Faster Dual Lattice Attacks for Solving LWE with Applications to CRYSTALS

Guo, Qian; Johansson, Thomas

doi:10.1007/978-3-030-92068-5_2

Cited by 21 publications

(10 citation statements)

References 37 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Similarly, the key size for our star-specific key-homomorphic PRF family is the same as that of the key-homomorphic PRF family from [35]. Specifically, for security parameter L and 2 L security against known lattice reduction algorithms [11,121,126,128,129,190,231,229,217,216,254,271,272,273,230,257,195,16,46,153,225,224,79], the key size for our star-specific key-homomorphic PRF family is L.…”

Section: Runtime and Key Sizementioning

confidence: 99%

Star-specific Key-homomorphic PRFs from Linear Regression and Extremal Set Theory

Sehrawat¹,

Yeo²,

Vassilyev³

2022

Preprint

View full text Add to dashboard Cite

We introduce a novel method to derandomize the learning with errors (LWE) problem by generating deterministic yet sufficiently independent LWE instances, that are constructed via special linear regression models. We also introduce star-specific key-homomorphic (SSKH) pseudorandom functions (PRFs), which are defined by the respective sets of parties that construct them. We use our derandomized variant of LWE to construct a SSKH PRF family. The sets of parties constructing SSKH PRFs are arranged as star graphs with possibly shared vertices, i.e., some pair of sets have non-empty intersections. We reduce the security of our SSKH PRF family to the hardness of LWE. To establish the maximum number of SSKH PRFs that can be constructed -by a set of parties -in the presence of passive/active and external/internal adversaries, we prove several bounds on the size of maximally cover-free at most t-intersecting k-uniform family of sets H, where the three properties are defined as:For the same purpose, we define and compute the mutual information between different linear regression hypotheses that are generated via overlapping training datasets.

show abstract

Section: Runtime and Key Sizementioning

confidence: 99%

Star-specific Key-homomorphic PRFs from Linear Regression and Extremal Set Theory

Sehrawat¹,

Yeo²,

Vassilyev³

2022

Preprint

View full text Add to dashboard Cite

show abstract

“…In [GJ21] further improvements were presented. In particular, the search over s 1 is realised using a Fast Fourier Transform style algorithm and the search space is significantly reduced by roughly considering only the most significant bits of s 1 .…”

Section: We Define Two Problemsmentioning

confidence: 99%

“…Up until recently, dual attacks were generally considered less efficient for secrets s drawn from a sufficiently wide distribution. Recent developments [GJ21,MAT22] of dual attacks, however, have shown their ability to surpass primal attacks. These performance improvements are derived from combining lattice reduction on the scaled dual of a target lattice with an exhaustive search on a space related to the underlying secret s. Roughly speaking, spending more resources on the exhaustive search part allows us to spend fewer resources on the lattice reduction part of the overall algorithm and vice versa.…”

Section: Introductionmentioning

confidence: 99%

“…In [GJ21] the search over part of the secret vector is realised using a Fast Fourier Transform style algorithm and the search space is significantly reduced by roughly considering only the most significant bits of this part of the secret. In [MAT22] this last step is replaced by "modulus switching" which further provides significant performance gains.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Quantum Augmented Dual Attack

Albrecht¹,

Shen²

2022

Preprint

View full text Add to dashboard Cite

We present a quantum augmented variant of the dual lattice attack on the Learning with Errors (LWE) problem, using classical memory with quantum random access (QRACM). Applying our results to lattice parameters from the literature, we find that our algorithm outperforms previous algorithms, assuming unit cost access to a QRACM. On a technical level, we show how to obtain a quantum speedup on the search for Fast Fourier Transform (FFT) coefficients above a given threshold by leveraging the relative sparseness of the FFT and using quantum amplitude estimation. We also discuss the applicability of the Quantum Fourier Transform in this context. Furthermore, we give a more rigorous analysis of the classical and quantum expected complexity of guessing part of the secret vector where coefficients follow a discrete Gaussian (mod q).

show abstract

“…Martin [1] propose a re-randomization and smaller-dimensional lattice reduction method, and investigate the method for generating coefficients of short vectors in the dual attack. Guo and Thomas [58] show that the current security estimates from the primal attacks are overestimated. Espitau et al [50] achieve a dual attack that outperforms the primal attack.…”

Section: Recent Advances On Dual Attackmentioning

confidence: 99%

Compact and Efficient KEMs over NTRU Lattices

Zhichuang¹,

Fang²,

Jun³

et al. 2022

Preprint

View full text Add to dashboard Cite

Post-quantum cryptography (PQC) is critical to the next generation of network security. The NTRU lattice is a promising candidate to construct practical cryptosystems resistant to quantum computing attacks, and particularly plays a leading role in the ongoing NIST post-quantum cryptography standardization. On the one hand, it is benefited from a strong security guarantee since it has essentially not been broken over 24 years. On the other hand, all the known patent threats against NTRU have expired, which is deemed a critical factor for consideration when deploying PQC algorithms in reality. Nevertheless, there are still some obstacles to the computational efficiency and bandwidth complexity of NTRU-based constructions of key encapsulation mechanisms (KEM).To address these issues, we propose a compact and efficient KEM based on the NTRU lattice, called CTRU, by introducing a scalable ciphertext compression technique. It demonstrates a new approach to decrypting NTRU ciphertext, where the plaintext message is recovered with the aid of our decoding algorithm in the scalable E 8 lattice (instead of eliminating the extra terms modulo 𝑝 in traditional NTRU-based KEM schemes). The instantiation of CTRU is over the NTT-friendly rings of the form Z 𝑞 [𝑥]/(𝑥 𝑛 − 𝑥 𝑛/2 + 1). We remark that the scalable ciphertext compression technique can also be applied to NTRU-based KEM schemes over other polynomial rings. In order to deal with the inconvenient issue that various NTT algorithms are needed for different 𝑛's, we present a unified NTT methodology over Z 𝑞 [𝑥]/(𝑥 𝑛 −𝑥 𝑛/2 + 1), 𝑛 ∈ {512, 768, 1024}, such that only one type of NTT computation is required for different 𝑛's, which might be of independent interest.To our knowledge, our CTRU is the most bandwidth efficient KEM based on the NTRU lattice up to now. In addition, roughly speaking, compared to other NTRU-based KEM schemes, CTRU has stronger security against known attacks, enjoys more robust CCA security reduction (starting from IND-CPA rather than OW-CPA), and its encapsulation and decapsulation processes are also among the most efficient. For example, when compared to the NIST Round 3 finalist NTRU-HRSS, our CTRU-768 has 15% smaller ciphertext size and its security is strengthened by (45, 40) bits for classical and quantum security respectively. When compared to the NIST Round 3 finalist Kyber that is based on the Module-LWE (MLWE) assumption, CTRU has both smaller bandwidth and lower error probabilities at about the same security level.

show abstract

Faster Dual Lattice Attacks for Solving LWE with Applications to CRYSTALS

Cited by 21 publications

References 37 publications

Star-specific Key-homomorphic PRFs from Linear Regression and Extremal Set Theory

Star-specific Key-homomorphic PRFs from Linear Regression and Extremal Set Theory

Quantum Augmented Dual Attack

Compact and Efficient KEMs over NTRU Lattices

Contact Info

Product

Resources

About