increased efficiency and functionality through lattice
play

Increased efficiency and functionality through lattice-based - PowerPoint PPT Presentation

Dec 30, 2023 •171 likes •850 views

Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS, CNRS, PSL Research University, INRIA (Internship at CryptoExperts, Paris) ECRYPT-NET School on Correct and Secure Implementation Crete, Greece 8

  1. Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS, CNRS, PSL Research University, INRIA (Internship at CryptoExperts, Paris) ECRYPT-NET School on Correct and Secure Implementation – Crete, Greece 8 – 12 October 2017

  2. Why lattice-based cryptography?

  3. Why lattice-based cryptography? Conjectured hardness against quantum attacks

  4. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc.

  5. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc. Strong security guarantees from worst-case hardness

  6. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc. Strong security guarantees from worst-case hardness Versatility

  7. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc. Strong security guarantees from worst-case hardness Versatility We can build FHE

  8. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc. Strong security guarantees from worst-case hardness Versatility We can build FHE!

  9. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc. Strong security guarantees from worst-case hardness Versatility We can build FHE! But we can build FHE also from other assumptions...

  10. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers .

  11. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD

  12. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m

  13. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption:

  14. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption: Hom. + : c 1 + c 2 = s ( r 11 + r 21 ) + q ( r 12 + r 22 ) + ( m 1 + m 2 )

  15. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption: Hom. + : c 1 + c 2 = s ( r 11 + r 21 ) + q ( r 12 + r 22 ) + ( m 1 + m 2 ) Hom. × : c 1 · c 2 = s ( · · · ) + q ( · · · ) + ( m 1 · m 2 )

  16. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption: Hom. + : c 1 + c 2 = s ( r 11 + r 21 ) + q ( r 12 + r 22 ) + ( m 1 + m 2 ) Hom. × : c 1 · c 2 = s ( · · · ) + q ( · · · ) + ( m 1 · m 2 ) Warning: huge numbers ahead

  17. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption: Hom. + : c 1 + c 2 = s ( r 11 + r 21 ) + q ( r 12 + r 22 ) + ( m 1 + m 2 ) Hom. × : c 1 · c 2 = s ( · · · ) + q ( · · · ) + ( m 1 · m 2 ) Parameter selection for FHE: | c | ≈ 2 · 10 7 bits | s | ≈ 2700 bits , | r 2 | ≈ 70 bits ,

  18. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption: Hom. + : c 1 + c 2 = s ( r 11 + r 21 ) + q ( r 12 + r 22 ) + ( m 1 + m 2 ) Hom. × : c 1 · c 2 = s ( · · · ) + q ( · · · ) + ( m 1 · m 2 ) Parameter selection for FHE: | c | ≈ 2 · 10 7 bits | s | ≈ 2700 bits , | r 2 | ≈ 70 bits , But we don’t really need this

  19. The use case Final goal Enabling cooperation between law enforcement agencies

  20. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data.

  21. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009)

  22. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009)

  23. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009) April 28 November 25 June 18

  24. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009) April 28 November 25 June 18

  25. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009) April 28 November 25 June 18

  26. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009) 150 000 people intercepted! April 28 November 25 June 18

  27. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009) 150 000 people intercepted! April 28 November 25 June 18 The intersection gives the criminals but... privacy?

  28. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain.

  29. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration

  30. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data

  31. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice

  32. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice Should use state-of-the-art but...

  33. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice Should use state-of-the-art but... AES-256 and RSA-1024

  34. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice Should use state-of-the-art but... AES-256 and RSA-1024 H : SHA-1

  35. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice Should use state-of-the-art but... AES-256 and RSA-1024 H : SHA-1

  36. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice Should use state-of-the-art but... AES-256 and RSA-1024 H : SHA-1 Plus, there are other issues: fairness , privacy , . . .

  37. Improving the current situation Let’s say. . . France (FR) wants to query a DB with criminal records held by Germany (DE). Both countries recognize the authority of a Judge (JU).

  38. Improving the current situation Let’s say. . . France (FR) wants to query a DB with criminal records held by Germany (DE). Both countries recognize the authority of a Judge (JU). Our goals: DE does not learn FR’s query Even if authorized by JU, FR does not learn more than the records that match JU does not learn the result of the query

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How can an increased technical energy efficiency lead to increased energy consumption? Answers

How can an increased technical energy efficiency lead to increased energy consumption? Answers

How can an increased technical energy efficiency lead to increased energy consumption? Answers from an in-depth metering of the electricity demand in 400 Swedish households Peter Bennich Carlos Lopes Egil fverholm (corresponding author)

238 views • 23 slides
A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky INRIA / ENS, Paris Lattice-Based Crypto & Applications 1 Bar-Ilan University, Israel 2012 Lattice-Based Encryption Schemes 1. NTRU [Hoffstein,

849 views • 47 slides
Applications of AMS There is a rich field of applications for AMS due to the increased efficiency

Applications of AMS There is a rich field of applications for AMS due to the increased efficiency

Applications of AMS There is a rich field of applications for AMS due to the increased efficiency and accuracy of radiocarbon dating. It ranges from geology, hydrology, oceanology, climatology, and a wide range of environmental applications

338 views • 29 slides
1 Typical Review Team Software Review Guidelines Developer -- presents the material

1 Typical Review Team Software Review Guidelines Developer -- presents the material

Software Qualities Maintainer Good Documentation Quality Assurance Readable Code Good Design Reliability Low Cost Correctness Portability Efficiency Increased Functionality productivity Ease of use Ease of learning Customer User

368 views • 7 slides
8/8/2007 Model Checking Motivation More and more complex systems Increased dependability

8/8/2007 Model Checking Motivation More and more complex systems Increased dependability

8/8/2007 Model Checking Motivation More and more complex systems Increased dependability : everything important Demonstration Of depends on computers SPIN SPIN Increased functionality : security, mobility Testing is becoming

202 views • 3 slides
Economy- wide CGE modelling of the multiple benefits of increased energy efficiency Prof.

Economy- wide CGE modelling of the multiple benefits of increased energy efficiency Prof.

Economy- wide CGE modelling of the multiple benefits of increased energy efficiency Prof. Karen Turner, Centre for Energy Policy, Univ. Strathclyde IPPI Presentation at BEIS, 16 th March 2017 ESRC grant ref: EP/M00760X/1 1 EPSRC EUED

426 views • 16 slides
THE BENEFITS OF RADIAL REAR TRACTOR TIRES RADIAL TIRES PROVIDE: INCREASED PRODUCTIVITY GREATER

THE BENEFITS OF RADIAL REAR TRACTOR TIRES RADIAL TIRES PROVIDE: INCREASED PRODUCTIVITY GREATER

THE BENEFITS OF RADIAL REAR TRACTOR TIRES RADIAL TIRES PROVIDE: INCREASED PRODUCTIVITY GREATER EFFICIENCY INCREASED COMFORT BETTER TRACTION INCREASED PRODUCTIVITY Reduced Working Hours INCREASED PRODUCTIVITY Lower Fuel Consumption

572 views • 12 slides
C C C C IP LINI Improved survival chances for critically ill patients Increased efficiency

C C C C IP LINI Improved survival chances for critically ill patients Increased efficiency

C C C C IP LINI Improved survival chances for critically ill patients Increased efficiency and safety in clinical practice C Closed Loop Insulin Infusion for Critically ll Patients Mission Approach improve survival chances close

336 views • 4 slides
Farm Mechanization for Increased Efficiency Richard Wiswall Cate Farm, Vermont March 2014

Farm Mechanization for Increased Efficiency Richard Wiswall Cate Farm, Vermont March 2014

Farm Mechanization for Increased Efficiency Richard Wiswall Cate Farm, Vermont March 2014 www.catefarm.com www.richardwiswall.com Acknowledgements This presentation was developed for UVM Extension New Farmer Project With funding from the

643 views • 47 slides
Trademark and Unfair Competition Law Slides 9: Functionality LAWS 7341-001 Prof. Kristelia

Trademark and Unfair Competition Law Slides 9: Functionality LAWS 7341-001 Prof. Kristelia

Trademark and Unfair Competition Law Slides 9: Functionality LAWS 7341-001 Prof. Kristelia Garca Class Outline Functionality Utilitarian (aka mechanical) functionality Aesthetic functionality Morton-Norwich

749 views • 18 slides
Lattice gas simulations Tony Kim Spring 2007 18.354 Project 1) Introducing the lattice gas;

Lattice gas simulations Tony Kim Spring 2007 18.354 Project 1) Introducing the lattice gas;

Lattice gas simulations Tony Kim Spring 2007 18.354 Project 1) Introducing the lattice gas; ntroducing the lattice gas; 2) Analytic description of the lattice gas; 3) Program objectives; 4) How to implement it (efficiently); 5)

321 views • 28 slides
Lattice QCD Outline 1. Lattice QCD (why and what) 2. Precision flavour physics 3. (g-2) on

Lattice QCD Outline 1. Lattice QCD (why and what) 2. Precision flavour physics 3. (g-2) on

Birmingham High Energy Physics Group - Particle Physics Seminar, University of Birmingham, 08.06.2016 Andreas Jttner Lattice QCD Outline 1. Lattice QCD (why and what) 2. Precision flavour physics 3. (g-2) on the lattice 4. Pushing

713 views • 52 slides
Lattice Points in Polytopes Richard P. Stanley U. Miami & M.I.T. A lattice polygon Georg

Lattice Points in Polytopes Richard P. Stanley U. Miami & M.I.T. A lattice polygon Georg

Lattice Points in Polytopes Richard P. Stanley U. Miami & M.I.T. A lattice polygon Georg Alexander Pick (18591942) P : lattice polygon in R 2 (vertices Z 2 , no self-intersections) Boundary and interior lattice points Picks

1.4k views • 120 slides
Lattice Methods in Field Theory Contents 1. Motivation 2. BasicsEuclidean quantisation 3.

Lattice Methods in Field Theory Contents 1. Motivation 2. BasicsEuclidean quantisation 3.

Lattice Methods in Field Theory Contents 1. Motivation 2. BasicsEuclidean quantisation 3. Lattice gauge fields Jonathan Flynn 4. Lattice fermions University of Southampton 5. Lattice QCD 6. Numerical simulations BUSSTEPP 2002

550 views • 22 slides
When is the lattice of closure operators on a subgroup lattice again a subgroup lattice? Martha

When is the lattice of closure operators on a subgroup lattice again a subgroup lattice? Martha

When is the lattice of closure operators on a subgroup lattice again a subgroup lattice? Martha Kilpack 1 and Arturo Magidin 2 1 Brigham Young University 2 University of Louisiana at Lafayette Groups St Andrews 2017 Martha Kilpack and Arturo

1.43k views • 77 slides
Review on Lattice Muon g-2 HVP Calculation Kohtaroh Miura (GSI Helmholtz-Instute Mainz) Lattice

Review on Lattice Muon g-2 HVP Calculation Kohtaroh Miura (GSI Helmholtz-Instute Mainz) Lattice

Introduction Challenges and Progresses Discussion Summary and Conclusions Review on Lattice Muon g-2 HVP Calculation Kohtaroh Miura (GSI Helmholtz-Instute Mainz) Lattice 2018, 36th International Symposium on Lattice Field Theory, Michigan

885 views • 49 slides
Nonparametric testing by convex optimization Anatoli Juditsky joint research with Alexander

Nonparametric testing by convex optimization Anatoli Juditsky joint research with Alexander

Nonparametric testing by convex optimization Anatoli Juditsky joint research with Alexander Goldenshluger and Arkadi Nemirovski University J. Fourier, University of Haifa, ISyE, Georgia Tech, Atlanta Gargantua, November 26,

497 views • 45 slides
Exactly solvable models of tilings and LittlewoodRichardson coefficients P. Zinn-Justin

Exactly solvable models of tilings and LittlewoodRichardson coefficients P. Zinn-Justin

Introduction Lozenge tilings and Schur functions Square-triangle-rhombus tilings and LR coefficients Inhomogeneities and equivariance Conclusion and prospects Exactly solvable models of tilings and LittlewoodRichardson coefficients P.

864 views • 63 slides
Distributed Systems Rik Sarkar James Cheney Distributed Mutual Exclusion February 10, 2014

Distributed Systems Rik Sarkar James Cheney Distributed Mutual Exclusion February 10, 2014

Distributed Systems Rik Sarkar James Cheney Distributed Mutual Exclusion February 10, 2014 Overview It is generally important that the processes within a distributed system have some sort of agreement Agreement may be as simple as

399 views • 39 slides
Problem Formulation Specialized algorithms are required for clock (and power nets) due to

Problem Formulation Specialized algorithms are required for clock (and power nets) due to

11/2/2018 C L O C K NET WO RK SYNT HESIS PRO F. INDRANIL SENG UPT A DEPART DEPART MENT MENT O F C O MPUT O F C O MPUT ER SC IENC E AND ENG INEERING ER SC IENC E AND ENG INEERING Problem Formulation Specialized algorithms are

412 views • 40 slides
Security II: Cryptography Markus Kuhn Computer Laboratory, University of Cambridge

Security II: Cryptography Markus Kuhn Computer Laboratory, University of Cambridge

Security II: Cryptography Markus Kuhn Computer Laboratory, University of Cambridge http://www.cl.cam.ac.uk/teaching/1415/SecurityII/ Lent 2015 Part II 1 Related textbooks Main reference: Jonathan Katz, Yehuda Lindell: Introduction to

1.68k views • 137 slides
Efficient recognition of totally nonnegative cells Seminar of Representation Theory and Related

Efficient recognition of totally nonnegative cells Seminar of Representation Theory and Related

Efficient recognition of totally nonnegative cells Seminar of Representation Theory and Related Areas: Third Workshop Porto, 9 November 2013 St ephane Launois (University of Kent) http://www.kent.ac.uk/ims/personal/sl261/index.htm

886 views • 49 slides
T A T A I N S T I T U T E O F F U N D A M E N T A L R E S E A R C H

T A T A I N S T I T U T E O F F U N D A M E N T A L R E S E A R C H

T A T A I N S T I T U T E O F F U N D A M E N T A L R E S E A R C H Testing

399 views • 25 slides
Generalized Trade Reductions: The Role of Competition in Designing Budget-Balanced Mechanisms

Generalized Trade Reductions: The Role of Competition in Designing Budget-Balanced Mechanisms

Generalized Trade Reductions: The Role of Competition in Designing Budget-Balanced Mechanisms Mira Gonen Rica Gonen School of Electrical Engineering, Yahoo! Research, Tel Aviv University, Yahoo! Ramat Aviv 69978. Sunnyvale, California

796 views • 34 slides

More recommend