AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
The security of the multilinear-DDH problem in our constructions relies on new hardness assumptions, and we provide an extensive cryptanalysis to validate these assumptions

Candidate Multilinear Maps from Ideal Lattices.

ADVANCES IN CRYPTOLOGY - EUROCRYPT 2013, (2013): 1-17

Cited by: 766|Views191
EI

Abstract

We describe plausible lattice-based constructions with properties that approximate the sought-after multilinear maps in harddiscrete-logarithm groups, and show an example application of such multi-linear maps that can be realized using our approximation. The security of our constructions relies on seemingly hard problems in ideal lattices...More

Code:

Data:

Introduction
  • Bilinear maps are extremely useful tools in cryptography. After being used to construct non-interactive key agreement [SOK00], tripartite Diffie-Hellman [Jou00], and identity-based encryption [BF01], the applications of bilinear maps have become too numerous to name.
  • An instance of the scheme relative to the parameters above encodes elements of a quotient ring QR = R/I, where the author iss a principal ideal I = g ⊂ R, generated by a short vector g.
Highlights
  • Bilinear maps are extremely useful tools in cryptography
  • In this paper we only demonstrate the applicability of our candidate to the “obvious” application of multipartite Diffie-Hellman key exchange, but other applications are surly possible
  • The security of the multilinear-DDH problem in our constructions relies on new hardness assumptions, and we provide an extensive cryptanalysis to validate these assumptions
  • To make sure that our constructions are not “trivially” insecure, we prove that our constructions are secure against adversaries that merely run a straight-line program
  • We present new attacks on principal ideal lattices, which arise in our constructions, that are more efficient than attacks on general ideal lattices
  • This works because for any two encodings u, u of the same coset we have pztu − pztu = pzt(u − u ) < q3/4, so we expect pztu, pztu to agree on their/4 − λ most significant bits. (There is a negligible chance that u and u are such that pztu and pztu are on opposite sides of a boundary, such that they have different MSBs.) On the other hand, by Lemma 4, we know that we cannot have pzt(u − u ) < q1− when u − u encodes something nonzero, and the values pztu and pztu cannot agree on their/4 − λ MSBs. This means, that no two points in the basic cell of I agree on their collected bits when multiplied by pzt, so the collected bits from an encoding of a random coset have min-entropy at least log |R/I|
Results
  • The authors' system depends on another secret element z, which is chosen at random in Rq. A level-zero (“plaintext”) encoding of a coset e+I ∈ R/The author iss just a short vector in that coset.
  • To sample a level-zero encoding of a random coset, the authors just draw a random short element in R, d ← DZn,σ , where σ = σn.
  • The authors use the xi’s to randomize level-one encodings: Given u = [c /z]q with noise-bound c < γ, the authors draw an m-vector of integer coefficients r ← DZm,σ∗ for large enough σ∗ (e.g. σ∗ = 2λγ), and output u
  • In particular the authors abstract this procedure as reRand(y, i, u ): Given u = [c /zi]q with noise-bound c < γ, the authors draw an m-vector of integer coefficients r ← DZm,σ∗ for large enough σ∗ (e.g. σ∗ = 2λγ), and output u := [u + Xir]q as a re-randomized version of u.
  • To extract a “canonical” and “random” representation of a coset from an encoding u = [c/zκ]q, the authors just multiply by the zero-testing parameter pzt, collect the/4 − λ most-significant bits of each of the n coefficients of the result, and apply a strong randomness extractor to the collected bits.
Conclusion
  • (There is a negligible chance that u and u are such that pztu and pztu are on opposite sides of a boundary, such that they have different MSBs.) On the other hand, by Lemma 4, the authors know that the authors cannot have pzt(u − u ) < q1− when u − u encodes something nonzero, and the values pztu and pztu cannot agree on their/4 − λ MSBs. This means, that no two points in the basic cell of the author agrees on their collected bits when multiplied by pzt, so the collected bits from an encoding of a random coset have min-entropy at least log |R/I|.
  • The authors can apply the above procedure to many of the level-one encodings of zero from the public parameters, thereby getting many elements in the ideal the author itselfs.
Funding
  • Watson funded by NSF Grant No.1017660
  • This work was supported by the Intelligence Advanced Research Projects Activity (IARPA) via Department of Interior National Business Center (DoI/NBC) contract number D11PC20202
Reference
