yield an efficient and yet secure LTV instantiation. We present an analysis of the noise growth that allows us to formulate a modulus cutting strategy for arbitrary circuits. Furthermore, we introduce a specialization of the ring structure that allows us to drastically reduce the public key size making evaluation of deep circuits such as the AES block cipher viable on a standard computer with a reasonable amount of memory. Moreover, with the modulus specialization the need for key switching is eliminated. Finally, we present a generic bit-sliced implementation of the LTV scheme that embodies a number of optimizations. To assess the performance of the scheme we homomorphically evaluate the full 10 round AES circuit in 29 h with 2048 message slots resulting in 51 s per AES block evaluation time. [ABSTRACT FROM AUTHOR]

Published

2016

60. Masking ring-LWE.

Author

Reparaz, Oscar, Roy, Sujoy, Clercq, Ruan, Vercauteren, Frederik, and Verbauwhede, Ingrid

Abstract

In this paper, we propose a masking scheme to protect ring-LWE decryption from first-order side-channel attacks. In an unprotected ring-LWE decryption, the recovered plaintext is computed by first performing polynomial arithmetic on the secret key and then decoding the result. We mask the polynomial operations by arithmetically splitting the secret key polynomial into two random shares; the final decoding operation is performed using a new bespoke masked decoder. The outputs of our masked ring-LWE decryption are Boolean shares suitable for derivation of a symmetric key. Thus, the masking scheme keeps all intermediates, including the recovered plaintext, in the masked domain. We have implemented the masking scheme on both hardware and software. On a Xilinx Virtex-II FPGA, the masked ring-LWE processor requires around 2000 LUTs, a $$20~\%$$ increase in the area with respect to the unprotected architecture. A masked decryption operation takes 7478 cycles, which is only a factor $$2.6\times $$ larger than the unprotected decryption. On a 32-bit ARM Cortex-M4F processor, the masked software implementation costs around $$5.2\times $$ more cycles than the unprotected implementation. [ABSTRACT FROM AUTHOR]

Published

2016

61. FPGA-Based Hardware Accelerator for Leveled Ring-LWE Fully Homomorphic Encryption

Author

Luogeng Tian, Yang Su, Chen Yang, and Bailong Yang

Subjects

polynomial multiplication, Speedup, General Computer Science, Computer science, Pipeline (computing), Clock rate, 02 engineering and technology, Parallel computing, Encryption, BGV scheme, Privacy-preserving, 0202 electrical engineering, electronic engineering, information engineering, General Materials Science, ring-LWE, hardware accelerator, Virtex, business.industry, General Engineering, Homomorphic encryption, 020206 networking & telecommunications, leveled fully homomorphic encryption, Hardware acceleration, 020201 artificial intelligence & image processing, Multiplication, lcsh:Electrical engineering. Electronics. Nuclear engineering, business, lcsh:TK1-9971, Learning with errors

Abstract

Fully homomorphic encryption (FHE) allows arbitrary computation on encrypted data and has great potential in privacy-preserving cloud computing and securely outsource computational tasks. However, the excessive computation complexity is the key limitation that restricting the practical application of FHE. In this paper we proposed a FPGA-based high parallelism architecture to accelerate the FHE schemes based on the ring learning with errors (RLWE) problem, specifically, we presented a fast implementation of leveled fully homomorphic encryption scheme BGV. In order to reduce the computation latency and improve the performance, we applied both circuit-level and block-level pipeline strategies to improve clock frequency, and as a result, enhance the processing speed of polynomial multipliers and homomorphic evaluation functions. At the same time, multiple polynomial multipliers and modular reduction units were deployed in parallel to further improve the hardware performance. Finally, we implemented and tested our architecture on a Virtex UltraScale FPGA platform. Runing at 150MHz, our implementation achieved $4.60\times \sim 9.49\times $ speedup with respect to the optimized software implementation on Intel i7 processor running at 3.1GHz for homomorphic encryption and decryption, and the throughput was increased by $1.03\times \sim 4.64\times $ compared to the hardware implementation of BGV. While compared to the hardware implementation of FV, the throughput of our accelerator also achieved $5.05\times $ and $167.3\times $ speedup for homomorphic addition and homomorphic multiplication operation respectively.

