2 settings

2 Settings Continuous setting: C n : a lattice, : component-wise - PowerPoint PPT Presentation

Nov 21, 2023 •334 likes •903 views

L ogarithmic L attices L eo Ducas Centrum Wiskunde & Informatica, Amsterdam, The Netherlands Workshop: Computational Challenges in the Theory of Lattices ICERM, Brown University, Providence, RI, USA, April 23-27, 2018 L. Ducas (CWI)

  1. L ogarithmic L attices L´ eo Ducas Centrum Wiskunde & Informatica, Amsterdam, The Netherlands Workshop: Computational Challenges in the Theory of Lattices ICERM, Brown University, Providence, RI, USA, April 23-27, 2018 L. Ducas (CWI) Logarithmic Lattices April 2018 1 / 29

  2. 2 Settings Continuous setting: Λ ⊂ C n : a lattice, ⊙ : component-wise product on C n . v ∈ C n �→ (exp( v 1 ) , . . . , exp( v n )) ⊙ Λ Exp Λ : � L = { v ∈ C n s.t. Exp Λ ( v ) = Λ } . Discrete setting: B = { p 1 , . . . p n } ⊂ K × : a set of primes of a field K . [ · ] : K × → G , a multiplicative morphism to a finite abelian group G . v ∈ Z n �→ �� � p v i Exp B : � i L = { v ∈ Z n s.t. Exp B ( v ) = Id G } . L. Ducas (CWI) Logarithmic Lattices April 2018 2 / 29

  3. Logarithm Problem Logarithms are only defined mod L : Exp B ( x ) = Exp B ( y ) ⇔ x ∈ y + L Log B ( g ) := Exp − 1 B ( g ) = x + L s.t. Exp B ( x ) = g Hidden Subgroup Problem Find the lattice L (a set of generators of L ). (typically: find one non-zero vector ⇒ find the whole lattice) Classically: Index Calculus Methods, Quantumly: [Eisentrger Hallgren Kitaev Song 14] Discrete Logarithm Problem mod p R = Z , g , h ∈ ( Z / p Z ) × , [ · ] : x �→ x mod p , L = ( p − 1) Z is known. DLP: Find a representative x ∈ Log( g ) L. Ducas (CWI) Logarithmic Lattices April 2018 3 / 29

  4. Short Logarithm Problems ? ... non-zero vector in a lattice (coset) ... Non-zero vector in a lattice, you said ? How short can it be ? Can it be found efficiently ? Fair question, but why would that matter ? L. Ducas (CWI) Logarithmic Lattices April 2018 4 / 29

  5. Short Logarithm Problems ? ... non-zero vector in a lattice (coset) ... Non-zero vector in a lattice, you said ? How short can it be ? Can it be found efficiently ? Fair question, but why would that matter ? L. Ducas (CWI) Logarithmic Lattices April 2018 4 / 29

  6. Short Logarithm Problems ? ... non-zero vector in a lattice (coset) ... Non-zero vector in a lattice, you said ? How short can it be ? Can it be found efficiently ? Fair question, but why would that matter ? L. Ducas (CWI) Logarithmic Lattices April 2018 4 / 29

  7. Short Logarithm Problems ? ... non-zero vector in a lattice (coset) ... Non-zero vector in a lattice, you said ? How short can it be ? Can it be found efficiently ? Fair question, but why would that matter ? L. Ducas (CWI) Logarithmic Lattices April 2018 4 / 29

  8. Short Logarithm Problems ? Example (DLP over ( Z / p Z ) × ) dim L = 1: Shortest solution trivially found... Example (Inside Index Caculus) Step 1 (relation collection) find many vectors M = ( v 1 . . . v m ) ∈ L . Step 2 (linear algebra) Solve the linear system Mx = y . Step 2 is faster if M is sparse: we want to make M “shorter” ! But dim L = HUGE: limited to ad-hoc micro improvements. More interesting cases for lattice theoretician and algorithmicians ? L. Ducas (CWI) Logarithmic Lattices April 2018 5 / 29

