the geometry of rings chris peikert
play

The Geometry of Rings Chris Peikert Georgia Institute of Technology - PowerPoint PPT Presentation

Feb 02, 2024 •509 likes •1.31k views

The Geometry of Rings Chris Peikert Georgia Institute of Technology ECRYPT II Summer School on Lattices Porto, Portugal 2 Oct 2012 1 / 13 LWE Over Rings (Over-Simplified) [LPR10] Ring R := Z [ X ] / (1 + X n ) for some n = 2 k , R q :=

  1. The Geometry of Rings Chris Peikert Georgia Institute of Technology ECRYPT II Summer School on Lattices Porto, Portugal 2 Oct 2012 1 / 13

  2. LWE Over Rings (Over-Simplified) [LPR’10] Ring R := Z [ X ] / (1 + X n ) for some n = 2 k , R q := R/qR. 2 / 13

  3. LWE Over Rings (Over-Simplified) [LPR’10] Ring R := Z [ X ] / (1 + X n ) for some n = 2 k , R q := R/qR. ◮ Problem: for s ← R q , distinguish { ( a i , b i ) } from uniform { ( a i , b i ) } . a 1 ← R q , b 1 = a 1 · s + e 1 ∈ R q a 2 ← R q , b 2 = a 2 · s + e 2 ∈ R q . . . 2 / 13

  4. LWE Over Rings (Over-Simplified) [LPR’10] Ring R := Z [ X ] / (1 + X n ) for some n = 2 k , R q := R/qR. ◮ Problem: for s ← R q , distinguish { ( a i , b i ) } from uniform { ( a i , b i ) } . a 1 ← R q , b 1 = a 1 · s + e 1 ∈ R q a 2 ← R q , b 2 = a 2 · s + e 2 ∈ R q . . . ◮ Errors e ( X ) ∈ R are “short.” What could this mean? 2 / 13

  5. LWE Over Rings (Over-Simplified) [LPR’10] Ring R := Z [ X ] / (1 + X n ) for some n = 2 k , R q := R/qR. ◮ Problem: for s ← R q , distinguish { ( a i , b i ) } from uniform { ( a i , b i ) } . a 1 ← R q , b 1 = a 1 · s + e 1 ∈ R q a 2 ← R q , b 2 = a 2 · s + e 2 ∈ R q . . . ◮ Errors e ( X ) ∈ R are “short.” What could this mean? Identify n − 1 (?) � e j X j ( e 0 , e 1 , . . . e n − 1 ) ∈ Z n . e ( X ) = ← → j =0 2 / 13

  6. LWE Over Rings (Over-Simplified) [LPR’10] Ring R := Z [ X ] / (1 + X n ) for some n = 2 k , R q := R/qR. ◮ Problem: for s ← R q , distinguish { ( a i , b i ) } from uniform { ( a i , b i ) } . a 1 ← R q , b 1 = a 1 · s + e 1 ∈ R q a 2 ← R q , b 2 = a 2 · s + e 2 ∈ R q . . . ◮ Errors e ( X ) ∈ R are “short.” What could this mean? Identify n − 1 (?) � e j X j ( e 0 , e 1 , . . . e n − 1 ) ∈ Z n . e ( X ) = ← → j =0 ◮ Applications need (+ , · ) -combinations of errors to remain short. 2 / 13

  7. LWE Over Rings (Over-Simplified) [LPR’10] Ring R := Z [ X ] / (1 + X n ) for some n = 2 k , R q := R/qR. ◮ Problem: for s ← R q , distinguish { ( a i , b i ) } from uniform { ( a i , b i ) } . a 1 ← R q , b 1 = a 1 · s + e 1 ∈ R q a 2 ← R q , b 2 = a 2 · s + e 2 ∈ R q . . . ◮ Errors e ( X ) ∈ R are “short.” What could this mean? Identify n − 1 (?) � e j X j ( e 0 , e 1 , . . . e n − 1 ) ∈ Z n . e ( X ) = ← → j =0 ◮ Applications need (+ , · ) -combinations of errors to remain short. Yes! � e · f � ≤ √ n · � e � · � f � . � e + f � ≤ � e � + � f � “Expansion factor” √ n is worst-case. (“On average,” ≈ √ log n .) 2 / 13