Published

2020

62. High Efficiency Ring-LWE Cryptoprocessor Using Shared Arithmetic Components

Author

Tuy Nguyen Tan, Tram Thi Bao Nguyen, and Hanho Lee

Subjects

Adder, Polynomial, Computer Networks and Communications, Computer science, Computation, shared arithmetic components, lcsh:TK7800-8360, 02 engineering and technology, Encryption, Multiplier (Fourier analysis), Secure cryptoprocessor, 0202 electrical engineering, electronic engineering, information engineering, Electrical and Electronic Engineering, Arithmetic, Hardware_ARITHMETICANDLOGICSTRUCTURES, Field-programmable gate array, ring-LWE, business.industry, cryptoprocessor, lcsh:Electronics, 020208 electrical & electronic engineering, 020202 computer hardware & architecture, pipelined, multiple-path delay feedback, Hardware and Architecture, Control and Systems Engineering, Signal Processing, Multiplier (economics), business, Learning with errors

Abstract

A high efficiency architecture for ring learning with errors (ring-LWE) cryptoprocessor using shared arithmetic components is presented in this paper. By applying a novel approach for sharing number theoretic transform (NTT) polynomial multiplier and polynomial adder in encryption and decryption operations, the total number of polynomial multipliers and polynomial adders used in the proposed ring-LWE cryptoprocessor are reduced. In addition, the processing time of NTT polynomial multiplier is speeded up by employing multiple-path delay feedback (MDF) architecture and deploying pipelined technique between all stages of NTT processes. As a result, the proposed architecture offers a great reduction in terms of the hardware complexity and computation latency compared with existing works. The implementation result for the proposed ring-LWE cryptoprocessor on Virtex-7 FPGA board using Xilinx VIVADO shows a significant decrease in the number of slices and LUTs compared with previous works. Moreover, the proposed ring-LWE cryptoprocessor offers higher throughput and efficiency than its predecessors.

Published

2020

63. Field switching in BGV-style homomorphic encryption.

Author

Gentry, Craig, Halevi, Shai, Peikert, Chris, and Smart, Nigel P.

Subjects

*DATA encryption, *COMPUTER security research, *DATA protection research, *STATISTICAL bootstrapping, *DISTRIBUTION (Probability theory)

Abstract

The security of contemporary homomorphic encryption schemes over cyclotomic number field relies on fields of very large dimension. This large dimension is needed because of the large modulus-to-noise ratio in the key-switching matrices that are used for the top few levels of the evaluated circuit. However, a smaller modulus-to-noise ratio is used in lower levels of the circuit, so from a security standpoint it is permissible to switch to lower-dimension fields, thus speeding up the homomorphic operations for the lower levels of the circuit. However, implementing such field-switching is nontrivial, since these schemes rely on the field algebraic structure for their homomorphic properties.A basic ring-switching operation was used by Brakerski, Gentry and Vaikuntanathan, over rings of the form Z[X]/(X2n+1), in the context of bootstrapping. In this work we generalize and extend this technique to work over any cyclotomic number field, and show how it can be used not only for bootstrapping but also during the computation itself (in conjunction with the 'packed ciphertext' techniques of Gentry, Halevi and Smart). [ABSTRACT FROM AUTHOR]

Published

2013

64. CHIMERA: Combining Ring-LWE-based Fully Homomorphic Encryption Schemes

Author

Nicolas Gama, Christina Boura, Dimitar Jetchev, Mariya Georgieva, Laboratoire de Mathématiques de Versailles (LMV), Université de Versailles Saint-Quentin-en-Yvelines (UVSQ)-Université Paris-Saclay-Centre National de la Recherche Scientifique (CNRS), Cryptologie symétrique, cryptologie fondée sur les codes et information quantique (COSMIQ), Inria de Paris, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria), Inpher, and Ecole Polytechnique Fédérale de Lausanne (EPFL)

Subjects

TFHE, 2010 Mathematics Subject Classification: 94A60, Computer science, 0102 computer and information sciences, 02 engineering and technology, Topology, 01 natural sciences, Floating point computation, Chimera (genetics), [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Ring-LWE, 0202 electrical engineering, electronic engineering, information engineering, QA1-939, 94a60, Applied Mathematics, Homomorphic encryption, Fully homomorphic encryption, HEAAN, Computer Science Applications, Computational Mathematics, Lattice based cryptography, 010201 computation theory & mathematics, B/FV, 020201 artificial intelligence & image processing, Lattice-based cryptography, Mathematics

Abstract

This paper proposes a practical hybrid solution for combining and switching between three popular Ring-LWE-based FHE schemes: TFHE, B/FV and HEAAN. This is achieved by first mapping the different plaintext spaces to a common algebraic structure and then by applying efficient switching algorithms. This approach has many practical applications. First and foremost, it becomes an integral tool for the recent standardization initiatives of homomorphic schemes and common APIs. Then, it can be used in many real-life scenarios where operations of different nature and not achievable within a single FHE scheme have to be performed and where it is important to efficiently switch from one scheme to another. Finally, as a byproduct of our analysis we introduce the notion of a FHE module structure, that generalizes the notion of the external product, but can certainly be of independent interest in future research in FHE.

Published

2020

65. Sapphire: A Configurable Crypto-Processor for Post-Quantum Lattice-based Protocols

Author

Banerjee, Utsav, Ukyab, Tenzin S., and Chandrakasan, Anantha P.

Subjects

FOS: Computer and information sciences, Computer Science - Cryptography and Security, lcsh:Computer engineering. Computer hardware, lcsh:T58.5-58.64, lcsh:Information technology, NIST Round 2, postquantum, Lattice-based Cryptography, lcsh:TK7885-7895, Ring-LWE, LWE, Hardware Architecture (cs.AR), Computer Science - Hardware Architecture, Cryptography and Security (cs.CR), Module-LWE

Abstract

Public key cryptography protocols, such as RSA and elliptic curve cryptography, will be rendered insecure by Shor’s algorithm when large-scale quantum computers are built. Cryptographers are working on quantum-resistant algorithms, and lattice-based cryptography has emerged as a prime candidate. However, high computational complexity of these algorithms makes it challenging to implement lattice-based protocols on low-power embedded devices. To address this challenge, we present Sapphire – a lattice cryptography processor with configurable parameters. Efficient sampling, with a SHA-3-based PRNG, provides two orders of magnitude energy savings; a single-port RAM-based number theoretic transform memory architecture is proposed, which provides 124k-gate area savings; while a low-power modular arithmetic unit accelerates polynomial computations. Our test chip was fabricated in TSMC 40nm low-power CMOS process, with the Sapphire cryptographic core occupying 0.28 mm2 area consisting of 106k logic gates and 40.25 KB SRAM. Sapphire can be programmed with custom instructions for polynomial arithmetic and sampling, and it is coupled with a low-power RISC-V micro-processor to demonstrate NIST Round 2 lattice-based CCA-secure key encapsulation and signature protocols Frodo, NewHope, qTESLA, CRYSTALS-Kyber and CRYSTALS-Dilithium, achieving up to an order of magnitude improvement in performance and energy-efficiency compared to state-of-the-art hardware implementations. All key building blocks of Sapphire are constant-time and secure against timing and simple power analysis side-channel attacks. We also discuss how masking-based DPA countermeasures can be implemented on the Sapphire core without any changes to the hardware.

Published

2019

66. High-Speed Polynomial Multiplication Architecture for Ring-LWE and SHE Cryptosystems.

Author

Chen, Donald Donglong, Mentens, Nele, Vercauteren, Frederik, Roy, Sujoy Sinha, Cheung, Ray C. C., Pao, Derek, and Verbauwhede, Ingrid

Subjects

*CRYPTOSYSTEMS, *DATA encryption, *POLYNOMIALS, *FAST Fourier transforms, *FIELD programmable gate arrays

Abstract

Polynomial multiplication is the basic and most computationally intensive operation in ring-learning with errors (ring-LWE) encryption and "somewhat" homomorphic encryption (SHE) cryptosystems. In this paper, the fast Fourier transform (FFT) with a linearithmic complexity of O(n\log n), is exploited in the design of a high-speed polynomial multiplier. A constant geometry FFT datapath is used in the computation to simplify the control of the architecture. The contribution of this work is three-fold. First, parameter sets which support both an efficient modular reduction design and the security requirements for ring-LWE encryption and SHE are provided. Second, a versatile pipelined architecture accompanied with an improved dataflow are proposed to obtain a high-speed polynomial multiplier. Third, the proposed architecture supports polynomial multiplications for different lengths n and moduli p. The experimental results on a Spartan-6 FPGA show that the proposed design results in a speedup of 3.5 times on average when compared with the state of the art. It performs a polynomial multiplication in the ring-LWE scheme (n=256,p=1049089) and the SHE scheme (n=1024,p=536903681) in only 6.3 \mus and 33.1 \mus, respectively. [ABSTRACT FROM AUTHOR]

Published

2015

67. 符号化によるRing-LWE問題に基づく鍵交換プロトコルの通信量削減方法の提案

Subjects

CBT符号, Ring-LWE, OpenSSL, ハフマン符号, Newhope

Published

2017

68. High Efficiency Ring-LWE Cryptoprocessor Using Shared Arithmetic Components.

Author

Nguyen Tan, Tuy, Thi Bao Nguyen, Tram, and Lee, Hanho

Subjects

ARITHMETIC, POLYNOMIAL time algorithms, POLYNOMIALS

Abstract

A high efficiency architecture for ring learning with errors (ring-LWE) cryptoprocessor using shared arithmetic components is presented in this paper. By applying a novel approach for sharing number theoretic transform (NTT) polynomial multiplier and polynomial adder in encryption and decryption operations, the total number of polynomial multipliers and polynomial adders used in the proposed ring-LWE cryptoprocessor are reduced. In addition, the processing time of NTT polynomial multiplier is speeded up by employing multiple-path delay feedback (MDF) architecture and deploying pipelined technique between all stages of NTT processes. As a result, the proposed architecture offers a great reduction in terms of the hardware complexity and computation latency compared with existing works. The implementation result for the proposed ring-LWE cryptoprocessor on Virtex-7 FPGA board using Xilinx VIVADO shows a significant decrease in the number of slices and LUTs compared with previous works. Moreover, the proposed ring-LWE cryptoprocessor offers higher throughput and efficiency than its predecessors. [ABSTRACT FROM AUTHOR]

Published

2020

69. NTRU prime: reducing attack surface at low cost

Author

Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C., Adams, Carlisle, Camenisch, Jan, Discrete Mathematics, Coding Theory and Cryptology, University of Illinois [Chicago] (UIC), University of Illinois System, Arithmetic and Computing (ARIC), Inria Grenoble - Rhône-Alpes, Institut National de Recherche en Informatique et en Automatique (Inria)-Institut National de Recherche en Informatique et en Automatique (Inria)-Laboratoire de l'Informatique du Parallélisme (LIP), École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure de Lyon (ENS de Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Centre National de la Recherche Scientifique (CNRS), Department of mathematics and computing science [Eindhoven], Eindhoven University of Technology [Eindhoven] (TU/e), École normale supérieure - Lyon (ENS Lyon)-Université Claude Bernard Lyon 1 (UCBL), Université de Lyon-Université de Lyon-Institut National de Recherche en Informatique et en Automatique (Inria)-Centre National de la Recherche Scientifique (CNRS)-École normale supérieure - Lyon (ENS Lyon)-Université Claude Bernard Lyon 1 (UCBL), and Center for Quantum Materials and Technology Eindhoven

Subjects

Computer science, NTRU, Post-quantum cryptography, Karatsuba algorithm, ComputingMilieux_LEGALASPECTSOFCOMPUTING, Cryptography, Soliloquy, Data_CODINGANDINFORMATIONTHEORY, 0102 computer and information sciences, 02 engineering and technology, Computer security, computer.software_genre, 01 natural sciences, Prime (order theory), Public-key cryptography, Karatsuba, [INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR], Ring-LWE, Vectorization, 0202 electrical engineering, electronic engineering, information engineering, Cryptosystem, [INFO]Computer Science [cs], Ideal lattices, Hardware_ARITHMETICANDLOGICSTRUCTURES, ComputingMilieux_MISCELLANEOUS, Computer Science::Cryptography and Security, Public-key encryption, Mathematics::Commutative Algebra, business.industry, Software implementation, Attack surface, Fast sorting, 010201 computation theory & mathematics, Security, 020201 artificial intelligence & image processing, Lattice-based cryptography, business, computer

Abstract

Several ideal-lattice-based cryptosystems have been broken by recent attacks that exploit special structures of the rings used in those cryptosystems. The same structures are also used in the leading proposals for post-quantum lattice-based cryptography, including the classic NTRU cryptosystem and typical Ring-LWE-based cryptosystems.This paper (1) proposes NTRU Prime, which tweaks NTRU to use rings without these structures; (2) proposes Streamlined NTRU Prime, a public-key cryptosystem optimized from an implementation perspective, subject to the standard design goal of IND-CCA2 security; (3) finds high-security post-quantum parameters for Streamlined NTRU Prime; and (4) optimizes a constant-time implementation of those parameters. The resulting sizes and speeds show that reducing the attack surface has very low cost.KeywordsPost-quantum cryptography Public-key encryption Lattice-based cryptography Ideal lattices NTRU Ring-LWE Security Soliloquy Karatsuba Software implementation Vectorization Fast sorting

Published

2017

70. Post-quantum key exchange - a new hope

Author

Erdem ALKIM, Ducas, L., Pöppelmann, T., Schwabe, P., and Cryptology

Subjects

high-speed software, Ring-LWE, Public-key cryptography / Post-quantum key exchange, ComputingMethodologies_DOCUMENTANDTEXTPROCESSING, vectorization, Digital Security

