session 9 trapdoors and applications chris peikert
play

Session #9: Trapdoors and Applications Chris Peikert Georgia - PowerPoint PPT Presentation

Mar 26, 2024 •320 likes •1.27k views

Session #9: Trapdoors and Applications Chris Peikert Georgia Institute of Technology Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19 Feb 2012 22 Feb 2012 Lattice-Based Crypto & Applications,

  1. Session #9: Trapdoors and Applications Chris Peikert Georgia Institute of Technology Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19 Feb 2012 – 22 Feb 2012 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 1/19

  2. Agenda 1 Lattices and short ‘trapdoor’ bases 2 Lattice-based ‘preimage sampleable’ functions 3 Applications: signatures, ID-based encryption (in RO model) Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 2/19

  3. Digital Signatures (Images courtesy xkcd.org) Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 3/19

  4. Digital Signatures (public) (secret) (Images courtesy xkcd.org) Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 3/19

  5. Digital Signatures (public) “I love you” ✔ (secret) (Images courtesy xkcd.org) Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 3/19

  6. Digital Signatures (public) “It’s over” ✗ (secret) (Images courtesy xkcd.org) Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 3/19

  7. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  8. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 ◮ Trapdoor permutation [DH’76,RSA’77,. . . ] (PSF) f x y D D Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  9. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 ◮ Trapdoor permutation [DH’76,RSA’77,. . . ] (PSF) x y D D Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  10. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 ◮ Trapdoor permutation [DH’76,RSA’77,. . . ] (PSF) x y f − 1 D D Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  11. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 ◮ Trapdoor permutation [DH’76,RSA’77,. . . ] (PSF) x y f − 1 D D ◮ ‘Hash and sign:’ pk = f , sk = f − 1 . Sign(msg) = f − 1 ( H ( msg )) . Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  12. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 ◮ Trapdoor permutation [DH’76,RSA’77,. . . ] (PSF) x y f − 1 D D ◮ ‘Hash and sign:’ pk = f , sk = f − 1 . Sign(msg) = f − 1 ( H ( msg )) . ◮ Candidate TDPs: [RSA’78,Rabin’79,Paillier’99] (‘general assumption’) All rely on hardness of factoring: ✗ Complex: 2048 -bit exponentiation ✗ Broken by quantum algorithms [Shor’97] Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  13. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 ◮ New twist [GPV’08] : preimage sampleable trapdoor function (PSF) f x y D R Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  14. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 ◮ New twist [GPV’08] : preimage sampleable trapdoor function (PSF) f x y D R Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  15. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 ◮ New twist [GPV’08] : preimage sampleable trapdoor function (PSF) f − 1 x y D R Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  16. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 ◮ New twist [GPV’08] : preimage sampleable trapdoor function (PSF) f − 1 x y D R ◮ ‘Hash and sign:’ pk = f , sk = f − 1 . Sign(msg) = f − 1 ( H ( msg )) . Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  17. Central Tool: Trapdoor Functions ◮ Public function f generated with secret ‘trapdoor’ f − 1 ◮ New twist [GPV’08] : preimage sampleable trapdoor function (PSF) f − 1 x y D R ◮ ‘Hash and sign:’ pk = f , sk = f − 1 . Sign(msg) = f − 1 ( H ( msg )) . ◮ Still secure! Can generate ( x, y ) in two equivalent ways: REALITY PROOF f − 1 f y y x x R D Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 4/19

  18. Part 1: Constructing Preimage Sampleable Trapdoor Functions (PSFs) Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 5/19

