Cryptanalysis of ring-LWE based key exchange with key share reuse
نویسنده
چکیده
This paper shows how several ring-LWE based key exchange protocols can be broken, under the assumption that the same key share is used for multiple exchanges. This indicates that, if these key exchange protocols are used, then it will be necessary for a fresh key share be generated for each exchange, and that these key exchange protocols cannot be used as a drop in replacement for designs which use Diffie-Hellman static key shares.
منابع مشابه
A New Ring-Based SPHF and PAKE Protocol On Ideal Lattices
emph{ Smooth Projective Hash Functions } ( SPHFs ) as a specific pattern of zero knowledge proof system are fundamental tools to build many efficient cryptographic schemes and protocols. As an application of SPHFs, emph { Password - Based Authenticated Key Exchange } ( PAKE ) protocol is well-studied area in the last few years. In 2009, Katz and Vaikuntanathan described the first lattice-based ...
متن کاملDiffie-Hellman type key exchange protocols based on isogenies
In this paper, we propose some Diffie-Hellman type key exchange protocols using isogenies of elliptic curves. The first method which uses the endomorphism ring of an ordinary elliptic curve $ E $, is a straightforward generalization of elliptic curve Diffie-Hellman key exchange. The method uses commutativity of the endomorphism ring $ End(E) $. Then using dual isogenies, we propose...
متن کاملModule-LWE key exchange and encryption: The three bears
We propose a new post-quantum key exchange algorithm based on the module learning with errors (mLWE) problem. Our ThreeBears algorithm is simple and performant, but our main goal is to suggest mLWE over a generalized Mersenne field instead of a polynomial ring. We also show how to build a public-key encryption system from the key exchange algorithm.
متن کاملHILA5: On Reliability, Reconciliation, and Error Correction for Ring-LWE Encryption
We describe a new reconciliation method for Ring-LWE that has a significantly smaller failure rate than previous proposals while reducing ciphertext size and the amount of randomness required. It is based on a simple, deterministic variant of Peikert’s reconciliation that works with our new “safe bits” selection and constant-time error correction techniques. The new method does not need randomi...
متن کاملMultilinear Maps Using a Variant of Ring-LWE
GGH13, CLT13 and GGH15 of multilinear maps suffer from zeroizing attacks. In this paper, we present a new construction of multilinear maps using a variant of ring-LWE (vRLWE). Furthermore, we also present two new variants of vRLWE, which respectively support the applications of multipartite key exchange and witness encryption. At the same time, we also present a new variant of GGH13 using matri...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2016 شماره
صفحات -
تاریخ انتشار 2016