Abstract

At IEEE Security & Privacy 2015, Bos, Costello, Naehrig, and Stebila proposed an instantiation of Peikert's ring-learning-with-errors--based (Ring-LWE) key-exchange protocol (PQCrypto 2014), together with an implementation integrated into OpenSSL, with the affirmed goal of providing post-quantum security for TLS. In this work we revisit their instantiation and stand-alone implementation. Specifically, we propose new parameters and a better suited error distribution, analyze the scheme's hardness against attacks by quantum computers in a conservative way, introduce a new and more efficient error-reconciliation mechanism, and propose a defense against backdoors and all-for-the-price-of-one attacks. By these measures and for the same lattice dimension, we more than double the security parameter, halve the communication overhead, and speed up computation by more than a factor of 8 in a portable C implementation and by more than a factor of 27 in an optimized implementation targeting current Intel CPUs. These speedups are achieved with comprehensive protection against timing attacks.

Published

2016

71. Post-Quantum Key Exchange -- A new hope

Subjects

high-speed software, Ring-LWE, Public-key cryptography / Post-quantum key exchange, vectorization

Abstract

At IEEE Security & Privacy 2015, Bos, Costello, Naehrig, and Stebila proposed an instantiation of Peikert's ring-learning-with-errors--based (Ring-LWE) key-exchange protocol (PQCrypto 2014), together with an implementation integrated into OpenSSL, with the affirmed goal of providing post-quantum security for TLS. In this work we revisit their instantiation and stand-alone implementation. Specifically, we propose new parameters and a better suited error distribution, analyze the scheme's hardness against attacks by quantum computers in a conservative way, introduce a new and more efficient error-reconciliation mechanism, and propose a defense against backdoors and all-for-the-price-of-one attacks. By these measures and for the same lattice dimension, we more than double the security parameter, halve the communication overhead, and speed up computation by more than a factor of 8 in a portable C implementation and by more than a factor of 27 in an optimized implementation targeting current Intel CPUs. These speedups are achieved with comprehensive protection against timing attacks.

Published

2016

72. An efficient full dynamic group signature scheme over ring.

Author

Sun, Yiru, Liu, Yanyan, and Wu, Bo

Subjects

DIGITAL signatures, CRYPTOGRAPHY, REVOCATION, INTERNET security, PUBLIC key cryptography, COMPUTATIONAL complexity

Abstract

The group signature scheme is an important primitive in cryptography, it allows members in a group to generate signatures anonymously on behalf of the whole group. In view of the practical application of such schemes, it is necessary to allow users' registration and revocation when necessary, which makes the construction of dynamic group signature schemes become a significant direction. On the basis of (Ling et al., Lattice-based group signatures: achieving full dynamicity with ease, 2017), we present the first full dynamic group signature scheme over ring, and under the premise of ensuring security, the efficiency of the scheme is improved mainly from the following three aspects: the size of keys, the dynamic construction of a Merkle hash tree that used to record the information of registered users, and the reuse of the leaves in this tree. In addition, the public and secret keys of both group manager and trace manager are generated by a trusted third party, which prevents the situation that the two managers generate their respective public key and secret key maliciously. Compared with the counterpart of the scheme in (Ling et al., Lattice-based group signatures: achieving full dynamicity with ease, 2017) over ring, the expected space complexity of the Merkle tree used in our work down almost by half, and the computational complexity of its update has been reduced by a notch because of the dynamic construction of the hash tree. [ABSTRACT FROM AUTHOR]

Published

2019

73. FHEW: Bootstrapping Homomorphic Encryption in less than a second

Author

Ducas, Léo, Micciancio, D., Ottenhof, F., Oswald, E., and Cryptology

Subjects

Scheme (programming language), Theoretical computer science, Computer science, business.industry, Lattice problem, NAND gate, Homomorphic encryption, 020206 networking & telecommunications, public-key cryptography / FHE, 02 engineering and technology, Encryption, Bottleneck, Bootstrapping (electronics), Ring-LWE, Personal computer, 0202 electrical engineering, electronic engineering, information engineering, bootstrapping, 020201 artificial intelligence & image processing, Arithmetic, business, computer, computer.programming_language, Computer Science::Cryptography and Security

Abstract

The main bottleneck affecting the efficiency of all known fully homomorphic encryption (FHE) schemes is Gentry’s bootstrapping procedure, which is required to refresh noisy ciphertexts and keep computing on encrypted data. Bootstrapping in the latest implementation of FHE, the HElib library of Halevi and Shoup (Crypto 2014), requires about six minutes per batch. We present a new method to homomorphically compute simple bit operations, and refresh (bootstrap) the resulting output, which runs on a personal computer in just about half a second. We present a detailed technical analysis of the scheme (based on the worst-case hardness of standard lattice problems) and report on the performance of our prototype implementation.