  8. Example Application: Homomorphic Encryption [BV’11a] ◮ R = Z [ X ] / (1 + X 2 k ) , R q = R/qR . Symmetric key s ← R q . 3 / 13

  9. Example Application: Homomorphic Encryption [BV’11a] ◮ R = Z [ X ] / (1 + X 2 k ) , R q = R/qR . Symmetric key s ← R q . ◮ Enc s ( m ∈ R 2 ) : choose a “short” e ∈ R s.t. e = m mod 2 . Let c 1 ← R q and c 0 = − c 1 · s + e ∈ R q and output c ( S ) = c 0 + c 1 S ∈ R q [ S ] . (Notice: c ( s ) = e mod q .) 3 / 13

  10. Example Application: Homomorphic Encryption [BV’11a] ◮ R = Z [ X ] / (1 + X 2 k ) , R q = R/qR . Symmetric key s ← R q . ◮ Enc s ( m ∈ R 2 ) : choose a “short” e ∈ R s.t. e = m mod 2 . Let c 1 ← R q and c 0 = − c 1 · s + e ∈ R q and output c ( S ) = c 0 + c 1 S ∈ R q [ S ] . (Notice: c ( s ) = e mod q .) Security: ( c 1 , c 0 ) is an RLWE sample (essentially). 3 / 13

  11. Example Application: Homomorphic Encryption [BV’11a] ◮ R = Z [ X ] / (1 + X 2 k ) , R q = R/qR . Symmetric key s ← R q . ◮ Enc s ( m ∈ R 2 ) : choose a “short” e ∈ R s.t. e = m mod 2 . Let c 1 ← R q and c 0 = − c 1 · s + e ∈ R q and output c ( S ) = c 0 + c 1 S ∈ R q [ S ] . (Notice: c ( s ) = e mod q .) Security: ( c 1 , c 0 ) is an RLWE sample (essentially). ◮ Dec s ( c ( S )) : get short d ∈ R s.t. d = c ( s ) mod q . Output d mod 2 . Correctness: d = e , as long as e has Z -coeffs ∈ ( − q/ 2 , q/ 2) . 3 / 13

  12. Example Application: Homomorphic Encryption [BV’11a] ◮ R = Z [ X ] / (1 + X 2 k ) , R q = R/qR . Symmetric key s ← R q . ◮ Enc s ( m ∈ R 2 ) : choose a “short” e ∈ R s.t. e = m mod 2 . Let c 1 ← R q and c 0 = − c 1 · s + e ∈ R q and output c ( S ) = c 0 + c 1 S ∈ R q [ S ] . (Notice: c ( s ) = e mod q .) Security: ( c 1 , c 0 ) is an RLWE sample (essentially). ◮ Dec s ( c ( S )) : get short d ∈ R s.t. d = c ( s ) mod q . Output d mod 2 . Correctness: d = e , as long as e has Z -coeffs ∈ ( − q/ 2 , q/ 2) . ◮ EvalAdd ( c, c ′ ) = ( c + c ′ )( S ) , EvalMul ( c, c ′ ) = ( c · c ′ )( S ) . 3 / 13

  13. Example Application: Homomorphic Encryption [BV’11a] ◮ R = Z [ X ] / (1 + X 2 k ) , R q = R/qR . Symmetric key s ← R q . ◮ Enc s ( m ∈ R 2 ) : choose a “short” e ∈ R s.t. e = m mod 2 . Let c 1 ← R q and c 0 = − c 1 · s + e ∈ R q and output c ( S ) = c 0 + c 1 S ∈ R q [ S ] . (Notice: c ( s ) = e mod q .) Security: ( c 1 , c 0 ) is an RLWE sample (essentially). ◮ Dec s ( c ( S )) : get short d ∈ R s.t. d = c ( s ) mod q . Output d mod 2 . Correctness: d = e , as long as e has Z -coeffs ∈ ( − q/ 2 , q/ 2) . ◮ EvalAdd ( c, c ′ ) = ( c + c ′ )( S ) , EvalMul ( c, c ′ ) = ( c · c ′ )( S ) . Decryption works if e + e ′ , e · e ′ “short enough.” 3 / 13

