Upload File

lattice-based cryptography: a primer · why post quantum • crypto motto: ready for the worst •...

  • Home
  • Documents
  • Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •
17
Lattice-Based Cryptography: A Primer Rishiraj Bhattacharyya

Upload: others

Post on 12-Mar-2020

0 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Lattice-Based Cryptography: A Primer

Rishiraj Bhattacharyya

Page 2: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Symmetric Key Cryptography

Public Key Cryptography

Page 3: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Symmetric Key Crypto:

1. One Time Pad: “r” is the key.

2. Stream Cipher: Both Alice and Bob generate “r” from the key using a pseudorandom generator

Page 4: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Send “r” securely using Public Key of Bob

Semantic Security: r is pseudorandom, given (pk,c’,c)

Page 5: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Public Key Crypto

1.

Example

Bob recovers r using trapdoor

pk sk

Page 6: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Public Key Crypto

1. 2.

Example

Page 7: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Public Key Crypto

1. 2.

Example Example

Requires Trapdoor Functions like RSA Requires one way functions and Key Exchange

Page 8: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Why Post Quantum• Crypto Motto: Ready for the worst

• Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems

• Shor, Peter W. (1997), "Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer", SIAM J. Comput. 26 (5): 1484–1509, arXiv:quant-ph/9508027v2

Page 9: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Alternatives: Code Based and Lattice Based

• Similar Basic Idea:

• Error Correcting random code

• Solving approximate linear equations

• Fast Implementation: Linear operations over a Finite Field.

Page 10: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

1. A short review of Cryptographic Design

2. Lattice based Encryptions

3. Lattice based Signatures

4. Available Implementations

Agenda

Page 11: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Lattice• Discrete Subgroup of

Rn

L =nX

i=1

↵ivi,↵i 2 Z

Page 12: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

1/1

Lattice has Multiple Basis

Page 13: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

Classical Hard Problems

• Shortest (linearly independent) vector problem

• Closest Vector Problem

Page 14: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

2/2

Short Integer Solutions

� Solving linear equation is easy.� What about additional constraints?� z = {−1, 0, 1}n

Page 15: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

3/3

Dual Approach: Learning with Error

� How about correcting errors?� Find solution of approximate linear equations?� A ← Zm×n

q

� s ← Znq , e ← χn

� b = As+ e

QuestionDistinguish b from uniform.

Page 16: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

4/3

RoadMap

� Encryption Schemes� Regev’s Encryption and its dual� Subset Sum Encryption� Regev’s Encryption in Ring-LWE� Stehle-Steinfield Encryption� NTRU.

Page 17: Lattice-Based Cryptography: A Primer · Why Post Quantum • Crypto Motto: Ready for the worst • Efficient Quantum Algorithm for Factorisation and Discrete Logarithm Problems •

4/3

RoadMap

� Encryption Schemes� Regev’s Encryption and its dual� Subset Sum Encryption� Regev’s Encryption in Ring-LWE� Stehle-Steinfield Encryption� NTRU.

� Signature Schemes� Lattice Trapdoor and Hash and Sign� Fiat-Shamir with Lattices.


Simplification and Factorisation

10. Algebra (Expansion and Factorisation)

Indices & logarithm

Matrix Factorisation (and Dimensionality Reduction)

Bracket Expansion and Factorisation

64 introduction to logarithm

CHAPTER 12 – ALGEBRAIC FACTORISATION

The Gray tensor product via factorisation

Logarithm lesson

Logarithm Act Vi Ties

Factorisation of algebraic expressions 3

Factorisation example (quadratic)

Factorisation in diffraction

Factorisation of algebraic expressions

Indices and Logarithm

elliptic curves arXiv:quant-ph/0301141v2 22 Jan 2004arXiv:quant-ph/0301141v2 22 Jan 2004 Shor’s discrete logarithm quantum algorithm for elliptic curves ... on a quantum computer

Factorisation matricielle, application à la recommandation

Logarithm 1

1.30.08 Logarithm Intro

Notes Chapter 14 Factorisation

Matrix Factorisation

Factorisation matricielle non-n egative s emantique · 2019. 9. 10. · Factorisation matricielle non n egative (NMF)Factorisation matricielle non-n egative s emantique (SNMF)Exp

Introduction to Logarithm

Exponent Logarithm

Quadratic factorisation 'box' method

UNIT # 3 LOGARITHM

Unitarity and Factorisation in Quantum Field Theory

Natural Logarithm and Natural Exponentialapilking/Math10560/Lectures/Lecture 2.pdf · Annette Pilkington Natural Logarithm and Natural Exponential. Natural Logarithm FunctionGraph

Deep factorisation of the stable process

Logarithm. Logarithm (Introduction) The logarithmic function is defined as the inverse of the exponential function. *A LOGARITHM is an exponent. It is

6. ALGEBRAIC FACTORISATION AND FORMULAE · 40 6. ALGEBRAIC FACTORISATION AND FORMULAE ALGEBRAIC FACTORISATION In arithmetic, when we speak of the factors of a

Logarithms. What is a LOGARITHM? A logarithm is another way to represent an exponent. A logarithm is another way to represent an exponent. Video Video

Mathematics - Logarithm

Online recommendations at scale using matrix factorisation

Exponential -Logarithm Function