Published

2015

74. Post-Quantum Key Exchange -- A new hope

Author

Alkin, E., Ducas, L. (Léo), Pöppelmann, T., Schwabe, P. (Peter), Alkin, E., Ducas, L. (Léo), Pöppelmann, T., and Schwabe, P. (Peter)

Abstract

At IEEE Security & Privacy 2015, Bos, Costello, Naehrig, and Stebila proposed an instantiation of Peikert's ring-learning-with-errors--based (Ring-LWE) key-exchange protocol (PQCrypto 2014), together with an implementation integrated into OpenSSL, with the affirmed goal of providing post-quantum security for TLS. In this work we revisit their instantiation and stand-alone implementation. Specifically, we propose new parameters and a better suited error distribution, analyze the scheme's hardness against attacks by quantum computers in a conservative way, introduce a new and more efficient error-reconciliation mechanism, and propose a defense against backdoors and all-for-the-price-of-one attacks. By these measures and for the same lattice dimension, we more than double the security parameter, halve the communication overhead, and speed up computation by more than a factor of 8 in a portable C implementation and by more than a factor of 27 in an optimized implementation targeting current Intel CPUs. These speedups are achieved with comprehensive protection against timing attacks.

Published

2016

75. FHEW: Bootstrapping Homomorphic Encryption in less than a second

Author

Ottenhof, F., Oswald, E., Ducas, L. (Léo), Micciancio, D., Ottenhof, F., Oswald, E., Ducas, L. (Léo), and Micciancio, D.

Abstract

The main bottleneck affecting the efficiency of all known fully homomorphic encryption (FHE) schemes is Gentry’s bootstrapping procedure, which is required to refresh noisy ciphertexts and keep computing on encrypted data. Bootstrapping in the latest implementation of FHE, the HElib library of Halevi and Shoup (Crypto 2014), requires about six minutes per batch. We present a new method to homomorphically compute simple bit operations, and refresh (bootstrap) the resulting output, which runs on a personal computer in just about half a second. We present a detailed technical analysis of the scheme (based on the worst-case hardness of standard lattice problems) and report on the performance of our prototype implementation.

Published

2015

76. Post-kvantová kryptografie na omezených zařízeních

Author

Malina, Lukáš, Dzurenda, Petr, Matula, Lukáš, Malina, Lukáš, Dzurenda, Petr, and Matula, Lukáš

Abstract

V posledních letech dochází k velkému technologickému vývoji, který mimo jiné přináší návrhy a realizace kvantových počítačů. V případě využití kvantových počítačů je dle Shorova algoritmu velmi pravděpodobné, že matematické problémy, o které se opírají dnešní kryptografické systémy, budou vypočitatelné v polynomiálním čase. Je tedy nezbytné věnovat pozornost vývoji post-kvantové kryptografie, která je schopna zabezpečit systémy vůči kvantovým útokům. Práce zahrnuje souhrn a porovnání různých typů post-kvantové kryptografie a následně měření a analyzování jejich náročnosti za účelem implementace na omezená zařízení, jako jsou čipové karty. Měřené hodnoty na PC jsou využity na určení nejvhodnější implementace na čipovou kartu a poté je samotná verifikační metoda na čipovou kartu implementována., In recent years, there has been a lot of technological development, which among other things, brings the designs and implementation of quantum computing. Using Shor’s algorithm for quantum computing, it is highly likely that the mathematical problems, which underlie the cryptographic systems, will be computed in polynomial time. Therefore, it is necessary to pay attention to the development of post-quantum cryptography, which is able to secure systems against quantum attacks. This work includes the summary and the comparison of different types of post-quantum cryptography, followed by measuring and analysing its levels of difficulty in order to implement them into limited devices, such as smart cards. The measured values on the PC are used to determine the most suitable implementation on the circuit card and then the verification method itself is implemented on it.

77. Post-kvantová kryptografie na omezených zařízeních

Author

Malina, Lukáš, Dzurenda, Petr, Matula, Lukáš, Malina, Lukáš, Dzurenda, Petr, and Matula, Lukáš

