faster gaussian lattice sampling using
play

Faster Gaussian Lattice Sampling using Information Leakage Gaussian - PowerPoint PPT Presentation

Sep 15, 2022 •301 likes •984 views

Faster Gaussian Lattice Sampling using Lazy FPA L. Ducas P.Q. Nguyen Introduction Lattices based Signatures Before Gaussian Sampling Preventing Faster Gaussian Lattice Sampling using Information Leakage Gaussian Sampling Our Work Lazy

  1. Faster Gaussian Lattice Sampling using Lazy FPA L. Ducas P.Q. Nguyen Introduction Lattices based Signatures Before Gaussian Sampling Preventing Faster Gaussian Lattice Sampling using Information Leakage Gaussian Sampling Our Work Lazy Floating-Point Arithmetic A FPA variant of Klein’s Algorithm Floating Point Arithmetic FPA usage in Klein’s Alg. eo Ducas , ´ Ecole Normale Sup´ erieure L´ Impact of errors, and precision requirement Phong Nguyen, INRIA & Tsinghua Univ. An Optimized FPA variant of Klein’s Algorithm General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Asiacrypt 2012 Conclusion 2/33

  2. Faster Gaussian Lattices Lattice Sampling using Lazy FPA L. Ducas P.Q. Nguyen A lattice Λ is a discrete subgroup of R n . Introduction Lattices based Signatures Before Gaussian Sampling Preventing Information Leakage Gaussian Sampling Our Work A FPA variant of Klein’s Algorithm Floating Point Arithmetic FPA usage in Klein’s Alg. Impact of errors, and precision requirement An Optimized FPA variant of Klein’s Algorithm General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 3/33

  3. Faster Gaussian Basis of Lattices Lattice Sampling using Lazy FPA L. Ducas P.Q. Nguyen Lattices have two kinds of basis: Introduction Lattices based Signatures Before Gaussian Sampling Good Basis (short) Bad Basis (large) Preventing Information Leakage Gaussian Sampling Our Work A FPA variant of Klein’s Algorithm Floating Point Arithmetic FPA usage in Klein’s Alg. Impact of errors, and Derive bad basis test membership t ∈ Λ precision requirement Solve geometric problem generate random element in Λ An Optimized FPA variant of Klein’s as Approx-CVP Algorithm General Rejection Sampling Introducing Lazyness in Rej. Sampling Good setting for Public Key Cryptography ! Efficiency Conclusion 4/33

  4. Faster Gaussian Approximate the Closest Vector Problem Lattice Sampling using Lazy FPA The Approx-CVP Problem: L. Ducas Given t ∈ R n , find c ∈ Λ close to t P.Q. Nguyen Introduction Λ Lattices based Signatures Before Gaussian Sampling Preventing Information Leakage Gaussian Sampling Our Work A FPA variant of Klein’s Algorithm Floating Point Arithmetic FPA usage in Klein’s Alg. Impact of errors, and precision requirement An Optimized FPA variant of Klein’s Algorithm General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 5/33

  5. Faster Gaussian Approximate the Closest Vector Problem Lattice Sampling using Lazy FPA Problem: Given t ∈ R n , find c ∈ Λ close to t L. Ducas P.Q. Nguyen Z n Λ Introduction B − 1 Lattices based Signatures Before Gaussian Sampling Preventing − → Information Leakage Gaussian Sampling Our Work A FPA variant of Klein’s Algorithm Floating Point Arithmetic FPA usage in Klein’s Alg. Impact of errors, and precision requirement An Optimized FPA variant of Klein’s Algorithm General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 6/33

  6. Faster Gaussian Approximate the Closest Vector Problem Lattice Sampling using Lazy FPA Solution: s = ⌈ t · B − 1 ⌋ · B (Baba¨ ı’s Round-Off [Bab86]) L. Ducas P.Q. Nguyen Z n Λ Introduction B − 1 Lattices based Signatures Before Gaussian Sampling Preventing − → Information Leakage Gaussian Sampling Our Work A FPA variant of Klein’s Algorithm ← − Floating Point Arithmetic FPA usage in Klein’s B Alg. Impact of errors, and precision requirement An Optimized FPA variant of Klein’s Algorithm General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 7/33

  7. Faster Gaussian Approximate the Closest Vector Problem Lattice Sampling using Lazy FPA Solution: s = ⌈ t · B − 1 ⌋ · B (Baba¨ ı’s Round-Off [Bab86]) L. Ducas P.Q. Nguyen Z n Λ Introduction B − 1 Lattices based Signatures Before Gaussian Sampling Preventing − → Information Leakage Gaussian Sampling Our Work A FPA variant of Klein’s Algorithm ← − Floating Point Arithmetic FPA usage in Klein’s B Alg. Impact of errors, and precision requirement An Optimized FPA variant of Klein’s Algorithm General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 8/33

  8. Faster Gaussian Approximate the Closest Vector Problem Lattice Sampling using Lazy FPA Solution: s = ⌈ t · B − 1 ⌋ · B (Baba¨ ı’s Round-Off [Bab86]) L. Ducas Quality of the solution depends on the basis B . P.Q. Nguyen Z n Λ Introduction B − 1 Lattices based Signatures Before Gaussian Sampling Preventing − → Information Leakage Gaussian Sampling Our Work A FPA variant of Klein’s Algorithm ← − Floating Point Arithmetic FPA usage in Klein’s B Alg. Impact of errors, and precision requirement An Optimized FPA variant of Klein’s Algorithm General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 9/33

  9. Faster Gaussian GGH and NTRUSign Signature Schemes Lattice Sampling using Lazy FPA L. Ducas P.Q. Nguyen Introduction The Goldreich-Goldwasser-Halevi [GGH97] signature scheme: Lattices based Signatures Before Gaussian Sampling Preventing Information Leakage Secret Key: a short basis B of Λ Gaussian Sampling Our Work A FPA variant of Klein’s Algorithm Floating Point Arithmetic FPA usage in Klein’s Alg. Impact of errors, and precision requirement An Optimized FPA NTRUSign [HGP + 03] is an optimized instantiation of variant of Klein’s Algorithm GGH, using compact lattices. General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 10/33

  10. Faster Gaussian GGH and NTRUSign Signature Schemes Lattice Sampling using Lazy FPA L. Ducas P.Q. Nguyen Introduction The Goldreich-Goldwasser-Halevi [GGH97] signature scheme: Lattices based Signatures Before Gaussian Sampling Preventing Information Leakage Secret Key: a short basis B of Λ Gaussian Sampling Our Work Public Key: a large basis of Λ A FPA variant of Klein’s Algorithm Floating Point Arithmetic FPA usage in Klein’s Alg. Impact of errors, and precision requirement An Optimized FPA NTRUSign [HGP + 03] is an optimized instantiation of variant of Klein’s Algorithm GGH, using compact lattices. General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 10/33

  11. Faster Gaussian GGH and NTRUSign Signature Schemes Lattice Sampling using Lazy FPA L. Ducas P.Q. Nguyen Introduction The Goldreich-Goldwasser-Halevi [GGH97] signature scheme: Lattices based Signatures Before Gaussian Sampling Preventing Information Leakage Secret Key: a short basis B of Λ Gaussian Sampling Our Work Public Key: a large basis of Λ A FPA variant of Klein’s Algorithm Signature: t = H ( m ) ∈ R n the hash of a message Floating Point Arithmetic s = ⌈ t · B − 1 ⌋ · B the signature of m FPA usage in Klein’s Alg. Impact of errors, and precision requirement An Optimized FPA NTRUSign [HGP + 03] is an optimized instantiation of variant of Klein’s Algorithm GGH, using compact lattices. General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 10/33

  12. Faster Gaussian GGH and NTRUSign Signature Schemes Lattice Sampling using Lazy FPA L. Ducas P.Q. Nguyen Introduction The Goldreich-Goldwasser-Halevi [GGH97] signature scheme: Lattices based Signatures Before Gaussian Sampling Preventing Information Leakage Secret Key: a short basis B of Λ Gaussian Sampling Our Work Public Key: a large basis of Λ A FPA variant of Klein’s Algorithm Signature: t = H ( m ) ∈ R n the hash of a message Floating Point Arithmetic s = ⌈ t · B − 1 ⌋ · B the signature of m FPA usage in Klein’s Alg. Impact of errors, and precision requirement Verification: Check that s ∈ Λ and s − H ( m ) is small An Optimized FPA NTRUSign [HGP + 03] is an optimized instantiation of variant of Klein’s Algorithm GGH, using compact lattices. General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 10/33

  13. Faster Gaussian Gaussian Sampling: Why ? Lattice Sampling using Lazy FPA L. Ducas P.Q. Nguyen Introduction Lattices based Signatures Before Gaussian Sampling The previous algorithm to find pre-image leaks information Preventing Information Leakage about the good basis B : Gaussian Sampling Our Work Raw version broken in [NR09] A FPA variant of Klein’s Algorithm Floating Point Arithmetic FPA usage in Klein’s Alg. Impact of errors, and precision requirement An Optimized FPA variant of Klein’s Algorithm General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 11/33

  14. Faster Gaussian Gaussian Sampling: Why ? Lattice Sampling using Lazy FPA L. Ducas P.Q. Nguyen Introduction Lattices based Signatures Before Gaussian Sampling The previous algorithm to find pre-image leaks information Preventing Information Leakage about the good basis B : Gaussian Sampling Our Work Raw version broken in [NR09] A FPA variant of Klein’s Algorithm Floating Point Heuristic countermeasures later broken [DN12] Arithmetic FPA usage in Klein’s Alg. Impact of errors, and precision requirement An Optimized FPA variant of Klein’s Algorithm General Rejection Sampling Introducing Lazyness in Rej. Sampling Efficiency Conclusion 11/33

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore

Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore

Lattice Coding & Crypto Meeting Antonio Campello Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore (Huawei Technologies France) Discrete Gaussian Measures f : R n R + D : [0 , 1] is a

917 views • 33 slides
Faster Gaussian Sampling for Trapdoor Lattices (with any modulus) March 2017 Daniele Micciancio

Faster Gaussian Sampling for Trapdoor Lattices (with any modulus) March 2017 Daniele Micciancio

Faster Gaussian Sampling for Trapdoor Lattices (with any modulus) March 2017 Daniele Micciancio (UCSD) Nicholas Genise (UCSD) Modern Cryptography Founded on Mathematics / Complexity Theory Start from mathematical problem P that is

461 views • 32 slides
Lattice Gaussian Sampling with Markov Chain Monte Carlo (MCMC) Cong Ling Imperial College London

Lattice Gaussian Sampling with Markov Chain Monte Carlo (MCMC) Cong Ling Imperial College London

Lattice Gaussian Sampling with Markov Chain Monte Carlo (MCMC) Cong Ling Imperial College London aaa joint work with Zheng Wang (Huawei Technologies Shanghai) aaa September 20, 2016 Cong Ling (ICL) MCMC September 20, 2016 1 / 23 Outline

269 views • 23 slides
Trapdoor Lattices with Arbitrary Modulus Nicholas Genise Daniele Micciancio (UCSD) 1 Overview

Trapdoor Lattices with Arbitrary Modulus Nicholas Genise Daniele Micciancio (UCSD) 1 Overview

Faster Gaussian Sampling for Trapdoor Lattices with Arbitrary Modulus Nicholas Genise Daniele Micciancio (UCSD) 1 Overview of the Talk Part 1: Background Part 2: Our solution for arbitrary modulus G-lattice sampling Part 3: Our

210 views • 20 slides
Efficient sampling for Gaussian linear regression with arbitrary priors P. Richard Hahn (Arizona

Efficient sampling for Gaussian linear regression with arbitrary priors P. Richard Hahn (Arizona

Efficient sampling for Gaussian linear regression with arbitrary priors P. Richard Hahn (Arizona State), Jingyu He (Chicago Booth), Hedibert Lopes (INSPER) November 21, 2018 1 Motivation Goal: run a Gaussian linear regression and a new prior

1.01k views • 52 slides
An Improved Regret Bound for Thompson Sampling in the Gaussian Linear Bandit Setting Cem

An Improved Regret Bound for Thompson Sampling in the Gaussian Linear Bandit Setting Cem

An Improved Regret Bound for Thompson Sampling in the Gaussian Linear Bandit Setting Cem Kalkanl, Ayfer Ozg ur Stanford University ISIT, June 2020 An Improved Regret Bound for Thompson Sampling in the Gaussian Linear Bandit Setting 1

379 views • 13 slides
Faster Enumeration-based Lattice Reduction: Root Hermite Factor k 1 / ( 2 k ) in Time k k / 8 + o (