  14. Example Application: Homomorphic Encryption [BV’11a] ◮ R = Z [ X ] / (1 + X 2 k ) , R q = R/qR . Symmetric key s ← R q . ◮ Enc s ( m ∈ R 2 ) : choose a “short” e ∈ R s.t. e = m mod 2 . Let c 1 ← R q and c 0 = − c 1 · s + e ∈ R q and output c ( S ) = c 0 + c 1 S ∈ R q [ S ] . (Notice: c ( s ) = e mod q .) Security: ( c 1 , c 0 ) is an RLWE sample (essentially). ◮ Dec s ( c ( S )) : get short d ∈ R s.t. d = c ( s ) mod q . Output d mod 2 . Correctness: d = e , as long as e has Z -coeffs ∈ ( − q/ 2 , q/ 2) . ◮ EvalAdd ( c, c ′ ) = ( c + c ′ )( S ) , EvalMul ( c, c ′ ) = ( c · c ′ )( S ) . Decryption works if e + e ′ , e · e ′ “short enough.” Many mults ⇒ large power of expansion factor ⇒ tiny error rate α ⇒ big parameters! 3 / 13

  15. Other Rings: Cyclotomics ◮ Used in faster bootstrapping [GHS’12a] , homomorphic AES [GHS’12b] . 4 / 13

  16. Other Rings: Cyclotomics ◮ Used in faster bootstrapping [GHS’12a] , homomorphic AES [GHS’12b] . R = Z [ X ] / Φ m ( X ) for m th cyclotomic polynomial Φ m ( X ) . √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C i ∈ Z ∗ m 4 / 13

  17. Other Rings: Cyclotomics ◮ Used in faster bootstrapping [GHS’12a] , homomorphic AES [GHS’12b] . R = Z [ X ] / Φ m ( X ) for m th cyclotomic polynomial Φ m ( X ) . √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C i ∈ Z ∗ m ◮ Roots ω i run over all n = ϕ ( m ) primitive m th roots of unity. “Power” Z -basis of R is { 1 , X, X 2 , . . . , X n − 1 } . 4 / 13

  18. Other Rings: Cyclotomics ◮ Used in faster bootstrapping [GHS’12a] , homomorphic AES [GHS’12b] . R = Z [ X ] / Φ m ( X ) for m th cyclotomic polynomial Φ m ( X ) . √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C i ∈ Z ∗ m ◮ Roots ω i run over all n = ϕ ( m ) primitive m th roots of unity. “Power” Z -basis of R is { 1 , X, X 2 , . . . , X n − 1 } . ω 2 ω 3 ω 1 ω 1 ω 4 ω 5 ω 8 ω 5 ω 7 ω 7 Φ 9 ( X ) = 1 + X 3 + X 6 Φ 8 ( X ) = 1 + X 4 4 / 13

  19. Other Rings: Cyclotomics ◮ Used in faster bootstrapping [GHS’12a] , homomorphic AES [GHS’12b] . R = Z [ X ] / Φ m ( X ) for m th cyclotomic polynomial Φ m ( X ) . √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C i ∈ Z ∗ m ◮ Roots ω i run over all n = ϕ ( m ) primitive m th roots of unity. “Power” Z -basis of R is { 1 , X, X 2 , . . . , X n − 1 } . Non-prime power m ? ✗ Φ 21 ( X ) = 1 − X + X 3 − X 4 + X 6 − X 8 + X 9 − X 11 + X 12 4 / 13

