exploring the parameter space sntrup761 evaluations from
play

Exploring the parameter space sntrup761 evaluations from in lattice - PowerPoint PPT Presentation

Aug 09, 2023 •1.3k likes •2k views

1 2 Exploring the parameter space sntrup761 evaluations from in lattice attacks NTRU Prime: round 2 Table 2: Daniel J. Bernstein Ignoring cost of memory: 368 185 enum, ignoring hybrid Tanja Lange 230 169 enum, including hybrid 153

  1. 1 2 Exploring the parameter space sntrup761 evaluations from in lattice attacks “NTRU Prime: round 2” Table 2: Daniel J. Bernstein Ignoring cost of memory: 368 185 enum, ignoring hybrid Tanja Lange 230 169 enum, including hybrid 153 139 sieving, ignoring hybrid Based on attack survey from 153 139 sieving, including hybrid 2019 Bernstein–Chuengsatiansup– Lange–van Vredendaal. Accounting for cost of memory: 368 185 enum, ignoring hybrid 277 169 enum, including hybrid Some hard lattice meta-problems: 208 208 sieving, ignoring hybrid • Analyze cost of known attacks. 208 180 sieving, including hybrid • Optimize attack parameters. • Compare different attacks. Security levels: • Evaluate crypto parameters. . . . pre-quantum • Evaluate crypto designs. . . . post-quantum

  2. 1 2 ring the parameter space sntrup761 evaluations from Analysis lattice attacks “NTRU Prime: round 2” Table 2: has complications and at inte J. Bernstein Ignoring cost of memory: This talk 368 185 enum, ignoring hybrid Lange 230 169 enum, including hybrid 153 139 sieving, ignoring hybrid on attack survey from to 153 139 sieving, including hybrid Bernstein–Chuengsatiansup– Lange–van Vredendaal. Accounting for cost of memory: “App 368 185 enum, ignoring hybrid 277 169 enum, including hybrid hard lattice meta-problems: 208 208 sieving, ignoring hybrid Analyze cost of known attacks. 208 180 sieving, including hybrid Optimize attack parameters. Compare different attacks. Security levels: Mo Evaluate crypto parameters. . . . pre-quantum Evaluate crypto designs. . . . post-quantum

  3. � � � � � 1 2 rameter space sntrup761 evaluations from Analysis of typical attacks “NTRU Prime: round 2” Table 2: has complications and at interfaces b Bernstein Ignoring cost of memory: This talk emphasizes 368 185 enum, ignoring hybrid 230 169 enum, including hybrid Analysis of 153 139 sieving, ignoring hybrid survey from to attack cryptosystems 153 139 sieving, including hybrid Bernstein–Chuengsatiansup– redendaal. Accounting for cost of memory: “Approximate-SVP” analysis 368 185 enum, ignoring hybrid 277 169 enum, including hybrid lattice meta-problems: 208 208 sieving, ignoring hybrid of known attacks. “SVP” 208 180 sieving, including hybrid analysis attack parameters. erent attacks. Security levels: Model of computation crypto parameters. . . . pre-quantum crypto designs. . . . post-quantum

  4. � � � � � 1 2 space sntrup761 evaluations from Analysis of typical lattice attack “NTRU Prime: round 2” Table 2: has complications at four lay and at interfaces between lay Ignoring cost of memory: This talk emphasizes top lay 368 185 enum, ignoring hybrid 230 169 enum, including hybrid Analysis of lattices 153 139 sieving, ignoring hybrid from to attack cryptosystems 153 139 sieving, including hybrid Bernstein–Chuengsatiansup– Accounting for cost of memory: “Approximate-SVP” analysis 368 185 enum, ignoring hybrid 277 169 enum, including hybrid roblems: 208 208 sieving, ignoring hybrid attacks. “SVP” 208 180 sieving, including hybrid analysis rameters. attacks. Security levels: Model of computation rameters. . . . pre-quantum . . . post-quantum

  5. � � � � � 2 3 sntrup761 evaluations from Analysis of typical lattice attack “NTRU Prime: round 2” Table 2: has complications at four layers, and at interfaces between layers. Ignoring cost of memory: This talk emphasizes top layer. 368 185 enum, ignoring hybrid 230 169 enum, including hybrid Analysis of lattices 153 139 sieving, ignoring hybrid to attack cryptosystems 153 139 sieving, including hybrid Accounting for cost of memory: “Approximate-SVP” analysis 368 185 enum, ignoring hybrid 277 169 enum, including hybrid 208 208 sieving, ignoring hybrid “SVP” 208 180 sieving, including hybrid analysis Security levels: Model of computation . . . pre-quantum . . . post-quantum

