towards stream ciphers for efficient fhe with low noise
play

Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts - PowerPoint PPT Presentation

Oct 19, 2023 •239 likes •953 views

Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts Pierrick M AUX cole normale suprieure, CNRS, INRIA, PSL Joint work with: Anthony J OURNAULT , Franois-Xavier S TANDAERT , and Claude C ARLET Eurocrypt 2016 Vienna,

  1. Towards Stream Ciphers for Efficient FHE with Low-Noise Ciphertexts Pierrick M ÉAUX École normale supérieure, CNRS, INRIA, PSL Joint work with: Anthony J OURNAULT , François-Xavier S TANDAERT , and Claude C ARLET Eurocrypt 2016 — Vienna, Austria Monday May 9 1 / 14

  2. Outsourcing Computation Alice Limited storage Limited power Store ? Compute ? 2 / 14

  3. Outsourcing Computation Claude Alice Limited storage Huge storage Limited power Huge power Store � Compute � 2 / 14

  4. Outsourcing Computation Claude Alice Limited storage Huge storage Limited power Huge power Store � Compute � Privacy ? 2 / 14

  5. Outsourcing Computation Claude Alice Limited storage Huge storage Limited power Huge power Fully Store � Compute Homomorphic � Encryption Privacy � 2 / 14

  6. FHE Framework Claude Alice m H . Enc 3 / 14

  7. FHE Framework Claude Alice m H . Enc C H ( m ) 3 / 14

  8. FHE Framework Claude Alice m H . Enc C H ( m ) H . Eval ( f ) 3 / 14

  9. FHE Framework Claude Alice m H . Enc C H ( m ) Bootstrap H . Eval ( f ) 3 / 14

  10. FHE Framework Claude Alice m H . Enc C H ( m ) Bootstrap H . Eval ( f ) H . Compact 3 / 14

  11. FHE Framework Claude Alice m H . Enc C H ( m ) Bootstrap H . Eval ( f ) H . Compact c H ( f ( m )) 3 / 14

  12. FHE Framework Claude Alice m H . Enc C H ( m ) Bootstrap H . Eval ( f ) H . Compact c H ( f ( m )) H . Dec f ( m ) 3 / 14

  13. HE Framework Claude Alice m H . Enc C H ( m ) Bootstrap H . Eval ( f ) H . Compact c H ( f ( m )) H . Dec f ( m ) 3 / 14

  14. SE-HE Hybrid Framework Claude Alice m S . Enc H . Eval ( f ) H . Compact c H ( f ( m )) H . Dec f ( m ) 3 / 14

  15. SE-HE Hybrid Framework Claude Alice m S . Enc C S ( m ) H . Eval ( f ) H . Compact c H ( f ( m )) H . Dec f ( m ) 3 / 14

  16. SE-HE Hybrid Framework Claude Alice ( C H ( sk S ) ) m S . Enc C S ( m ) H . Eval ( S . Dec ) H . Eval ( f ) H . Compact c H ( f ( m )) H . Dec f ( m ) 3 / 14

  17. Performance Metric (Intuition) ⋄ Computational Cost ⋄ Noise Increase 4 / 14

  18. Performance Metric (Intuition) ⋄ Computational Cost ≈ number of multiplications ⋄ Noise Increase 4 / 14

  19. Performance Metric (Intuition) ⋄ Computational Cost ≈ number of multiplications ⋄ Noise Increase ciphertext noise 4 / 14

  20. Performance Metric (Intuition) ⋄ Computational Cost ≈ number of multiplications ⋄ Noise Increase ≈ multiplicative depth ciphertext noise 4 / 14

  21. State of the Art Internal State 5 / 14

  22. State of the Art Start Internal State Enc Final CT 5 / 14

  23. State of the Art: Block Ciphers Start Internal State 5 / 14

  24. State of the Art: Block Ciphers Start Round 1 5 / 14

  25. State of the Art: Block Ciphers Start Round 1 . . . Round r 5 / 14

  26. State of the Art: Block Ciphers Start Round 1 . . . Round r . . . Final CT 5 / 14

  27. State of the Art: Block Ciphers Start Round 1 . . . Round r . . . Final CT → Constant but High Noise AES[GHS12,CLT14], · · · , LowMC[ARS+15] 5 / 14

