Cryptographic Divergences: New Techniques and New Applications

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 12238)


In the recent years, some security proofs in cryptography have known significant improvements by replacing the statistical distance with alternative divergences. We continue this line of research, both at a theoretical and practical level. On the theory side, we propose a new cryptographic divergence with quirky properties. On the practical side, we propose new applications of alternative divergences: circuit-private FHE and prime number generators. More precisely, we provide the first formal security proof of the prime number generator PRIMEINC   [8], and improve by an order of magnitude the efficiency of a prime number generator by Fouque and Tibouchi  [16, 17] and the washing machine technique by Ducas and Stehlé  [15] for circuit-private FHE.



The authors are indebted to Takahiro Matsuda and Shuichi Katsumata for their insightful discussions and for pointing out a flaw in an earlier version of the paper. Thomas Prest is supported by the Innovate UK Research Grant 104423 (PQ Cybersecurity).


  1. 1.
    Agrawal, R., Chen, Y.-H., Horel, T., Vadhan, S.: Unifying computational entropies via Kullback–Leibler divergence. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11693, pp. 831–858. Springer, Cham (2019). Scholar
  2. 2.
    Ali, S.M., Silvey, S.D.: A general class of coefficients of divergence of one distribution from another. J. Roy. Stat. Soc. Ser. B (Methodol.) 28(1), 131–142 (1966)Google Scholar
  3. 3.
    Bai, S., Langlois, A., Lepoint, T., Stehlé, D., Steinfeld, R.: Improved security proofs in lattice-based cryptography: using the Rényi divergence rather than the statistical distance. In: Iwata, T., Cheon, J.H. (eds.) ASIACRYPT 2015. LNCS, vol. 9452, pp. 3–24. Springer, Heidelberg (2015). Scholar
  4. 4.
    Bai, S., Lepoint, T., Roux-Langlois, A., Sakzad, A., Stehlé, D., Steinfeld, R.: Improved security proofs in lattice-based cryptography: using the Rényi divergence rather than the statistical distance. J. Cryptol. 31(2), 610–640 (2018)CrossRefGoogle Scholar
  5. 5.
    Bernstein, D.J., et al.: Factoring RSA keys from certified smart cards: coppersmith in the wild. In: Sako, K., Sarkar, P. (eds.) ASIACRYPT 2013. LNCS, vol. 8270, pp. 341–360. Springer, Heidelberg (2013). Scholar
  6. 6.
    Bogdanov, A., Guo, S., Masny, D., Richelson, S., Rosen, A.: On the hardness of learning with rounding over small modulus. In: Kushilevitz, E., Malkin, T. (eds.) TCC 2016. LNCS, vol. 9562, pp. 209–224. Springer, Heidelberg (2016). Scholar
  7. 7.
    Bourse, F., Del Pino, R., Minelli, M., Wee, H.: FHE circuit privacy almost for free. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9815, pp. 62–89. Springer, Heidelberg (2016). Scholar
  8. 8.
    Brandt, J., Damgård, I.: On generation of probable primes by incremental search. In: Brickell, E.F. (ed.) CRYPTO 1992. LNCS, vol. 740, pp. 358–370. Springer, Heidelberg (1993). Scholar
  9. 9.
    Coppersmith, D.: Finding a small root of a bivariate integer equation; factoring with high bits known. In: Maurer [31], pp. 178–189Google Scholar
  10. 10.
    Coppersmith, D.: Finding a small root of a univariate modular equation. In: Maurer [31], pp. 155–165Google Scholar
  11. 11.
    Cramer, R., Shoup, V.: Signature schemes based on the strong RSA assumption. In: Motiwalla, J., Tsudik, G. (eds.) ACM CCS 99, pp. 46–51. ACM Press, November 1999Google Scholar
  12. 12.
    Csiszár, I.: Eine informationstheoretische ungleichung und ihre anwendung auf den beweis der ergodizitat von markoffschen ketten. Magyar. Tud. Akad. Mat. Kutató Int. Közl, 8, 85–108 (1963)Google Scholar
  13. 13.
    Dai, W., Hoang, V.T., Tessaro, S.: Information-theoretic indistinguishability via the chi-squared method. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10403, pp. 497–523. Springer, Cham (2017). Scholar
  14. 14.
    Ducas, L., Lyubashevsky, V., Prest, T.: Efficient identity-based encryption over NTRU lattices. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8874, pp. 22–41. Springer, Heidelberg (2014). Scholar
  15. 15.
    Ducas, L., Stehlé, D.: Sanitization of FHE ciphertexts. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 294–310. Springer, Heidelberg (2016). Scholar
  16. 16.
    Fouque, P.-A., Tibouchi, M.: Close to uniform prime number generation with fewer random bits. In: Esparza, J., Fraigniaud, P., Husfeldt, T., Koutsoupias, E. (eds.) ICALP 2014. LNCS, vol. 8572, pp. 991–1002. Springer, Heidelberg (2014). Scholar
  17. 17.
    Fouque, P.-A., Tibouchi, M.: Close to uniform prime number generation with fewer random bits. IEEE Trans. Inf. Theor. 65(2), 1307–1317 (2019)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Friedlander, J., Granville, A.: Limitations to the equi-distribution of primes I. Ann. Math. 129(2), 363–382 (1989)MathSciNetCrossRefGoogle Scholar
  19. 19.
    Gallagher, P.X.: On the distribution of primes in short intervals. Mathematika 23(1), 4–9 (1976)MathSciNetCrossRefGoogle Scholar
  20. 20.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) 41st ACM STOC, pp. 169–178. ACM Press, May/June 2009Google Scholar
  21. 21.
    Gerchinovitz, S., Ménard, P., Stoltz, G.: Fano’s inequality for random variables (2017).
  22. 22.
    Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 426–442. Springer, Heidelberg (2008). Scholar
  23. 23.
    Hardy, G.H., Littlewood, J.E.: Some problems of ‘partitio numerorum’; iii: On the expression of a number as a sum of primes. Acta Math. 44, 1–70 (1923)MathSciNetCrossRefGoogle Scholar
  24. 24.
    Heninger, N., Durumeric, Z., Wustrow, E., Alex Halderman, J.: Mining your Ps and Qs: detection of widespread weak keys in network devices. In: Kohno, T. (ed.) USENIX Security 2012, pp. 205–220. USENIX Association, August 2012Google Scholar
  25. 25.
    Joux, A.: Fully homomorphic encryption modulo Fermat numbers. Cryptology ePrint Archive, Report 2019/187 (2019).
  26. 26.
    Langlois, A., Stehlé, D., Steinfeld, R.: GGHLite: more efficient multilinear maps from ideal lattices. In: Nguyen, P.Q., Oswald, E. (eds.) EUROCRYPT 2014. LNCS, vol. 8441, pp. 239–256. Springer, Heidelberg (2014). Scholar
  27. 27.
    Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Public keys. In: Safavi-Naini, R., Canetti, R. (eds.) CRYPTO 2012. LNCS, vol. 7417, pp. 626–642. Springer, Heidelberg (2012). Scholar
  28. 28.
    Lenstra, A.K., Hughes, J.P., Augier, M., Bos, J.W., Kleinjung, T., Wachter, C.: Ron was wrong, whit is right. Cryptology ePrint Archive, Report 2012/064 (2012).
  29. 29.
    Ling, S., Phan, D.H., Stehlé, D., Steinfeld, R.: Hardness of k-LWE and applications in traitor tracing. In: Garay, J.A., Gennaro, R. (eds.) CRYPTO 2014. LNCS, vol. 8616, pp. 315–334. Springer, Heidelberg (2014). Scholar
  30. 30.