  6. � � � � � 2 3 sntrup761 evaluations from Analysis of typical lattice attack Three typical “NTRU Prime: round 2” Table 2: has complications at four layers, Define R and at interfaces between layers. ring cost of memory: “small” = This talk emphasizes top layer. 185 enum, ignoring hybrid w = 286; 169 enum, including hybrid Analysis of lattices Attacker 139 sieving, ignoring hybrid to attack cryptosystems small weight- 139 sieving, including hybrid Problem Accounting for cost of memory: “Approximate-SVP” aG + e = analysis 185 enum, ignoring hybrid 169 enum, including hybrid Problem 208 sieving, ignoring hybrid “SVP” aG + e = 180 sieving, including hybrid analysis Problem Security levels: Public aG Model of computation re-quantum Small secrets . . post-quantum

  7. � � � � � 2 3 evaluations from Analysis of typical lattice attack Three typical attack round 2” Table 2: has complications at four layers, Define R = Z [ x ] = ( and at interfaces between layers. memory: “small” = all coeffs This talk emphasizes top layer. ignoring hybrid w = 286; q = 4591. including hybrid Analysis of lattices Attacker wants to sieving, ignoring hybrid to attack cryptosystems small weight- w secret sieving, including hybrid Problem 1: Public cost of memory: “Approximate-SVP” aG + e = 0. Small analysis ignoring hybrid including hybrid Problem 2: Public sieving, ignoring hybrid “SVP” aG + e = A . Small sieving, including hybrid analysis Problem 3: Public Public aG 1 + e 1 ; aG Model of computation re-quantum Small secrets e 1 ; e 2 ost-quantum

  8. � � � � � 2 3 from Analysis of typical lattice attack Three typical attack problems able 2: has complications at four layers, Define R = Z [ x ] = ( x 761 − x − and at interfaces between layers. “small” = all coeffs in {− 1 ; This talk emphasizes top layer. hybrid w = 286; q = 4591. hybrid Analysis of lattices Attacker wants to find hybrid to attack cryptosystems small weight- w secret a ∈ R including hybrid Problem 1: Public G ∈ R =q mory: “Approximate-SVP” aG + e = 0. Small secret e ∈ analysis hybrid hybrid Problem 2: Public G ∈ R =q hybrid “SVP” aG + e = A . Small secret e including hybrid analysis Problem 3: Public G 1 ; G 2 ∈ Public aG 1 + e 1 ; aG 2 + e 2 . Model of computation Small secrets e 1 ; e 2 ∈ R .

  9. � � � � � 3 4 Analysis of typical lattice attack Three typical attack problems has complications at four layers, Define R = Z [ x ] = ( x 761 − x − 1); and at interfaces between layers. “small” = all coeffs in {− 1 ; 0 ; 1 } ; This talk emphasizes top layer. w = 286; q = 4591. Analysis of lattices Attacker wants to find to attack cryptosystems small weight- w secret a ∈ R . Problem 1: Public G ∈ R =q with “Approximate-SVP” aG + e = 0. Small secret e ∈ R . analysis Problem 2: Public G ∈ R =q and “SVP” aG + e = A . Small secret e ∈ R . analysis Problem 3: Public G 1 ; G 2 ∈ R =q . Public aG 1 + e 1 ; aG 2 + e 2 . Model of computation Small secrets e 1 ; e 2 ∈ R .

  10. � � � � � 3 4 Analysis of typical lattice attack Three typical attack problems Examples complications at four layers, Define R = Z [ x ] = ( x 761 − x − 1); Secret key: interfaces between layers. “small” = all coeffs in {− 1 ; 0 ; 1 } ; Public key talk emphasizes top layer. w = 286; q = 4591. and appro Analysis of lattices Attacker wants to find Public key to attack cryptosystems small weight- w secret a ∈ R . Hoffstein–Pipher–Silverman): Problem 1: Public G ∈ R =q with G = − e=a “Approximate-SVP” aG + e = 0. Small secret e ∈ R . analysis Problem 2: Public G ∈ R =q and “SVP” aG + e = A . Small secret e ∈ R . analysis Problem 3: Public G 1 ; G 2 ∈ R =q . Public aG 1 + e 1 ; aG 2 + e 2 . Model of computation Small secrets e 1 ; e 2 ∈ R .

  11. � � � 3 4 ypical lattice attack Three typical attack problems Examples of target complications at four layers, Define R = Z [ x ] = ( x 761 − x − 1); Secret key: small a s between layers. “small” = all coeffs in {− 1 ; 0 ; 1 } ; Public key reveals emphasizes top layer. w = 286; q = 4591. and approximation of lattices Attacker wants to find Public key for “NTRU” cryptosystems small weight- w secret a ∈ R . Hoffstein–Pipher–Silverman): Problem 1: Public G ∈ R =q with G = − e=a , and A ximate-SVP” aG + e = 0. Small secret e ∈ R . analysis Problem 2: Public G ∈ R =q and “SVP” aG + e = A . Small secret e ∈ R . analysis Problem 3: Public G 1 ; G 2 ∈ R =q . Public aG 1 + e 1 ; aG 2 + e 2 . computation Small secrets e 1 ; e 2 ∈ R .

  12. 3 4 attack Three typical attack problems Examples of target cryptosystems layers, Define R = Z [ x ] = ( x 761 − x − 1); Secret key: small a ; small e . layers. “small” = all coeffs in {− 1 ; 0 ; 1 } ; Public key reveals multiplier layer. w = 286; q = 4591. and approximation A = aG + lattices Attacker wants to find Public key for “NTRU” (1996 cryptosystems small weight- w secret a ∈ R . Hoffstein–Pipher–Silverman): Problem 1: Public G ∈ R =q with G = − e=a , and A = 0. ximate-SVP” aG + e = 0. Small secret e ∈ R . Problem 2: Public G ∈ R =q and aG + e = A . Small secret e ∈ R . Problem 3: Public G 1 ; G 2 ∈ R =q . Public aG 1 + e 1 ; aG 2 + e 2 . computation Small secrets e 1 ; e 2 ∈ R .

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Further exploring the parameter space of an IFS Alden Walker (UChicago) Joint with Danny Calegari

Further exploring the parameter space of an IFS Alden Walker (UChicago) Joint with Danny Calegari

Further exploring the parameter space of an IFS Alden Walker (UChicago) Joint with Danny Calegari and Sarah Koch November 3, 2014 Recall: Sarah Koch spoke about this project on September 26. I will give essentially the same introduction, but

742 views • 55 slides
Exploring the parameter space in lattice attacks Daniel J. Bernstein Tanja Lange Based on

Exploring the parameter space in lattice attacks Daniel J. Bernstein Tanja Lange Based on

1 Exploring the parameter space in lattice attacks Daniel J. Bernstein Tanja Lange Based on attack survey from 2019 BernsteinChuengsatiansup Langevan Vredendaal. Some hard lattice meta-problems: Analyze cost of known attacks.

489 views • 36 slides
From Space flight to Foresight: Exploring the social movement spillover between Space and

From Space flight to Foresight: Exploring the social movement spillover between Space and

From Space flight to Foresight: Exploring the social movement spillover between Space and nanotechnology Josie G. Garong, Oxnard College Major: Civil Engineering Faculty Advisor: Prof. W. Patrick McCray Mentor: Mary Ingram-Waters, PhD

315 views • 17 slides
Exhaus've Parameter Space Searches in Cryo-Electron Microscopy

Exhaus've Parameter Space Searches in Cryo-Electron Microscopy

Exhaus've Parameter Space Searches in Cryo-Electron Microscopy using GPU Oleg Kuybeda, PhD Open and Closed state of HIV spike 24

62 views • 5 slides
DNN#Assisted*Parameter*Space* Exploration*and*Visualization*for* Large*Scale*Simulations HA

DNN#Assisted*Parameter*Space* Exploration*and*Visualization*for* Large*Scale*Simulations HA

DNN#Assisted*Parameter*Space* Exploration*and*Visualization*for* Large*Scale*Simulations HA HAN#WE WEI*SH SHEN DE DEPARTM TMENT*OF NT*OF*C *COM OMPUTE TER*S *SCIENC NCE*A *AND*E ND*ENG NGINE NEERING NG TH THE*OH OHIO* O*STATE