Abstract

V posledních letech dochází k velkému technologickému vývoji, který mimo jiné přináší návrhy a realizace kvantových počítačů. V případě využití kvantových počítačů je dle Shorova algoritmu velmi pravděpodobné, že matematické problémy, o které se opírají dnešní kryptografické systémy, budou vypočitatelné v polynomiálním čase. Je tedy nezbytné věnovat pozornost vývoji post-kvantové kryptografie, která je schopna zabezpečit systémy vůči kvantovým útokům. Práce zahrnuje souhrn a porovnání různých typů post-kvantové kryptografie a následně měření a analyzování jejich náročnosti za účelem implementace na omezená zařízení, jako jsou čipové karty. Měřené hodnoty na PC jsou využity na určení nejvhodnější implementace na čipovou kartu a poté je samotná verifikační metoda na čipovou kartu implementována., In recent years, there has been a lot of technological development, which among other things, brings the designs and implementation of quantum computing. Using Shor’s algorithm for quantum computing, it is highly likely that the mathematical problems, which underlie the cryptographic systems, will be computed in polynomial time. Therefore, it is necessary to pay attention to the development of post-quantum cryptography, which is able to secure systems against quantum attacks. This work includes the summary and the comparison of different types of post-quantum cryptography, followed by measuring and analysing its levels of difficulty in order to implement them into limited devices, such as smart cards. The measured values on the PC are used to determine the most suitable implementation on the circuit card and then the verification method itself is implemented on it.

78. Post-kvantová kryptografie na omezených zařízeních

Author

Malina, Lukáš, Dzurenda, Petr, Malina, Lukáš, and Dzurenda, Petr

Abstract

V posledních letech dochází k velkému technologickému vývoji, který mimo jiné přináší návrhy a realizace kvantových počítačů. V případě využití kvantových počítačů je dle Shorova algoritmu velmi pravděpodobné, že matematické problémy, o které se opírají dnešní kryptografické systémy, budou vypočitatelné v polynomiálním čase. Je tedy nezbytné věnovat pozornost vývoji post-kvantové kryptografie, která je schopna zabezpečit systémy vůči kvantovým útokům. Práce zahrnuje souhrn a porovnání různých typů post-kvantové kryptografie a následně měření a analyzování jejich náročnosti za účelem implementace na omezená zařízení, jako jsou čipové karty. Měřené hodnoty na PC jsou využity na určení nejvhodnější implementace na čipovou kartu a poté je samotná verifikační metoda na čipovou kartu implementována., In recent years, there has been a lot of technological development, which among other things, brings the designs and implementation of quantum computing. Using Shor’s algorithm for quantum computing, it is highly likely that the mathematical problems, which underlie the cryptographic systems, will be computed in polynomial time. Therefore, it is necessary to pay attention to the development of post-quantum cryptography, which is able to secure systems against quantum attacks. This work includes the summary and the comparison of different types of post-quantum cryptography, followed by measuring and analysing its levels of difficulty in order to implement them into limited devices, such as smart cards. The measured values on the PC are used to determine the most suitable implementation on the circuit card and then the verification method itself is implemented on it.

79. Post-kvantová kryptografie na omezených zařízeních

Author

Malina, Lukáš, Dzurenda, Petr, Malina, Lukáš, and Dzurenda, Petr

Abstract

V posledních letech dochází k velkému technologickému vývoji, který mimo jiné přináší návrhy a realizace kvantových počítačů. V případě využití kvantových počítačů je dle Shorova algoritmu velmi pravděpodobné, že matematické problémy, o které se opírají dnešní kryptografické systémy, budou vypočitatelné v polynomiálním čase. Je tedy nezbytné věnovat pozornost vývoji post-kvantové kryptografie, která je schopna zabezpečit systémy vůči kvantovým útokům. Práce zahrnuje souhrn a porovnání různých typů post-kvantové kryptografie a následně měření a analyzování jejich náročnosti za účelem implementace na omezená zařízení, jako jsou čipové karty. Měřené hodnoty na PC jsou využity na určení nejvhodnější implementace na čipovou kartu a poté je samotná verifikační metoda na čipovou kartu implementována., In recent years, there has been a lot of technological development, which among other things, brings the designs and implementation of quantum computing. Using Shor’s algorithm for quantum computing, it is highly likely that the mathematical problems, which underlie the cryptographic systems, will be computed in polynomial time. Therefore, it is necessary to pay attention to the development of post-quantum cryptography, which is able to secure systems against quantum attacks. This work includes the summary and the comparison of different types of post-quantum cryptography, followed by measuring and analysing its levels of difficulty in order to implement them into limited devices, such as smart cards. The measured values on the PC are used to determine the most suitable implementation on the circuit card and then the verification method itself is implemented on it.