  28. State of the Art: Stream Ciphers Start Internal State 5 / 14

  29. State of the Art: Stream Ciphers Start Time 1 5 / 14

  30. State of the Art: Stream Ciphers Start Time 1 . . Output . Time f 5 / 14

  31. State of the Art: Stream Ciphers Start Time 1 . . Output . Time f . . Output . Time f+r 5 / 14

  32. State of the Art: Stream Ciphers Start Time 1 . . Output . Time f . . Output . Time f+r → Slowly Increasing Noise, Limited Output Trivium, Kreyvium[CCF+15] 5 / 14

  33. Our contributions ⋄ Best of both worlds: Constant and Low noise increase ⋄ Take advantage of 3 rd generation FHE 6 / 14

  34. Our contributions ⋄ Best of both worlds: Constant and Low noise increase → Filter Permutator ⋄ Take advantage of 3 rd generation FHE 6 / 14

  35. Our contributions ⋄ Best of both worlds: Constant and Low noise increase → Filter Permutator ⋄ Take advantage of 3 rd generation FHE → FLIP F 6 / 14

  36. Filter Permutator Error Increase Time 0 7 / 14

  37. Filter Permutator Error Increase Time 0 Output F Time 1 7 / 14

  38. Filter Permutator Error Increase Time 0 Output F Time 1 . . . F Time r 7 / 14

  39. Filter Permutator Error Increase Time 0 Output F Time 1 . . . F Time r . . . F Time f 7 / 14

  40. Filter Permutator Error Increase Time 0 Output F Time 1 . . . F Time r . . . F Time f → Constant and Low Noise 7 / 14

  41. Filter Permutator Construction ⊲ Key Register K PRNG Permutation P i Generator Filtering Function Plaintext Ciphertext 8 / 14

  42. FLIP F Construction Components ◮ PRNG: forward secure PRNG based on AES-128 ◮ Permutation Generator: Knuth Shuffle ◮ Filtering function F = ( n 1 , n 2 , ℓ ∆ h ) 9 / 14

  43. FLIP F Construction Components ◮ PRNG: forward secure PRNG based on AES-128 ◮ Permutation Generator: Knuth Shuffle ◮ Filtering function F = ( n 1 , n 2 , ℓ ∆ h ) n 1 variables x 1 ⊕ . . . ⊕ x n 1 9 / 14

  44. FLIP F Construction Components ◮ PRNG: forward secure PRNG based on AES-128 ◮ Permutation Generator: Knuth Shuffle ◮ Filtering function F = ( n 1 , n 2 , ℓ ∆ h ) n 2 variables y 1 y 2 x 1 ⊕ ⊕ . . . . . . ⊕ ⊕ y n 2 2 − 1 y n 2 x n 1 2 9 / 14

  45. FLIP F Construction Components ◮ PRNG: forward secure PRNG based on AES-128 ◮ Permutation Generator: Knuth Shuffle ◮ Filtering function F = ( n 1 , n 2 , ℓ ∆ h ) y 1 y 2 x 1 z 1 ⊕ ⊕ ⊕ z 2 z 3 . . ⊕ . . z 4 z 5 z 6 . . ⊕ · · · ⊕ . . . ⊕ ⊕ ⊕ y n 2 2 − 1 y n 2 z h ( h + 1 ) x n 1 · · · 2 2 9 / 14

  46. FLIP F Construction Components ◮ PRNG: forward secure PRNG based on AES-128 ◮ Permutation Generator: Knuth Shuffle ◮ Filtering function F = ( n 1 , n 2 , ℓ ∆ h ) y 1 y 2 x 1 z 1 ⊕ ⊕ ⊕ z 2 z 3 . . ⊕ . . h z 4 z 5 z 6 . . ⊕ · · · ⊕ . . . ⊕ ⊕ ⊕ y n 2 2 − 1 y n 2 z h ( h + 1 ) x n 1 · · · 2 2 9 / 14

  47. FLIP F Construction Components ◮ PRNG: forward secure PRNG based on AES-128 ◮ Permutation Generator: Knuth Shuffle ◮ Filtering function F = ( n 1 , n 2 , ℓ ∆ h ) y 1 y 2 x 1 z 1 ⊕ ⊕ ⊕ z 2 z 3 . . ⊕ . . h z 4 z 5 z 6 . . ⊕ · · · ⊕ . . . ⊕ ⊕ ⊕ y n 2 2 − 1 y n 2 z h ( h + 1 ) x n 1 · · · 2 2 ℓ triangles 9 / 14