  20. Other Rings: Cyclotomics ◮ Used in faster bootstrapping [GHS’12a] , homomorphic AES [GHS’12b] . R = Z [ X ] / Φ m ( X ) for m th cyclotomic polynomial Φ m ( X ) . √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C i ∈ Z ∗ m ◮ Roots ω i run over all n = ϕ ( m ) primitive m th roots of unity. “Power” Z -basis of R is { 1 , X, X 2 , . . . , X n − 1 } . Non-prime power m ? ✗ Φ 21 ( X ) = 1 − X + X 3 − X 4 + X 6 − X 8 + X 9 − X 11 + X 12 ✗✗ Φ 105 ( X ) = [degree 48; 33 monomials with {− 2 , − 1 , 1 } -coefficients] 4 / 13

  21. Other Rings: Cyclotomics ◮ Used in faster bootstrapping [GHS’12a] , homomorphic AES [GHS’12b] . R = Z [ X ] / Φ m ( X ) for m th cyclotomic polynomial Φ m ( X ) . √ � ( X − ω i ) ∈ Z [ X ] , Φ m ( X ) = ω = exp(2 π − 1 /m ) ∈ C i ∈ Z ∗ m ◮ Roots ω i run over all n = ϕ ( m ) primitive m th roots of unity. “Power” Z -basis of R is { 1 , X, X 2 , . . . , X n − 1 } . Non-prime power m ? ✗ Φ 21 ( X ) = 1 − X + X 3 − X 4 + X 6 − X 8 + X 9 − X 11 + X 12 ✗✗ Φ 105 ( X ) = [degree 48; 33 monomials with {− 2 , − 1 , 1 } -coefficients] Annoyances ✗ Irregular Φ m ( X ) ⇒ slower, more complex operations 4 / 13

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Cryptography from Rings Chris Peikert University of Michigan HEAT Summer School 13 Oct 2015 1

Cryptography from Rings Chris Peikert University of Michigan HEAT Summer School 13 Oct 2015 1

Cryptography from Rings Chris Peikert University of Michigan HEAT Summer School 13 Oct 2015 1 / 13 Agenda 1 Polynomial rings, ideal lattices and Ring-LWE 2 Basic Ring-LWE encryption 3 Fully homomorphic encryption Selected bibliography:

840 views • 64 slides
On Ideal Lattices and Learning With Errors Over Rings Vadim Lyubashevsky 1 Chris Peikert 2 Oded

On Ideal Lattices and Learning With Errors Over Rings Vadim Lyubashevsky 1 Chris Peikert 2 Oded

On Ideal Lattices and Learning With Errors Over Rings Vadim Lyubashevsky 1 Chris Peikert 2 Oded Regev 1 1 Tel Aviv University 2 Georgia Institute of Technology Eurocrypt 2010 1 / 12 The Learning With Errors Problem [Regev05]

819 views • 59 slides
HOMOMORPHIC ENCRYPTION Craig Gentry Shai Halevi Chris Peikert Nigel P. Smart HE Over

HOMOMORPHIC ENCRYPTION Craig Gentry Shai Halevi Chris Peikert Nigel P. Smart HE Over

FIELD-SWITCHING IN HOMOMORPHIC ENCRYPTION Craig Gentry Shai Halevi Chris Peikert Nigel P. Smart HE Over Cyclotomic Rings Denote the field = ( ) /( ) Its ring of integers is =

614 views • 37 slides
Group Rings and Geometry: The (FA) Property Finite Geometry & Friends Doryan Temmerman

Group Rings and Geometry: The (FA) Property Finite Geometry & Friends Doryan Temmerman

Group Rings and Geometry: The (FA) Property Finite Geometry & Friends Doryan Temmerman Joint work with A. Bchle, G. Janssens, E. Jespers and A. Kiefer June 19, 2019 1 Group Rings and Geometry: The (FA) Property Finite Geometry &

569 views • 35 slides
Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of

Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of

Lattices: From Worst-Case, to Average-Case, to Cryptography Chris Peikert Georgia Institute of Technology Public Key Cryptography and the Geometry of Numbers 6 May 2010 1 / 16 Talk Agenda 1 Smoothing and discrete Gaussians 2 From worst-case

1.43k views • 74 slides
Recovering Short Generators of Principal Ideals in Cyclotomic Rings L eo Ducas CWI,

Recovering Short Generators of Principal Ideals in Cyclotomic Rings L eo Ducas CWI,

