Cryptanalysis of Compact-LWE and Related Lightweight Public Key Encryption

Xiao, Dianyan; Yu, Yang

doi:10.1155/2018/4957045

Cited by 5 publications

(3 citation statements)

References 25 publications

(33 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Recently, further exotic variants have emerged in association with schemes submitted to the NIST postquantum cryptography standardization process. One can mention for example Compact-LWE [33,34], which has been broken [11,30,48]; learning with truncation, considered in pqNTRUSign [24]; and Mersenne variants of Ring-LWE, introduced for ThreeBears [22] and Mersenne-756839 [1].…”

Section: Introductionmentioning

confidence: 99%

LWE Without Modular Reduction and Improved Side-Channel Attacks Against BLISS

Bootle

Delaplace

Espitau

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

This paper is devoted to analyzing the variant of Regev's learning with errors (LWE) problem in which modular reduction is omitted: namely, the problem (ILWE) of recovering a vector s ∈ Z n given polynomially many samples of the form (a, a, s + e) ∈ Z n+1 where a and e follow fixed distributions. Unsurprisingly, this problem is much easier than LWE: under mild conditions on the distributions, we show that the problem can be solved efficiently as long as the variance of e is not superpolynomially larger than that of a. We also provide almost tight bounds on the number of samples needed to recover s.Our interest in studying this problem stems from the side-channel attack against the BLISS lattice-based signature scheme described by Espitau et al. at CCS 2017. The attack targets a quadratic function of the secret that leaks in the rejection sampling step of BLISS. The same part of the algorithm also suffers from a linear leakage, but the authors claimed that this leakage could not be exploited due to signature compression: the linear system arising from it turns out to be noisy, and hence key recovery amounts to solving a high-dimensional problem analogous to LWE, which seemed infeasible. However, this noisy linear algebra problem does not involve any modular reduction: it is essentially an instance of ILWE, and can therefore be solved efficiently using our techniques. This allows us to obtain an improved side-channel attack on BLISS, which applies to 100% of secret keys (as opposed to ≈7% in the CCS paper), and is also considerably faster.

show abstract

Section: Introductionmentioning

confidence: 99%

LWE Without Modular Reduction and Improved Side-Channel Attacks Against BLISS

Bootle

Delaplace

Espitau

et al. 2018

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…For instance, TinyECC is a configurable and publicly-available ECC library suitable for supporting public-key cryptography in sensor networks and IoT devices [ 377 ]. With a view on the post-quantum era, where RSA and ECC algorithms can be vulnerable, lattice-based cryptography [ 378 ] is becoming increasingly important and its feasibility in lightweight IoT devices is promising [ 379 , 380 ].…”

Section: Information Security: Requirements Attacks and Solutionsmentioning

confidence: 99%

Sensors for Context-Aware Smart Healthcare: A Security Perspective

Batista

Moncusi

López-Aguilar³

et al. 2021

Sensors

View full text Add to dashboard Cite

The advances in the miniaturisation of electronic devices and the deployment of cheaper and faster data networks have propelled environments augmented with contextual and real-time information, such as smart homes and smart cities. These context-aware environments have opened the door to numerous opportunities for providing added-value, accurate and personalised services to citizens. In particular, smart healthcare, regarded as the natural evolution of electronic health and mobile health, contributes to enhance medical services and people’s welfare, while shortening waiting times and decreasing healthcare expenditure. However, the large number, variety and complexity of devices and systems involved in smart health systems involve a number of challenging considerations to be considered, particularly from security and privacy perspectives. To this aim, this article provides a thorough technical review on the deployment of secure smart health services, ranging from the very collection of sensors data (either related to the medical conditions of individuals or to their immediate context), the transmission of these data through wireless communication networks, to the final storage and analysis of such information in the appropriate health information systems. As a result, we provide practitioners with a comprehensive overview of the existing vulnerabilities and solutions in the technical side of smart healthcare.

show abstract

“…One might ask why a new lightweight authentication protocol since there is a bunch of proposals. The answer is simply because many of the aforementioned proposals have been broken [15][16][17][18][19][20] or have a storage and transmission cost unacceptably high [4,6] for highly constrained IoT devices. This new protocol is inspired by the MM proposal [21], i.e.…”

Section: Introductionmentioning

confidence: 99%

Untitled

2016

IJCIS

View full text Add to dashboard Cite

Nowadays, highly constrained IoT devices have earned an important place in our everyday lives. These devices mainly comprise RFID (Radio-Frequency Identification) or WSN (Wireless Sensor Networks) components. Their adoption is growing in areas where data security or privacy or both must be guaranteed. Therefore, it is necessary to develop appropriate security solutions for these systems. Many papers have proposed solutions for encryption or authentication. But it turns out that sometimes the proposal has security flaw or is ill-suited for the constrained IoT devices (which has very limited processing and storage capacities).In this paper, we introduce a new authentication protocol inspired by Mirror-Mac (MM) which is a generic construction of authentication protocol proposed by Mol et al. Our proposal named RMAC is well suited for highly constrained IoT devices since its implementation uses simple and lightweight algorithms. We also prove that RMAC is at least as secure as the MM protocol and thus secure against man-in-the-middle attacks.

show abstract

Cryptanalysis of Compact-LWE and Related Lightweight Public Key Encryption

Cited by 5 publications

References 25 publications

LWE Without Modular Reduction and Improved Side-Channel Attacks Against BLISS

LWE Without Modular Reduction and Improved Side-Channel Attacks Against BLISS

Sensors for Context-Aware Smart Healthcare: A Security Perspective

Untitled

Contact Info

Product

Resources

About