Skip to main content
SpringerLink
Log in

One Sample Ring-LWE with Rounding and Its Application to Key Exchange

  • Conference paper
  • First Online:
Applied Cryptography and Network Security (ACNS 2019)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 11464))

Included in the following conference series:

Abstract

In this paper, we introduce a new provably secure ephemeral-only RLWE+Rounding-based key exchange protocol and a proper approach to more accurately estimate the security level of the RLWE problem with only one sample. Since our scheme is an ephemeral-only key exchange, it generates only one RLWE sample from protocol execution. We carefully analyze how to estimate the practical security of the RLWE problem with only one sample, which we call the ONE-sample RLWE problem. Our approach is different from existing approaches that are based on estimation with multiple RLWE samples. Though our analysis is based on some recently developed techniques in Darmstadt, our type of practical security estimate was never done before and it produces security estimates substantial different from the estimates before based on multiple RLWE samples. We show that the new design improves the security and reduce the communication cost of the protocol simultaneously by using one RLWE+Rounding sample technique. We also present two parameter choices ensuring \(2^{-60}\) key exchange failure probability which cover security of AES-128/192/256 with concrete security analysis and implementation. We believe that our construction is secure, simple, efficient and elegant with wide application prospects.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest lattice vector problem. In: Proceedings of the Thirty-Third Annual ACM Symposium on Theory of Computing, STOC 2001, pp. 601–610 (2001)

    Google Scholar 

  2. Albrecht, M.R.: On dual lattice attacks against small-secret LWE and parameter choices in HElib and SEAL. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10211, pp. 103–129. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56614-6_4

    Chapter  Google Scholar 

  3. Albrecht, M.R., Göpfert, F., Virdia, F., Wunderer, T.: Revisiting the expected cost of solving uSVP and applications to LWE. In: Takagi, T., Peyrin, T. (eds.) ASIACRYPT 2017. LNCS, vol. 10624, pp. 297–322. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-70694-8_11

    Chapter  Google Scholar 

  4. Albrecht, M.R., Player, R., Scott, S.: On the concrete hardness of learning with errors. J. Math. Cryptol. 9(3), 169–203 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  5. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: NewHope without reconciliation. IACR Cryptology ePrint Archive 2016, 1157 (2016). http://eprint.iacr.org/2016/1157

  6. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange-a new hope. In: USENIX Security Symposium, pp. 327–343 (2016)

    Google Scholar 

  7. Aono, Y., Nguyen, P.Q., Seito, T., Shikata, J.: Lower bounds on lattice enumeration with extreme pruning. In: Shacham, H., Boldyreva, A. (eds.) CRYPTO 2018. LNCS, vol. 10992, pp. 608–637. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-96881-0_21

    Chapter  Google Scholar 

  8. Aono, Y., Wang, Y., Hayashi, T., Takagi, T.: Improved progressive BKZ algorithms and their precise cost estimation by sharp simulator. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 789–819. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_30

    Chapter  Google Scholar 

  9. Aono, Y., Wang, Y., Hayashi, T., Takagi, T.: The progressive BKZ code (2017). http://www2.nict.go.jp/security/pbkzcode/

  10. Bai, S., Galbraith, S.D.: Lattice decoding attacks on binary LWE. In: Susilo, W., Mu, Y. (eds.) ACISP 2014. LNCS, vol. 8544, pp. 322–337. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08344-5_21

    Chapter  Google Scholar 

  11. Banerjee, A., Peikert, C., Rosen, A.: Pseudorandom functions and lattices. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 719–737. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29011-4_42

    Chapter  Google Scholar 

  12. Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Proceedings of the Twenty-Seventh Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2016, pp. 10–24 (2016)

    Google Scholar 

  13. Bos, J., et al.: Frodo: take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1006–1018. ACM (2016)

    Google Scholar 

  14. Bos, J.W., Costello, C., Naehrig, M., Stebila, D.: Post-quantum key exchange for the TLS protocol from the ring learning with errors problem. In: 2015 IEEE Symposium on Security and Privacy (SP), pp. 553–570. IEEE (2015)

    Google Scholar 

  15. Bos, J.W., et al.: CRYSTALS - kyber: a CCA-secure module-lattice-based KEM. IACR Cryptology ePrint Archive 2017, 634 (2017). http://eprint.iacr.org/2017/634

  16. Bromiley, P.A.: Products and convolutions of Gaussian distributions, vol. 3 (2003)

    Google Scholar 

  17. Chen, Y.: Lattice reduction and concrete security of fully homomorphic encryption. Dept. Informatique, ENS, Paris, France, Ph.D. thesis (2013)

    Google Scholar 

  18. Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_1

    Chapter  Google Scholar 

  19. Computer Security Division, Information Technology Laboratory, N.I.O.S., Technology, U.D.O.C.: Post-quantum cryptography—CSRC (2017). https://csrc.nist.gov/projects/post-quantum-cryptography

  20. Diffie, W., Hellman, M.: New directions in cryptography. IEEE Trans. Inf. Theory 22(6), 644–654 (1976)

    Article  MathSciNet  MATH  Google Scholar 

  21. Ding, J., Xie, X., Lin, X.: A simple provably secure key exchange scheme based on the learning with errors problem. IACR Cryptology ePrint Archive 2012, 688 (2012). http://eprint.iacr.org/2012/688

  22. Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_3

    Chapter  Google Scholar 

  23. Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  24. Liu, M., Nguyen, P.Q.: Solving BDD by enumeration: an update. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 293–309. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36095-4_19

    Chapter  Google Scholar 

  25. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1

    Chapter  Google Scholar 

  26. Peikert, C.: An efficient and parallel Gaussian sampler for lattices. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 80–97. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_5

    Chapter  Google Scholar 

  27. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM (JACM) 56(6), 34 (2009)

    Article  MathSciNet  MATH  Google Scholar 

  28. Saarinen, M.-J.O.: HILA5: On reliability, reconciliation, and error correction for ring-LWE encryption. In: Adams, C., Camenisch, J. (eds.) SAC 2017. LNCS, vol. 10719, pp. 192–212. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-72565-9_10

    Chapter  Google Scholar 

  29. Schmidt, M., Bindel, N.: Estimation of the hardness of the learning with errors problem with a restricted number of samples. IACR Cryptology ePrint Archive 2017, 140 (2017). http://eprint.iacr.org/2017/140

  30. Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(1), 181–199 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  31. Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145–156. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36494-3_14

    Chapter  Google Scholar 

  32. Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Rev. 41(2), 303–332 (1999)

    Article  MathSciNet  MATH  Google Scholar 

  33. Shoup, V.: NTL, a library for doing number theory (2017). http://www.shoup.net/ntl/

  34. Stephens-Davidowitz, N.: Discrete Gaussian sampling reduces to CVP and SVP. In: Proceedings of the Twenty-Seventh Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 1748–1764. Society for Industrial and Applied Mathematics (2016)

    Google Scholar 

  35. Wang, W., Wang, Y., Takayasu, A., Takagi, T.: Estimated cost for solving generalized learning with errors problem via embedding techniques. In: Inomata, A., Yasuda, K. (eds.) IWSEC 2018. LNCS, vol. 11049, pp. 87–103. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-97916-8_6

    Chapter  Google Scholar 

  36. Wang, Y., Aono, Y., Takagi, T.: An experimental study of Kannan’s embedding technique for the search LWE problem. In: Qing, S., Mitchell, C., Chen, L., Liu, D. (eds.) ICICS 2017. LNCS, vol. 10631, pp. 541–553. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89500-0_47

    Chapter  Google Scholar 

  37. Wang, Y., Aono, Y., Takagi, T.: Hardness evaluation for search LWE problem using progressive BKZ simulator. IEICE Trans. 101–A(12), 2162–2170 (2018)

    Article  Google Scholar 

  38. Wang, Y., Takagi, T.: Improving the BKZ reduction algorithm by quick reordering technique. In: Susilo, W., Yang, G. (eds.) ACISP 2018. LNCS, vol. 10946, pp. 787–795. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-93638-3_47

    Chapter  Google Scholar 

  39. Wang, Y., Wunderer, T.: Revisiting the sparsification technique in Kannan’s embedding attack on LWE. In: Su, C., Kikuchi, H. (eds.) ISPEC 2018. LNCS, vol. 11125, pp. 440–452. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-99807-7_27

    Chapter  Google Scholar 

Download references

Acknowledgement

Jintai Ding is partially supported by NSF grant DMS-1565748 and US Air Force grant FA2386-17-1-4067. Tsuyoshi Takagi and Yuntao Wang are supported by JST CREST Grant Number JPMJCR14D6 and JSPS KAKENHI Grant Number JP17J01987, Japan. Xinwei Gao is supported by China Scholarship Council.

Author information

Authors and Affiliations

  1. University of Cincinnati, Cincinnati, USA

    Jintai Ding

  2. Beijing Jiaotong University, Beijing, China

    Xinwei Gao

  3. The University of Tokyo, Tokyo, Japan

    Tsuyoshi Takagi & Yuntao Wang

  4. CREST, Japan Science and Technology Agency, Kawaguchi, Japan

    Tsuyoshi Takagi

Authors
  1. Jintai Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xinwei Gao
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Tsuyoshi Takagi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yuntao Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Yuntao Wang .

Editor information

Editors and Affiliations

  1. Singapore Management University, Singapore, Singapore

    Robert H. Deng

  2. Universidad del Rosario, Bogota, Colombia

    Valérie Gauthier-Umaña

  3. Cyxtera Technologies, Bogota, Colombia

    Martín Ochoa

  4. Columbia University, New York, NY, USA

    Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

© 2019 Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Ding, J., Gao, X., Takagi, T., Wang, Y. (2019). One Sample Ring-LWE with Rounding and Its Application to Key Exchange. In: Deng, R., Gauthier-Umaña, V., Ochoa, M., Yung, M. (eds) Applied Cryptography and Network Security. ACNS 2019. Lecture Notes in Computer Science(), vol 11464. Springer, Cham. https://doi.org/10.1007/978-3-030-21568-2_16

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-21568-2_16

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-21567-5

  • Online ISBN: 978-3-030-21568-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation