st r r r t tstr

str r rt - PowerPoint PPT Presentation

Feb 28, 2023 •264 likes •1.45k views

str r rt tstr ss t ss tt 1 2 , 1

  1. ■t ✐s ❛ ✲♠♦❞✉❧❡✿ ✐s ❞❡✜♥❡❞✦ ■t ✐s ♥♦t ❛ ❘✐♥❣✿ ✐s ♥♦t ❞❡✜♥❡❞✦ ❱❡❝t♦rs✴♠❛tr✐❝❡s ❇② ❡①t❡♥s✐♦♥✱ ✐s ❛ ✲♠♦❞✉❧❡ ❚❤❡ r❡❛❧ t♦r✉s T = R / Z = R mod 1 ( T , + , · ) ✐s ❛ Z ✲♠♦❞✉❧❡ ✭ · : Z × T → T ❛ ✈❛❧✐❞ ❡①t❡r♥❛❧ ♣r♦❞✉❝t✮ ✔ ■t ✐s ❛ ❣r♦✉♣✿ x + y mod 1 ❛♥❞ − x mod 1 ✶✹ ✴ ✹✸

  2. ■t ✐s ♥♦t ❛ ❘✐♥❣✿ ✐s ♥♦t ❞❡✜♥❡❞✦ ❱❡❝t♦rs✴♠❛tr✐❝❡s ❇② ❡①t❡♥s✐♦♥✱ ✐s ❛ ✲♠♦❞✉❧❡ ❚❤❡ r❡❛❧ t♦r✉s T = R / Z = R mod 1 ( T , + , · ) ✐s ❛ Z ✲♠♦❞✉❧❡ ✭ · : Z × T → T ❛ ✈❛❧✐❞ ❡①t❡r♥❛❧ ♣r♦❞✉❝t✮ ✔ ■t ✐s ❛ ❣r♦✉♣✿ x + y mod 1 ❛♥❞ − x mod 1 ✔ ■t ✐s ❛ Z ✲♠♦❞✉❧❡✿ 0 · 1 2 = 0 ✐s ❞❡✜♥❡❞✦ ✶✹ ✴ ✹✸

  3. ❱❡❝t♦rs✴♠❛tr✐❝❡s ❇② ❡①t❡♥s✐♦♥✱ ✐s ❛ ✲♠♦❞✉❧❡ ❚❤❡ r❡❛❧ t♦r✉s T = R / Z = R mod 1 ( T , + , · ) ✐s ❛ Z ✲♠♦❞✉❧❡ ✭ · : Z × T → T ❛ ✈❛❧✐❞ ❡①t❡r♥❛❧ ♣r♦❞✉❝t✮ ✔ ■t ✐s ❛ ❣r♦✉♣✿ x + y mod 1 ❛♥❞ − x mod 1 ✔ ■t ✐s ❛ Z ✲♠♦❞✉❧❡✿ 0 · 1 2 = 0 ✐s ❞❡✜♥❡❞✦ ✘ ■t ✐s ♥♦t ❛ ❘✐♥❣✿ 0 × 1 2 ✐s ♥♦t ❞❡✜♥❡❞✦ ✶✹ ✴ ✹✸

  4. ❚❤❡ r❡❛❧ t♦r✉s T = R / Z = R mod 1 ( T , + , · ) ✐s ❛ Z ✲♠♦❞✉❧❡ ✭ · : Z × T → T ❛ ✈❛❧✐❞ ❡①t❡r♥❛❧ ♣r♦❞✉❝t✮ ✔ ■t ✐s ❛ ❣r♦✉♣✿ x + y mod 1 ❛♥❞ − x mod 1 ✔ ■t ✐s ❛ Z ✲♠♦❞✉❧❡✿ 0 · 1 2 = 0 ✐s ❞❡✜♥❡❞✦ ✘ ■t ✐s ♥♦t ❛ ❘✐♥❣✿ 0 × 1 2 ✐s ♥♦t ❞❡✜♥❡❞✦ ❱❡❝t♦rs✴♠❛tr✐❝❡s ❇② ❡①t❡♥s✐♦♥✱ ( T n , + , . ) ✐s ❛ Z ✲♠♦❞✉❧❡    � 0 . 252 � 1 − 2 0 . 672  · � 3 − 2 4 � · 3 4    0 . 231 0 . 991 5 0 � 0 . 252     1 − 2 � 3 � 0 . 672  · 4 � = − 2 × 3 4   0 . 231 0 . 991 5 0 ✶✹ ✴ ✹✸

  5. ❉❡❝♦♠♣♦s❡ ♦✈❡r ✇✐t❤ s♠❛❧❧ ❝♦❡❢s ❊①❛♠♣❧❡s ❚♦r✉s ♣♦❧②♥♦♠✐❛❧s T N [ X ] ( T N [ X ] , + , · ) ✐s ❛ R ✲♠♦❞✉❧❡ ❍❡r❡✱ R = Z [ X ] / ( X N + 1) ❆♥❞ T N [ X ] = T [ X ] mod ( X N + 1) ✶✺ ✴ ✹✸

  6. ❉❡❝♦♠♣♦s❡ ♦✈❡r ✇✐t❤ s♠❛❧❧ ❝♦❡❢s ❚♦r✉s ♣♦❧②♥♦♠✐❛❧s T N [ X ] ( T N [ X ] , + , · ) ✐s ❛ R ✲♠♦❞✉❧❡ ❍❡r❡✱ R = Z [ X ] / ( X N + 1) ❆♥❞ T N [ X ] = T [ X ] mod ( X N + 1) ❊①❛♠♣❧❡s (1 + 2 X ) · ( 1 3 + 4 7 X ) = ✶✺ ✴ ✹✸

  7. ❉❡❝♦♠♣♦s❡ ♦✈❡r ✇✐t❤ s♠❛❧❧ ❝♦❡❢s ❚♦r✉s ♣♦❧②♥♦♠✐❛❧s T N [ X ] ( T N [ X ] , + , · ) ✐s ❛ R ✲♠♦❞✉❧❡ ❍❡r❡✱ R = Z [ X ] / ( X N + 1) ❆♥❞ T N [ X ] = T [ X ] mod ( X N + 1) ❊①❛♠♣❧❡s 21 X ) mod ( X 2 + 1) mod 1 (1 + 2 X ) · ( 1 3 + 4 7 X ) =( 4 21 + 5 ✶✺ ✴ ✹✸

  8. ❚♦r✉s ♣♦❧②♥♦♠✐❛❧s T N [ X ] ( T N [ X ] , + , · ) ✐s ❛ R ✲♠♦❞✉❧❡ ❍❡r❡✱ R = Z [ X ] / ( X N + 1) ❆♥❞ T N [ X ] = T [ X ] mod ( X N + 1) ❊①❛♠♣❧❡s 21 X ) mod ( X 2 + 1) mod 1 (1 + 2 X ) · ( 1 3 + 4 7 X ) =( 4 21 + 5 ❉❡❝♦♠♣♦s❡ ( 3 8 + 7 8 X ) ♦✈❡r [ 1 2 , 1 4 , 1 8 ] ✇✐t❤ s♠❛❧❧ ❝♦❡❢s ✶✺ ✴ ✹✸

  9. ❚♦r✉s ♣♦❧②♥♦♠✐❛❧s T N [ X ] ( T N [ X ] , + , · ) ✐s ❛ R ✲♠♦❞✉❧❡ ❍❡r❡✱ R = Z [ X ] / ( X N + 1) ❆♥❞ T N [ X ] = T [ X ] mod ( X N + 1) ❊①❛♠♣❧❡s 21 X ) mod ( X 2 + 1) mod 1 (1 + 2 X ) · ( 1 3 + 4 7 X ) =( 4 21 + 5 ❉❡❝♦♠♣♦s❡ ( 3 8 + 7 8 X ) ♦✈❡r [ 1 2 , 1 4 , 1 8 ] ✇✐t❤ s♠❛❧❧ ❝♦❡❢s ( 3 8 + 7 8 X ) = (0 + X ) · 1 2 + (1 + X ) · 1 4 + (1 + X ) · 1 8 ✶✺ ✴ ✹✸

  10. ✶ ❈❤♦♦s❡ ●❛✉ss✐❛♥ ❊rr♦r ✷ ❈❤♦♦s❡ ❛ r❛♥❞♦♠ ♠❛s❦ ✸ ❘❡t✉r♥ t❤❡ ❧♦❝❦❡❞ r❡♣r❡s❡♥t❛t✐♦♥ ▲❲❊ ❊♥❝r②♣t✐♦♥ ▲❲❊ s②♠♠❡tr✐❝ ❡♥❝r②♣t✐♦♥ ✶✻ ✴ ✹✸

  11. ✶ ❈❤♦♦s❡ ●❛✉ss✐❛♥ ❊rr♦r ✷ ❈❤♦♦s❡ ❛ r❛♥❞♦♠ ♠❛s❦ ✸ ❘❡t✉r♥ t❤❡ ❧♦❝❦❡❞ r❡♣r❡s❡♥t❛t✐♦♥ ▲❲❊ ❊♥❝r②♣t✐♦♥ ▲❲❊ s②♠♠❡tr✐❝ ❡♥❝r②♣t✐♦♥ 2 / 3 1 / 3 0 Example: M = { 0 , 1 / 3 , 2 / 3 } mod 1 µ = 1 / 3 mod 1 ∈ M ✶✻ ✴ ✹✸