Recovering Short Generators of Principal Ideals in Cyclotomic Rings L eo Ducas CWI, Amsterdam, The Netherlands Joint work with Ronald Cramer Chris Peikert Oded Regev Conference on Mathematics of Cryptography, August 2015, UC Irvine 1 1

770 views • 59 slides
Recovering Short Generators of Principal Ideals in Cyclotomic Rings L eo Ducas CWI,

Recovering Short Generators of Principal Ideals in Cyclotomic Rings L eo Ducas CWI,

Recovering Short Generators of Principal Ideals in Cyclotomic Rings L eo Ducas CWI, Amsterdam, The Netherlands Joint work with Ronald Cramer Chris Peikert Oded Regev Presented at ICERM, Brown University, April 2015 L eo Ducas (CWI,

765 views • 58 slides
Peculiar Properties of Lattice-Based Encryption Chris Peikert Georgia Institute of Technology

Peculiar Properties of Lattice-Based Encryption Chris Peikert Georgia Institute of Technology

Peculiar Properties of Lattice-Based Encryption Chris Peikert Georgia Institute of Technology Public Key Cryptography and the Geometry of Numbers 7 May 2010 1 / 19 Talk Agenda Encryption schemes with special features: 2 / 19 Talk Agenda

876 views • 71 slides
Why Does Saturn Have Rings? Saturn was discovered by Galileo in 1610, but the geometry of its

Why Does Saturn Have Rings? Saturn was discovered by Galileo in 1610, but the geometry of its

Why Does Saturn Have Rings? Saturn was discovered by Galileo in 1610, but the geometry of its rings was not understood until the work of Christiaan Huygens in 1659. The photograph is a composite made from 165 images taken by the wide-angle camera

599 views • 27 slides
Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum

Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum

Kuperbergs Collimation Sieve vs. CSIDH Chris Peikert University of Michigan Quantum Cryptanalysis of Post-Quantum Cryptography Simons Institute 24 February 2020 1 / 16 He Gives C-Sieves on the CSIDH Chris Peikert University of Michigan

1.61k views • 85 slides
A Too it for Ri - E y o Vadim Lyubashevsky 1 Chris Peikert 2 Oded

A Too it for Ri - E y o Vadim Lyubashevsky 1 Chris Peikert 2 Oded

A Too it for Ri - E y o Vadim Lyubashevsky 1 Chris Peikert 2 Oded Regev 3 1 INRIA & ENS Paris 2 Georgia Tech 3 Courant Institute, NYU Eurocrypt 2013 27 May 1 / 12 A Toolkit for Ring-LWE Cryptography Vadim

814 views • 70 slides
Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert

Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices Chris Peikert 1 Alon Rosen 2 1 MIT CSAIL 2 Harvard DEAS Theory of Cryptography Conference 5 March 2006 Chris Peikert, Alon Rosen (MIT, Harvard) Efficient

897 views • 61 slides
Recovering Short Generators of Principal Ideals in Cyclotomic Rings Ronald Cramer, L eo Ducas,

Recovering Short Generators of Principal Ideals in Cyclotomic Rings Ronald Cramer, L eo Ducas,

Recovering Short Generators of Principal Ideals in Cyclotomic Rings Ronald Cramer, L eo Ducas, Chris Peikert , Oded Regev 9 July 2015 Simons Institute Workshop on Math of Modern Crypto 1 / 15 Short Generators of Ideals in Cryptography A

688 views • 43 slides
Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of

Noninteractive Zero Knowledge for NP from Learning With Errors Chris Peikert University of Michigan (Based on work with Sina Shiehian) 2nd Crypto Innovation School Shanghai, China 15 December 2019 1 / 16 Zero Knowledge

995 views • 95 slides
New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1

New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1

New and Improved Key-Homomorphic Pseudorandom Functions Abhishek Banerjee 1 Chris Peikert 1 1 Georgia Institute of Technology CRYPTO 14 19 August 2014 Outline Introduction 1 Construction, Parameters and Efficiency 2 Proof of Security