  48. FLIP F Construction Components ◮ PRNG: forward secure PRNG based on AES-128 ◮ Permutation Generator: Knuth Shuffle ◮ Filtering function F = ( n 1 , n 2 , ℓ ∆ h ) y 1 y 2 x 1 z 1 ⊕ ⊕ ⊕ z 2 z 3 . . ⊕ . . h z 4 z 5 z 6 . � . � ⊕ · · · ⊕ . . . ⊕ ⊕ ⊕ y n 2 2 − 1 y n 2 z h ( h + 1 ) x n 1 · · · 2 2 ℓ triangles n 1 + n 2 + ℓ h ( h + 1 ) variables 2 9 / 14

  49. FLIP F Construction Components ◮ PRNG: forward secure PRNG based on AES-128 ◮ Permutation Generator: Knuth Shuffle ◮ Filtering function F = ( n 1 , n 2 , ℓ ∆ h ) y 1 y 2 x 1 z 1 ⊕ ⊕ ⊕ z 2 z 3 . . ⊕ . . h z 4 z 5 z 6 . � . � ⊕ · · · ⊕ . . . ⊕ ⊕ ⊕ y n 2 2 − 1 y n 2 z h ( h + 1 ) x n 1 · · · 2 2 ℓ triangles n 1 + n 2 + ℓ h ( h + 1 ) variables 2 FLIP ( 42 , 64 , 8 ∆ 9 ) FLIP ( 82 , 112 , 8 ∆ 16 ) 9 / 14

  50. FLIP F Homomorphic Behavior 3 rd generation FHE Ciphertexts (GSW) sC = µ s + e 10 / 14

  51. FLIP F Homomorphic Behavior 3 rd generation FHE Noise Growth ciphertext (small) error (small) sC = µ s + e secret key plaintext ≈ eigenvector ≈ eigenvalue 10 / 14

  52. FLIP F Homomorphic Behavior 3 rd generation FHE Noise Growth sC = µ s + e k k � � H . Add : H . Mul : C i C i i = 1 i = 1 10 / 14

  53. FLIP F Homomorphic Behavior 3 rd generation FHE Noise Growth sC = µ s + e k k k σ 2 � → σ 2 � � H . Add : H . Mul : C i + = C i i i = 1 i = 1 i = 1 10 / 14

  54. FLIP F Homomorphic Behavior 3 rd generation FHE Noise Growth sC = µ s + e k k k σ 2 � → σ 2 � � H . Add : H . Mul : C i + = C i i i = 1 i = 1 i = 1 σ 2 × ≈ y log k σ 2 · · · C 1 C k 10 / 14

  55. FLIP F Homomorphic Behavior 3 rd generation FHE Noise Growth sC = µ s + e k k k σ 2 � → σ 2 � � → σ 2 × ≈ y σ 2 k H . Add : H . Mul : C i + = C i i i = 1 i = 1 i = 1 σ 2 × ≈ y log k σ 2 C 1 ... σ 2 × ≈ y σ 2 k · · · C 1 C k C k 10 / 14

  56. FLIP F Homomorphic Behavior 3 rd generation FHE Noise Growth: H . Eval ( F ) H . Eval ( F ) ≈ H . Mul k k k σ 2 → σ 2 → σ 2 × ≈ y σ 2 k H . Add : � � H . Mul : � C i + = C i i i = 1 i = 1 i = 1 10 / 14

  57. FLIP F Homomorphic Behavior 3 rd generation FHE Noise Growth: H . Eval ( F ) H . Eval ( F ) ≈ H . Mul k k k σ 2 → σ 2 → σ 2 × ≈ y σ 2 k H . Add : � � H . Mul : � C i + = C i i i = 1 i = 1 i = 1 1 ∆ h C 1 + C 2 C 3 + k variables C 4 C 5 C 6 . . . + k = h ( h + 1 ) C k − h + 1 · · · C k 2 10 / 14

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Stream Ciphers Stream Ciphers 1 Stream Ciphers Generalization of one-time pad Trade

Stream Ciphers Stream Ciphers 1 Stream Ciphers Generalization of one-time pad Trade

Stream Ciphers Stream Ciphers 1 Stream Ciphers Generalization of one-time pad Trade provable security for practicality Stream cipher is initialized with short key Key is stretched into long keystream Keystream is used like

