lattice based cryptography reduced to a special closest
play

Lattice-based cryptography: reduced to a special closest vector - PowerPoint PPT Presentation

Jan 26, 2024 •352 likes •1.07k views

1 2 Lattice-based cryptography: reduced to a special closest vector Episode V: problem which is much easier the ring strikes back than the general problem. As an application, we solved four out Daniel J. Bernstein of the five numerical

  1. 1 2 Lattice-based cryptography: reduced to a special closest vector Episode V: problem which is much easier the ring strikes back than the general problem. As an application, we solved four out Daniel J. Bernstein of the five numerical challenges University of Illinois at Chicago proposed on the Internet by the authors of the cryptosystem. Crypto 1999 Nguyen: “At Crypto At least two of those four ’97, Goldreich, Goldwasser and challenges were conjectured to Halevi proposed a public-key be intractable. We discuss ways cryptosystem based on the closest to prevent the flaw, but conclude vector problem in a lattice, which that, even modified, the scheme is known to be NP-hard. We cannot provide sufficient security show that : : : the problem of without being impractical.” decrypting ciphertexts can be

  2. 1 2 Lattice-based cryptography: reduced to a special closest vector Fix would de V: problem which is much easier dimension ring strikes back than the general problem. As an “Public k application, we solved four out J. Bernstein Crypto 1998 of the five numerical challenges University of Illinois at Chicago “Provably proposed on the Internet by the system b authors of the cryptosystem. 1999 Nguyen: “At Crypto At least two of those four Goldreich, Goldwasser and challenges were conjectured to proposed a public-key be intractable. We discuss ways cryptosystem based on the closest to prevent the flaw, but conclude problem in a lattice, which that, even modified, the scheme wn to be NP-hard. We cannot provide sufficient security that : : : the problem of without being impractical.” decrypting ciphertexts can be

  3. 1 2 cryptography: reduced to a special closest vector Fix would “probably problem which is much easier dimension ≥ 400” back than the general problem. As an “Public key ≈ 1.8 application, we solved four out Bernstein Crypto 1998 Nguy of the five numerical challenges Illinois at Chicago “Provably secure” proposed on the Internet by the system breakable with authors of the cryptosystem. Nguyen: “At Crypto At least two of those four Goldwasser and challenges were conjectured to a public-key be intractable. We discuss ways sed on the closest to prevent the flaw, but conclude in a lattice, which that, even modified, the scheme NP-hard. We cannot provide sufficient security the problem of without being impractical.” ciphertexts can be

  4. 1 2 cryptography: reduced to a special closest vector Fix would “probably need problem which is much easier dimension ≥ 400” for securit than the general problem. As an “Public key ≈ 1.8 Mbytes”. application, we solved four out Crypto 1998 Nguyen–Stern: of the five numerical challenges Chicago “Provably secure” Ajtai–Dwo proposed on the Internet by the system breakable with 20MB authors of the cryptosystem. Crypto At least two of those four and challenges were conjectured to ey be intractable. We discuss ways closest to prevent the flaw, but conclude lattice, which that, even modified, the scheme We cannot provide sufficient security of without being impractical.” be

  5. 2 3 reduced to a special closest vector Fix would “probably need problem which is much easier dimension ≥ 400” for security: than the general problem. As an “Public key ≈ 1.8 Mbytes”. application, we solved four out Crypto 1998 Nguyen–Stern: of the five numerical challenges “Provably secure” Ajtai–Dwork proposed on the Internet by the system breakable with 20MB keys. authors of the cryptosystem. At least two of those four challenges were conjectured to be intractable. We discuss ways to prevent the flaw, but conclude that, even modified, the scheme cannot provide sufficient security without being impractical.”

  6. 2 3 reduced to a special closest vector Fix would “probably need problem which is much easier dimension ≥ 400” for security: than the general problem. As an “Public key ≈ 1.8 Mbytes”. application, we solved four out Crypto 1998 Nguyen–Stern: of the five numerical challenges “Provably secure” Ajtai–Dwork proposed on the Internet by the system breakable with 20MB keys. authors of the cryptosystem. Compare to 1978 McEliece At least two of those four code-based cryptosystem: challenges were conjectured to much more stable security story be intractable. We discuss ways through dozens of attack papers. to prevent the flaw, but conclude Typical parameters: 1MB key for that, even modified, the scheme > 2 128 post-quantum security. cannot provide sufficient security without being impractical.”

