International Conference on the Theory and Application of Cryptology and Information Security

Advances in Cryptology -- ASIACRYPT 2015 pp 3-24 | Cite as

Improved Security Proofs in Lattice-Based Cryptography: Using the Rényi Divergence Rather Than the Statistical Distance

  • Shi Bai
  • Adeline Langlois
  • Tancrède Lepoint
  • Damien Stehlé
  • Ron Steinfeld
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9452)

Abstract

The Rényi divergence is a measure of closeness of two probability distributions. We show that it can often be used as an alternative to the statistical distance in security proofs for lattice-based cryptography. Using the Rényi divergence is particularly suited for security proofs of primitives in which the attacker is required to solve a search problem (e.g., forging a signature). We show that it may also be used in the case of distinguishing problems (e.g., semantic security of encryption schemes), when they enjoy a public sampleability property. The techniques lead to security proofs for schemes with smaller parameters, and sometimes to simpler security proofs than the existing ones.

References

  1. [Ajt96]
    Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: Proceedings of of STOC, pp. 99–108. ACM (1996)Google Scholar
  2. [AKPW13]
    Alwen, J., Krenn, S., Pietrzak, K., Wichs, D.: Learning with rounding, revisited. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 57–74. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  3. [BGM+15]
    Bogdanov, A., Guo, S., Masny, D., Richelson, S., Rosen, A.: On the hardness of learning with rounding over small modulus. Cryptology ePrint Archive, Report 2015/769 (2015). http://eprint.iacr.org/
  4. [BLP+13]
    Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of learning with errors. In: Procedings of STOC, pp. 575–584. ACM (2013)Google Scholar
  5. [BPR12]
    Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719–737. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  6. [BV11]
    Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE, In: Proceedings of FOCS, pp. 97–106. IEEE Computer Society Press (2011)Google Scholar
  7. [CDS03]
    Chiani, M., Dardari, D., Simon, M.K.: New exponential bounds and approximations for the computation of error probability in fading channels. IEEE Trans. Wireless. Comm. 2(4), 840–845 (2003)CrossRefGoogle Scholar
  8. [DDLL13]
    Ducas, L., Durmus, A., Lepoint, T., Lyubashevsky, V.: Lattice signatures and bimodal gaussians. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 40–56. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  9. [DMQ13]
    Döttling, N., Müller-Quade, J.: Lossy codes and a new variant of the learning-with-errors problem. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 18–34. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  10. [Duc14]
    Ducas, L.: Accelerating Bliss: the geometry of ternary polynomials. Cryptology ePrint Archive, Report 2014/874 (2014). http://eprint.iacr.org/
  11. [EH12]
    van Erven, T., Harremoës, P.: Rényi divergence and Kullback-Leibler divergence. CoRR, abs/1206.2459 (2012)Google Scholar
  12. [GGH13]
    Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  13. [GPV08]
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of STOC, pp. 197–206. ACM (2008)Google Scholar
  14. [LPR13]
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. J. ACM 60(6), 43 (2013)MathSciNetCrossRefMATHGoogle Scholar
  15. [LPSS14]
    Ling, S., Phan, D.H., Stehlé, D., Steinfeld, R.: Hardness of k-LWE and applications in traitor tracing. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014, Part I. LNCS, vol. 8616, pp. 315–334. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  16. [LSS14]
    Langlois, A., Stehlé, D., Steinfeld, R.: GGHLite: more efficient multilinear maps from ideal lattices. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 239–256. Springer, Heidelberg (2014)CrossRefGoogle Scholar
  17. [Lyu12]
    Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  18. [MM11]
    Micciancio, D., Mol, P.: Pseudorandom knapsacks and the sample complexity of LWE search-to-decision reductions. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 465–484. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  19. [MP13]
    Micciancio, D., Peikert, C.: Hardness of SIS and LWE with small parameters. In: Canetti, R., Garay, J.A. (eds.) CRYPTO 2013, Part I. LNCS, vol. 8042, pp. 21–39. Springer, Heidelberg (2013)CrossRefGoogle Scholar
  20. [MR07]
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007)MathSciNetCrossRefMATHGoogle Scholar
  21. [MR09]
    Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (Eds), Post-Quantum Cryptography, pp. 147–191. Springer, Heidelberg (2009)Google Scholar
  22. [PDG14]
    Pöppelmann, T., Ducas, L., Güneysu, T.: Enhanced lattice-based signatures on reconfigurable hardware. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 353–370. Springer, Heidelberg (2014)Google Scholar
  23. [Pei09]
    Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem. In: Proceedings of STOC, pp. 333–342. ACM (2009)Google Scholar
  24. [Reg05]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of STOC, pp. 84–93 (2005)Google Scholar
  25. [Reg09a]
    Regev, O.: Lecture notes of lattices in computer science, taught at the Computer Science Tel Aviv University, (2009). http://www.cims.nyu.edu/regev
  26. [Reg09b]
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 1–40 (2009)MathSciNetCrossRefMATHGoogle Scholar
  27. [Rén61]
    Rényi, A.: On measures of entropy and information. In: Proceedings of the Fourth Berkeley Symposium on Mathematical Statistics and Probability, vol. 1, pp. 547–561 (1961)Google Scholar

Copyright information

© International Association for Cryptologc Research 2015

Authors and Affiliations

  • Shi Bai
    • 1
  • Adeline Langlois
    • 2
    • 3
  • Tancrède Lepoint
    • 4
  • Damien Stehlé
    • 1
  • Ron Steinfeld
    • 5
  1. 1.Laboratoire LIP (U. Lyon, CNRS, ENSL, INRIA, UCBL)ENS de LyonLyonFrance
  2. 2.EPFLLausanneSwitzerland
  3. 3.CNRS/IRISARennesFrance
  4. 4.CryptoExpertsParisFrance
  5. 5.Faculty of Information TechnologyMonash UniversityClaytonAustralia

Personalised recommendations