  12. ✷ ❈❤♦♦s❡ ❛ r❛♥❞♦♠ ♠❛s❦ ✸ ❘❡t✉r♥ t❤❡ ❧♦❝❦❡❞ r❡♣r❡s❡♥t❛t✐♦♥ ▲❲❊ s②♠♠❡tr✐❝ ❡♥❝r②♣t✐♦♥ 2 / 3 1 / 3 0 ( , ϕ ) Example: M = { 0 , 1 / 3 , 2 / 3 } mod 1 µ = 1 / 3 mod 1 ∈ M ▲❲❊ ❊♥❝r②♣t✐♦♥ ✶ ❈❤♦♦s❡ ϕ = µ + ●❛✉ss✐❛♥ ❊rr♦r ✶✻ ✴ ✹✸

  13. ✸ ❘❡t✉r♥ t❤❡ ❧♦❝❦❡❞ r❡♣r❡s❡♥t❛t✐♦♥ ▲❲❊ s②♠♠❡tr✐❝ ❡♥❝r②♣t✐♦♥ 2 / 3 1 / 3 a 0 ( a , ϕ ) Example: M = { 0 , 1 / 3 , 2 / 3 } mod 1 µ = 1 / 3 mod 1 ∈ M ▲❲❊ ❊♥❝r②♣t✐♦♥ ✶ ❈❤♦♦s❡ ϕ = µ + ●❛✉ss✐❛♥ ❊rr♦r ✷ ❈❤♦♦s❡ ❛ r❛♥❞♦♠ ♠❛s❦ a ∈ T n ✶✻ ✴ ✹✸

  14. ▲❲❊ s②♠♠❡tr✐❝ ❡♥❝r②♣t✐♦♥ secret key : s ∈ { 0 , 1 } n b = s · a + ϕ 2 / 3 1 / 3 a a 0 ( a , ϕ ) ( a , b ) Example: M = { 0 , 1 / 3 , 2 / 3 } mod 1 µ = 1 / 3 mod 1 ∈ M ▲❲❊ ❊♥❝r②♣t✐♦♥ ✶ ❈❤♦♦s❡ ϕ = µ + ●❛✉ss✐❛♥ ❊rr♦r ✷ ❈❤♦♦s❡ ❛ r❛♥❞♦♠ ♠❛s❦ a ∈ T n ✸ ❘❡t✉r♥ t❤❡ ❧♦❝❦❡❞ r❡♣r❡s❡♥t❛t✐♦♥ ( a , b ) ✶✻ ✴ ✹✸

  15. ✶ ❯♥❧♦❝❦ t❤❡ r❡♣r❡s❡♥t❛t✐♦♥ ✷ ❘♦✉♥❞ t♦ t❤❡ ♥❡❛r❡st ♠❡ss❛❣❡ ✸ ♣❧♦✉❢✦ ▲❲❊ s②♠♠❡tr✐❝ ❡♥❝r②♣t✐♦♥ secret key : s ∈ { 0 , 1 } n a ( a , b ) ▲❲❊ ❉❡❝r②♣t✐♦♥ ✶✻ ✴ ✹✸

  16. ✷ ❘♦✉♥❞ t♦ t❤❡ ♥❡❛r❡st ♠❡ss❛❣❡ ✸ ♣❧♦✉❢✦ ▲❲❊ s②♠♠❡tr✐❝ ❡♥❝r②♣t✐♦♥ secret key : s ∈ { 0 , 1 } n a a ϕ = b − s · a ( a , ϕ ) ( a , b ) ▲❲❊ ❉❡❝r②♣t✐♦♥ ✶ ❯♥❧♦❝❦ t❤❡ r❡♣r❡s❡♥t❛t✐♦♥ ( a , ϕ ) ✶✻ ✴ ✹✸

  17. ✸ ♣❧♦✉❢✦ ▲❲❊ s②♠♠❡tr✐❝ ❡♥❝r②♣t✐♦♥ secret key : s ∈ { 0 , 1 } n 2 / 3 1 / 3 a a ϕ = b − s · a 0 ( a , ϕ ) ( a , b ) ▲❲❊ ❉❡❝r②♣t✐♦♥ ✶ ❯♥❧♦❝❦ t❤❡ r❡♣r❡s❡♥t❛t✐♦♥ ( a , ϕ ) ✷ ❘♦✉♥❞ ϕ t♦ t❤❡ ♥❡❛r❡st ♠❡ss❛❣❡ µ ∈ M ✶✻ ✴ ✹✸

  18. ▲❲❊ s②♠♠❡tr✐❝ ❡♥❝r②♣t✐♦♥ secret key : s ∈ { 0 , 1 } n b = s · a + ϕ a a ϕ = b − s · a ( a , ϕ ) ( a , b ) ✶✻ ✴ ✹✸

  19. ▲❲❊ s②♠♠❡tr✐❝ ❡♥❝r②♣t✐♦♥ secret key : s ∈ { 0 , 1 } n b = s · a + ϕ 0 a 0 ϕ = b − s · a ( a , b ) ❚r✐✈✐❛❧ ▲❲❊ s❛♠♣❧❡s ▲❲❊ s❛♠♣❧❡s ✇✐t❤ ♠❛s❦ a = 0 ❛r❡ tr✐✈✐❛❧✳ ❚❤❡② ♥❡✈❡r ♦❝❝✉r ✐♥ ❣❡♥❡r❛❧ ✳✳✳❜✉t ❛r❡ st✐❧❧ ✇♦rt❤ ♠❡♥t✐♦♥♥✐♥❣✦ ✶✻ ✴ ✹✸

  20. ▲❲❊ ❍♦♠♦♠♦r♣❤✐❝ Pr♦♣❡rt✐❡s a ′′ = x · a + y · a ′ a ′ = a ′′ x a + y b ′′ = x · b + y · b ′ b b ′ b ′′ ✶✼ ✴ ✹✸

  21. ▲❲❊ ❍♦♠♦♠♦r♣❤✐❝ Pr♦♣❡rt✐❡s a ′′ = x · a + y · a ′ a ′ = a ′′ x a + y b ′′ = x · b + y · b ′ b b ′ b ′′ x a + y a ′ = a ′′ ϕ ′′ = x · ϕ + y · ϕ ′ ϕ ϕ ′ ϕ ′′ ✶✼ ✴ ✹✸

  22. ▲❲❊ ❍♦♠♦♠♦r♣❤✐❝ Pr♦♣❡rt✐❡s a ′′ = x · a + y · a ′ a ′ = a ′′ x a + y b ′′ = x · b + y · b ′ b b ′ b ′′ x a + y a ′ = a ′′ ϕ ′′ = x · ϕ + y · ϕ ′ ϕ ϕ ′ ϕ ′′ µ ′′ = x · µ + y · µ ′ µ ′′ = x · µ + y · µ ′ µ = E ( ϕ ) µ = E ( ϕ ) µ ′ µ ′ µ ′′ µ ′′ ✶✼ ✴ ✹✸

  23. ▲❲❊ ❍♦♠♦♠♦r♣❤✐❝ Pr♦♣❡rt✐❡s a ′′ = x · a + y · a ′ a ′ = a ′′ x a + y b ′′ = x · b + y · b ′ b b ′ b ′′ x a + y a ′ = a ′′ ϕ ′′ = x · ϕ + y · ϕ ′ ϕ ϕ ′ ϕ ′′ µ ′′ = x · µ + y · µ ′ µ ′′ = x · µ + y · µ ′ µ = E ( ϕ ) µ = E ( ϕ ) µ ′ µ ′ µ ′′ µ ′′ α ′′ 2 = x 2 α 2 + y 2 α ′ 2 α = stdev( ϕ ) α ′ α ′′ ✶✼ ✴ ✹✸

  24. ▲❲❊ ❍♦♠♦♠♦r♣❤✐❝ Pr♦♣❡rt✐❡s a ′′ = x · a + y · a ′ a ′ = a ′′ x a + y b ′′ = x · b + y · b ′ b b ′ b ′′ x a + y a ′ = a ′′ ϕ ′′ = x · ϕ + y · ϕ ′ ϕ ϕ ′ ϕ ′′ µ ′′ = x · µ + y · µ ′ µ ′′ = x · µ + y · µ ′ µ = E ( ϕ ) µ = E ( ϕ ) µ ′ µ ′ µ ′′ µ ′′ α ′′ 2 = x 2 α 2 + y 2 α ′ 2 α = stdev( ϕ ) α ′ α ′′ Ω: The only proba. space where this intuitive picture makes sense! ✶✼ ✴ ✹✸

  25. ■♥ ♦✉r ♣❛♣❡r ▲❲❊✿ ❞❡✜♥✐t✐♦♥ s✐♠✐❧❛r t♦ ❬❇▲P❘❙✶✸❪✱❬❈❙✶✺❪✱❬❈●●■✶✻❪ ❚▲❲❊✿ ❣❡♥❡r❛❧✐③❡❞ ❞❡✜♥✐t✐♦♥ s✐♠✐❧❛r t♦ ❬❇●❱✶✷❪ ▲❲❊ ▲❲❊ ❂ ▲❡❛r♥✐♥❣ ❲✐t❤ ❊rr♦rs ❬❘❡❣✵✺❪ ❘✐♥❣✲▲❲❊ ❬▲P❘✶✵❪ ✶✽ ✴ ✹✸

  26. ▲❲❊ ▲❲❊ ❂ ▲❡❛r♥✐♥❣ ❲✐t❤ ❊rr♦rs ❬❘❡❣✵✺❪ ❘✐♥❣✲▲❲❊ ❬▲P❘✶✵❪ ■♥ ♦✉r ♣❛♣❡r ▲❲❊✿ ❞❡✜♥✐t✐♦♥ s✐♠✐❧❛r t♦ ❬❇▲P❘❙✶✸❪✱❬❈❙✶✺❪✱❬❈●●■✶✻❪ ❚▲❲❊✿ ❣❡♥❡r❛❧✐③❡❞ ❞❡✜♥✐t✐♦♥ s✐♠✐❧❛r t♦ ❬❇●❱✶✷❪ ✶✽ ✴ ✹✸

  27. ❚▲❲❊ ❊♥❝r②♣t✐♦♥ N [ X ] k +1 �→ T ϕ s : N [ X ] T ( a , b ) → b − s · a H N [ X ] k +1 T TLWE Samples ✶✾ ✴ ✹✸

  28. ❚▲❲❊ ❊♥❝r②♣t✐♦♥ N [ X ] k +1 �→ T ϕ s : N [ X ] T ( a , b ) → b − s · a Im ϕ s µ H M isom N [ X ] k +1 T { ( 0 , µ ) } Trivial TLWE samples Samples ✶✾ ✴ ✹✸

  29. ❚▲❲❊ ❊♥❝r②♣t✐♦♥ N [ X ] k +1 �→ T ϕ s : N [ X ] T ( a , b ) → b − s · a Im ϕ s µ H M Γ = ⊕ isom N [ X ] k +1 T ker ϕ s { ( 0 , µ ) } Trivial TLWE Homogeneous samples samples Samples ✶✾ ✴ ✹✸

  30. ❚▲❲❊ ❊♥❝r②♣t✐♦♥ N [ X ] k +1 �→ T ϕ s : N [ X ] T ( a , b ) → b − s · a Im ϕ s µ H M Γ = ⊕ isom N [ X ] k +1 T ker ϕ s { ( 0 , µ ) } Trivial TLWE Homogeneous samples samples Samples c = z + ( 0 , µ ) µ encrypt: add z ∈ ker ϕ s µ = ϕ s ( c ) c decrypt: apply ϕ s ✶✾ ✴ ✹✸

  31. ❚▲❲❊ ❊♥❝r②♣t✐♦♥ N [ X ] k +1 �→ T ϕ s : N [ X ] T ( a , b ) → b − s · a Im ϕ s µ H M Γ = ⊕ isom N [ X ] k +1 T ker ϕ s { ( 0 , µ ) } Trivial TLWE Homogeneous samples samples Samples ( Approx of R -module ) c = z + ( 0 , µ ) µ encrypt: add approx( z ∈ ker ϕ s ) approx( µ ) c decrypt: apply ϕ s ... = ϕ s ( c ) ✶✾ ✴ ✹✸

  32. ❚▲❲❊ ❊♥❝r②♣t✐♦♥ N [ X ] k +1 �→ T ϕ s : N [ X ] T ( a , b ) → b − s · a ! ! Im ϕ s How to recover µ exactly ? µ H M Γ = ⊕ isom µ = E ( ϕ s ( c )) Option 1: N [ X ] k +1 T (in the relevant proba. space) ker ϕ s { ( 0 , µ ) } The Ω-space logic Trivial TLWE Homogeneous samples samples Samples µ = round( ϕ s ( c )) Option 2: ( Approx of R -module ) On a given finite message space M The logic of the decryption algorithm c = z + ( 0 , µ ) µ encrypt: add approx( z ∈ ker ϕ s ) approx( µ ) c decrypt: apply ϕ s ... = ϕ s ( c ) ✶✾ ✴ ✹✸

  33. ❚❛❜❧❡ ♦❢ ❝♦♥t❡♥ts ✶ ❋✉❧❧② ❍♦♠♦♠♦r♣❤✐❝ ❊♥❝r②♣t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥s ✷ ❚▲❲❊ ❚❤❡ r❡❛❧ t♦r✉s ▲❲❊ ❛♥❞ ❚▲❲❊ ✸ ❚●❙❲ ❛♥❞ t❤❡ ❡①t❡r♥❛❧ ♣r♦❞✉❝t ❊♥❝r②♣t✐♦♥ ❛♥❞ ●❛❞❣❡t ❚▲❲❊ ❛♥❞ ❚●❙❲ ✹ ❋❛st❡r ❇♦♦tstr❛♣♣✐♥❣ ●❛t❡ ❜♦♦tstr❛♣♣✐♥❣ ❙❡❝✉r✐t② ❛♥❛❧②s✐s ✺ ❈♦♥❝❧✉s✐♦♥ ✷✵ ✴ ✹✸

  34. ❚●❙❲✿ ✧●❙❲✧ ♦♥ ■♥ t❤✐s t❛❧❦ ❆❜str❛❝t✐♦♥ ♦❢ ❬●❙❲✶✸❪ ❜② ❬●■◆❳✶✻❪ ●❙❲ ❬●❙❲✶✸❪ ✐s ❛ ❋❍❊ s❝❤❡♠❡ ❜❛s❡❞ ♦♥ ▲❲❊ ❘❡❧✐❡s ♦♥ ❛ ❣❛❞❣❡t ❞❡❝♦♠♣♦s✐t✐♦♥ ❢✉♥❝t✐♦♥ ●❙❲ ❲❡ ✇❛♥t ❋❍❊✦ ❲❤❛t ✐s st✐❧❧ ♠✐ss✐♥❣ t♦ ❤❛✈❡ ❋✉❧❧② ❍♦♠♦♠♦r♣❤✐❝ ❊♥❝r②♣t✐♦♥❄ ✷✶ ✴ ✹✸

  35. ❚●❙❲✿ ✧●❙❲✧ ♦♥ ■♥ t❤✐s t❛❧❦ ❆❜str❛❝t✐♦♥ ♦❢ ❬●❙❲✶✸❪ ❜② ❬●■◆❳✶✻❪ ●❙❲ ❲❡ ✇❛♥t ❋❍❊✦ ❲❤❛t ✐s st✐❧❧ ♠✐ss✐♥❣ t♦ ❤❛✈❡ ❋✉❧❧② ❍♦♠♦♠♦r♣❤✐❝ ❊♥❝r②♣t✐♦♥❄ ●❙❲ ❬●❙❲✶✸❪ ✐s ❛ ❋❍❊ s❝❤❡♠❡ ❜❛s❡❞ ♦♥ ▲❲❊ ❘❡❧✐❡s ♦♥ ❛ ❣❛❞❣❡t ❞❡❝♦♠♣♦s✐t✐♦♥ ❢✉♥❝t✐♦♥ ✷✶ ✴ ✹✸

  36. ●❙❲ ❲❡ ✇❛♥t ❋❍❊✦ ❲❤❛t ✐s st✐❧❧ ♠✐ss✐♥❣ t♦ ❤❛✈❡ ❋✉❧❧② ❍♦♠♦♠♦r♣❤✐❝ ❊♥❝r②♣t✐♦♥❄ ●❙❲ ❬●❙❲✶✸❪ ✐s ❛ ❋❍❊ s❝❤❡♠❡ ❜❛s❡❞ ♦♥ ▲❲❊ ❘❡❧✐❡s ♦♥ ❛ ❣❛❞❣❡t ❞❡❝♦♠♣♦s✐t✐♦♥ ❢✉♥❝t✐♦♥ ■♥ t❤✐s t❛❧❦ ❆❜str❛❝t✐♦♥ ♦❢ ❬●❙❲✶✸❪ ❜② ❬●■◆❳✶✻❪ ❚●❙❲✿ ✧●❙❲✧ ♦♥ T ✷✶ ✴ ✹✸

  37. ❚●❙❲ ❚❤❡ ❣❛❞❣❡t h ❣❡♥❡r❛t✐♥❣ ❢❛♠✐❧② ♦❢ H v = ( v 1 | . . . | v k +1 ) ∈ H h ∈ M ℓ ′ ,k +1 ( T N [ X ])  1 / 2 . . . 0  h ✐s ❜❧♦❝❦ ❞✐❛❣♦♥❛❧ 1 / 2 2 . . . 0 s✉♣❡r✲✐♥❝r❡❛s✐♥❣   ✳ ✳ ✳✳✳   ✳ ✳ ❲❡ ❛r❡ ❛❜❧❡ t♦ ❞❡❝♦♠♣♦s❡  ✳ ✳    ❡❧❡♠❡♥ts ✐♥ t❤❡ s✉❜✲♠♦❞✉❧❡ H 1 / 2 ℓ  . . . 0    ✳ ✳  ✳✳✳  ❚❤❡ ❝♦❡✣❝✐❡♥ts ✐♥ t❤❡ ✳ ✳ h =   ✳ ✳   ❞❡❝♦♠♣♦s✐t✐♦♥ ❛r❡ s♠❛❧❧   0 . . . 1 / 2   ❆♣♣r♦①✐♠❛t❡❞ ❞❡❝♦♠♣♦s✐t✐♦♥ ✭✉♣   1 / 2 2 0 . . .   t♦ s♦♠❡ ♣r❡❝✐s✐♦♥ ♣❛r❛♠❡t❡rs✮   ✳ ✳ ✳✳✳ ✳ ✳   ✳ ✳   ■♠♣r♦✈❡ t✐♠❡ ❛♥❞ ♠❡♠♦r② 1 / 2 ℓ 0 . . . r❡q✉✐r❡♠❡♥ts ❢♦r ❛ s♠❛❧❧ ❛♠♦✉♥t ♦❢ ❛❞❞✐t✐♦♥❛❧ ♥♦✐s❡ ✷✷ ✴ ✹✸

  38. ❊♥❝r②♣t✐♦♥✿ ✇❤❡r❡ ❍♦♠♦♠♦r♣❤✐❝ ♦♣❡r❛t✐♦♥s✿ ▲❡t ❛♥❞ ▲✐♥❡❛r ❝♦♠❜✐♥❛t✐♦♥s✿ ❡♥❝r②♣ts ✭ ✮ ▼✉❧t✐♣❧✐❝❛t✐♦♥ ✿ ❡♥❝r②♣ts ❚●❙❲ P❛r❛♠❡t❡rs ▲❡t H = T N [ X ] k × T N [ X ] h = ( h 1 , . . . , h l ) ∈ H ℓ ′ ❛ s✉♣❡r✲✐♥❝r❡❛s✐♥❣ ❣❡♥❡r❛t✐♥❣ ❢❛♠✐❧② ♦❢ H Dec h t❤❡ ✧s♠❛❧❧✧ ❞❡❝♦♠♣♦s✐t✐♦♥ ❢✉♥❝t✐♦♥ ❢r♦♠ H → R ℓ ′ ✭ R = Z [ X ] / ( X N + 1) ✮ s✉❝❤ t❤❛t Dec h ( x ) · h = x ❢♦r ❛❧❧ x ∈ H Γ = ker ϕ s ❞❡♥♦t❡s ❤♦♠♦❣❡♥❡♦✉s ❚▲❲❊ s❛♠♣❧❡s ✷✸ ✴ ✹✸

  39. ❍♦♠♦♠♦r♣❤✐❝ ♦♣❡r❛t✐♦♥s✿ ▲❡t ❛♥❞ ▲✐♥❡❛r ❝♦♠❜✐♥❛t✐♦♥s✿ ❡♥❝r②♣ts ✭ ✮ ▼✉❧t✐♣❧✐❝❛t✐♦♥ ✿ ❡♥❝r②♣ts ❚●❙❲ P❛r❛♠❡t❡rs ▲❡t H = T N [ X ] k × T N [ X ] h = ( h 1 , . . . , h l ) ∈ H ℓ ′ ❛ s✉♣❡r✲✐♥❝r❡❛s✐♥❣ ❣❡♥❡r❛t✐♥❣ ❢❛♠✐❧② ♦❢ H Dec h t❤❡ ✧s♠❛❧❧✧ ❞❡❝♦♠♣♦s✐t✐♦♥ ❢✉♥❝t✐♦♥ ❢r♦♠ H → R ℓ ′ ✭ R = Z [ X ] / ( X N + 1) ✮ s✉❝❤ t❤❛t Dec h ( x ) · h = x ❢♦r ❛❧❧ x ∈ H Γ = ker ϕ s ❞❡♥♦t❡s ❤♦♠♦❣❡♥❡♦✉s ❚▲❲❊ s❛♠♣❧❡s ❊♥❝r②♣t✐♦♥✿ C = Z + µ · h ✇❤❡r❡ Z ∈ Γ ℓ ′ ✷✸ ✴ ✹✸

  40. ❚●❙❲ P❛r❛♠❡t❡rs ▲❡t H = T N [ X ] k × T N [ X ] h = ( h 1 , . . . , h l ) ∈ H ℓ ′ ❛ s✉♣❡r✲✐♥❝r❡❛s✐♥❣ ❣❡♥❡r❛t✐♥❣ ❢❛♠✐❧② ♦❢ H Dec h t❤❡ ✧s♠❛❧❧✧ ❞❡❝♦♠♣♦s✐t✐♦♥ ❢✉♥❝t✐♦♥ ❢r♦♠ H → R ℓ ′ ✭ R = Z [ X ] / ( X N + 1) ✮ s✉❝❤ t❤❛t Dec h ( x ) · h = x ❢♦r ❛❧❧ x ∈ H Γ = ker ϕ s ❞❡♥♦t❡s ❤♦♠♦❣❡♥❡♦✉s ❚▲❲❊ s❛♠♣❧❡s ❊♥❝r②♣t✐♦♥✿ C = Z + µ · h ✇❤❡r❡ Z ∈ Γ ℓ ′ ❍♦♠♦♠♦r♣❤✐❝ ♦♣❡r❛t✐♦♥s✿ ▲❡t C 1 = Z 1 + µ 1 · h ❛♥❞ C 2 = Z 2 + µ 2 · h ▲✐♥❡❛r ❝♦♠❜✐♥❛t✐♦♥s✿ δ 1 C 1 + δ 2 C 2 ❡♥❝r②♣ts δ 1 µ 1 + δ 2 µ 2 ✭ δ i ∈ R ✮ ▼✉❧t✐♣❧✐❝❛t✐♦♥ ✿ Dec h ( C 1 ) · C 2 ❡♥❝r②♣ts µ 1 µ 2 ✷✸ ✴ ✹✸

  41. ❙❛♠♣❧❡s ❚♦② ❡①❛♠♣❧❡ ✭✇✐t❤♦✉t ♥♦✐s❡✮ ϕ s = · 4 Im ϕ s ) = m ⊕ o 1 s 1 i 100 Z / Z 1 25 Z / Z ( 4 Z / Z P❛r❛♠❡t❡rs 100 Z / Z = 1 1 4 Z / Z ⊕ 1 H = 25 Z / Z ✭✐s ❛ Z ✲♠♦❞✉❧❡✮ � 1 2 100 , 10 5 100 , 20 100 , 50 � h = 100 , 100 , 100 Dec h ✿ ❞❡❝♦♠♣♦s✐t✐♦♥ ✐♥ ❊✉r♦ ❝♦✐♥s Γ = 1 4 Z / Z ⊂ H ✿ ♠♦❞✉❧♦ ♦❢ t❤❡ ❝♦❞❡ ✷✹ ✴ ✹✸

  42. ❚♦② ❡①❛♠♣❧❡ ✭✇✐t❤♦✉t ♥♦✐s❡✮ ϕ s = · 4 Im ϕ s ) = m ⊕ o 1 s 1 i 100 Z / Z 1 25 Z / Z ( 4 Z / Z P❛r❛♠❡t❡rs 100 Z / Z = 1 1 4 Z / Z ⊕ 1 H = 25 Z / Z ✭✐s ❛ Z ✲♠♦❞✉❧❡✮ � 1 2 100 , 10 5 100 , 20 100 , 50 � h = 100 , 100 , 100 Dec h ✿ ❞❡❝♦♠♣♦s✐t✐♦♥ ✐♥ ❊✉r♦ ❝♦✐♥s Γ = 1 4 Z / Z ⊂ H ✿ ♠♦❞✉❧♦ ♦❢ t❤❡ ❝♦❞❡ ❙❛♠♣❧❡s � 32 100 , 14 100 , 60 100 , 45 100 , 90 0 � � 1 4 , 0 4 , 1 4 , 3 4 , 2 4 , 2 � C 1 = 100 , = + 7 · h 100 4 � 73 � � 3 � 100 , 21 100 , 40 100 , 35 5 100 , 50 4 , 1 4 , 2 4 , 1 4 , 3 4 , 2 C 2 = 100 , = − 2 · h 100 4 ✷✹ ✴ ✹✸

  43. ❚♦② ❡①❛♠♣❧❡ ✭✇✐t❤♦✉t ♥♦✐s❡✮ ▼✉❧t✐♣❧✐❝❛t✐♦♥✿    73 / 100  0 1 0 1 1 0 0 2 0 1 0 0 21 / 100         0 0 0 1 0 1 40 / 100     Dec h ( C 1 ) · C 2 =     0 0 1 0 2 0 5 / 100         0 0 0 0 2 1 35 / 100     0 0 0 0 0 0 50 / 100 � 61 � 100 , 47 100 , 55 100 , 10 100 , 20 100 , 0 = 100 ❱❡r✐✜❝❛t✐♦♥✿ ❞♦❡s ❡♥❝♦❞❡ 7 · ( − 2) = 11 mod 25 � 61 100 , 47 100 , 55 100 , 10 100 , 20 100 , 0 � � 2 4 , 1 4 , 0 4 , 0 4 , 0 4 , 2 � = + 11 · h 100 4 ✷✺ ✴ ✹✸