947 views • 60 slides
Sunrise or Sunset: Exploring the Design Space of Big Data

Sunrise or Sunset: Exploring the Design Space of Big Data

Sunrise or Sunset: Exploring the Design Space of Big Data So7ware Stacks Panel PresentaAon at HPBDC 17 by Dhabaleswar K. (DK) Panda The Ohio

485 views • 37 slides
1 Usages for From-Region visibility Conservative Visibility Sets Amortization: Exact

1 Usages for From-Region visibility Conservative Visibility Sets Amortization: Exact

From-Region Visibility and Overview Ray Space Factorization Short introduction to the problem Daniel Cohen-Or Dual Space & Parameter/Ray Space Tel-Aviv University Ray space factorization (SIGGRAPH03) From Point Visibility

546 views • 13 slides
A fast parameter space search for continuous gravitational waves from known binary systems

A fast parameter space search for continuous gravitational waves from known binary systems

Introduction The data analysis challenge Current Solutions A New Solution Conclusions and future work A fast parameter space search for continuous gravitational waves from known binary systems C Messenger University of Glasgow

461 views • 21 slides
Exploring the Design Space of Deep Convolu(onal Neural

Exploring the Design Space of Deep Convolu(onal Neural

Disserta(on Talk: Exploring the Design Space of Deep Convolu(onal Neural Networks at Large Scale Forrest Iandola forresti@eecs.berkeley.edu 1 Machine Learning in

518 views • 41 slides
Sunrise or Sunset: Exploring the Design Space of Big Data

Sunrise or Sunset: Exploring the Design Space of Big Data

Sunrise or Sunset: Exploring the Design Space of Big Data So7ware Stack HPBDC 2017 panel Panel moderator: Dr. Jianfeng Zhan INSTITUTE O Professor, ICT,

336 views • 17 slides
Using direct stop searches at ATLAS to constrain the parameter space of supersymmetric models

Using direct stop searches at ATLAS to constrain the parameter space of supersymmetric models

Using direct stop searches at ATLAS to constrain the parameter space of supersymmetric models Walter Hopkins University of Oregon September 2 2015 SLAC HEP Seminar JHEP 09 (2014) 015 arXiv:1506.08616 (submitted to EPJC) arXiv:1508.06608

1.18k views • 55 slides
Exploring The (Metric) Space of Collider Events MIT CTP QCD/LHC/BSM/DM Journal Club Eric M.

Exploring The (Metric) Space of Collider Events MIT CTP QCD/LHC/BSM/DM Journal Club Eric M.

Exploring The (Metric) Space of Collider Events MIT CTP QCD/LHC/BSM/DM Journal Club Eric M. Metodiev Center for Theoretical Physics Massachusetts Institute of T echnology Joint work with Patrick Komiske and Jesse Thaler [1902.02346] March 8,

931 views • 54 slides
Transient Lumped Parameter Analysis of Heat Pipe for a Space Nuclear Reactor Nam-il Tak, * Sung Nam

Transient Lumped Parameter Analysis of Heat Pipe for a Space Nuclear Reactor Nam-il Tak, * Sung Nam

Transactions of the Korean Nuclear Society Virtual Spring Meeting July 9-10, 2020 Transient Lumped Parameter Analysis of Heat Pipe for a Space Nuclear Reactor Nam-il Tak, * Sung Nam Lee Korea Atomic Energy Research Institute, 111, Daedeok-daero

69 views • 3 slides
Exploring the Design Space of Combining Linux with Lightweight Kernels for Extreme Scale

Exploring the Design Space of Combining Linux with Lightweight Kernels for Extreme Scale

Exploring the Design Space of Combining Linux with Lightweight Kernels for Extreme Scale Computing Balazs Gerofi , Takagi Masamichi , Yutaka Ishikawa , Rolf Riesen , Evan Powers , Robert W. Wisniewski RIKEN Advanced

396 views • 22 slides
Exploring the first generation of galaxies with Blue Waters and the James Web Space Telescope

Exploring the first generation of galaxies with Blue Waters and the James Web Space Telescope

Exploring the first generation of galaxies with Blue Waters and the James Web Space Telescope With : ! Michael Norman (UCSD/SDSC) ! Pengfei Chen (UCSD) ! Brian OShea Britton Smith (U. Edinburgh) ! Michigan State University ! John Wise (Georgia

586 views • 27 slides
Fingers in the parameter space of the complex standard family David Mart-Pete Department of

Fingers in the parameter space of the complex standard family David Mart-Pete Department of

Fingers in the parameter space of the complex standard family David Mart-Pete Department of Mathematics Kyoto University joint work with Mitsuhiro Shishikura Topics in Complex Dynamics 2017 Universitat de Barcelona October 5, 2017

581 views • 35 slides
How is the Quality of PatientGenerated Health Data Managed in Diabetes Remote Monitoring?

