Advertisement

Middle-Product Learning with Rounding Problem and Its Applications

  • Shi BaiEmail author
  • Katharina Boudgoust
  • Dipayan Das
  • Adeline Roux-Langlois
  • Weiqiang Wen
  • Zhenfei Zhang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11921)

Abstract

At CRYPTO 2017, Roşca et al. introduce a new variant of the Learning With Errors (LWE) problem, called the Middle-Product LWE (\({\mathrm {MP}\text {-}\mathrm{LWE}}\)). The hardness of this new assumption is based on the hardness of the Polynomial LWE (P-LWE) problem parameterized by a set of polynomials, making it more secure against the possible weakness of a single defining polynomial. As a cryptographic application, they also provide an encryption scheme based on the \({\mathrm {MP}\text {-}\mathrm{LWE}}\) problem. In this paper, we propose a deterministic variant of their encryption scheme, which does not need Gaussian sampling and is thus simpler than the original one. Still, it has the same quasi-optimal asymptotic key and ciphertext sizes. The main ingredient for this purpose is the Learning With Rounding (LWR) problem which has already been used to derandomize LWE type encryption. The hardness of our scheme is based on a new assumption called Middle-Product Computational Learning With Rounding, an adaption of the computational LWR problem over rings, introduced by Chen et al. at ASIACRYPT 2018. We prove that this new assumption is as hard as the decisional version of MP-LWE and thus benefits from worst-case to average-case hardness guarantees.

Keywords

LWE LWR Middle-Product Public key encryption 

Notes

Acknowledgments

This work is supported by the European Union PROMETHEUS project (Horizon 2020 Research and Innovation Program, grant 780701). This work has also received a French government support managed by the National Research Agency in the “Investing for the Future” program, under the national project RISQ P141580-2660001/DOS0044216, and under the project TYREX granted by the CominLabs excellence laboratory with reference ANR-10-LABX-07-01. This work is also supported through NATO SPS Project G5448 and through NIST awards 60NANB18D216 and 60NANB18D217.

Katharina Boudgoust is funded by the Direction Générale de l’Armement (Pôle de Recherche CYBER). Dipayan Das is funded by MHRD, India.

We also thank our anonymous referees for their helpful and constructive comments.