  44. ❚♦② ❡①❛♠♣❧❡ ✭✇✐t❤♦✉t ♥♦✐s❡✮ ▼✉❧t✐♣❧✐❝❛t✐♦♥✿     0 1 0 1 1 0 73 / 100 0 2 0 1 0 0 21 / 100         0 0 0 1 0 1 40 / 100     Dec h ( C 1 ) · C 2 =     0 0 1 0 2 0 5 / 100         0 0 0 0 2 1 35 / 100     0 0 0 0 0 0 50 / 100 � 61 � 100 , 47 100 , 55 100 , 10 100 , 20 100 , 0 = 100 ❱❡r✐✜❝❛t✐♦♥✿ ❞♦❡s ❡♥❝♦❞❡ 7 · ( − 2) = 11 mod 25 � 61 100 , 47 100 , 55 100 , 10 100 , 20 100 , 0 � � 2 4 , 1 4 , 0 4 , 0 4 , 0 4 , 2 � = + 11 · h 100 4 ✷✺ ✴ ✹✸

  45. ❚▲❲❊ ❛♥❞ ❚●❙❲ ϕ s N [ X ] T = ⊕ m o Γ = ker ϕ s H M s i TLWE ✷✻ ✴ ✹✸

  46. ❚▲❲❊ ❛♥❞ ❚●❙❲ ϕ s N [ X ] T = ⊕ m o Γ = ker ϕ s H M s i TLWE R ⊃ ⊕ H ℓ ′ Γ ℓ ′ R · h TGSW ✷✻ ✴ ✹✸

  47. ❚▲❲❊ ❛♥❞ ❚●❙❲ ϕ s N [ X ] T = ⊕ m o Γ = ker ϕ s H M s i TLWE R ⊃ ⊕ H ℓ ′ Γ ℓ ′ R · h TGSW ∀ e ∈ R ℓ ′ , ∀ A ∈ R , ∀ b ∈ T N [ X ]: e · TGSW ( A ) is a TLWE of A · ϕ s ( e · h ) ✷✻ ✴ ✹✸

  48. ❚▲❲❊ ❛♥❞ ❚●❙❲ ϕ s N [ X ] T = ⊕ m o Γ = ker ϕ s H M s i TLWE R ⊃ ⊕ H ℓ ′ Γ ℓ ′ R · h TGSW ∀ e ∈ R ℓ ′ , ∀ A ∈ R , ∀ b ∈ T N [ X ]: e · TGSW ( A ) is a TLWE of A · ϕ s ( e · h ) = ⇒ Decomp h ( TLWE ( b )) · TGSW ( A ) is a TLWE of A · b ✷✻ ✴ ✹✸

  49. ❚♦② ❡①❛♠♣❧❡ ✭❲■❚❍ ♥♦✐s❡✮ P❛r❛♠❡t❡rs 100 Z / Z = 1 1 4 Z / Z ⊕ 1 H = 25 Z / Z ✭✐s ❛ Z ✲♠♦❞✉❧❡✮ � 1 2 100 , 10 5 100 , 20 100 , 50 � h = 100 , 100 , 100 Dec h ✿ ❞❡❝♦♠♣♦s✐t✐♦♥ ✐♥ ❊✉r♦ ❝♦✐♥s Γ = 1 4 Z / Z ⊂ H ✿ ♠♦❞✉❧♦ ♦❢ t❤❡ ❝♦❞❡ ❙❛♠♣❧❡s � 31 � 100 , 16 100 , 63 100 , 46 100 , 89 0 C 1 = 100 , 100 �� 1 4 , 0 4 , 1 4 , 3 4 , 2 4 , 2 � � − 1 2 3 100 , − 1 1 1 �� = + 100 , 100 , 100 , 100 , + 7 · h 4 100 � 71 � 100 , 23 100 , 37 100 , 33 5 100 , 48 C 2 = 100 , 100 �� 3 4 , 1 4 , 2 4 , 1 4 , 3 4 , 2 � � − 2 100 , − 3 2 100 , − 2 0 100 , − 2 �� = + 100 , 100 , − 2 · h 4 100 ✷✼ ✴ ✹✸

  50. ❚♦② ❡①❛♠♣❧❡ ✭❲■❚❍ ♥♦✐s❡✮ P❛r❛♠❡t❡rs 100 Z / Z = 1 1 4 Z / Z ⊕ 1 H = 25 Z / Z ✭✐s ❛ Z ✲♠♦❞✉❧❡✮ � 1 2 100 , 10 5 100 , 20 100 , 50 � h = 100 , 100 , 100 Dec h ✿ ❞❡❝♦♠♣♦s✐t✐♦♥ ✐♥ ❊✉r♦ ❝♦✐♥s Γ = 1 4 Z / Z ⊂ H ✿ ♠♦❞✉❧♦ ♦❢ t❤❡ ❝♦❞❡ ❙❛♠♣❧❡s � 31 � 100 , 16 100 , 63 100 , 46 100 , 89 0 C 1 = 100 , 100 �� 1 4 , 0 4 , 1 4 , 3 4 , 2 4 , 2 � � − 1 2 3 100 , − 1 1 1 �� = + 100 , 100 , 100 , 100 , + 7 · h 4 100 � 71 � 100 , 23 100 , 37 100 , 33 5 100 , 48 C 2 = 100 , 100 �� 3 4 , 1 4 , 2 4 , 1 4 , 3 4 , 2 � � − 2 100 , − 3 2 100 , − 2 0 100 , − 2 �� = + 100 , 100 , − 2 · h 4 100 ✷✼ ✴ ✹✸

  51. ❚♦② ❡①❛♠♣❧❡ ✭❲■❚❍ ♥♦✐s❡✮ ▼✉❧t✐♣❧✐❝❛t✐♦♥✿   71 / 100 23 / 100   37 / 100   Dec h ( C 1 , 1 ) · C 2 = [ 1 0 ] 0 0 1 1   5 / 100     33 / 100   48 / 100 � 9 � Dec h ( C 1 , 1 ) · C 2 = 100 ❱❡r✐✜❝❛t✐♦♥✿ ❞♦❡s ❡♥❝♦❞❡ 7 · ( − 2) = 11 mod 25 � 9 � 2 � �� 0 � �� = − + 11 · h 1 100 4 100 ✷✽ ✴ ✹✸

  52. ■♥t❡r♥❛❧ ♣r♦❞✉❝t ✭❝❧❛ss✐❝❛❧✮ ✳ ✳ ✳ Pr♦❞✉❝t ❊①t❡r♥❛❧ ♣r♦❞✉❝t ✭❢♦✉♥❞ ✐♥❞❡♣❡♥❞❡♥t❧② ❜② ❬❇P✶✻❪✮ ⊡ : TGSW × TLWE − → TLWE ( A, b ) �− → A ⊡ b = Dec h ,β,ǫ ( b ) · A ( µ A , µ b ) �− → µ A · µ b ✇❤❡r❡ Dec h ,β,ǫ ✐s t❤❡ ❛♣♣r♦①✐♠❛t❡ ❣❛❞❣❡t ❞❡❝♦♠♣♦s✐t✐♦♥ ✷✾ ✴ ✹✸

  53. Pr♦❞✉❝t ❊①t❡r♥❛❧ ♣r♦❞✉❝t ✭❢♦✉♥❞ ✐♥❞❡♣❡♥❞❡♥t❧② ❜② ❬❇P✶✻❪✮ ⊡ : TGSW × TLWE − → TLWE ( A, b ) �− → A ⊡ b = Dec h ,β,ǫ ( b ) · A ( µ A , µ b ) �− → µ A · µ b ✇❤❡r❡ Dec h ,β,ǫ ✐s t❤❡ ❛♣♣r♦①✐♠❛t❡ ❣❛❞❣❡t ❞❡❝♦♠♣♦s✐t✐♦♥ ■♥t❡r♥❛❧ ♣r♦❞✉❝t ✭❝❧❛ss✐❝❛❧✮ ⊠ : TGSW × TGSW − → TGSW   A ⊡ b 1 ✳ ✳ ( A, B ) �− → A ⊠ B =   ✳   A ⊡ b ( k + 1 ) ℓ ( µ A , µ B ) �− → µ A · µ B ✷✾ ✴ ✹✸

  54. Pr♦❞✉❝t µ A T-GSW η A µ A · µ b T-LWE � µ A � 1 η b + O ( η A ) µ b T-LWE η b � ❊rr ( A ⊡ b ) � ∞ ≤ ℓ ′ Nβη A + � µ A � 1 (1 + kN ) ǫ + � µ A � 1 η b ✇❤❡r❡ β ❛♥❞ ǫ ❛r❡ t❤❡ ♣❛r❛♠❡t❡rs ✉s❡❞ ✐♥ t❤❡ ❞❡❝♦♠♣♦s✐t✐♦♥ Dec h ,β,ǫ ( b ) ✳ ✸✵ ✴ ✹✸

