Skip to main content
SpringerLink
Log in

Hybrid Dual and Meet-LWE Attack

  • Conference paper
  • First Online:
Information Security and Privacy (ACISP 2022)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13494))

Included in the following conference series:

Abstract

The Learning with Errors (LWE) problem is one of the most prominent problems in lattice-based cryptography. Many practical LWE-based schemes, including Fully Homomorphic encryption (FHE), use sparse ternary secret for the sake of efficiency. Several (hybrid) attacks have been proposed that benefit from such sparseness, thus researchers believe the security of the schemes with sparse ternary secrets is not well-understood yet. Recently, May [Crypto 2021] proposed an efficient meet-in-the-middle attack named Meet-LWE for LWE with ternary secret, which significantly improves Odlyzko’s algorithm. In this work, we generalize May’s Meet-LWE and then introduce a new hybrid attack which combines Meet-LWE with lattice dual attack. We implement our algorithm to FHE-type parameters of LWE problem and compare it with the previous hybrid dual attacks. The result shows that our attack outperforms other attacks in a large range of parameters. We note that our attack has no impact on the LWE-based schemes in the PQC Standardization held by NIST as their secrets are not sparse and/or ternary.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    In this paper, when we refer to “small”, we mean that the secret is binary/ternary and has no fixed Hamming weight, i.e., uniform in \(\{0,1\}\) or \(\{0,\pm 1\}\). While for “sparse”, we mean that the secret is binary/ternary with a small fixed Hamming weight w.

  2. 2.

    In Lemma 4, we follow [16] to choose the value of B such that the probability for \(|\bar{e}|< B\) is close to 1. Our experimental results show that the overall attack complexity is not sensitive on B and the current choice of B in Lemma 4 is almost optimal.

  3. 3.

    Notice that [10] and [16] are the representatives of existing two different categories of hybrid dual attacks and [10] improves the attack in [2] with additional tricks.

References

  1. Albrecht, M., et al.: Homomorphic encryption standard (2018)

    Google Scholar 

  2. Albrecht, M.R.: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 103–129. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_4

    Chapter  Google Scholar 

  3. Albrecht, M.R., Curtis, B.R., Deo, A., Davidson, A., Player, R., Postlethwaite, E.W., Virdia, F., Wunderer, T.: Estimate all the LWE, NTRU schemes! In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 351–367. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_19

    Chapter  Google Scholar 

  4. Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169–203 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  5. Alkim, E., Barreto, P.S.L.M., Bindel, N., Krämer, J., Longa, P., Ricardini, J.E.: The lattice-based digital signature scheme qtesla. In: ACNS (2020)

    Google Scholar 

  6. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange - a new hope. In: 25th USENIX, pp. 327–343 (2016)

    Google Scholar 

  7. Babai, L.: On lovász’lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986)

    Article  MathSciNet  MATH  Google Scholar 

  8. Banaszczyk, W.: Inequalities for convex bodies and polar reciprocal lattices in \(r \wedge n\) II: application of \(k\)-convexity. Discret. Comput. Geom. (1996)

    Google Scholar 

  9. Bernstein, D.J., Chuengsatiansup, C., Lange, T., van Vredendaal, C.: NTRU prime: reducing attack surface at low cost. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 235–260. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72565-9_12

    Chapter  Google Scholar 

  10. Bi, L., Lu, X., Luo, J., Wang, K., Zhang, Z.: Hybrid dual attack on LWE with arbitrary secrets. IACR Cryptol. ePrint Arch. 2021, 152 (2021)

    Google Scholar 

  11. Chen, H., Chillotti, I., Song, Y.: Improved bootstrapping for approximate homomorphic encryption. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 34–54. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_2

    Chapter  Google Scholar 

  12. Chen, H., Han, K.: Homomorphic lower digits removal and improved FHE bootstrapping. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 315–337. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_12

    Chapter  Google Scholar 

  13. Chen, Y.: Réduction de réseau et sécurité concrete du chiffrement completement homomorphe. Ph.D. thesis, Paris 7 (2013)

    Google Scholar 

  14. Cheon, J.H., Han, K., Kim, A., Kim, M., Song, Y.: Bootstrapping for approximate homomorphic encryption. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10820, pp. 360–384. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-78381-9_14

    Chapter  Google Scholar 

  15. Cheon, J.H., Han, K., Kim, A., Kim, M., Song, Y.: Snucrypto HEAAN (2019). http://github.com/homenc/HElib

  16. Cheon, J.H., Hhan, M., Hong, S., Son, Y.: A hybrid of dual and meet-in-the-middle attack on sparse and ternary secret LWE. IEEE Access (2019)

    Google Scholar 

  17. Cheon, J.H., Kim, D., Lee, J., Song, Y.: Lizard: cut off the tail! a practical post-quantum public-key encryption from LWE and LWR. In: Catalano, D., De Prisco, R. (eds.) SCN 2018. LNCS, vol. 11035, pp. 160–177. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-98113-0_9