Faster Enumeration-based Lattice Reduction: Root Hermite Factor k 1 / ( 2 k ) in Time k k / 8 + o (

Faster Enumeration-based Lattice Reduction: Root Hermite Factor k 1 / ( 2 k ) in Time k k / 8 + o ( k ) Martin R. Albrecht 1 , Shi Bai 2 , Pierre-Alain Fouque 3 , Paul Kirchner 3 , Damien Stehl 4 and Weiqiang Wen 3 1 Royal Holloway, University of

985 views • 50 slides
Discrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the

Discrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the

Discrete Ziggurat: A Time-Memory Trade-off for Sampling from a Gaussian Distribution over the Integers Johannes Buchmann, Daniel Cabarcas, Florian G opfert, Andreas H ulsing, Patrick Weiden Technische Universit at Darmstadt Darmstadt,

387 views • 18 slides
Using Discrete Gaussian Sampling Divesh Aggarwal National University of Singapore (NUS) Daniel

Using Discrete Gaussian Sampling Divesh Aggarwal National University of Singapore (NUS) Daniel

Solving SVP and CVP in 2 Time Using Discrete Gaussian Sampling Divesh Aggarwal National University of Singapore (NUS) Daniel Dadush Centrum Wiskunde en Informatica (CWI) Oded Regev Noah Stephens-Davidowitz New York University (NYU)

1.41k views • 86 slides
Scalable Hierarchical Sampling of Gaussian Random Fields for Large-Scale Multilevel Monte Carlo

Scalable Hierarchical Sampling of Gaussian Random Fields for Large-Scale Multilevel Monte Carlo

Scalable Hierarchical Sampling of Gaussian Random Fields for Large-Scale Multilevel Monte Carlo Simulations Quantification of Uncertainty: Improving Efficiency and Technology Sarah Osborn 1 Panayot Vassilevski 1 LLNL-PRES-734783 Umberto Villa 2

673 views • 36 slides
Gaussian Filter The Gaussian filter 1 2 1 A Gaussian kernel gives less 1 2 4 2 weight to

Gaussian Filter The Gaussian filter 1 2 1 A Gaussian kernel gives less 1 2 4 2 weight to

Gaussian Filter The Gaussian filter 1 2 1 A Gaussian kernel gives less 1 2 4 2 weight to pixels further from 16 the center of the window 1 2 1 This kernel is an approximation of a Gaussian function Gaussian filtering versus mean

405 views • 11 slides
De-noising on the Body Centered Cubic (BCC) Sampling Lattice Tai Meng CMPT775 2006/Spring

De-noising on the Body Centered Cubic (BCC) Sampling Lattice Tai Meng CMPT775 2006/Spring

De-noising on the Body Centered Cubic (BCC) Sampling Lattice Tai Meng CMPT775 2006/Spring 4/13/2006 1 Motivation Why is BCC superior to Cartesian (CC) in medical imaging? 3D: saves 30% samples 3D time-varying: saves 50%

490 views • 30 slides
An Efficient and Parallel Gaussian Sampler for Lattices Chris Peikert Georgia Tech CRYPTO 2010

An Efficient and Parallel Gaussian Sampler for Lattices Chris Peikert Georgia Tech CRYPTO 2010

An Efficient and Parallel Gaussian Sampler for Lattices Chris Peikert Georgia Tech CRYPTO 2010 1 / 10 Lattice-Based Crypto L R n b 2 b 1 2 / 10 Lattice-Based Crypto L R n p 1 p 2 2 / 10 Lattice-Based Crypto L R n b 2 p 1 b 1 =

975 views • 60 slides
What is the strengths and weakness of these sampling methods? Sampling Strengths /

What is the strengths and weakness of these sampling methods? Sampling Strengths /

Session 6. Sampling and Sample size Sampling: What are the different sampling methods used? In PIA: Convenience sampling Purposive sampling Random sampling What is the strengths and weakness of these sampling methods? Sampling

219 views • 5 slides
Non-Gaussian likelihoods for Gaussian Processes Alan Saul Outline Motivation Non-Gaussian

Non-Gaussian likelihoods for Gaussian Processes Alan Saul Outline Motivation Non-Gaussian

Non-Gaussian likelihoods for Gaussian Processes Alan Saul Outline Motivation Non-Gaussian posteriors Approximate methods Laplace approximation Variational bayes Expectation propagation Comparisons GP regression - recap so far Model the

1.4k views • 113 slides
Sampling Distributions Sampling Distribution of the Mean & Hypothesis Testing Sampling

Sampling Distributions Sampling Distribution of the Mean & Hypothesis Testing Sampling

Sampling Distributions Sampling Distribution of the Mean & Hypothesis Testing Sampling Remember sampling? Part 1 of definition Selecting a subset of the population to create a sample Generally random samplingusing

975 views • 55 slides
Security Proofs for the MD6 Hash Algorithm Ahmed Ezzat Outline Introduction to hash

Security Proofs for the MD6 Hash Algorithm Ahmed Ezzat Outline Introduction to hash

Security Proofs for the MD6 Hash Algorithm Ahmed Ezzat Outline Introduction to hash algorithms NIST SHA-3 Competition MD6 Algorithm and Mode of Operation Research Objective Approach Introduction to hash algorithms Hash

454 views • 14 slides
DRS Diagonal dominant Reduction for lattice-based Signature Thomas PLANTARD, Arnaud SIPASSEUTH,

DRS Diagonal dominant Reduction for lattice-based Signature Thomas PLANTARD, Arnaud SIPASSEUTH,

DRS Diagonal dominant Reduction for lattice-based Signature Thomas PLANTARD, Arnaud SIPASSEUTH, Cedric DUMONDELLE, Willy SUSILO Institute of Cybersecurity and Cryptology University of Wollongong http://www.uow.edu.au/ thomaspl

458 views • 22 slides
Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks

Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks

Enhancing the Conditional Access Module Security in Light of Smart Card Sharing Attacks Konstantinos Markantonakis, Michael Tunstall, Keith Mayes Dr Konstantinos Markantonakis (BSc, MSc, MBA, PhD) K.Markantonakis@rhul.ac.uk

509 views • 15 slides
Defeating TLS client authentication using fault attacks Who are we ? R&D dept. @

Defeating TLS client authentication using fault attacks Who are we ? R&D dept. @

Defeating TLS client authentication using fault attacks Who are we ? R&D dept. @ Security Evaluation Kudelski Security Lab @ Kudelski IoT Embedded systems Hardware attacks security research Glitch / EM Reverse

889 views • 51 slides
10thWEST AFRICAN INTERNET GOVERNANCE FORUM (WAIGF 2018) BURKINA FASO TOPIC : Digital Economy and

10thWEST AFRICAN INTERNET GOVERNANCE FORUM (WAIGF 2018) BURKINA FASO TOPIC : Digital Economy and

10thWEST AFRICAN INTERNET GOVERNANCE FORUM (WAIGF 2018) BURKINA FASO TOPIC : Digital Economy and Blockchain Technology Dr. Steven Bassey (Ph.D., DTh, CPMA, CEH, CHFI, USLPI/CSM, EC Council Certified) Chair Subcommittee on Data Protection

866 views • 14 slides
Solving All Lattice Problems in Deterministic Single Exponential Time Daniele Micciancio (UCSD)

Solving All Lattice Problems in Deterministic Single Exponential Time Daniele Micciancio (UCSD)

Solving All Lattice Problems in Deterministic Single Exponential Time Daniele Micciancio (UCSD) (Joint work with P. Voulgaris, STOC 2010) Barriers II Workshop, Princeton August 27, 2010 CVP in deterministic 2 O ( n ) time Daniele Micciancio

1.33k views • 118 slides
A tale of quantum computers Alexandru Gheorghiu gheorghiuandru@gmail.com The University of

A tale of quantum computers Alexandru Gheorghiu gheorghiuandru@gmail.com The University of

A tale of quantum computers Alexandru Gheorghiu gheorghiuandru@gmail.com The University of Edinburgh I V N E U R S E I H T Y T O H F G R E U D B I N A long time ago in a galaxy not so far away... Quantum Mechanics

1.64k views • 131 slides
Submittal of Plans Project Development Memo 01 10 Future of KYTC Plan Submittals

Submittal of Plans Project Development Memo 01 10 Future of KYTC Plan Submittals

Submittal of Plans Project Development Memo 01 10 Future of KYTC Plan Submittals Process for Plan Submittal Importance of the Index Files Request for InRoads Data Final contract plans plotted on mylar and signed by the

439 views • 18 slides

More recommend