  55. ❚❛❜❧❡ ♦❢ ❝♦♥t❡♥ts ✶ ❋✉❧❧② ❍♦♠♦♠♦r♣❤✐❝ ❊♥❝r②♣t✐♦♥ ❆♣♣❧✐❝❛t✐♦♥s ✷ ❚▲❲❊ ❚❤❡ r❡❛❧ t♦r✉s ▲❲❊ ❛♥❞ ❚▲❲❊ ✸ ❚●❙❲ ❛♥❞ t❤❡ ❡①t❡r♥❛❧ ♣r♦❞✉❝t ❊♥❝r②♣t✐♦♥ ❛♥❞ ●❛❞❣❡t ❚▲❲❊ ❛♥❞ ❚●❙❲ ✹ ❋❛st❡r ❇♦♦tstr❛♣♣✐♥❣ ●❛t❡ ❜♦♦tstr❛♣♣✐♥❣ ❙❡❝✉r✐t② ❛♥❛❧②s✐s ✺ ❈♦♥❝❧✉s✐♦♥ ✸✶ ✴ ✹✸

  56. ❲❡ r❡♣❧❛❝❡❞ ❛❧❧ t❤❡ ✐♥t❡r♥❛❧ ♣r♦❞✉❝ts ✐♥ t❤❡ ❜♦♦tstr❛♣♣✐♥❣ ♣r♦❝❡❞✉r❡ ✇✐t❤ t❤❡ ❡①t❡r♥❛❧ ♦♥❡✳ ❘❡s✉❧t✿ ✭✇✐t❤ ❢✉rt❤❡r ♦♣t✐♠✐③❛t✐♦♥s✮ ✇❡ ❤❛❞ ❛ s♣❡❡❞✲✉♣ ♦❢ ❛ ❢❛❝t♦r ✭❜♦♦tstr❛♣♣✐♥❣ ✐♥ s❡❝♦♥❞s✮ ❋❛st❡r ❜♦♦tstr❛♣♣✐♥❣ ❲❡ ❛♣♣❧✐❡❞ ♦✉r r❡s✉❧t t♦ t❤❡ ❢❛st ❜♦♦tstr❛♣♣✐♥❣ ♣r♦♣♦s❡❞ ❜② ❉✉❝❛s ❛♥❞ ▼✐❝❝✐❛♥❝✐♦ ✭❊✉r♦❝r②♣t ✷✵✶✺✮ ❬❉▼✶✺❪✿ ❤♦♠♦♠♦r♣❤✐❝ ◆❆◆❉ ❣❛t❡ ✇✐t❤ ❢❛st ❜♦♦tstr❛♣♣✐♥❣ ✐♥ ∼ 0 . 69 s❡❝♦♥❞s ✸✷ ✴ ✹✸

  57. ❋❛st❡r ❜♦♦tstr❛♣♣✐♥❣ ❲❡ ❛♣♣❧✐❡❞ ♦✉r r❡s✉❧t t♦ t❤❡ ❢❛st ❜♦♦tstr❛♣♣✐♥❣ ♣r♦♣♦s❡❞ ❜② ❉✉❝❛s ❛♥❞ ▼✐❝❝✐❛♥❝✐♦ ✭❊✉r♦❝r②♣t ✷✵✶✺✮ ❬❉▼✶✺❪✿ ❤♦♠♦♠♦r♣❤✐❝ ◆❆◆❉ ❣❛t❡ ✇✐t❤ ❢❛st ❜♦♦tstr❛♣♣✐♥❣ ✐♥ ∼ 0 . 69 s❡❝♦♥❞s ❲❡ r❡♣❧❛❝❡❞ ❛❧❧ t❤❡ ✐♥t❡r♥❛❧ ♣r♦❞✉❝ts ✐♥ t❤❡ ❜♦♦tstr❛♣♣✐♥❣ ♣r♦❝❡❞✉r❡ ✇✐t❤ t❤❡ ❡①t❡r♥❛❧ ♦♥❡✳ ❘❡s✉❧t✿ ✭✇✐t❤ ❢✉rt❤❡r ♦♣t✐♠✐③❛t✐♦♥s✮ ✇❡ ❤❛❞ ❛ s♣❡❡❞✲✉♣ ♦❢ ❛ ❢❛❝t♦r ∼ 12 ✭❜♦♦tstr❛♣♣✐♥❣ ✐♥ ∼ 0 . 052 s❡❝♦♥❞s✮ ✸✷ ✴ ✹✸

  58. ❇♦♦tstr❛♣♣✐♥❣ 1 2 3 1 4 4 0 ✸✸ ✴ ✹✸

  59. ❇♦♦tstr❛♣♣✐♥❣ 1 2 3 1 4 4 0 ✸✸ ✴ ✹✸

  60. ❇♦♦tstr❛♣♣✐♥❣ [Gentry09]-style bootstrap 1 2 3 1 4 4 0 ✸✸ ✴ ✹✸

  61. ❇♦♦tstr❛♣♣✐♥❣ [Gentry09]-style bootstrap 1 2 3 1 4 4 0 ✸✸ ✴ ✹✸

  62. ❇♦♦tstr❛♣♣✐♥❣ [DM15]-style bootstrap 1 2 3 1 4 4 0 ✸✸ ✴ ✹✸

  63. ●❛t❡ ❇♦♦tstr❛♣♣✐♥❣ false := LWE( − 1 1 8 ), noise < 16 1 2 3 1 4 4 − 1 1 8 8 0 ✸✹ ✴ ✹✸

  64. ●❛t❡ ❇♦♦tstr❛♣♣✐♥❣ 1 true := LWE(+ 1 1 8 ), noise < 2 16 3 1 4 4 − 1 1 8 8 0 ✸✹ ✴ ✹✸

  65. ●❛t❡ ❇♦♦tstr❛♣♣✐♥❣ c 1 c 2 + 1 2 = 3 1 4 4 − 1 1 8 8 0 ✸✹ ✴ ✹✸

  66. ●❛t❡ ❇♦♦tstr❛♣♣✐♥❣ NAND( c 1 , c 2 ) : 1 2 return false 3 1 4 4 return true − 1 1 8 8 0 ✸✹ ✴ ✹✸

  67. ●❛t❡ ❇♦♦tstr❛♣♣✐♥❣ NAND( c 1 , c 2 ) : 1 2 return false 3 1 4 4 return true − 1 1 8 8 0 ✸✹ ✴ ✹✸

  68. ●❛t❡ ❇♦♦tstr❛♣♣✐♥❣ [DM15/BR15]-(revisited) v i +1 1 2 v i 3 1 [ . . . ] 4 4 v 2 v 1 0 v 2 N − 1 v 0 ✸✹ ✴ ✹✸

  69. ✇✐t❤ ✱ ✇❤❡r❡ ❇❑ ✭ ✮ ✇❤❡♥ ✐s ❦♥♦✇♥ ✭ ✮ ✇❤❡♥ ✐s ✉♥❦♥♦✇♥ ✶ ▼✉❧t✐♣❧② ❜② ✷ ❋♦r ♠✉❧t✐♣❧② ❜② ❘♦t❛t❡ ❜② ♣♦s✐t✐♦♥s t❤❡ ❝♦❡✣❝✐❡♥ts ❍♦✇ t♦ r♦t❛t❡ ❜② ❄ ❇♦♦tstr❛♣♣✐♥❣ ❆❧❣♦r✐t❤♠ ✭❛♥✐♠❛t✐♦♥✮ ❇♦♦tstr❛♣♣✐♥❣ ❛❧❣♦r✐t❤♠ ♦❢ ( a , b ) ✶ ❙t❛rt ❢r♦♠ ✭❛ tr✐✈✐❛❧✮ TLWE ( v 0 + v 1 X + · · · + v N − 1 X N − 1 ) ❛ ✷ ❘♦t❛t❡ ✐t ❜② p = − ϕ s ( a , b ) ♣♦s✐t✐♦♥s ✸ ❊①tr❛❝t t❤❡ ❝♦♥st❛♥t t❡r♠ ✭✇❤✐❝❤ ❡♥❝r②♣ts v p ✮ ❛ N ❝♦❡❢s ♠♦❞ X N + 1 ❝❛♥ ❜❡ ✈✐❡✇❡❞ ❛s 2 N ❝♦❡❢s ♠♦❞ X 2 N − 1 s✳t✳ v N + i = − v i ✸✺ ✴ ✹✸

  70. ✇✐t❤ ✱ ✇❤❡r❡ ❇❑ ✭ ✮ ✇❤❡♥ ✐s ❦♥♦✇♥ ✭ ✮ ✇❤❡♥ ✐s ✉♥❦♥♦✇♥ ✶ ▼✉❧t✐♣❧② ❜② ✷ ❋♦r ♠✉❧t✐♣❧② ❜② ❘♦t❛t❡ ❜② ♣♦s✐t✐♦♥s t❤❡ ❝♦❡✣❝✐❡♥ts ❍♦✇ t♦ r♦t❛t❡ ❜② ❄ ❇♦♦tstr❛♣♣✐♥❣ ❆❧❣♦r✐t❤♠ ✭❛♥✐♠❛t✐♦♥✮ ❇♦♦tstr❛♣♣✐♥❣ ❛❧❣♦r✐t❤♠ ♦❢ ( a , b ) ✶ ❙t❛rt ❢r♦♠ ✭❛ tr✐✈✐❛❧✮ TLWE ( v 0 + v 1 X + · · · + v N − 1 X N − 1 ) ❛ ✷ ❘♦t❛t❡ ✐t ❜② p = − ϕ s ( a , b ) ♣♦s✐t✐♦♥s ✸ ❊①tr❛❝t t❤❡ ❝♦♥st❛♥t t❡r♠ ✭✇❤✐❝❤ ❡♥❝r②♣ts v p ✮ ❛ N ❝♦❡❢s ♠♦❞ X N + 1 ❝❛♥ ❜❡ ✈✐❡✇❡❞ ❛s 2 N ❝♦❡❢s ♠♦❞ X 2 N − 1 s✳t✳ v N + i = − v i ✸✺ ✴ ✹✸

  71. ✇✐t❤ ✱ ✇❤❡r❡ ❇❑ ✶ ▼✉❧t✐♣❧② ❜② ✷ ❋♦r ♠✉❧t✐♣❧② ❜② ✭ ✮ ✇❤❡♥ ✐s ❦♥♦✇♥ ✭ ✮ ✇❤❡♥ ✐s ✉♥❦♥♦✇♥ ❍♦✇ t♦ r♦t❛t❡ ❜② ❄ ❇♦♦tstr❛♣♣✐♥❣ ❆❧❣♦r✐t❤♠ ✭❛♥✐♠❛t✐♦♥✮ ❇♦♦tstr❛♣♣✐♥❣ ❛❧❣♦r✐t❤♠ ♦❢ ( a , b ) ✶ ❙t❛rt ❢r♦♠ ✭❛ tr✐✈✐❛❧✮ TLWE ( v 0 + v 1 X + · · · + v N − 1 X N − 1 ) ❛ ✷ ❘♦t❛t❡ ✐t ❜② p = − ϕ s ( a , b ) ♣♦s✐t✐♦♥s ✸ ❊①tr❛❝t t❤❡ ❝♦♥st❛♥t t❡r♠ ✭✇❤✐❝❤ ❡♥❝r②♣ts v p ✮ ❛ N ❝♦❡❢s ♠♦❞ X N + 1 ❝❛♥ ❜❡ ✈✐❡✇❡❞ ❛s 2 N ❝♦❡❢s ♠♦❞ X 2 N − 1 s✳t✳ v N + i = − v i ❘♦t❛t❡ ❜② p ♣♦s✐t✐♦♥s t❤❡ ❝♦❡✣❝✐❡♥ts c ∈ TLWE ✸✺ ✴ ✹✸

  72. ✇✐t❤ ✱ ✇❤❡r❡ ❇❑ ✶ ▼✉❧t✐♣❧② ❜② ✷ ❋♦r ♠✉❧t✐♣❧② ❜② ✭ ✮ ✇❤❡♥ ✐s ✉♥❦♥♦✇♥ ❍♦✇ t♦ r♦t❛t❡ ❜② ❄ ❇♦♦tstr❛♣♣✐♥❣ ❆❧❣♦r✐t❤♠ ✭❛♥✐♠❛t✐♦♥✮ ❇♦♦tstr❛♣♣✐♥❣ ❛❧❣♦r✐t❤♠ ♦❢ ( a , b ) ✶ ❙t❛rt ❢r♦♠ ✭❛ tr✐✈✐❛❧✮ TLWE ( v 0 + v 1 X + · · · + v N − 1 X N − 1 ) ❛ ✷ ❘♦t❛t❡ ✐t ❜② p = − ϕ s ( a , b ) ♣♦s✐t✐♦♥s ✸ ❊①tr❛❝t t❤❡ ❝♦♥st❛♥t t❡r♠ ✭✇❤✐❝❤ ❡♥❝r②♣ts v p ✮ ❛ N ❝♦❡❢s ♠♦❞ X N + 1 ❝❛♥ ❜❡ ✈✐❡✇❡❞ ❛s 2 N ❝♦❡❢s ♠♦❞ X 2 N − 1 s✳t✳ v N + i = − v i ❘♦t❛t❡ ❜② p ♣♦s✐t✐♦♥s t❤❡ ❝♦❡✣❝✐❡♥ts c ∈ TLWE ✭ X p · c ✮ ✇❤❡♥ p ✐s ❦♥♦✇♥ ✸✺ ✴ ✹✸

  73. ✇✐t❤ ✱ ✇❤❡r❡ ❇❑ ✶ ▼✉❧t✐♣❧② ❜② ✷ ❋♦r ♠✉❧t✐♣❧② ❜② ❍♦✇ t♦ r♦t❛t❡ ❜② ❄ ❇♦♦tstr❛♣♣✐♥❣ ❆❧❣♦r✐t❤♠ ✭❛♥✐♠❛t✐♦♥✮ ❇♦♦tstr❛♣♣✐♥❣ ❛❧❣♦r✐t❤♠ ♦❢ ( a , b ) ✶ ❙t❛rt ❢r♦♠ ✭❛ tr✐✈✐❛❧✮ TLWE ( v 0 + v 1 X + · · · + v N − 1 X N − 1 ) ❛ ✷ ❘♦t❛t❡ ✐t ❜② p = − ϕ s ( a , b ) ♣♦s✐t✐♦♥s ✸ ❊①tr❛❝t t❤❡ ❝♦♥st❛♥t t❡r♠ ✭✇❤✐❝❤ ❡♥❝r②♣ts v p ✮ ❛ N ❝♦❡❢s ♠♦❞ X N + 1 ❝❛♥ ❜❡ ✈✐❡✇❡❞ ❛s 2 N ❝♦❡❢s ♠♦❞ X 2 N − 1 s✳t✳ v N + i = − v i ❘♦t❛t❡ ❜② p ♣♦s✐t✐♦♥s t❤❡ ❝♦❡✣❝✐❡♥ts c ∈ TLWE ✭ X p · c ✮ ✇❤❡♥ p ✐s ❦♥♦✇♥ ✭ TGSW ( X p ) ⊡ c ✮ ✇❤❡♥ p ✐s ✉♥❦♥♦✇♥ ✸✺ ✴ ✹✸

  74. ✇✐t❤ ✱ ✇❤❡r❡ ❇❑ ✶ ▼✉❧t✐♣❧② ❜② ✷ ❋♦r ♠✉❧t✐♣❧② ❜② ❇♦♦tstr❛♣♣✐♥❣ ❆❧❣♦r✐t❤♠ ✭❛♥✐♠❛t✐♦♥✮ ❇♦♦tstr❛♣♣✐♥❣ ❛❧❣♦r✐t❤♠ ♦❢ ( a , b ) ✶ ❙t❛rt ❢r♦♠ ✭❛ tr✐✈✐❛❧✮ TLWE ( v 0 + v 1 X + · · · + v N − 1 X N − 1 ) ❛ ✷ ❘♦t❛t❡ ✐t ❜② p = − ϕ s ( a , b ) ♣♦s✐t✐♦♥s ✸ ❊①tr❛❝t t❤❡ ❝♦♥st❛♥t t❡r♠ ✭✇❤✐❝❤ ❡♥❝r②♣ts v p ✮ ❛ N ❝♦❡❢s ♠♦❞ X N + 1 ❝❛♥ ❜❡ ✈✐❡✇❡❞ ❛s 2 N ❝♦❡❢s ♠♦❞ X 2 N − 1 s✳t✳ v N + i = − v i ❘♦t❛t❡ ❜② p ♣♦s✐t✐♦♥s t❤❡ ❝♦❡✣❝✐❡♥ts c ∈ TLWE ✭ X p · c ✮ ✇❤❡♥ p ✐s ❦♥♦✇♥ ✭ TGSW ( X p ) ⊡ c ✮ ✇❤❡♥ p ✐s ✉♥❦♥♦✇♥ ❍♦✇ t♦ r♦t❛t❡ ❜② − ϕ s ( a , b ) = − b + � n i =1 a i s i ❄ ✸✺ ✴ ✹✸

  75. ✇✐t❤ ✱ ✇❤❡r❡ ❇❑ ✷ ❋♦r ♠✉❧t✐♣❧② ❜② ❇♦♦tstr❛♣♣✐♥❣ ❆❧❣♦r✐t❤♠ ✭❛♥✐♠❛t✐♦♥✮ ❇♦♦tstr❛♣♣✐♥❣ ❛❧❣♦r✐t❤♠ ♦❢ ( a , b ) ✶ ❙t❛rt ❢r♦♠ ✭❛ tr✐✈✐❛❧✮ TLWE ( v 0 + v 1 X + · · · + v N − 1 X N − 1 ) ❛ ✷ ❘♦t❛t❡ ✐t ❜② p = − ϕ s ( a , b ) ♣♦s✐t✐♦♥s ✸ ❊①tr❛❝t t❤❡ ❝♦♥st❛♥t t❡r♠ ✭✇❤✐❝❤ ❡♥❝r②♣ts v p ✮ ❛ N ❝♦❡❢s ♠♦❞ X N + 1 ❝❛♥ ❜❡ ✈✐❡✇❡❞ ❛s 2 N ❝♦❡❢s ♠♦❞ X 2 N − 1 s✳t✳ v N + i = − v i ❘♦t❛t❡ ❜② p ♣♦s✐t✐♦♥s t❤❡ ❝♦❡✣❝✐❡♥ts c ∈ TLWE ✭ X p · c ✮ ✇❤❡♥ p ✐s ❦♥♦✇♥ ✭ TGSW ( X p ) ⊡ c ✮ ✇❤❡♥ p ✐s ✉♥❦♥♦✇♥ ❍♦✇ t♦ r♦t❛t❡ ❜② − ϕ s ( a , b ) = − b + � n i =1 a i s i ❄ ✶ ▼✉❧t✐♣❧② ❜② X − b ✸✺ ✴ ✹✸