  19. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S s 2 b 1 s 1 b 2 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  20. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S ◮ Sign H ( msg ) ∈ R n with “nearest-plane” algorithm [Babai’86] s 2 s 1 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  21. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S ◮ Sign H ( msg ) ∈ R n with “nearest-plane” algorithm [Babai’86] s 2 s 1 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  22. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S ◮ Sign H ( msg ) ∈ R n with “nearest-plane” algorithm [Babai’86] s 2 s 1 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  23. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S ◮ Sign H ( msg ) ∈ R n with “nearest-plane” algorithm [Babai’86] s 2 s 1 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  24. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S ◮ Sign H ( msg ) ∈ R n with “nearest-plane” algorithm [Babai’86] s 2 s 1 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  25. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S ◮ Sign H ( msg ) ∈ R n with “nearest-plane” algorithm [Babai’86] s 2 s 1 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  26. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S ◮ Sign H ( msg ) ∈ R n with “nearest-plane” algorithm [Babai’86] s 2 s 1 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  27. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S ◮ Sign H ( msg ) ∈ R n with “nearest-plane” algorithm [Babai’86] b 1 b 2 Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  28. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S ◮ Sign H ( msg ) ∈ R n with “nearest-plane” algorithm [Babai’86] s 2 b 1 s 1 b 2 Technical Issues 1 Generating ‘hard’ lattice together with short basis (later) Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  29. Heuristic TDF & Signature Scheme [GGH’96] ◮ Key idea: pk = ‘bad’ basis B for L , sk = ‘short’ trapdoor basis S ◮ Sign H ( msg ) ∈ R n with “nearest-plane” algorithm [Babai’86] s 2 s 1 Technical Issues 1 Generating ‘hard’ lattice together with short basis (later) 2 Signing algorithm leaks secret basis! ⋆ Total break after several signatures [NguyenRegev’06] Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 6/19

  30. Blurring a Lattice Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 7/19

  31. Blurring a Lattice Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 7/19

  32. Blurring a Lattice Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 7/19

  33. Blurring a Lattice ‘Uniform’ in R n when std dev ≥ max length of some basis Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 7/19

  34. Blurring a Lattice Gaussian mod L is uniform when std dev ≥ max length of some basis Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 7/19

  35. Blurring a Lattice Gaussian mod L is uniform when std dev ≥ max length of some basis ◮ First used in worst/average-case reductions [Regev’03,MR’04,. . . ] Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 7/19

  36. Blurring a Lattice Gaussian mod L is uniform when std dev ≥ max length of some basis ◮ First used in worst/average-case reductions [Regev’03,MR’04,. . . ] ◮ Now an essential ingredient in many crypto schemes [GPV’08,. . . ] Lattice-Based Crypto & Applications, Bar-Ilan University, Israel 2012 7/19

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Session #10: (More) Trapdoors and Applications Chris Peikert Georgia Institute of Technology

Session #10: (More) Trapdoors and Applications Chris Peikert Georgia Institute of Technology

Session #10: (More) Trapdoors and Applications Chris Peikert Georgia Institute of Technology Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19 Feb 2012 22 Feb 2012 Lattice-Based Crypto &

1.2k views • 76 slides
Lattice-Based Cryptography: Trapdoors, Discrete Gaussians, and Applications Chris Peikert

Lattice-Based Cryptography: Trapdoors, Discrete Gaussians, and Applications Chris Peikert

Lattice-Based Cryptography: Trapdoors, Discrete Gaussians, and Applications Chris Peikert Georgia Institute of Technology crypt@b-it 2013 1 / 21 Agenda 1 Strong trapdoors for lattices 2 Discrete Gaussians, sampling, and preimage

2.02k views • 113 slides
Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia

Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia

Lattice-Based Cryptography: Constructing Trapdoors and More Applications Chris Peikert Georgia Institute of Technology crypt@b-it 2013 1 / 18 Lattice-Based One-Way Functions Public key Z n m A for q =

871 views • 84 slides
Trapdoors for Lattices: Signatures, ID-Based Encryption, and Beyond Chris Peikert Georgia

Trapdoors for Lattices: Signatures, ID-Based Encryption, and Beyond Chris Peikert Georgia

Trapdoors for Lattices: Signatures, ID-Based Encryption, and Beyond Chris Peikert Georgia Institute of Technology Lattice Crypto Day ENS, 29 May 2010 1 / 23 Talk Agenda 1 Lattice-based trapdoor functions and oblivious sampling 2

1.28k views • 103 slides
Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller Daniele Micciancio 1 Chris Peikert 2 1

Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller Daniele Micciancio 1 Chris Peikert 2 1

Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller Daniele Micciancio 1 Chris Peikert 2 1 UC San Diego 2 Georgia Tech IBM Research 8 September 2011 1 / 17 Lattice-Based Cryptography p d o m x g = y N = = p m e mod N

1.2k views • 82 slides
How to Use a Short Basis: Trapdoors for Hard Lattices and New Cryptographic Constructions Chris

How to Use a Short Basis: Trapdoors for Hard Lattices and New Cryptographic Constructions Chris

How to Use a Short Basis: Trapdoors for Hard Lattices and New Cryptographic Constructions Chris Peikert SRI Work with Craig Gentry and Vinod Vaikuntanathan 1 / 14 Digital Signatures 2 / 14 Digital Signatures (public) (secret) 2 / 14

1.48k views • 78 slides
Session #5: Learning With Errors Chris Peikert Georgia Institute of Technology Winter School on

Session #5: Learning With Errors Chris Peikert Georgia Institute of Technology Winter School on

Session #5: Learning With Errors Chris Peikert Georgia Institute of Technology Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19 Feb 2012 22 Feb 2012 Lattice-Based Crypto & Applications,

853 views • 82 slides
Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute

Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute

Session #6: Another Application of LWE: Pseudorandom Functions Chris Peikert Georgia Institute of Technology Winter School on Lattice-Based Cryptography and Applications Bar-Ilan University, Israel 19 Feb 2012 22 Feb 2012 Lattice-Based

853 views • 52 slides
Fundamentals of Lattice-Based Cryptography Chris Peikert University of Michigan 2nd Crypto

Fundamentals of Lattice-Based Cryptography Chris Peikert University of Michigan 2nd Crypto

Fundamentals of Lattice-Based Cryptography Chris Peikert University of Michigan 2nd Crypto Innovation School Shanghai, China 13 December 2019 1 / 23 Talk Outline 1 Lattices and hard problems 2 The SIS and LWE problems; basic applications 3

970 views • 94 slides
Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum

Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum

Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum Cryptanalysis of Post-Quantum Cryptography Simons Institute 24 February 2020 1 / 16 He Gives C-Sieves on the CSIDH Chris Peikert University of Michigan

1.61k views • 85 slides
A Too it for Ri - E y o Vadim Lyubashevsky 1 Chris Peikert 2 Oded

A Too it for Ri - E y o Vadim Lyubashevsky 1 Chris Peikert 2 Oded

A Too it for Ri - E y o Vadim Lyubashevsky 1 Chris Peikert 2 Oded Regev 3 1 INRIA & ENS Paris 2 Georgia Tech 3 Courant Institute, NYU Eurocrypt 2013 27 May 1 / 12 A Toolkit for Ring-LWE Cryptography Vadim

814 views • 70 slides
Mod-NTRU trapdoors and applications Alexandre Wallet Lattices: From Theory to Practice Simons

Mod-NTRU trapdoors and applications Alexandre Wallet Lattices: From Theory to Practice Simons

Mod-NTRU trapdoors and applications Alexandre Wallet Lattices: From Theory to Practice Simons Institute, 29/04/2020 Based on a joint work with Chitchanok Chuengsatiansup, Thomas Prest, Damien Stehl and Keita Xagawa, ePrint 2019/1456 1/17 A.

540 views • 28 slides
Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1

Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1

Lattice-Based Cryptography Chris Peikert University of Michigan QCrypt 2016 1 / 24 Agenda 1 Foundations: lattice problems, SIS/LWE and their applications 2 Ring-Based Crypto: NTRU, Ring-SIS/LWE and ideal lattices 3 Practical Implementations:

1.03k views • 101 slides
Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert 1 Alon Rosen 2 1 MIT CSAIL 2 Harvard DEAS Theory of Cryptography Conference 5 March 2006 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient

897 views • 61 slides
Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of Michigan (Based on work with Sina Shiehian) 2nd Crypto Innovation School Shanghai, China 15 December 2019 1 / 16 Zero Knowledge