886 views • 47 slides
Recovering Short Generators of Principal Ideals in Cyclotomic Rings Ronald Cramer L eo Ducas

Recovering Short Generators of Principal Ideals in Cyclotomic Rings Ronald Cramer L eo Ducas

Recovering Short Generators of Principal Ideals in Cyclotomic Rings Ronald Cramer L eo Ducas Chris Peikert Oded Regev University of Leiden, The Netherlands CWI, Amsterdam, The Netherlands University of Michigan, USA New-York University,

699 views • 34 slides
The Command Line Matthew Bender CMSC Command Line Workshop October 16, 2015 Matthew Bender

The Command Line Matthew Bender CMSC Command Line Workshop October 16, 2015 Matthew Bender

The Command Line Matthew Bender CMSC Command Line Workshop October 16, 2015 Matthew Bender (2015) The Command Line October 16, 2015 1 / 21 The Unix Philosophy Section 1 The Unix Philosophy Matthew Bender (2015) The Command Line October

605 views • 45 slides
Industrial Internet of Things Chenyang Lu Cyber-Physical Systems Laboratory Department of

Industrial Internet of Things Chenyang Lu Cyber-Physical Systems Laboratory Department of

Dependable Industrial Internet of Things Chenyang Lu Cyber-Physical Systems Laboratory Department of Computer Science and Engineering IoT for Industry 4.0 11.6+ billion hours operating experience 36,800+ wireless field networks

604 views • 35 slides
Adaptation Philipp Koehn 27 October 2020 Philipp Koehn Machine Translation: Adaptation 27

Adaptation Philipp Koehn 27 October 2020 Philipp Koehn Machine Translation: Adaptation 27

Adaptation Philipp Koehn 27 October 2020 Philipp Koehn Machine Translation: Adaptation 27 October 2020 Adaptation 1 Better quality when system is adapted to a task Domain adaptation to a specific domain, e.g., information technology

962 views • 46 slides
CHAPTER 3 : MATHEMATICAL MODELLING PRINCIPLES When I complete this chapter, I want to be able to

CHAPTER 3 : MATHEMATICAL MODELLING PRINCIPLES When I complete this chapter, I want to be able to

CHAPTER 3 : MATHEMATICAL MODELLING PRINCIPLES When I complete this chapter, I want to be able to do the following. Formulate dynamic models based on fundamental balances Solve simple first-order linear dynamic models Determine how

601 views • 35 slides
Galois groups arising from arithmetic differential equations ALEXANDRU BUIUM University of New

Galois groups arising from arithmetic differential equations ALEXANDRU BUIUM University of New

Galois groups arising from arithmetic differential equations ALEXANDRU BUIUM University of New Mexico 1. Aim of the talk 1) Briefly introduce arithmetic differential equations (Reference: AB, Inventiones 1995; AB, book, AMS 2005) 2) Show

484 views • 32 slides
On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet

On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet

On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet Alexandre Wallet 1 / 37 ApproxSVP ApproxSVP ( O K -modules) ( O K -ideals) [LS15] [PRS17] [AD17] decision decision RLWE search RLWE

959 views • 54 slides
On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet 1/35

On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet 1/35

On the Ring-LWE and Polynomial-LWE problems Miruna Roca, Damien Stehl, Alexandre Wallet 1/35 A. Wallet About todays talk Its post-quantum (public-key) crypto time! Cryptography = building secure schemes Theoretical security = reduction

659 views • 49 slides
IPORPR WG (IP over Resilient Packet Rings) Chairs: F. Kastenholz; A. Herrera IETF IPoRPR Mar

IPORPR WG (IP over Resilient Packet Rings) Chairs: F. Kastenholz; A. Herrera IETF IPoRPR Mar

IPORPR WG (IP over Resilient Packet Rings) Chairs: F. Kastenholz; A. Herrera IETF IPoRPR Mar 2001 IPoRPR Work Group F.Kastenholz; A. Herrera IPoRPR WG Status Current Charter focused on IP over IEEE 802.17 RPR WG deliverable is a

320 views • 11 slides

More recommend