References

  1. [AA16]
    Alperin-Sheriff, J., Apon, D.: Dimension-preserving reductions from LWE to LWR. IACR Cryptology ePrint Archive, 2016:589 (2016)Google Scholar
  2. [ADPS16]
    Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: 25th USENIX Security Symposium, USENIX Security 16, Austin, TX, USA, 10–12 August 2016, pp. 327–343 (2016)Google Scholar
  3. [AG11]
    Arora, S., Ge, R.: New algorithms for learning in presence of errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011. LNCS, vol. 6755, pp. 403–415. Springer, Heidelberg (2011).  https://doi.org/10.1007/978-3-642-22006-7_34CrossRefGoogle Scholar
  4. [AKPW13]
    Alwen, J., Krenn, S., Pietrzak, K., Wichs, D.: Learning with rounding, revisited. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013. LNCS, vol. 8042, pp. 57–74. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-40041-4_4CrossRefGoogle Scholar
  5. [BBF+19]
    Baan, H., et al.: Round5: compact and fast post-quantum public-key encryption. In: Ding, J., Steinwandt, R. (eds.) PQCrypto 2019. LNCS, vol. 11505, pp. 83–102. Springer, Cham (2019).  https://doi.org/10.1007/978-3-030-25510-7_5CrossRefGoogle Scholar
  6. [BDJ06]
    Bryc, W., Dembo, A., Jiang, T.: Spectral measure of large random Hankel, Markov and Toeplitz matrices. Ann. Probab. 34(1), 1–38 (2006)MathSciNetCrossRefGoogle Scholar
  7. [BGM+16]
    Bogdanov, A., Guo, S., Masny, D., Richelson, S., Rosen, A.: On the hardness of learning with rounding over small modulus. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 209–224. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49096-9_9CrossRefzbMATHGoogle Scholar
  8. [BHLY16]
    Groot Bruinderink, L., Hülsing, A., Lange, T., Yarom, Y.: Flush, gauss, and reload - a cache attack on the BLISS lattice-based signature scheme. In: Cryptographic Hardware and Embedded Systems - CHES 2016–18th International Conference, Santa Barbara, CA, USA, 17–19 August 2016, Proceedings, pp. 323–345 (2016)Google Scholar
  9. [BLL+15]
    Bai, S., Langlois, A., Lepoint, T., Stehlé, D., Steinfeld, R.: Improved security proofs in lattice-based cryptography: using the Rényi divergence rather than the statistical distance. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 3–24. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-48797-6_1CrossRefzbMATHGoogle Scholar
  10. [BLP+13]
    Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: Symposium on Theory of Computing Conference, STOC 2013, Palo Alto, CA, USA, 1–4 June 2013, pp. 575–584 (2013)Google Scholar
  11. [BPR11]
    Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. IACR Cryptology ePrint Archive, 2011:401 (2011)Google Scholar
  12. [BPR12]
    Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719–737. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29011-4_42CrossRefGoogle Scholar
  13. [CIV16]
    Castryck, W., Iliashenko, I., Vercauteren, F.: Provably weak instances of ring-LWE revisited. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 147–167. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-49890-3_6CrossRefzbMATHGoogle Scholar
  14. [CZZ18]
    Chen, L., Zhang, Z., Zhang, Z.: On the hardness of the computational ring-LWR problem and its applications. In: Peyrin, T., Galbraith, S. (eds.) ASIACRYPT 2018. LNCS, vol. 11272, pp. 435–464. Springer, Cham (2018).  https://doi.org/10.1007/978-3-030-03326-2_15CrossRefGoogle Scholar
  15. [DB15]
    Du, C., Bai, G.: Towards efficient discrete Gaussian sampling for lattice-based cryptography. In: 25th International Conference on Field Programmable Logic and Applications, FPL 2015, London, United Kingdom, 2–4 September 2015, pp. 1–6 (2015)Google Scholar
  16. [DKRV18]
    D’Anvers, J.-P., Karmakar, A., Sinha Roy, S., Vercauteren, F.: Saber: module-LWR based key exchange, CPA-secure encryption and CCA-secure KEM. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 282–305. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-89339-6_16CrossRefGoogle Scholar
  17. [DXL12]
    Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. IACR Cryptology ePrint Archive 2012:688 (2012)Google Scholar
  18. [KL96]
    Kaltofen, E., Lobo, A.: On rank properties of Toeplitz matrices over finite fields. In: ISSAC, vol. 96, pp. 241–249 (1996)Google Scholar
  19. [LM06]
    Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 144–155. Springer, Heidelberg (2006).  https://doi.org/10.1007/11787006_13CrossRefGoogle Scholar
  20. [LPR10]
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-13190-5_1CrossRefGoogle Scholar
  21. [LS15]
    Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Cryptogr. 75(3), 565–599 (2015)MathSciNetCrossRefGoogle Scholar
  22. [Lyu16]
    Lyubashevsky, V.: Digital signatures based on the hardness of ideal lattice problems in all rings. In: Cheon, J.H., Takagi, T. (eds.) ASIACRYPT 2016. LNCS, vol. 10032, pp. 196–214. Springer, Heidelberg (2016).  https://doi.org/10.1007/978-3-662-53890-6_7CrossRefzbMATHGoogle Scholar
  23. [NIS]
  24. [Pei09]
    Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, Bethesda, MD, USA, 31 May–2 June 2009, pp. 333–342 (2009)Google Scholar
  25. [Pei14]
    Peikert, C.: Lattice cryptography for the internet. In: Mosca, M. (ed.) PQCrypto 2014. LNCS, vol. 8772, pp. 197–219. Springer, Cham (2014).  https://doi.org/10.1007/978-3-319-11659-4_12CrossRefzbMATHGoogle Scholar
  26. [Pei16]
    Peikert, C.: How (Not) to instantiate ring-LWE. In: Zikas, V., De Prisco, R. (eds.) SCN 2016. LNCS, vol. 9841, pp. 411–430. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-44618-9_22CrossRefGoogle Scholar
  27. [Pes16]
    Pessl, P.: Analyzing the shuffling side-channel countermeasure for lattice-based signatures. In: Dunkelman, O., Sanadhya, S.K. (eds.) INDOCRYPT 2016. LNCS, vol. 10095, pp. 153–170. Springer, Cham (2016).  https://doi.org/10.1007/978-3-319-49890-4_9CrossRefGoogle Scholar
  28. [R61]
    Rényi, A.: On measures of entropy and information. In: Proceedings 4th Berkeley Symposium Mathematical Statistics and Probability, vol. I, pp. 547–561. University California Press, Berkeley (1961)Google Scholar
  29. [Reg05]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, 22–24 May 2005, pp. 84–93 (2005)Google Scholar
  30. [Reg09]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 34:1–34:40 (2009)MathSciNetCrossRefGoogle Scholar
  31. [RSSS17]
    Roşca, M., Sakzad, A., Stehlé, D., Steinfeld, R.: Middle-product learning with errors. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 283–297. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-63697-9_10CrossRefGoogle Scholar
  32. [RSW18]
    Rosca, M., Stehlé, D., Wallet, A.: On the ring-LWE and polynomial-LWE problems. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 146–173. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78381-9_6CrossRefGoogle Scholar
  33. [Saa18]
    Saarinen, M.-J.O.: Arithmetic coding and blinding countermeasures for lattice signatures - engineering a side-channel resistant post-quantum signature scheme with compact signatures. J. Cryptographic Eng. 8(1), 71–84 (2018)CrossRefGoogle Scholar
  34. [SSTX09]
    Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-10366-7_36CrossRefGoogle Scholar
  35. [vEH14]
    van Erven, T., Harremoës, P.: Rényi divergence and kullback-leibler divergence. IEEE Trans. Inf. Theory 60(7), 3797–3820 (2014)CrossRefGoogle Scholar

Copyright information

© International Association for Cryptologic Research 2019

Authors and Affiliations

  • Shi Bai
    • 1
    Email author
  • Katharina Boudgoust
    • 2
  • Dipayan Das
    • 3
  • Adeline Roux-Langlois
    • 2
  • Weiqiang Wen
    • 2
  • Zhenfei Zhang
    • 4
  1. 1.Department of Mathematical SciencesFlorida Atlantic UniversityBoca RatonUSA
  2. 2.Univ Rennes, CNRS, IRISARennesFrance
  3. 3.Department of MathematicsNational Institute of TechnologyDurgapurIndia
  4. 4.AlgorandBostonUSA

Personalised recommendations