  9. 3 encounters with L ogarithmic L attices [Cramer D. Peikert Regev 16] : Dirichlet’s Unit lattice [Cramer D. Wesolowsky 17] : Stickelberger’s Class-relation lattice Summary: These lattices admits a known almost-orthogonal basis ⇒ Can use lattice algorithm to solve ‘short-DLP’ ⇒ Break some crypto [Chor Rivest ’89] : Logarithmic lattices over ( Z / p Z ) × Summary: Make certain ‘short-DLP’ easy by design, get an efficiently decodable lattice, hide it for Crypto. [D. Pierrot ’18] : Logarithmic lattices over ( Z / p Z ) × Summary: Remove crypto from Chor-Rivest. Optimize asymptotically. Get close to Minkowski’s bound. L. Ducas (CWI) Logarithmic Lattices April 2018 6 / 29

  10. 3 encounters with L ogarithmic L attices [Cramer D. Peikert Regev 16] : Dirichlet’s Unit lattice [Cramer D. Wesolowsky 17] : Stickelberger’s Class-relation lattice Summary: These lattices admits a known almost-orthogonal basis ⇒ Can use lattice algorithm to solve ‘short-DLP’ ⇒ Break some crypto [Chor Rivest ’89] : Logarithmic lattices over ( Z / p Z ) × Summary: Make certain ‘short-DLP’ easy by design, get an efficiently decodable lattice, hide it for Crypto. [D. Pierrot ’18] : Logarithmic lattices over ( Z / p Z ) × Summary: Remove crypto from Chor-Rivest. Optimize asymptotically. Get close to Minkowski’s bound. L. Ducas (CWI) Logarithmic Lattices April 2018 6 / 29

  11. 3 encounters with L ogarithmic L attices [Cramer D. Peikert Regev 16] : Dirichlet’s Unit lattice [Cramer D. Wesolowsky 17] : Stickelberger’s Class-relation lattice Summary: These lattices admits a known almost-orthogonal basis ⇒ Can use lattice algorithm to solve ‘short-DLP’ ⇒ Break some crypto [Chor Rivest ’89] : Logarithmic lattices over ( Z / p Z ) × Summary: Make certain ‘short-DLP’ easy by design, get an efficiently decodable lattice, hide it for Crypto. [D. Pierrot ’18] : Logarithmic lattices over ( Z / p Z ) × Summary: Remove crypto from Chor-Rivest. Optimize asymptotically. Get close to Minkowski’s bound. L. Ducas (CWI) Logarithmic Lattices April 2018 6 / 29

  12. Part 1: The L ogarithmic L attice of cyclotomic units Part 2: Short Stickelberger’s C ℓ ass relations Part 3: Chor-Rivest dense S phere- P acking with efficient decoding For a Survey on 1 and 2, see [D. ’17] , http://www.nieuwarchief.nl/serie5/pdf/naw5-2017-18-3-184.pdf L. Ducas (CWI) Logarithmic Lattices April 2018 7 / 29

  13. Part 1: The L ogarithmic L attice of cyclotomic units L. Ducas (CWI) Logarithmic Lattices April 2018 8 / 29

  14. Ideals and Principal Ideals Cyclotomic number field: K (= Q ( ω m )), ring of integer R = O K (= Z [ ω m ]). Definition (Ideals) ◮ An integral ideal is a subset h ⊂ O K closed under addition, and by multiplication by elements of O K , ◮ A (fractional) ideal is a subset f ⊂ K of the form f = 1 x h , where x ∈ Z , ◮ A principal ideal is an ideal f of the form f = g O K for some g ∈ K . In particular, ideals are lattices. We denote F K the set of fractional ideals, and P K the set of principal ideals. L. Ducas (CWI) Logarithmic Lattices April 2018 9 / 29

  15. The Problem Short generator recovery Given h ∈ R , find a small generator g of the ideal ( h ). Note that g ∈ ( h ) is a generator iff g = u · h for some unit u ∈ R × . We need to explore the (multiplicative) unit group R × . Cramer, D. , Peikert, Regev (Leiden, CWI,NYU, UM) Recovering Short Generators Eurocrypt , May 2016 6 / 21