512 views • 35 slides
Feedback shift register based stream ciphers Thomas Johansson, Lund University, Lund, Sweden

Feedback shift register based stream ciphers Thomas Johansson, Lund University, Lund, Sweden

Feedback shift register based stream ciphers Thomas Johansson, Lund University, Lund, Sweden 5/15/2007 1 CONTENTS Efficient encryption and possible solutions Stream ciphers Basic security analysis of stream ciphers LFSR sequences Design

497 views • 45 slides
B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers

B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers

1 B.e) Stream Ciphers W. Schindler: Cryptography, B-IT, winter 2006 / 2007 2 B.125 Stream Ciphers Normally, stream ciphers are symmetric algorithms with encryption = decryption In this course we only consider symmetric stream ciphers.

828 views • 44 slides
Stream Ciphers and Coding Theory Tor Helleseth University of Bergen Norway Outline Stream

Stream Ciphers and Coding Theory Tor Helleseth University of Bergen Norway Outline Stream

Stream Ciphers and Coding Theory Tor Helleseth University of Bergen Norway Outline Stream ciphers Building blocks in stream ciphers m-sequences Clock-control registers / Nonlinear combiner / Filter generator Correlation

666 views • 39 slides
Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream

Block Ciphers Eli Biham - May 3, 2005 c 83 Block Ciphers (4) Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the

1.11k views • 63 slides
Secret Key: stream ciphers & block ciphers Stream Ciphers Idea: try to simulate one-time pad

Secret Key: stream ciphers & block ciphers Stream Ciphers Idea: try to simulate one-time pad

Secret Key: stream ciphers & block ciphers Stream Ciphers Idea: try to simulate one-time pad define a secret key (seed) Using the seed generates a byte stream ( Keystream): i-th byte is function only of the key

822 views • 69 slides
Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22

Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22

Generic Attacks on Stream Ciphers John Mattsson Generic Attacks on Stream Ciphers 2/22 Overview What is a stream cipher? Classification of attacks Different Attacks Exhaustive Key Search Time Memory Tradeoffs

656 views • 22 slides
Recent Results on Stream Ciphers Willi Meier 1 / 47 Overview - Stream Ciphers with Small State

Recent Results on Stream Ciphers Willi Meier 1 / 47 Overview - Stream Ciphers with Small State

ASK 2018, ISI Kolkata November 13, 2018 Recent Results on Stream Ciphers Willi Meier 1 / 47 Overview - Stream Ciphers with Small State - A generic TMD tradeoff distinguisher - High-order differentials - Cryptanalysis with division property

944 views • 47 slides
T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher

T-79.159 Cryptography and Data Security Lecture 4: 4.1 Stream ciphers 4.2 Block cipher confidentiality modes of operation Kaufman et al: Ch 4 Stallings: Ch 6, Ch 3 1 Stream ciphers Stream ciphers are generally faster than block

535 views • 12 slides
B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a)

1 B) Symmetric Ciphers B.a) Fundamentals B.b) Block Ciphers B.c) Stream Ciphers 2 B.a) Fundamentals 3 B.1 Definition A mapping Enc: P K C for which k := Enc( ,k): P C is bijective for each k K is called an

1.1k views • 32 slides
Pseudo-Random Numbers and Stream PRNG+Block Ciphers Stream Ciphers RC4 CSS441: Security and

Pseudo-Random Numbers and Stream PRNG+Block Ciphers Stream Ciphers RC4 CSS441: Security and

CSS441 Random Numbers Principles PRNGs Pseudo-Random Numbers and Stream PRNG+Block Ciphers Stream Ciphers RC4 CSS441: Security and Cryptography Sirindhorn International Institute of Technology Thammasat University Prepared by Steven

460 views • 24 slides
Objectives Non-linear feedback shift registers Stream ciphers using LFSRs: Non-linear

Objectives Non-linear feedback shift registers Stream ciphers using LFSRs: Non-linear

Stream Ciphers (contd.) Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Non-linear feedback shift registers Stream ciphers using

445 views • 13 slides
Objectives Classifications Feedback Based Stream Ciphers Linear Feedback Shift

Objectives Classifications Feedback Based Stream Ciphers Linear Feedback Shift

Stream Ciphers Debdeep Mukhopadhyay Assistant Professor Department of Computer Science and Engineering Indian Institute of Technology Kharagpur INDIA -721302 Objectives Classifications Feedback Based Stream Ciphers Linear Feedback