  7. 2 3 reduced to a special closest vector Fix would “probably need 2017.05: roblem which is much easier dimension ≥ 400” for security: following the general problem. As an “Public key ≈ 1.8 Mbytes”. “Lattice-based application, we solved four out “Lattice-based Crypto 1998 Nguyen–Stern: five numerical challenges currently “Provably secure” Ajtai–Dwork osed on the Internet by the for post-quantum system breakable with 20MB keys. rs of the cryptosystem. Compare to 1978 McEliece least two of those four code-based cryptosystem: challenges were conjectured to much more stable security story intractable. We discuss ways through dozens of attack papers. revent the flaw, but conclude Typical parameters: 1MB key for even modified, the scheme > 2 128 post-quantum security. cannot provide sufficient security without being impractical.”

  8. 2 3 ecial closest vector Fix would “probably need 2017.05: Lattice student is much easier dimension ≥ 400” for security: following text to Wikip general problem. As an “Public key ≈ 1.8 Mbytes”. “Lattice-based cryptography”: solved four out “Lattice-based constructions Crypto 1998 Nguyen–Stern: numerical challenges currently the prima “Provably secure” Ajtai–Dwork Internet by the for post-quantum cryptogra system breakable with 20MB keys. cryptosystem. Compare to 1978 McEliece those four code-based cryptosystem: conjectured to much more stable security story e discuss ways through dozens of attack papers. flaw, but conclude Typical parameters: 1MB key for dified, the scheme > 2 128 post-quantum security. sufficient security impractical.”

  9. 2 3 closest vector Fix would “probably need 2017.05: Lattice student adds easier dimension ≥ 400” for security: following text to Wikipedia page As an “Public key ≈ 1.8 Mbytes”. “Lattice-based cryptography”: four out “Lattice-based constructions Crypto 1998 Nguyen–Stern: challenges currently the primary candidates “Provably secure” Ajtai–Dwork y the for post-quantum cryptography system breakable with 20MB keys. cryptosystem. Compare to 1978 McEliece code-based cryptosystem: conjectured to much more stable security story ways through dozens of attack papers. conclude Typical parameters: 1MB key for scheme > 2 128 post-quantum security. security ractical.”

  10. 3 4 Fix would “probably need 2017.05: Lattice student adds the dimension ≥ 400” for security: following text to Wikipedia page “Public key ≈ 1.8 Mbytes”. “Lattice-based cryptography”: “Lattice-based constructions are Crypto 1998 Nguyen–Stern: currently the primary candidates “Provably secure” Ajtai–Dwork for post-quantum cryptography.” system breakable with 20MB keys. Compare to 1978 McEliece code-based cryptosystem: much more stable security story through dozens of attack papers. Typical parameters: 1MB key for > 2 128 post-quantum security.

  11. 3 4 Fix would “probably need 2017.05: Lattice student adds the dimension ≥ 400” for security: following text to Wikipedia page “Public key ≈ 1.8 Mbytes”. “Lattice-based cryptography”: “Lattice-based constructions are Crypto 1998 Nguyen–Stern: currently the primary candidates “Provably secure” Ajtai–Dwork for post-quantum cryptography.” system breakable with 20MB keys. — [citation needed] Compare to 1978 McEliece code-based cryptosystem: much more stable security story through dozens of attack papers. Typical parameters: 1MB key for > 2 128 post-quantum security.

  12. 3 4 Fix would “probably need 2017.05: Lattice student adds the dimension ≥ 400” for security: following text to Wikipedia page “Public key ≈ 1.8 Mbytes”. “Lattice-based cryptography”: “Lattice-based constructions are Crypto 1998 Nguyen–Stern: currently the primary candidates “Provably secure” Ajtai–Dwork for post-quantum cryptography.” system breakable with 20MB keys. — [citation needed] Compare to 1978 McEliece code-based cryptosystem: 2016.07: Google rolls out much more stable security story large-scale experiment with through dozens of attack papers. post-quantum crypto between Typical parameters: 1MB key for Chrome and some Google sites. > 2 128 post-quantum security. Uses lattice-based crypto.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Lattice-based cryptography (I) Thijs Laarhoven ts

Lattice-based cryptography (I) Thijs Laarhoven ts

Lattice-based cryptography (I) Thijs Laarhoven ts ttts PQCrypto Summer School 2017 (June 20, 2017) Part 1: Lattices, cryptography, and lattice basis

872 views • 53 slides
MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 20 TODAY: Lattice-based

MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 20 TODAY: Lattice-based

MIT 6.875 & Berkeley CS276 Foundations of Cryptography Lecture 20 TODAY: Lattice-based Cryptography Why Lattice-based Crypto? o Exponentially Hard (so far) o Quantum-Resistant (so far) o Worst-case hardness (unique feature of

699 views • 38 slides
Some Recent Progress in Lattice-Based Cryptography Chris Peikert SRI TCC 2009 1 / 17

Some Recent Progress in Lattice-Based Cryptography Chris Peikert SRI TCC 2009 1 / 17

Some Recent Progress in Lattice-Based Cryptography Chris Peikert SRI TCC 2009 1 / 17 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N q e ( g a , g b ) (Images courtesy xkcd.org) 2 / 17 Lattice-Based

923 views • 74 slides
Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink

Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink

Lattice-based cryptography II Constructions and implementation issues Leon Groot Bruinderink July 1st, 2019 July 1st, 2019 1 / 27 Lattice-based cryptography II In this talk: Introduction to (ring-)LWE Lattice-based key-exchange and

1.44k views • 80 slides
Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia

Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia

Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia Institute of Technology crypt@b-it 2013 1 / 18 Lattice-Based One-Way Functions Public key Z n m A for q =

871 views • 84 slides
Lattice-based Signcryption without Random Oracles

Lattice-based Signcryption without Random Oracles

Lattice-based Signcryption without Random Oracles Junji Shikata Graduate School of Environment and Information Sciences, Yokohama National University, Japan Overview Lattice-based Cryptography

277 views • 26 slides
Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography

Efficient Implementation of Lattice-based Cryptography for Embedded Devices Tobias Oder Ruhr-University Bochum Workshop on Cryptography for the 09.11.2017 Internet of Things and Cloud 2017 Lattice-based Cryptography Set of vectors in n

601 views • 27 slides
Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1

Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1

Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1 Foundations: lattice problems, SIS/LWE and their applications 2 Ring-Based Crypto: NTRU, Ring-SIS/LWE and ideal lattices 3 Practical Implementations:

1.03k views • 101 slides
Lattices: . . . to Cryptography Chris Peikert Georgia Institute of Technology Visions of

Lattices: . . . to Cryptography Chris Peikert Georgia Institute of Technology Visions of

Lattices: . . . to Cryptography Chris Peikert Georgia Institute of Technology Visions of Cryptography 10 December 2013 1 / 12 Agenda 1 The two one main lattice-based OWF 2 Two simple tricks that yield all of lattice cryptography 3 Lots of

909 views • 51 slides
Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum

Lattice Cryptography for the Internet Chris Peikert Georgia Institute of Technology Post-Quantum Cryptography 2 October 2014 1 / 12 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N q e ( g a , g b ) (Images

873 views • 70 slides
Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS,

Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS,

Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS, CNRS, PSL Research University, INRIA (Internship at CryptoExperts, Paris) ECRYPT-NET School on Correct and Secure Implementation Crete, Greece 8

850 views • 67 slides
Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the

Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the

Parameterized Hardware Accelerators for Lattice-Based Cryptography and Their Application to the HW/SW Co-Design of qTESLA Wen Wang , Shanquan Tian, Bernhard Jungk, Nina Bindel, Patrick Longa, and Jakub Szefer CHES 2020 September 14, 2020

711 views • 69 slides
Cryptography from worst-case complexity assumptions Daniele Micciancio UC San Diego LLL+25

Cryptography from worst-case complexity assumptions Daniele Micciancio UC San Diego LLL+25

Cryptography from worst-case complexity assumptions Daniele Micciancio UC San Diego LLL+25 June 2007 (Caen, France) Outline Introduction Lattices and algorithms Complexity and Cryptography Lattice based cryptography Lattice

497 views • 47 slides
and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the

and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the

Standardizing Lattice Cryptography and Beyond Vadim Lyubashevsky IBM Research Zurich Why Lattice Cryptography One of the oldest and most (the most?) efficient quantum-resilient alternatives for basic primitives Public key

