Practical CCA2-Secure and Masked Ring-LWE Implementation
نویسندگان
چکیده
منابع مشابه
Practical CCA2-Secure and Masked Ring-LWE Implementation
During the last years public-key encryption schemes based on the hardness of ring-LWE have gained significant popularity. For realworld security applications assuming strong adversary models, a number of practical issues still need to be addressed. In this work we thus present an instance of ring-LWE encryption that is protected against active attacks (i.e., adaptive chosen-ciphertext attacks) ...
متن کاملA Masked Ring-LWE Implementation
Lattice-based cryptography has been proposed as a postquantum public-key cryptosystem. In this paper, we present a masked ringLWE decryption implementation resistant to first-order side-channel attacks. Our solution has the peculiarity that the entire computation is performed in the masked domain. This is achieved thanks to a new, bespoke masked decoder implementation. The output of the ring-LW...
متن کاملTightly Secure Ring-LWE Based Key Encapsulation with Short Ciphertexts
We provide a tight security proof for an IND-CCA RingLWE based Key Encapsulation Mechanism that is derived from a generic construction of Dent (IMA Cryptography and Coding, 2003). Such a tight reduction is not known for the generic construction. The resulting scheme has shorter ciphertexts than can be achieved with other generic constructions of Dent or by using the well-known Fujisaki-Okamoto ...
متن کاملBounded CCA2-Secure Encryption
Whereas encryption schemes withstanding passive chosenplaintext attacks (CPA) can be constructed based on a variety of computational assumptions, only a few assumptions are known to imply the existence of encryption schemes withstanding adaptive chosen-ciphertext attacks (CCA2). Towards addressing this asymmetry, we consider a weakening of the CCA2 model — bounded CCA2-security — wherein securi...
متن کاملLarge Modulus Ring-LWE ≥ Module-LWE
We present a reduction from the module learning with errors problem (MLWE) in dimension d and with modulus q to the ring learning with errors problem (RLWE) with modulus q. Our reduction increases the LWE error rate α by a quadratic factor in the ring dimension n and a square root in the module rank d for power-of-two cyclotomics. Since, on the other hand, MLWE is at least as hard as RLWE, we c...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: IACR Transactions on Cryptographic Hardware and Embedded Systems
سال: 2018
ISSN: 2569-2925
DOI: 10.46586/tches.v2018.i1.142-174