    Matsuda, T., Takahashi, K., Murakami, T., Hanaoka, G.: Improved security evaluation techniques for imperfect randomness from arbitrary distributions. In: Lin, D., Sako, K. (eds.) PKC 2019. LNCS, vol. 11442, pp. 549–580. Springer, Cham (2019). Scholar
  31. 31.
    Maurer, U.M. (ed.): EUROCRYPT ’96. LNCS, vol. 1070. Springer, Heidelberg (1996)zbMATHGoogle Scholar
  32. 32.
    Micciancio, D., Walter, M.: Gaussian sampling over the integers: efficient, generic, constant-time. In: Katz, J., Shacham, H. (eds.) CRYPTO 2017. LNCS, vol. 10402, pp. 455–485. Springer, Cham (2017). Scholar
  33. 33.
    Micciancio, D., Walter, M.: On the bit security of cryptographic primitives. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 3–28. Springer, Cham (2018). Scholar
  34. 34.
    Mihailescu, P.: Fast generation of provable primes using search in arithmetic progressions. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 282–293. Springer, Heidelberg (1994). Scholar
  35. 35.
    Mironov, I.: Renyi differential privacy. In: Proceedings of 30th IEEE Computer Security Foundations Symposium (2017).
  36. 36.
    Morimoto, T.: Markov processes and the h-theorem. J. Phys. Soc. Japan 18(3), 328–331 (1963)MathSciNetCrossRefGoogle Scholar
  37. 37.
    Nemec, M., Sýs, M., Svenda, P., Klinec, D., Matyas, V.: The return of coppersmith’s attack: practical factorization of widely used RSA moduli. In: Thuraisingham, B.M., Evans, D., Malkin, T., Xu, D. (eds.) ACM CCS 2017, pp. 1631–1648. ACM Press, October/November 2017Google Scholar
  38. 38.
    Pöppelmann, T., Ducas, L., Güneysu, T.: Enhanced lattice-based signatures on reconfigurable hardware. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 353–370. Springer, Heidelberg (2014). Scholar
  39. 39.
    Prest, T.: Sharper bounds in lattice-based cryptography using the Rényi divergence. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 347–374. Springer, Cham (2017). Scholar
  40. 40.
    Prest, T., Goudarzi, D., Martinelli, A., Passelègue, A.: Unifying leakage models on a Rényi day. In: Boldyreva, A., Micciancio, D. (eds.) CRYPTO 2019. LNCS, vol. 11692, pp. 683–712. Springer, Cham (2019). Scholar
  41. 41.
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. Assoc. Comput. Mach. 21(2), 120–126 (1978)MathSciNetzbMATHGoogle Scholar
  42. 42.
    Skórski, M.: Shannon entropy versus Renyi entropy from a cryptographic viewpoint. In: Groth, J. (ed.) IMACC 2015. LNCS, vol. 9496, pp. 257–274. Springer, Cham (2015). Scholar
  43. 43.
    Steinberger, J.: Improved security bounds for key-alternating ciphers via hellinger distance. Cryptology ePrint Archive, Report 2012/481 (2012).
  44. 44.
    Takashima, K., Takayasu, A.: Tighter security for efficient lattice cryptography via the Rényi divergence of optimized orders. In: Au, M.-H., Miyaji, A. (eds.) ProvSec 2015. LNCS, vol. 9451, pp. 412–431. Springer, Cham (2015). Scholar
  45. 45.
    Vajda, I.: \(\chi \)\(\alpha \)-divergence and generalized fisher information. In: Transactions of the Sixth Prague Conference on Information Theory, Statistical Decision Functions and Random Processes, p. 223. Academia (1973)Google Scholar
  46. 46.
    van Erven, T., Harremoës, P.: Rényi divergence and Kullback-Leibler divergence. IEEE Trans. Inf. Theor. 60(7), 3797–3820 (2014)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  1. 1.École Normale SupérieureParisFrance
  2. 2.PQShieldOxfordUK

Personalised recommendations