844 views • 62 slides
RNS Arithmetic Approach in Lattice-based Cryptography Accelerating the Rounding-off Core

RNS Arithmetic Approach in Lattice-based Cryptography Accelerating the Rounding-off Core

22nd IEEE Symposium on Computer Arithmetic RNS Arithmetic Approach in Lattice-based Cryptography Accelerating the Rounding-off Core Procedure Jean-Claude Bajard , Julien Eynard Nabil Merkiche , Thomas Plantard Sorbonne

383 views • 25 slides
Lattice-based cryptography, day 1: simplicity D. J. Bernstein University of Illinois at Chicago;

Lattice-based cryptography, day 1: simplicity D. J. Bernstein University of Illinois at Chicago;

1 Lattice-based cryptography, day 1: simplicity D. J. Bernstein University of Illinois at Chicago; Ruhr University Bochum 2 2000 Cohen cryptosystem Public key: vector of integers K = ( K 1 ; : : : ; K N ) { X; : : : ; X } N .

1.84k views • 164 slides
Almost All Complex Quantifiers are Simple Jakub Szymanik MoL 2009 Outline Introduction

Almost All Complex Quantifiers are Simple Jakub Szymanik MoL 2009 Outline Introduction

Almost All Complex Quantifiers are Simple Jakub Szymanik MoL 2009 Outline Introduction Mathematical Preliminaries Complexity of Polyadic Quantifiers Some Complex GQs are Intractable Branching Quantifiers Strong Reciprocity But Most of Them

495 views • 48 slides
A-NICE-MC Jiaming Song 1. Motivation 2. Notations and Problem Setup 3. Adversarial Training for

A-NICE-MC Jiaming Song 1. Motivation 2. Notations and Problem Setup 3. Adversarial Training for

Adversarial Training for MCMC Shengjia Zhao Stefano Ermon March 7, 2018 Stanford University A-NICE-MC Jiaming Song 1. Motivation 2. Notations and Problem Setup 3. Adversarial Training for Markov Chains 4. Adversarial Training for MCMC 5.

851 views • 58 slides
Halt return result; } true 5 6 1 The Halting Problem Undecidability Alan Turing, 1936

Halt return result; } true 5 6 1 The Halting Problem Undecidability Alan Turing, 1936

Polynomial-time Algorithms Most of the algorithms we have seen so far have been polynomial-time algorithms Introduction to NP Completeness Input size n => worst-case running time of n k , Chapter 9 where k is a constant CPTR 318 Can

212 views • 5 slides
Op#miza#on Challenges for Deep Learning Yoshua Bengio U.

Op#miza#on Challenges for Deep Learning Yoshua Bengio U.

Op#miza#on Challenges for Deep Learning Yoshua Bengio U. Montreal December 12th, 2014 OPT2014: NIPS Workshop on OpBmizaBon for Machine Learning

565 views • 45 slides
Comparing Problems Remember the concepts of Problem, Algorithm, and Program. Weve gotten

Comparing Problems Remember the concepts of Problem, Algorithm, and Program. Weve gotten

Comparing Problems Remember the concepts of Problem, Algorithm, and Program. Weve gotten pretty good at comparing algorithms. How do we compare problems? Sorted Array Search Sorting Integer Factorization Integer Multiplication Selection

449 views • 14 slides
Approximate inference on planar graphs using Loop Calculus and Belief Propagation Vicen Gmez 1

Approximate inference on planar graphs using Loop Calculus and Belief Propagation Vicen Gmez 1

Approximate inference on planar graphs using Loop Calculus and Belief Propagation Vicen Gmez 1 Hilbert J.Kappen 1 M. Chertkov 2 1 Department of Biophysics Radboud University, Nijmegen, The Netherlands 2 Theoretical Division and Center of

711 views • 28 slides
rt r tts

rt r tts

rt r tts Ptr t

925 views • 91 slides
Sequential Monte Carlo: Selected Methodological Applications Adam M. Johansen

Sequential Monte Carlo: Selected Methodological Applications Adam M. Johansen

Introduction Estimation Rare Events Filtering Summary References Sequential Monte Carlo: Selected Methodological Applications Adam M. Johansen a.m.johansen@warwick.ac.uk Warwick University Centre for Scientific Computing 1 Introduction

639 views • 52 slides

More recommend