  16. The Problem Short generator recovery Given h ∈ R , find a small generator g of the ideal ( h ). Note that g ∈ ( h ) is a generator iff g = u · h for some unit u ∈ R × . We need to explore the (multiplicative) unit group R × . Translation an to additive problem Take logarithms: Log : g �→ (log | σ 1 ( g ) | , . . . , log | σ n ( g ) | ) ∈ R n where the σ i ’s are the canonical embeddings K → C . Cramer, D. , Peikert, Regev (Leiden, CWI,NYU, UM) Recovering Short Generators Eurocrypt , May 2016 6 / 21

  17. The Unit Group and the log-unit lattice Let R × denotes the multiplicative group of units of R . Let Λ = Log R × . Theorem (Dirichlet unit Theorem) Λ ⊂ R n is a lattice (of a given rank). Cramer, D. , Peikert, Regev (Leiden, CWI,NYU, UM) Recovering Short Generators Eurocrypt , May 2016 7 / 21

  18. The Unit Group and the log-unit lattice Let R × denotes the multiplicative group of units of R . Let Λ = Log R × . Theorem (Dirichlet unit Theorem) Λ ⊂ R n is a lattice (of a given rank). Reduction to a Close Vector Problem Elements g is a generator of ( h ) if and only if Log g ∈ Log h + Λ . Moreover the map Log preserves some geometric information: g is the “smallest” generator iff Log g is the “smallest” in Log h + Λ. Cramer, D. , Peikert, Regev (Leiden, CWI,NYU, UM) Recovering Short Generators Eurocrypt , May 2016 7 / 21

  19. √ → R 2 Example: Embedding Z [ 2] ֒ √ √ ◮ x -axis: σ 1 ( a + b 2) = a + b 2 √ √ ◮ y -axis: σ 2 ( a + b 2) = a − b 2 ◮ component-wise additions and 2 multiplications 1 1 0 1 p 1 + 2 − 1 p 2 Cramer, D. , Peikert, Regev (Leiden, CWI,NYU, UM) Recovering Short Generators Eurocrypt , May 2016 8 / 21

  20. √ → R 2 Example: Embedding Z [ 2] ֒ √ √ ◮ x -axis: σ 1 ( a + b 2) = a + b 2 √ √ ◮ y -axis: σ 2 ( a + b 2) = a − b 2 ◮ component-wise additions and 2 multiplications 1 1 0 1 p 1 + 2 − 1 p 2 � “Orthogonal” elements � Units (algebraic norm 1) � “Isonorms” curves Cramer, D. , Peikert, Regev (Leiden, CWI,NYU, UM) Recovering Short Generators Eurocrypt , May 2016 8 / 21

  21. √ Example: Logarithmic Embedding Log Z [ 2] ( {•} , +) is a sub-monoid of R 2 Log 1 − − → 1 Cramer, D. , Peikert, Regev (Leiden, CWI,NYU, UM) Recovering Short Generators Eurocrypt , May 2016 9 / 21

  22. √ Example: Logarithmic Embedding Log Z [ 2] Λ =( {•} , +) ∩ � is a lattice of R 2 , orthogonal to (1 , 1) Log 1 − − → 1 Cramer, D. , Peikert, Regev (Leiden, CWI,NYU, UM) Recovering Short Generators Eurocrypt , May 2016 9 / 21

  23. √ Example: Logarithmic Embedding Log Z [ 2] {•} ∩ � are shifted finite copies of Λ Log 1 − − → 1 Cramer, D. , Peikert, Regev (Leiden, CWI,NYU, UM) Recovering Short Generators Eurocrypt , May 2016 9 / 21

  24. √ 2] × Reduction modulo Λ = Log Z [ The reduction modΛ for various fundamental domains. Log 1 − − → 1 Cramer, D. , Peikert, Regev (Leiden, CWI,NYU, UM) Recovering Short Generators Eurocrypt , May 2016 10 / 21

