Efficient Identity-Based Encryption over NTRU Lattices

Ducas, Léo; Lyubashevsky, Vadim; Prest, Thomas

doi:10.1007/978-3-662-45608-8_2

Cited by 181 publications

(184 citation statements)

References 34 publications

Supporting

Mentioning

157

Contrasting

Order By: Relevance

“…The efficient sampling of polynomials from a narrow discrete Gaussian distribution has been examined in [DG14] and a hardware implementation of a sampler has been proposed in [RVV13]. The RLWEenc scheme is also employed in a recently proposed identity-based encryption scheme (IBE) [DLP14] and is similar to a key exchange protocol [Pei14] that can be used in the transport layer security (TLS) protocol [BCNS15].…”

Section: Related Workmentioning

confidence: 99%

“…That means that for negative inputs we invert before the look-up and again after the look-up. The same approach would also work for the binary error distribution used for the IBE scheme in [DLP14] and it would be possible to cover even two or more stages due to the very limited input range.…”

Section: Usage Of Look-up Tables For Narrow Input Distributionsmentioning

confidence: 99%

“…However, different schemes might turn out to be more efficient, more secure, or simpler to implement. Examples of signature schemes that might perform well on embedded systems are BG [BG14], PASSSign [HPS + 14], the modified NTRU signature scheme [MBDG14], or the signature scheme from [DLP14]. Another interesting application of ideal lattice-based cryptography is (authenticated) key exchange.…”

Section: Investigation Of Alternative Schemesmentioning

confidence: 99%

“…One example are IBE schemes, which promise simpler key management [Sha84]. Judged by the required computations and proposed parameter sets it seems that relatively simple lattice-based IBE schemes like the one presented in [DLP14] could also be realized efficiently on constrained devices. Another interesting field could be research on ABE [Boy13].…”

Section: Implementation Of Advanced Schemesmentioning

confidence: 99%

See 3 more Smart Citations

Efficient implementation of ideal lattice-based cryptography

Pöppelmann¹

2017

It - Information Technology

View full text Add to dashboard Cite

Digital signatures and public-key encryption are used to protect almost any secure communication channel on the Internet or between embedded devices. Currently, protocol designers and engineers usually rely on schemes that are either based on the factoring assumption (RSA) or on the hardness of the discrete logarithm problem (DSA/ECDSA). But in case of advances in classical cryptanalysis or progress on the development of quantum computers the hardness of these closely related problems might be seriously weakened. In order to prepare for such an event, research on alternatives is required to provide long-term security.In this thesis, we focus on the efficient implementation of such alternative public-key cryptosystems whose security is based on the intractability of certain computational problems on ideal lattices. While an extensive theoretical background exists for lattice-based and ideal latticebased cryptography, not much is known about the efficiency of practical instantiations, especially on constrained and cost-sensitive platforms. We thus investigate novel algorithms and implementation techniques for fast and flexible polynomial multiplication and Gaussian sampling and then use these building blocks to implement public-key encryption and signature schemes. The results provided in this thesis show that lattice-based schemes can be optimized for high performance or resource efficiency on embedded microcontrollers and reconfigurable hardware. Our implementations of a public-key encryption scheme based on the ring learning with errors problems (RLWE) or of the bimodal lattice signature scheme (BLISS) can even outperform classical ECC-and RSA-based implementations.Lattice-based cryptography can also be used to realize homomorphic cryptography that allows computation on encrypted data. However, due to the large parameter sets and complex operations required, even for simple homomorphic evaluation operations, the performance of these schemes is a major issue preventing practical usage. In this thesis we investigate options for acceleration of homomorphic cryptography in a cloud environment using reconfigurable hardware. We implement all evaluation operations of the YASHE homomorphic encryption scheme and propose methods to deal with large ciphertext and key sizes as well as limited memory bandwidth. KeywordsPost-quantum cryptography, public-key cryptosystem, embedded system, microcontroller, FPGA KurzfassungDigitale Signaturen und Public-Key-Verschlüsselung werden für den Schutz nahezu jeder sicheren Kommunikation über das Internet oder zwischen eingebetteten Systemen genutzt. Die Sicherheit basiert dabei entweder auf der Faktorisierungsannahme (RSA) oder der Annahme, dass es schwer ist, das diskrete Logarithmus-Problem (DSA/ECDSA) zu lösen. Durch Fortschritte in der klassischen Kryptoanalyse oder bei der Entwicklung von Quantencomputern könnten diese Probleme allerdings in Zukunft ernsthaft geschwächt oder gelöst werden. Daher ist Forschung zu alternativen Public-Key-Kryptosystemen erforderlich, die in ...

show abstract

Section: Related Workmentioning

confidence: 99%

Section: Usage Of Look-up Tables For Narrow Input Distributionsmentioning

confidence: 99%

Section: Investigation Of Alternative Schemesmentioning

confidence: 99%

Section: Implementation Of Advanced Schemesmentioning

confidence: 99%

See 2 more Smart Citations

Efficient implementation of ideal lattice-based cryptography

Pöppelmann¹

2017

It - Information Technology

View full text Add to dashboard Cite

show abstract

“…Besides possessing highly desirable post-quantum security features, lattice-based cryptography relies on simple structures, allowing e cient asymptotic complexities, and is quite flexible in practice. In addition to encryption/signature schemes ( [15,24,18,8,20,21]), identity-based encryption [9], multilinear maps [11,16], lattices are also involved in homomorphic encryption (HE). The discovery of this property by Gentry in 2009 [13], through the use of ideal rings, is a major breakthrough which has opened the door to many opportunities in terms of applications, especially when coupled with cloud computing.…”

Section: Introductionmentioning

confidence: 99%

A Full RNS Variant of FV Like Somewhat Homomorphic Encryption Schemes

Bajard

Eynard

Hasan

et al. 2017

Lecture Notes in Computer Science

133

163

View full text Add to dashboard Cite

Abstract. Since Gentry's breakthrough work in 2009, homomorphic cryptography has received a widespread attention. Implementation of a fully homomorphic cryptographic scheme is however still highly expensive. Somewhat Homomorphic Encryption (SHE) schemes, on the other hand, allow only a limited number of arithmetical operations in the encrypted domain, but are more practical. Many SHE schemes have been proposed, among which the most competitive ones rely on (Ring-) Learning With Error (RLWE) and operations occur on high-degree polynomials with large coe cients. This work focuses in particular on the Chinese Remainder Theorem representation (a.k.a. Residue Number Systems) applied to large coe cients. In SHE schemes like that of Fan and Vercauteren (FV), such a representation remains hardly compatible with procedures involving coe cient-wise division and rounding required in decryption and homomorphic multiplication. This paper suggests a way to entirely eliminate the need for multi-precision arithmetic, and presents techniques to enable a full RNS implementation of FV-like schemes. For dimensions between 2 11 and 2 15 , we report speed-ups from 5⇥ to 20⇥ for decryption, and from 2⇥ to 4⇥ for multiplication.

show abstract

Identity‐based proxy signature over NTRU lattice

Wang

Zhang

et al. 2018

Int J Communication

View full text Add to dashboard Cite

Proxy signature scheme is an important cryptographic primitive, for an entity can delegate his signing right to another entity. Although identity-based proxy signature schemes based on conventional number-theoretic problems have been proposed for a long time, the researchers have paid less attention to lattice-based proxy signature schemes that can resist quantum attack. In this paper, we first propose an identity-based proxy signature scheme over Number Theory Research Unit (NTRU)-lattice. We proved that the proposed paradigm is secure under the hardness of the -shortest vector problem on the NTRU lattice in random oracle model; furthermore, the comparison with some existing schemes shows our scheme is more efficient in terms of proxy signature secret key size, proxy signature size, and computation complexity. As the elemental problem of the proposed scheme is difficult even for quantum computation model, our scheme can work well in quantum age. KEYWORDSidentity-based, NTRU lattice, proxy signature, quantum computation Proxy signature, proposed by Mambo, Usuda, and Okamoto, 1 is a significant cryptographic scheme that is widely used in different situations, such as cloud computing, e-commerce, and electronic election. Proxy signature can guarantee the security of signature commission, that is, the original signer entrusts his right to the proxy signer, the proxy signer instead of the original signer to sign the message, and even the proxy signer cannot forge the user's signature. The researchers have proposed many effective proxy signature schemes based on large prime factorization and discrete logarithm problems. [2][3][4] However, these categories of schemes are not safe over the long term, because both are solved in polynomial time when we take quantum computation model into consideration. 5 In order to reduce the threat from the quantum computer, many researchers have paid their attention to post-quantum cryptography and proposed some effective proxy signature schemes based on hash, multivariate public key cryptosystems (MPKC), and lattice. [6][7][8][9] As a typical representation of the post-quantum cryptography, lattice-based signature schemes occupy a position of particular interest, because they rely on well-studied problems and come with uniquely strong security guarantees. 10 Many organizations and researchers are committed to design effective lattice-based signature schemes to replace Rivest-Shamir-Adleman (RSA) and elliptic curve cryptography (ECC)-based schemes, and results show that properly optimized lattice-based proxy signature schemes may compete with or even outperform these schemes based on conventional number-theoretic problems. Gentry et al 11 proposed a provable secure lattice-based signature scheme in 2008. Since then, many researchers have proposed lattice-based proxy signature schemes by using preimage sampling technique, which costs a lot of time and resources. Jiang et al 12 constructed lattice-based proxy signature schemes by using bonsai tree Int J Commun Syst. 2019;32:e3867.wileyon...

show abstract

Efficient Identity-Based Encryption over NTRU Lattices

Cited by 181 publications

References 34 publications

Efficient implementation of ideal lattice-based cryptography

Efficient implementation of ideal lattice-based cryptography

A Full RNS Variant of FV Like Somewhat Homomorphic Encryption Schemes

Identity‐based proxy signature over NTRU lattice

Contact Info

Product

Resources

About