  • Agrawal, S., Gentry, C., Halevi, S., Sahai, A.: Sampling discrete gaussians efficiently and obliviously. Cryptology ePrint Archive, Report 2012/714 (2012), http://eprint.iacr.org/ Boneh, D., Franklin, M.: Identity-based encryption from the weil pairing. In: Kilian, J. (ed.) CRYPTO 200LNCS, vol.2139, pp.213–229.
    Locate open access versionFindings
  • Springer, Heidelberg (2001) Boneh, D., Lipton, R.J.: Algorithms for black-box fields and their application to cryptography (extended abstract). In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 283–297.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (1996) Boneh, D., Silverberg, A.: Applications of multilinear forms to cryptography. Contemporary Mathematics 324, 71–90 (2003) Coppersmith, D., Shamir, A.: Lattice attacks on ntru. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 52–61.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (1997) Gentry, C.: Key recovery and message attacks on ntru-composite. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 182–194.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2001) Goldreich, O., Goldwasser, S., Halevi, S.: Public-key cryptosystems from lattice reduction problems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 112–131.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (1997) Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. Cryptology ePrint Archive, Report 2012/610 (2012), http://eprint.iacr.org/ Garg, S., Gentry, C., Halevi, S., Sahai, A., Waters, B.: Attribute-based encryption for circuits from multilinear maps. Cryptology ePrint Archive, Report 2013/128 (2013), http://eprint.iacr.org/ Garg, S., Gentry, C., Sahai, A., Waters, B.: Witness encryption and its applications. In: STOC (2013) Goldwasser, S., Kalai, Y., Popa, R.A., Vaikuntanathan, V., Zeldovich, N.: Succinct functional encryption and applications: Reusable garbled circuits and beyond. In: STOC (2013) Gentry, C., Szydlo, M.: Cryptanalysis of the revised ntru signature scheme. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol.2332, pp.299–320.
    Locate open access versionFindings
  • Springer, Heidelberg (2002) Gorbunov, S., Vaikuntanathan, V., Wee, H.: Predicate encryption for circuits. In: STOC (2013) Howgrave-Graham, N., Szydlo, M.: A method to solve cyclotomic norm equations. In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 272– 279.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2004)
    Google ScholarFindings
  • Hoffstein, J., Howgrave-Graham, N., Pipher, J., Silverman, J.H., Whyte, W.: Ntrusign: Digital signatures using the ntru lattice. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 122–140.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2003) Hoffstein, J., Kaliski, B.S., Lieman, D.B., Robshaw, M.J.B., Yin, Y.L.: Secure user identification based on constrained polynomials. US Patent 6,076,163 (2000) Hoffstein, J., Pipher, J., Silverman, J.H.: Ntru: A ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (1998) Hoffstein, J., Pipher, J., Silverman, J.H.: Nss: An ntru lattice-based signature scheme. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 211–228.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2001) Joux, A.: A one round protocol for tripartite diffie-hellman. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 385–394.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2000) Micciancio, D., Regev, O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Computing 37(1), 267–302 (2007) Nguyen, P.Q., Regev, O.: Learning a parallelepiped: Cryptanalysis of ggh and ntru signatures. In: Vaudenay, S. (ed.) EUROCRYPT 2006. LNCS, vol. 4004, pp. 271–288.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2006) Papamanthou, C., Tamassia, R., Triandopoulos, N.: Optimal authenticated data structures with multilinear forms. In: Joye, M., Miyaji, A., Otsuka, A. (eds.) Pairing 2010. LNCS, vol. 6487, pp. 246–264.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2010) Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC, pp. 84–93 (2005) Rothblum, R.D.: On the circular security of bit-encryption. In: Sahai, A. (ed.) TCC 2013. LNCS, vol. 7785, pp. 579–598.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2013) Ruckert, M., Schroder, D.: Aggregate and verifiably encrypted signatures from multilinear maps without random oracles. In: Park, J.H., Chen, H.H., Atiquzzaman, M., Lee, C., Kim, T.-h., Yeo, S.-S. (eds.) ISA 2009. LNCS, vol. 5576, pp. 750–759.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2009) Sakai, R., Ohgishi, K., Kasahara, M.: Cryptosystems based on pairing. In: SCIS 2000, Okinawa, Japan (January 2000) Szydlo, M.: Hypercubic lattice reduction and analysis of ggh and ntru signatures. In: Biham, E. (ed.) EUROCRYPT 2003. LNCS, vol. 2656, pp. 433–448.
    Google ScholarLocate open access versionFindings
  • Springer, Heidelberg (2003)
    Google ScholarFindings
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科