Recommend

AN INTRODUCTION TO BACKGROUND SETTINGS: Allows you to change background BACKGROUND SETTINGS: Allows

AN INTRODUCTION TO BACKGROUND SETTINGS: Allows you to change background BACKGROUND SETTINGS: Allows

AN INTRODUCTION TO BACKGROUND SETTINGS: Allows you to change background BACKGROUND SETTINGS: Allows you to change background color BACKGROUND SETTINGS: Allows you to change background templates INTERACTIVE PEN TOOL: Chose thickness and color for

810 views • 29 slides
Excluded Settings, and the Heightened Scrutiny Process November 4, 2015 Overview Background

Excluded Settings, and the Heightened Scrutiny Process November 4, 2015 Overview Background

Home and Community-Based Settings, Excluded Settings, and the Heightened Scrutiny Process November 4, 2015 Overview Background Home and Community-Based Setting Requirements Excluded Settings Settings Presumed to Have the

578 views • 38 slides
Quick guide Step 1: Accessing the account Step 2: Download RSFiles! Step 3: Installing RSFiles!

Quick guide Step 1: Accessing the account Step 2: Download RSFiles! Step 3: Installing RSFiles!

Quick guide Step 1: Accessing the account Step 2: Download RSFiles! Step 3: Installing RSFiles! Step 4: RSFiles! settings 4.1 Add the license code in the General tab 4.2 File settings 4.3 Frontend settings 4.4 Emails settings 4.4.1

520 views • 17 slides
Real Time Market Real Time Market Parameter Settings: Parameter Settings: Analytic Results

Real Time Market Real Time Market Parameter Settings: Parameter Settings: Analytic Results

Real Time Market Real Time Market Parameter Settings: Parameter Settings: Analytic Results Analytic Results Edward Lo Lead Engineering Specialist Market & Product Development MSC/Stakeholder Meeting on Parameter Maintenance July 30,

139 views • 12 slides
'Making the Best of What You Have' 'Making the Best of What You Have' Using a settings based

'Making the Best of What You Have' 'Making the Best of What You Have' Using a settings based

'Making the Best of What You Have' 'Making the Best of What You Have' Using a settings based approach to Using a settings based approach to promoting physical activity. promoting physical activity. Annalouise Muldoon Waterford IT Background

501 views • 31 slides
Whats New with Zoom: Security Updates and Meeting Management New Default Settings for PCC

Whats New with Zoom: Security Updates and Meeting Management New Default Settings for PCC

Whats New with Zoom: Security Updates and Meeting Management New Default Settings for PCC How to Update Your Zoom to the Newest Version New Security Button in Meeting Additional Recommended Settings More Optional: Use

368 views • 17 slides
HOW TO SUSTAIN PBS WITHOUT MAGIC IN PSYCHIATRIC FACILITIES & COMMUNITY SETTINGS Rhiannon

HOW TO SUSTAIN PBS WITHOUT MAGIC IN PSYCHIATRIC FACILITIES & COMMUNITY SETTINGS Rhiannon

HOW TO SUSTAIN PBS WITHOUT MAGIC IN PSYCHIATRIC FACILITIES & COMMUNITY SETTINGS Rhiannon Evans, MS, BCBA, LBA Teresa Rodgers, PhD, BCBA-D, LBA Common barriers across settings Poor staffing Quality work ratios Dangerous Competing

190 views • 17 slides
PROTECTING MONUMENTS AND HISTORICAL SETTINGS FROM THE NEXT EARTHQUAKE R.PAPADHMHTRIOU, L.PELLI

PROTECTING MONUMENTS AND HISTORICAL SETTINGS FROM THE NEXT EARTHQUAKE R.PAPADHMHTRIOU, L.PELLI

PROTECTING MONUMENTS AND HISTORICAL SETTINGS FROM THE NEXT EARTHQUAKE R.PAPADHMHTRIOU, L.PELLI EUROPEAN CENTER OF PREVENTING & FORECASTING OF EARTHQUAKES PROTECTING MONUMENTS AND HISTORICAL SETTINGS FROM THE NEXT EARTHQUAKE Confronting