263 views • 15 slides
Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &

Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers &

CS 166: Information Security Symmetric Key Crypto, Part 1 Prof. Tom Austin San Jos State University Stream Ciphers & Block Ciphers Stream ciphers based on the one-time pad Block ciphers based on codebook ciphers Symmetric

650 views • 52 slides
Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length

Block Ciphers and Stream Ciphers In practical ciphers the plaintext M is divided into fixed-length blocks M = M 1 M 2 . . . M N . Then, each block M i is encrypted to the ciphertext block C i = E K ( M i ), and the results are concatenated to the

334 views • 8 slides
How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and

How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and

Introduction Cryptology Basics Detection Cryptanalysis The Word Case The Excel Case Conclusion How to Operationally Detect the Misuse of Stream Ciphers (and even Block Ciphers Sometimes) and Break them Eric Filiol, filiol@esiea.fr ESIEA -

808 views • 64 slides
Some cryptanalytic results on Stream ciphers with short internal states Subhadeep Banik EPF,

Some cryptanalytic results on Stream ciphers with short internal states Subhadeep Banik EPF,

Some cryptanalytic results on Stream ciphers with short internal states Subhadeep Banik EPF, Lausanne Invited Talk to ASK 2019 14th December 2019 Outline Introduction Sprout (FSE15) Previous Work Attack by Esgin/Kara (SAC 2015)

597 views • 46 slides
Introduction to Design and Analysis of Stream Ciphers Willi Meier Albena, June 30 - July 5, 2013

Introduction to Design and Analysis of Stream Ciphers Willi Meier Albena, June 30 - July 5, 2013

Introduction to Design and Analysis of Stream Ciphers Willi Meier Albena, June 30 - July 5, 2013 1 / 63 Overview Stream Ciphers: A short Introduction Cryptanalysis principles Time/Memory/Data tradeoffs Berlekamp-Massey algorithm

940 views • 63 slides
tr rs tt

tr rs tt

tr rs tt ttrr ttrqrrsrttt

760 views • 35 slides
On the Security of IV Dependent Stream Ciphers Cme Berbain and Henri Gilbert France Telecom

On the Security of IV Dependent Stream Ciphers Cme Berbain and Henri Gilbert France Telecom

On the Security of IV Dependent Stream Ciphers Cme Berbain and Henri Gilbert France Telecom R&D {firstname.lastname@orange-ftgroup.com} research & development Stream Ciphers IV-less IV-dependent key K IV (initial value)

477 views • 18 slides
Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far We defined

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far We defined

Symmetric-Key Encryption: constructions Lecture 4 PRG, Stream Cipher Story So Far We defined (passive) security of Symmetric Key Encryption (SKE) SIM-CPA = IND-CPA + almost perfect correctness Restricts to PPT entities Allows negligible advantage

1.1k views • 13 slides
HiPAcc-LTE: An Integrated High Performance Accelerator for 3GPP LTE Stream Ciphers Sourav Sen Gupta

HiPAcc-LTE: An Integrated High Performance Accelerator for 3GPP LTE Stream Ciphers Sourav Sen Gupta

HiPAcc-LTE: An Integrated High Performance Accelerator for 3GPP LTE Stream Ciphers Sourav Sen Gupta 1 , Anupam Chattopadhyay 2 , Ayesha Khalid 2 1. Applied Statistics Unit, Indian Statistical Institute, Kolkata, India 2. MPSoC Architectures, UMIC

282 views • 25 slides
Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner

Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner

CSE 484 / CSE M 584: Computer Security and Privacy Cryptography [Symmetric Encryption] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Yoshi Kohno, Ada Lerner, John

390 views • 27 slides
Outline RC4 RC4 attacks Spritz Security Analysis of Spritz Performance Conclusion Outline

Outline RC4 RC4 attacks Spritz Security Analysis of Spritz Performance Conclusion Outline

S PRITZ A SPONGY RC4- LIKE STREAM CIPHER AND HASH FUNCTION Ronald L. Rivest 1 Jacob C. N. Schuldt 2 1 Vannevar Bush Professor of EECS MIT CSAIL Cambridge, MA 02139 rivest@mit.edu 2 Research Institute for Secure Systems AIST, Japan

654 views • 36 slides

More recommend