Recommend

tstr r r

tstr r r

tstr r r rt str s tt tr trt

516 views • 27 slides
stss tstr r r s

stss tstr r r s

stss tstr r r s P rt rss + rst

640 views • 39 slides
trrt qt r

trrt qt r

trrt qt r tstr t r t t Pttr

608 views • 46 slides
MA111: Contemporary mathematics 15 3 4 5 6 7 8 9 10 11 12 13 14 16 1 17 18 19 20

MA111: Contemporary mathematics 15 3 4 5 6 7 8 9 10 11 12 13 14 16 1 17 18 19 20

MA111: Contemporary mathematics 15 3 4 5 6 7 8 9 10 11 12 13 14 16 1 17 18 19 20 21 Schedule: HW 1 is due Tonight, Oct 6th, 2015 Mini-Exam 2 is in-class on Thursday, Oct 8th, 2015 HW 2 is due Tuesday, Oct 13th, 2015 HW 3 is

573 views • 8 slides
CRYPTOGRAPHY What is Cryptography? Sending/receiving information privately Changing around

CRYPTOGRAPHY What is Cryptography? Sending/receiving information privately Changing around

CRYPTOGRAPHY What is Cryptography? Sending/receiving information privately Changing around a message so that no one else can understand it except for you and your recipient Keep personal info and sensitive data safe History First

561 views • 27 slides
Basic Ciphers Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Information Security 1

Basic Ciphers Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Information Security 1

Basic Ciphers Ahmet Burak Can Hacettepe University abc@hacettepe.edu.tr Information Security 1 Information Security Computer Security: Ensure security of data kept on the computer Network Security: Ensure security of

796 views • 37 slides
Lecture 5.1: Basic cryptographic ciphers Matthew Macauley Department of Mathematical Sciences

Lecture 5.1: Basic cryptographic ciphers Matthew Macauley Department of Mathematical Sciences

Lecture 5.1: Basic cryptographic ciphers Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4190, Discrete Mathematical Structures M. Macauley (Clemson) Lecture 5.1: Basic

510 views • 10 slides
Cryptography November 14, 2011 1 Intercepting Information Scenario 1 Wireless broadcasts

Cryptography November 14, 2011 1 Intercepting Information Scenario 1 Wireless broadcasts

Cryptography November 14, 2011 1 Intercepting Information Scenario 1 Wireless broadcasts information using radio signals Any computer on a wireless network CAN listen to any network traffic A computer SHOULD only listen to traffic

182 views • 6 slides
Would You Buy This? Our unbreakable military-grade 10,240-bit bi-Gaussian encryption system,

Would You Buy This? Our unbreakable military-grade 10,240-bit bi-Gaussian encryption system,

Would You Buy This? Our unbreakable military-grade 10,240-bit bi-Gaussian encryption system, using a proprietary one- time pad algorithm, has recently been reviewed by the NSA and approved by a Fortune 500 customer and is available both inside

590 views • 33 slides
Classical Cryptosystems Debdeep Mukhopadhyay Assistant Professor Department of Computer Science

Classical Cryptosystems Debdeep Mukhopadhyay Assistant Professor Department of Computer Science

Classical Cryptosystems Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Definitions Kerckhoffs Principle Monoalphabetic

867 views • 23 slides
Cryptography Overview John Mitchell Announcement: Homework 1 Homework 1 has 3 problems

Cryptography Overview John Mitchell Announcement: Homework 1 Homework 1 has 3 problems

CS259 Winter 2008 Cryptography Overview John Mitchell Announcement: Homework 1 Homework 1 has 3 problems Problems 1 and 2 on the web now Problem 3 to be added soon Due in two weeks, on January 24 Install Murphi and run

723 views • 45 slides
Peculiar Properties of Lattice-Based Encryption Chris Peikert Georgia Institute of Technology

Peculiar Properties of Lattice-Based Encryption Chris Peikert Georgia Institute of Technology

Peculiar Properties of Lattice-Based Encryption Chris Peikert Georgia Institute of Technology Public Key Cryptography and the Geometry of Numbers 7 May 2010 1 / 19 Talk Agenda Encryption schemes with special features: 2 / 19 Talk Agenda

876 views • 71 slides
RSA and the Cloud Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 Encry ryption We

RSA and the Cloud Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 Encry ryption We

RSA and the Cloud Kelly Rivers and Stephanie Rosenthal 15-110 Fall 2019 Encry ryption We encrypt (encode) our data so others can t understand it (easily) except for the person who is supposed to receive it. We call the data to encode

638 views • 32 slides
Discrete Mathematics with Applications MATH236 Dr. Hung P. Tong-Viet School of Mathematics,

Discrete Mathematics with Applications MATH236 Dr. Hung P. Tong-Viet School of Mathematics,

Discrete Mathematics with Applications MATH236 Dr. Hung P. Tong-Viet School of Mathematics, Statistics and Computer Science University of KwaZulu-Natal Pietermaritzburg Campus Semester 1, 2013 Tong-Viet (UKZN) MATH236 Semester 1, 2013 1 /

697 views • 23 slides
Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure

Functional Encryption Lecture 27 Functional Encryption Plain encryption: for secure communication. Does not allow modifying encrypted data. Homomorphic Encryption: allows computation on encrypted data, but result remains encrypted Functional

987 views • 61 slides
ENGR/CS 101 CS Session Lecture 9 Log into Windows/ACENET (reboot if in Linux) Start

ENGR/CS 101 CS Session Lecture 9 Log into Windows/ACENET (reboot if in Linux) Start

ENGR/CS 101 CS Session Lecture 9 Log into Windows/ACENET (reboot if in Linux) Start Microsoft Visual Studio 2012 Any questions about the exercise from last time? Lecture 4 ENGR/CS 101 Computer Science Session 1 Outline

482 views • 20 slides
1 2 Symmetric crypto, part 2 client D. J.

1 2 Symmetric crypto, part 2 client D. J.

1 2 Symmetric crypto, part 2 client D. J. Bernstein message m 1 session key k client authenticated k ciphertext C 1 servers ciphertext C 0 public key S Internet Symmetric Internet

2.03k views • 175 slides
Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631

CUNSHENG DING Computer Security HKUST, Hong Kong Computer Security Cunsheng DING, HKUST COMP4631 CUNSHENG DING Computer Security HKUST, Hong Kong Lecture 06: One-Key Block Ciphers Outline of this Lecture One-key block ciphers

889 views • 22 slides
The Cracking of the Cipher Challenge 10 steps to 10,000 www.simonsingh.net

The Cracking of the Cipher Challenge 10 steps to 10,000 www.simonsingh.net

The Cracking of the Cipher Challenge 10 steps to 10,000 www.simonsingh.net www.simonsingh.net The most incomprehensible thing about the universe is that it is comprehensible. Albert Einstein We are 13.7 billion light-years We

1.2k views • 22 slides
Dszquphsbqiz Nbuu Cpvufmm G-224 y8534 cpvufmm@sptf-ivmnbo.fev (It should now be obvious

Dszquphsbqiz Nbuu Cpvufmm G-224 y8534 cpvufmm@sptf-ivmnbo.fev (It should now be obvious

DTTF/NB479: Jouspevdujpo up Dszquphsbqiz Nbuu Cpvufmm G-224 y8534 cpvufmm@sptf-ivmnbo.fev (It should now be obvious whether or not you are in the right classroom) CSSE/MA479: Introduction to Cryptography Matt Boutell F-224 x8534

442 views • 20 slides
1. Review of Circuit Theory Concepts F. Najmabadi, ECE65, Winter 2012 Circuit Theory is

1. Review of Circuit Theory Concepts F. Najmabadi, ECE65, Winter 2012 Circuit Theory is

1. Review of Circuit Theory Concepts F. Najmabadi, ECE65, Winter 2012 Circuit Theory is an Approximation to Maxwells Electromagnetic Equations A circuit is made of a bunch of elements connected with ideal (i.e., no

658 views • 16 slides
The Governing Equation of an LRC Series Circuit Bernd Schr oder logo1 Bernd Schr oder

The Governing Equation of an LRC Series Circuit Bernd Schr oder logo1 Bernd Schr oder

The Parts The Equation The Governing Equation of an LRC Series Circuit Bernd Schr oder logo1 Bernd Schr oder Louisiana Tech University, College of Engineering and Science The Governing Equation of an LRC Series Circuit The Parts The

584 views • 12 slides
Electric Current The amount of charge that flows by per unit time. Q I t

Electric Current The amount of charge that flows by per unit time. Q I t

Electric Current The amount of charge that flows by per unit time. Q I t Steady state A system (e.g. circuit) is in the steady state when the current at each point in the circuit is constant (does not change with

223 views • 11 slides
Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the

Limits on the Power of Indistinguishability Obfuscation Gilad Asharov Gil Segev Limits on the Power of iO Limits on the Power of Indistinguishability Obfuscation (and Functional Encryption) FOCS 2015 On Constructing One-Way

841 views • 47 slides

More recommend