641 views • 27 slides
Oregons Home and Community- Based Services (HCBS) and Settings Implementation of the

Oregons Home and Community- Based Services (HCBS) and Settings Implementation of the

Oregons Home and Community- Based Services (HCBS) and Settings Implementation of the Requirements for Medicaid HCBS and Settings 2016 Case Management Conference What are Home and Community-Based Services (HCBS)? HCBS provide needed supports

413 views • 37 slides
Step by step guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step

Step by step guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step

Step by step guide Step 1: Purchasing an RSEvents! membership Step 2: Downloading RSEvents! Step 3: Installing RSEvents! Step 4: Configure RSEvents! 4.1 General settings 4.2 Dashboard settings 4.3 Events 4.3.1 Event general settings 4.3.2

1.29k views • 80 slides
Quick guide Step 1: Purchasing a RSFeedback! membership Step 2: Download RSFeedback! Step 3:

Quick guide Step 1: Purchasing a RSFeedback! membership Step 2: Download RSFeedback! Step 3:

Quick guide Step 1: Purchasing a RSFeedback! membership Step 2: Download RSFeedback! Step 3: Installing RSFeedback! Step 4: RSFeedback! Settings 4.1 Add the license code in the General tab 4.2 Feedbacks settings 4.3 Captcha settings

360 views • 12 slides
Childrens Use of Technology in the Home and in in ECCE Settings Marlene McCormack, Head of

Childrens Use of Technology in the Home and in in ECCE Settings Marlene McCormack, Head of

Childrens Use of Technology in the Home and in in ECCE Settings Marlene McCormack, Head of Knowledge Maja Haals Brosnan, Research Officer Does ICT have a place in ECCE settings? Parents Educators Participants Online Survey 248 Parents

577 views • 23 slides
Methods and Uses in Care Settings Roxanne E. Jensen, PhD AcademyHealth Annual Research Meeting

Methods and Uses in Care Settings Roxanne E. Jensen, PhD AcademyHealth Annual Research Meeting

Current PRO Collection Methods and Uses in Care Settings Roxanne E. Jensen, PhD AcademyHealth Annual Research Meeting June 26, 2017 Rapid Adoption in Clinical Care Settings New Methods Item Response Theory Computer Adaptive Testing

430 views • 24 slides
LESSONS FROM VODA/SKY - DO WE HAVE THE RIGHT MERGER CONTROL SETTINGS FOR A SMALL OPEN ECONOMY?

LESSONS FROM VODA/SKY - DO WE HAVE THE RIGHT MERGER CONTROL SETTINGS FOR A SMALL OPEN ECONOMY?

LESSONS FROM VODA/SKY - DO WE HAVE THE RIGHT MERGER CONTROL SETTINGS FOR A SMALL OPEN ECONOMY? 21 November 2017 LESSONS FROM VODA/SKY - DO WE HAVE THE RIGHT MERGER CONTROL SETTINGS FOR A SMALL OPEN ECONOMY? 21 November 2017 Recap: What was

556 views • 19 slides
COVID-19 Case Investigation and Contact Investigation in Residential Congregate Settings in New

COVID-19 Case Investigation and Contact Investigation in Residential Congregate Settings in New

COVID-19 Case Investigation and Contact Investigation in Residential Congregate Settings in New York City New York City Department of Health and Mental Hygiene: Shama Ahuja, PhD, MPH Jeanne Sullivan Meissner, MPH COVID-19 Congregate Settings

999 views • 43 slides
V2G SPRINT 5 Paolo Di Labio Anna Hornberger Linda Zieverink wireframes 1.0 Settings

V2G SPRINT 5 Paolo Di Labio Anna Hornberger Linda Zieverink wireframes 1.0 Settings