80. Post-kvantová kryptografie na omezených zařízeních

Author

Malina, Lukáš, Dzurenda, Petr, Malina, Lukáš, and Dzurenda, Petr

Abstract

V posledních letech dochází k velkému technologickému vývoji, který mimo jiné přináší návrhy a realizace kvantových počítačů. V případě využití kvantových počítačů je dle Shorova algoritmu velmi pravděpodobné, že matematické problémy, o které se opírají dnešní kryptografické systémy, budou vypočitatelné v polynomiálním čase. Je tedy nezbytné věnovat pozornost vývoji post-kvantové kryptografie, která je schopna zabezpečit systémy vůči kvantovým útokům. Práce zahrnuje souhrn a porovnání různých typů post-kvantové kryptografie a následně měření a analyzování jejich náročnosti za účelem implementace na omezená zařízení, jako jsou čipové karty. Měřené hodnoty na PC jsou využity na určení nejvhodnější implementace na čipovou kartu a poté je samotná verifikační metoda na čipovou kartu implementována., In recent years, there has been a lot of technological development, which among other things, brings the designs and implementation of quantum computing. Using Shor’s algorithm for quantum computing, it is highly likely that the mathematical problems, which underlie the cryptographic systems, will be computed in polynomial time. Therefore, it is necessary to pay attention to the development of post-quantum cryptography, which is able to secure systems against quantum attacks. This work includes the summary and the comparison of different types of post-quantum cryptography, followed by measuring and analysing its levels of difficulty in order to implement them into limited devices, such as smart cards. The measured values on the PC are used to determine the most suitable implementation on the circuit card and then the verification method itself is implemented on it.

81. Post-kvantová kryptografie na omezených zařízeních

Author

Malina, Lukáš, Dzurenda, Petr, Matula, Lukáš, Malina, Lukáš, Dzurenda, Petr, and Matula, Lukáš

Abstract

V posledních letech dochází k velkému technologickému vývoji, který mimo jiné přináší návrhy a realizace kvantových počítačů. V případě využití kvantových počítačů je dle Shorova algoritmu velmi pravděpodobné, že matematické problémy, o které se opírají dnešní kryptografické systémy, budou vypočitatelné v polynomiálním čase. Je tedy nezbytné věnovat pozornost vývoji post-kvantové kryptografie, která je schopna zabezpečit systémy vůči kvantovým útokům. Práce zahrnuje souhrn a porovnání různých typů post-kvantové kryptografie a následně měření a analyzování jejich náročnosti za účelem implementace na omezená zařízení, jako jsou čipové karty. Měřené hodnoty na PC jsou využity na určení nejvhodnější implementace na čipovou kartu a poté je samotná verifikační metoda na čipovou kartu implementována., In recent years, there has been a lot of technological development, which among other things, brings the designs and implementation of quantum computing. Using Shor’s algorithm for quantum computing, it is highly likely that the mathematical problems, which underlie the cryptographic systems, will be computed in polynomial time. Therefore, it is necessary to pay attention to the development of post-quantum cryptography, which is able to secure systems against quantum attacks. This work includes the summary and the comparison of different types of post-quantum cryptography, followed by measuring and analysing its levels of difficulty in order to implement them into limited devices, such as smart cards. The measured values on the PC are used to determine the most suitable implementation on the circuit card and then the verification method itself is implemented on it.

82. Tree-Based Ring-LWE Group Key Exchanges with Logarithmic Complexity

Author

Hougaard, Hector B., Miyaji, Atsuko, Hougaard, Hector B., and Miyaji, Atsuko

Abstract

This is a post-peer-review, pre-copyedit version of an article published in Information and Communications Security. The final authenticated version is available online at: https://doi.org/10.1007/978-3-030-61078-4_6., 22nd International Conference, ICICS 2020 [Copenhagen, Denmark, August 2020], We present the first constant-round, multicast, tree-based Ring-LWE group key exchange protocol with logarithmic communication and memory complexity. Our protocol achieves post-quantum security through a reduction to a Diffie-Hellman-like decisional analogue to the decisional Ring-LWE problem. We also present a sequential, multicast, tree-based Ring-LWE group key exchange protocol with constant communication and memory complexity but a logarithmic number of rounds.

83. Tree-Based Ring-LWE Group Key Exchanges with Logarithmic Complexity

Author

Hougaard, Hector B., Miyaji, Atsuko, Hougaard, Hector B., and Miyaji, Atsuko

Abstract

This is a post-peer-review, pre-copyedit version of an article published in Information and Communications Security. The final authenticated version is available online at: https://doi.org/10.1007/978-3-030-61078-4_6., 22nd International Conference, ICICS 2020 [Copenhagen, Denmark, August 2020], We present the first constant-round, multicast, tree-based Ring-LWE group key exchange protocol with logarithmic communication and memory complexity. Our protocol achieves post-quantum security through a reduction to a Diffie-Hellman-like decisional analogue to the decisional Ring-LWE problem. We also present a sequential, multicast, tree-based Ring-LWE group key exchange protocol with constant communication and memory complexity but a logarithmic number of rounds.