How is the Quality of PatientGenerated Health Data Managed in Diabetes Remote Monitoring?

How is the Quality of PatientGenerated Health Data Managed in Diabetes Remote Monitoring? Robab Abdolkhani Kathleen Gray Ann Borda Ruth DeSouza Health and Biomedical Informatics Centre (HaBIC), The University of Melbourne 05 February

259 views • 24 slides
Design Patterns & Refactoring Chain of Responsibility Oliver Haase HTWG Konstanz Oliver

Design Patterns & Refactoring Chain of Responsibility Oliver Haase HTWG Konstanz Oliver

Design Patterns & Refactoring Chain of Responsibility Oliver Haase HTWG Konstanz Oliver Haase (HTWG Konstanz) Design Patterns & Refactoring 1 / 9 Description Classification : Object-based behavioral pattern Purpose : Build a chain of

257 views • 9 slides
Progress in the framework of the RESPITE project at DaimlerChrysler Research & Technology

Progress in the framework of the RESPITE project at DaimlerChrysler Research & Technology

Research & Technology Progress in the framework of the RESPITE project at DaimlerChrysler Research & Technology DrIng. Fritz Class and Joan Mar Martigny, Jan. 2002 Research & Technology Contents DaimlerChrysler offline

687 views • 15 slides
P.A.R.E PROGRAMA DE APOIO E RECUPERAO DO EMPREGADO HISTRICO EAP (Alcoa) Foco em

P.A.R.E PROGRAMA DE APOIO E RECUPERAO DO EMPREGADO HISTRICO EAP (Alcoa) Foco em

P.A.R.E PROGRAMA DE APOIO E RECUPERAO DO EMPREGADO HISTRICO EAP (Alcoa) Foco em Dependncia Qumica (Alumar) Visita na Johnson 1989 Criao de Grupo Multidisciplinar de Coordenao Estgio na Clnica Vila

372 views • 21 slides
Seminario di Teoria delle Categorie Universit degli Studi di Milano 9.30 - 10:15 - Semidirect

Seminario di Teoria delle Categorie Universit degli Studi di Milano 9.30 - 10:15 - Semidirect

Luned 24 Giugno 2013 Seminario di Teoria delle Categorie Universit degli Studi di Milano 9.30 - 10:15 - Semidirect products of topological semi-abelian algebras Andrea Montoli - Universidade de Coimbra M.M.Clementino and F.Borceux [1] proved

256 views • 7 slides
Red-Black Trees ! Motivation: a binary search tree that is guaranteed to be balanced (operations

Red-Black Trees ! Motivation: a binary search tree that is guaranteed to be balanced (operations

Red-Black Trees ! Motivation: a binary search tree that is guaranteed to be balanced (operations take time in the ( ) O lg n worst-case). Red-Black Trees ! A red-black tree is a binary search tree where each node has a color

259 views • 4 slides
Partial Recursive Functions and Finality Gordon Plotkin Laboratory for the Foundations of

Partial Recursive Functions and Finality Gordon Plotkin Laboratory for the Foundations of

Introduction Natural numbers objects in monoidal categories Weak representability of partial recursive functions Strong representability of partial recursive functions Partial Recursive Functions and Finality Gordon Plotkin Laboratory for the

800 views • 58 slides
Querying Probabilistic Information Extraction Daisy Zhe Wang, Michael J. Franklin, Minos

Querying Probabilistic Information Extraction Daisy Zhe Wang, Michael J. Franklin, Minos

Querying Probabilistic Information Extraction Daisy Zhe Wang, Michael J. Franklin, Minos Garofalakis, Joseph M. Hellerstein VLDB, Singapore, 16 th September, 2010 Outline Information Extraction Systems Information Extraction (IE)

324 views • 29 slides

More recommend