995 views • 95 slides
New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1

New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1

New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1 Georgia Institute of Technology CRYPTO 14 19 August 2014 Outline Introduction 1 Construction, Parameters and Efficiency 2 Proof of Security

886 views • 47 slides
Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit

Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit

Towards a Fully Encrypted Internet CS244 | Zakir Durumeric 2013 Snowden Revelations Explicit evidence that intelligence agencies are globally wiretapping Internet backbone connections Massive collection of web tra ffi c, emails, instant

512 views • 50 slides
Measuring small subgroup attacks against Diffie-Hellman Luke Valenta , David Adrian ,

Measuring small subgroup attacks against Diffie-Hellman Luke Valenta , David Adrian ,

Measuring small subgroup attacks against Diffie-Hellman Luke Valenta , David Adrian , Antonio Sanso , Shaanan Cohney , Joshua Fried , Marcella Hastings , J. Alex Halderman , Nadia Heninger University of

461 views • 42 slides
Diffie-Hellman, discrete logs, the NSA, and you J. Alex Halderman University of Michigan Based

Diffie-Hellman, discrete logs, the NSA, and you J. Alex Halderman University of Michigan Based

Diffie-Hellman, discrete logs, the NSA, and you J. Alex Halderman University of Michigan Based on joint work: Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice David Adrian, Karthikeyan Bhargavan, Zakir Durumeric, Pierrick Gaudry,

879 views • 63 slides
International Framework of Investment Law Dr Rodrigo Polanco Senior Lecturer and Researcher

International Framework of Investment Law Dr Rodrigo Polanco Senior Lecturer and Researcher

International Framework of Investment Law Dr Rodrigo Polanco Senior Lecturer and Researcher World Trade Institute November 2017 Outline Why people invest abroad? Treatment of Aliens under International Law - Domestic Law - Diplomatic

267 views • 25 slides
Trust in the Cloud i2Coalition & the M3AAWG Hosting SIG Introductions by Matt Stith,

Trust in the Cloud i2Coalition & the M3AAWG Hosting SIG Introductions by Matt Stith,

Trust in the Cloud i2Coalition & the M3AAWG Hosting SIG Introductions by Matt Stith, Rackspace M3AAWG 37th General Meeting | Philadelphia, U.S.A. | June 2016 Speaker 1: Allan Friedman, PhD Building trust through collaboration: How the U.S.

494 views • 8 slides
Guided Learning of Nonconvex Models through Successive Functional Gradient Optimization Rie

Guided Learning of Nonconvex Models through Successive Functional Gradient Optimization Rie

Guided Learning of Nonconvex Models through Successive Functional Gradient Optimization Rie Johnson and Tong Zhang RJ Research Consulting Hong Kong University of Science and Technology 1 / 12 Training Deep Neural Networks

458 views • 21 slides
Heavy neutral leptons at ANUBIS work with M. Hirsch arXiv: 2001.04750 Zeren Simon Wang Seventh

Heavy neutral leptons at ANUBIS work with M. Hirsch arXiv: 2001.04750 Zeren Simon Wang Seventh

Heavy neutral leptons at ANUBIS work with M. Hirsch arXiv: 2001.04750 Zeren Simon Wang Seventh workshop of the LHC LLP Community May 26, 2020 Z.S. Wang Heavy neutral leptons at ANUBIS 1 / 13 Motivation Surge of interest in LLPs in recent

561 views • 15 slides
Natural Language Processing Anoop Sarkar anoopsarkar.github.io/nlp-class Simon Fraser University

Natural Language Processing Anoop Sarkar anoopsarkar.github.io/nlp-class Simon Fraser University

SFU NatLangLab Natural Language Processing Anoop Sarkar anoopsarkar.github.io/nlp-class Simon Fraser University October 17, 2019 0 Natural Language Processing Anoop Sarkar anoopsarkar.github.io/nlp-class Simon Fraser University Part 1:

631 views • 45 slides

More recommend