    Chapter  Google Scholar 

  18. Ducas, L., Kiltz, E., Lepoint, T., Lyubashevsky, V., Schwabe, P., Seiler, G., Stehlé, D.: Crystals-dilithium: a lattice-based digital signature scheme. IACR Trans. Cryptogr. Hardw. Embed. Syst. 2018(1), 238–268 (2018)

    Article  Google Scholar 

  19. Espitau, T., Joux, A., Kharchenko, N.: On a dual/hybrid approach to small secret LWE. In: Bhargavan, K., Oswald, E., Prabhakaran, M. (eds.) INDOCRYPT 2020. LNCS, vol. 12578, pp. 440–462. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-65277-7_20

    Chapter  Google Scholar 

  20. Göpfert, F., van Vredendaal, C., Wunderer, T.: A hybrid lattice basis reduction and quantum search Attack on LWE. In: Lange, T., Takagi, T. (eds.) PQCrypto 2017. LNCS, vol. 10346, pp. 184–202. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-59879-6_11

    Chapter  MATH  Google Scholar 

  21. Halevi, S., Shoup, V.: Bootstrapping for HElib. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 641–670. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-46800-5_25

    Chapter  Google Scholar 

  22. Halevi, S., Shoup, V.: (2019). https://github.com/homenc/HElib

  23. Han, K., Ki, D.: Better bootstrapping for approximate homomorphic encryption. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 364–390. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-40186-3_16

    Chapter  Google Scholar 

  24. Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: ANTS (1998)

    Google Scholar 

  25. Howgrave-Graham, N.: A hybrid lattice-reduction and meet-in-the-middle attack against NTRU. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 150–169. Springer, Heidelberg (2007). https://doi.org/10.1007/978-3-540-74143-5_9

    Chapter  MATH  Google Scholar 

  26. Kirshanova, E., May, A.: How to find ternary LWE keys using locality sensitive hashing. In: Paterson, M.B. (ed.) IMACC 2021. LNCS, vol. 13129, pp. 247–264. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92641-0_12

    Chapter  Google Scholar 

  27. May, A.: How to meet ternary LWE keys. In: Malkin, T., Peikert, C. (eds.) CRYPTO 2021. LNCS, vol. 12826, pp. 701–731. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-84245-1_24

    Chapter  Google Scholar 

  28. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) (2009)

    Google Scholar 

  29. Microsoft SEAL: (2019). https://github.com/Microsoft/SEAL

  30. Son, Y., Cheon, J.H.: Revisiting the hybrid attack on sparse secret LWE and application to HE parameters. In: WAHC@CCS 2019, pp. 11–20 (2019)

    Google Scholar 

  31. Wunderer, T.: Revisiting the hybrid attack: improved analysis and refined security estimates. IACR Cryptol. ePrint Arch. 2016, 733 (2016)

    Google Scholar 

  32. Wunderer, T.: On the Security of Lattice-Based Cryptography Against Lattice Reduction and Hybrid Attacks. Ph.D. thesis, Darmstadt University of Technology, Germany (2018)

    Google Scholar 

  33. Wunderer, T.: A detailed analysis of the hybrid lattice-reduction and meet-in-the-middle attack. J. Math. Cryptol. 13(1), 1–26 (2019)

    Article  MathSciNet  MATH  Google Scholar 

  34. Wunderer, T., Burger, M., Nguyen, G.N.: Parallelizing the hybrid lattice-reduction and meet-in-the-middle attack. In: CSE 2018, pp. 185–193 (2018)

    Google Scholar 

Download references

Acknowledgement

This work is supported by the National Natural Science Foundation of China (No. 61972391) and the Open Project Program of State Key Laboratory of Cryptology (MMKFKT201810).

Author information

Authors and Affiliations

  1. KLOIS, Institute of Information Engineering, CAS, Beijing, 100093, China

    Lei Bi, Xianhui Lu & Kunpeng Wang

  2. School of Cyber Security, University of Chinese Academy of Sciences, Beijing, 100049, China

    Lei Bi, Xianhui Lu & Kunpeng Wang

  3. State Key Laboratory of Cryptology, P.O. Box 5159, Beijing, 100878, China

    Xianhui Lu

  4. Nanyang Technological University, Singapore, 639798, Singapore

    Junjie Luo

Authors
  1. Lei Bi
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xianhui Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Junjie Luo
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Kunpeng Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Lei Bi .

Editor information

Editors and Affiliations

  1. University of Wollongong, Wollongong, NSW, Australia

    Khoa Nguyen

  2. University of Wollongong, Wollongong, NSW, Australia

    Guomin Yang

  3. University of Wollongong, Wollongong, NSW, Australia

    Fuchun Guo

  4. University of Wollongong, Wollongong, NSW, Australia

    Willy Susilo

Rights and permissions

Reprints and permissions

Copyright information

© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Bi, L., Lu, X., Luo, J., Wang, K. (2022). Hybrid Dual and Meet-LWE Attack. In: Nguyen, K., Yang, G., Guo, F., Susilo, W. (eds) Information Security and Privacy. ACISP 2022. Lecture Notes in Computer Science, vol 13494. Springer, Cham. https://doi.org/10.1007/978-3-031-22301-3_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-22301-3_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-22300-6

  • Online ISBN: 978-3-031-22301-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation