The Influence of LWE/RLWE Parameters on the Stochastic Dependence of Decryption Failures

Maringer, Georg; Fritzmann, Tim; Sepúlveda, Johanna

doi:10.1007/978-3-030-61078-4_19

Cited by 3 publications

(3 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Although HE has solid secure guarantees derived from cryptography, in practice, for an HE implementation (e.g., CKKS), the parameter set that ensures the scheme’s security must also be carefully chosen. Specifically, there are three parameters [ 51 ] related to the security of HE schemes based on RLWE: (1) n (the dimension of a specified ring R ), which has an impact on both security and scheme performance, with the scheme security increased at a larger n , but the performance decreased at a larger n ; (2) a ciphertext modulus q that also influences both security and scheme performance by decreasing them at a larger q for a fixed n ; (3) the standard deviation of the error distribution

, which results in better security at a larger

. Consequently, there is a need for researchers, companies, and government agencies to perform experimentations to realize a standardized choice of security parameter sets.…”

Section: Security Analysismentioning

confidence: 99%

A Privacy-Preserving Framework Using Homomorphic Encryption for Smart Metering Systems

Sun

Cardell-Oliver

et al. 2023

Sensors

View full text Add to dashboard Cite

Smart metering systems (SMSs) have been widely used by industrial users and residential customers for purposes such as real-time tracking, outage notification, quality monitoring, load forecasting, etc. However, the consumption data it generates can violate customers’ privacy through absence detection or behavior recognition. Homomorphic encryption (HE) has emerged as one of the most promising methods to protect data privacy based on its security guarantees and computability over encrypted data. However, SMSs have various application scenarios in practice. Consequently, we used the concept of trust boundaries to help design HE solutions for privacy protection under these different scenarios of SMSs. This paper proposes a privacy-preserving framework as a systematic privacy protection solution for SMSs by implementing HE with trust boundaries for various SMS scenarios. To show the feasibility of the proposed HE framework, we evaluated its performance on two computation metrics, summation and variance, which are often used for billing, usage predictions, and other related tasks. The security parameter set was chosen to provide a security level of 128 bits. In terms of performance, the aforementioned metrics could be computed in 58,235 ms for summation and 127,423 ms for variance, given a sample size of 100 households. These results indicate that the proposed HE framework can protect customer privacy under varying trust boundary scenarios in SMS. The computational overhead is acceptable from a cost–benefit perspective while ensuring data privacy.

show abstract

, which results in better security at a larger

. Consequently, there is a need for researchers, companies, and government agencies to perform experimentations to realize a standardized choice of security parameter sets.…”

Section: Security Analysismentioning

confidence: 99%

A Privacy-Preserving Framework Using Homomorphic Encryption for Smart Metering Systems

Sun

Cardell-Oliver

et al. 2023

Sensors

View full text Add to dashboard Cite

show abstract

“…Hence, the LAC team changed the error distribution for polynomials in their Round 2 submission for the NIST-PQC [29]. In [38] it has been experimentally shown that this significantly reduces the stochastic dependence of coefficient failures. Quantitative statements have been obtained by using statistical methods.…”

Section: B Stochastic Independence Assumptionmentioning

confidence: 99%

Information- and Coding-Theoretic Analysis of the RLWE/MLWE Channel

Maringer

Puchinger

Wachter-Zeh

2023

IEEE Trans.Inform.Forensic Secur.

Self Cite

View full text Add to dashboard Cite

Several cryptosystems based on the Ring Learning with Errors (RLWE) problem have been proposed within the NIST post-quantum cryptography standardization process, e.g., NewHope. Furthermore, there are systems like Kyber which are based on the closely related MLWE assumption. Both previously mentioned schemes result in a non-zero decryption failure rate (DFR). The combination of encryption and decryption for these kinds of algorithms can be interpreted as data transmission over a noisy channel. To the best of our knowledge this paper is the first work that analyzes the capacity of this channel. We show how to modify the encryption schemes such that the input alphabets of the corresponding channels are increased. In particular, we present lower bounds on their capacities which show that the transmission rate can be significantly increased compared to standard proposals in the literature. Furthermore, under the common assumption of stochastically independent coefficient failures, we give lower bounds on achievable rates based on both the Gilbert-Varshamov bound and concrete code constructions using BCH codes. By means of our constructions, we can either increase the total bitrate (by a factor of 1.84 for Kyber and by factor of 7 for NewHope) while guaranteeing the same DFR or for the same bitrate, we can significantly reduce the DFR for all schemes considered in this work (e.g., for NewHope from 2 −216 to 2 −12769 ).

show abstract

“…Their sampling is therefore no more coefficient-wise but rather uniform on the resulting set. In [36] it has been experimentally shown that this significantly reduces the stochastic dependence of decryption failures and stochastic dependence has been quantified by using statistical methods.…”

Section: B Assuming Coefficient Failures To Be Stochastically Indepen...mentioning

confidence: 99%

Information- and Coding-Theoretic Analysis of the RLWE Channel

Maringer¹,

Puchinger²,

Wachter-Zeh³

2020

Preprint

Self Cite

View full text Add to dashboard Cite

The Learning with Errors (LWE) problem is an N P-hard problem that lies the foundation of several cryptographic algorithms. Generalizing this principle, several cryptosystems based on the closely related Ring Learning with Errors (RLWE) problem have been proposed within the NIST PQC standardization process, e.g., the systems LAC and NewHope. The combination of encryption and decryption for these kinds of algorithms can be interpreted as data transmission over noisy channels. To the best of our knowledge this paper is the first work that analyzes the capacity of this channel. In particular, we present lower bounds on the capacity, which show that the transmission rate can be significantly increased compared to standard proposals in the literature. Furthermore, under the assumption of stochastically independent coefficient failures we give achievability bounds as well as concrete code constructions achieving a decryption failure rate (DFR) less than 2 −112 for LAC and less than 2 −216 for NewHope for their highest proposed security levels. Our results show that the data rate of the encryption scheme is significantly increased for NewHope, namely by factor of 7 and for LAC by a factor of 2. This is partly based on choosing larger alphabet sizes. Furthermore we show how to significantly decrease the decryption failure rate compared to the original proposals while achieving the same bit rate. We also show that the measures we take to achieve these results have no negative impact on the security level. Thus, by means of our constructions, we can either increase the total bit rate while guaranteeing the same DFR or for the same bit rate, we can significantly reduce the DFR (e.g., for NewHope from 2 −216 to 2 −12764 ).

show abstract

The Influence of LWE/RLWE Parameters on the Stochastic Dependence of Decryption Failures

Cited by 3 publications

References 7 publications

A Privacy-Preserving Framework Using Homomorphic Encryption for Smart Metering Systems

A Privacy-Preserving Framework Using Homomorphic Encryption for Smart Metering Systems

Information- and Coding-Theoretic Analysis of the RLWE/MLWE Channel

Information- and Coding-Theoretic Analysis of the RLWE Channel

Contact Info

Product

Resources

About