V2G SPRINT 5 Paolo Di Labio Anna Hornberger Linda Zieverink wireframes 1.0 Settings BACKGROUND 2 greengrid greengrid logo REGISTRATION heading(h) 1 PROFILE SETTINGS mail heading(h) 1 mail username upload box 1_ uploaded email

1.01k views • 15 slides
Short Stickelberger Class Relations and application to Ideal-SVP Ronald Cramer L eo Ducas

Short Stickelberger Class Relations and application to Ideal-SVP Ronald Cramer L eo Ducas

Short Stickelberger Class Relations and application to Ideal-SVP Ronald Cramer L eo Ducas Benjamin Wesolowski Leiden University, The Netherlands CWI, Amsterdam, The Netherlands EPFL, Lausanne, Switzerland Cramer, D., Wesolowski (Leiden,

618 views • 45 slides
The complexity of factoring univariate polynomials over the rationals Mark van Hoeij Florida

The complexity of factoring univariate polynomials over the rationals Mark van Hoeij Florida

The complexity of factoring univariate polynomials over the rationals Mark van Hoeij Florida State University ISSAC2013 June 26, 2013 Papers [Zassenhaus 1969]. Usually fast, but can be exp-time. [LLL 1982]. Lattice reduction (LLL

766 views • 43 slides
Week 7 Video 5 Factor Analysis Factor Analysis You have a whole lot of variables Can

Week 7 Video 5 Factor Analysis Factor Analysis You have a whole lot of variables Can

Week 7 Video 5 Factor Analysis Factor Analysis You have a whole lot of variables Can you group them into factors? Factor Analysis and Clustering Not the same Clustering finds how data points group together

714 views • 38 slides
Hardware Design and Analysis of Efficient Loop Coarsening and Border Handling for Image

Hardware Design and Analysis of Efficient Loop Coarsening and Border Handling for Image

Hardware Design and Analysis of Efficient Loop Coarsening and Border Handling for Image Processing M. Akif zkan, Oliver Reiche, Frank Hannig, and Jrgen Teich Hardware/Software Co-Design, Friedrich-Alexander University Erlangen-Nrnberg

891 views • 65 slides
Constraining the Galactic Elena Maria Rossi dark matter Halo with Leiden Observatory, The

Constraining the Galactic Elena Maria Rossi dark matter Halo with Leiden Observatory, The

Sun Aspen Winter conference, 8th February 2016 Constraining the Galactic Elena Maria Rossi dark matter Halo with Leiden Observatory, The Netherlands hypervelocity stars Collaborators Reem Sari (HUJI) Shiho Kobayashi (Liverpool) Tommaso

705 views • 21 slides
Counting and Enumeration in Combinatorial Geometry G unter Rote Freie Universit at Berlin

Counting and Enumeration in Combinatorial Geometry G unter Rote Freie Universit at Berlin

Counting and Enumeration in Combinatorial Geometry G unter Rote Freie Universit at Berlin two triangulations General position: No three points on a line G unter Rote, Freie Universit at Berlin Counting and Enumeration in

687 views • 24 slides
GCIG updates PORTEC-3 and PORTEC-4a Lisbon, October 2016 Carien Creutzberg Leiden University

GCIG updates PORTEC-3 and PORTEC-4a Lisbon, October 2016 Carien Creutzberg Leiden University

GCIG updates PORTEC-3 and PORTEC-4a Lisbon, October 2016 Carien Creutzberg Leiden University Medical Centre, The Netherlands The PORTEC-3 trial High risk Endometrial Cancer Pelvic RT (48.6 Gy) R 686 Pelvic RT plus 2x cisplatin ->

378 views • 14 slides
[11] The Singular Value Decomposition The Singular Value Decomposition Gene Golubs license

[11] The Singular Value Decomposition The Singular Value Decomposition Gene Golubs license

The Singular Value Decomposition [11] The Singular Value Decomposition The Singular Value Decomposition Gene Golubs license plate, photographed by Professor P. M. Kroonenberg of Leiden University. Frobenius norm for matrices x 2 1 + x 2

872 views • 43 slides

More recommend