nach oben

Erschienen in:

2015 | OriginalPaper | Buchkapitel

Tighter Security for Efficient Lattice Cryptography via the Rényi Divergence of Optimized Orders

verfasst von : Katsuyuki Takashima, Atsushi Takayasu

Erschienen in: Provable Security

Verlag: Springer International Publishing

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config

KI-gestützte Suche

Aus

Abstract

In security proofs of lattice based cryptography, to bound the closeness of two probability distributions is an important procedure. To measure the closeness, the Rényi divergence has been used instead of the classical statistical distance. Recent results have shown that the Rényi divergence offers security reductions with better parameters, e.g. smaller deviations for discrete Gaussian distributions. However, since previous analyses used a fixed order Rényi divergence, i.e., order two, they lost tightness of reductions. To overcome the deficiency, we adaptively optimize the orders based on the advantages of the adversary for several lattice-based schemes. The optimizations enable us to prove the security with both improved efficiency and tighter reductions. Indeed, our analysis offers security reductions with smaller parameters than the statistical distance based analysis and the reductions are tighter than that of previous Rényi divergence based analysis. As applications, we show tighter security reductions for sampling discrete Gaussian distributions with smaller precomputed tables for BLISS signatures, and variants of learning with errors (LWE) problem and small integer solution (SIS) problem called k-LWE and k-SIS.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Vorheriges Kapitel On Provable Security of wPRF-Based Leakage-Resilient Stream Ciphers

Nächstes Kapitel Black-Box Separations of Hash-and-Sign Signatures in the Non-Programmable Random Oracle Model

Nur mit Berechtigung zugänglich

Though there are no assurance for the upper bound of \(R_{\alpha }(\varPhi \Vert \varPhi ')\) to be \(O(\exp (\alpha ))\) for arbitrary distributions \( \varPhi \) and \( \varPhi '\), it holds for the distributions which we study in this paper.

In [2], Bai et al. showed a slightly better bound for our Lemma 5. However, we do not know the proof and we prove the lemma in this paper. See the full version of this paper.

While in [5], the brute-force adversary for all key candidates is considered, we consider the corresponding one-time guessing adversary. Hence, the advantage of the guessing adversary is the inverse of the computation time of the brute-force adversary.

In [2], Bai et al. analyzed the precisions by measuring the closeness between \(B_{\tilde{c}_i}\) and \(B_{c_i}\) depending on i. The analysis further reduces the required precisions for SD and KLD based analyses, i.e., 4598 and 3893 bits tables respectively. Though our analysis also offers lower precisions, we omit the analysis in this paper.

In a very recent version [11], Ling et al. proposed improved results for the first subreduction. We can incorporate the improvements into our Theorems 2 and 4.

Agrawal, S., Gentry, C., Halevi, S., Sahai, A.: Discrete Gaussian Leftover Hash Lemma over Infinite Domains. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013, Part I. LNCS, vol. 8269, pp. 97–116. Springer, Heidelberg (2013) CrossRef

Bai, S., Langois, A., Lepoint, T., Stehlé, D., Steinfeld, R.: Improved security proofs in lattice-based cryptography: using the Rényi divergence rather than the statistical distance. In: IACR Cryptology ePrint Archive: Report 2015/483, Asiacrypt 2015 (2015, to appear)

Boneh, D., Freeman, D.M.: Linearly homomorphic signatures over binary fields and new tools for lattice-based signatures. In: Catalano, D., Fazio, N., Gennaro, R., Nicolosi, A. (eds.) PKC 2011. LNCS, vol. 6571, pp. 1–16. Springer, Heidelberg (2011) CrossRef

Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011) CrossRef

Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013) CrossRef

van Erven, T., Harremoës, P.: Rényi divergence and Kullback-Leibler divergence. In: CoRR, abs/1206.2459 (2012)

Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of STOC 2008, pp. 197–206. ACM (2008)

Langlois, A., Stehlé, D., Steinfeld, R.: GGHLite: more efficient multilinear maps from ideal lattices. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 239–256. Springer, Heidelberg (2014) CrossRef

Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011) CrossRef

10.

Ling, S., Phan, D.H., Stehlé, D., Steinfeld, R.: Hardness of k-LWE and applications in traitor tracing. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 315–334. Springer, Heidelberg (2014)

11.

Ling, S., Phan, D.H., Stehlé, D., Steinfeld, R.: Hardness of \(k\)-LWE and applications in traitor tracing. In: IACR Cryptology ePrint Archive: Report 2014/494 (2015). Accessed 5 August 2015

12.

Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. J. ACM 60(6), 43 (2013)MathSciNetCrossRefMATH

13.

Micciancio, D., Regev, O.: Worst-case to average-case reductions based on gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007)MathSciNetCrossRefMATH

14.

Pöppelmann, T., Ducas, L., Güneysu, T.: Enhanced lattice-based signatures on reconfigurable hardware. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 353–370. Springer, Heidelberg (2014)

15.

Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34 (2009)MathSciNetCrossRefMATH

16.

Rényi, A.: On measures of entropy and information. Proc. Fourth Berkeley Symp. Math. Stat. Probab. 1, 547–561 (1961)MathSciNetMATH

Titel: Tighter Security for Efficient Lattice Cryptography via the Rényi Divergence of Optimized Orders
verfasst von: Katsuyuki Takashima
Atsushi Takayasu
Verlag: Springer International Publishing
Buch: Provable Security
Print ISBN: 978-3-319-26058-7

Electronic ISBN: 978-3-319-26059-4

Copyright-Jahr: 2015
DOI: https://doi.org/10.1007/978-3-319-26059-4_23

Springer Professional

Abstract

Bitte loggen Sie sich ein, um Zugang zu Ihrer Lizenz zu erhalten.

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"