ideal lattices in multicubic fields
play

Ideal lattices in multicubic fields Andrea LESAVOUREY Thomas - PowerPoint PPT Presentation

Sep 06, 2022 •212 likes •911 views

Ideal lattices in multicubic fields Andrea LESAVOUREY Thomas PLANTARD Willy SUSILO School of Computing and Information Technology University of Wollongong Andrea LESAVOUREY Multicubic fields 1 / 39 Outline Motivation 1 Cryptography

  1. Ideal lattices in multicubic fields Andrea LESAVOUREY Thomas PLANTARD Willy SUSILO School of Computing and Information Technology University of Wollongong Andrea LESAVOUREY Multicubic fields 1 / 39

  2. Outline Motivation 1 Cryptography Lattice-based cryptography Recalls 2 Lattices Cryptography and ideal lattices Cyclotomic and multiquadratic fields Our work 3 General Framework Procedures Results Andrea LESAVOUREY Multicubic fields 2 / 39

  3. Outline Motivation 1 Cryptography Lattice-based cryptography Recalls 2 Lattices Cryptography and ideal lattices Cyclotomic and multiquadratic fields Our work 3 General Framework Procedures Results Andrea LESAVOUREY Multicubic fields 3 / 39

  4. Post-quantum cryptography ⋆ Two main mathematical problems : Factorization and Discrete Logarithm. Andrea LESAVOUREY Multicubic fields 4 / 39

  5. Post-quantum cryptography ⋆ Two main mathematical problems : Factorization and Discrete Logarithm. ⋆ Quantum computers break these problems (Shor 1994) Andrea LESAVOUREY Multicubic fields 4 / 39

  6. Post-quantum cryptography ⋆ Two main mathematical problems : Factorization and Discrete Logarithm. ⋆ Quantum computers break these problems (Shor 1994) ⋆ The American National Security Agency (NSA) announced they were considering quantum computers as a real threat and were moving towards post-quantum cryptography. Andrea LESAVOUREY Multicubic fields 4 / 39

  7. Post-quantum cryptography ⋆ Two main mathematical problems : Factorization and Discrete Logarithm. ⋆ Quantum computers break these problems (Shor 1994) ⋆ The American National Security Agency (NSA) announced they were considering quantum computers as a real threat and were moving towards post-quantum cryptography. ⋆ April 2016 : The American National Institute for Standards and Technology (NIST) announced it will launch a call for standardization for post-quantum cryptosystems. − → now in Round 2. Andrea LESAVOUREY Multicubic fields 4 / 39

  8. Lattice-based cryptography ⋆ One family of post-quantum cryptography is based on euclidean lattices. ⋆ For efficiency reasons we use structured lattices e.g. ideal lattices. Andrea LESAVOUREY Multicubic fields 5 / 39

  9. Related art We are interested in the following problem : Given a principal ideal of a number field K find a short generator of K . (SG-PIP) ⋆ Cramer, Ducas, Peikert, Regev (2016): quantum polynomial-time or classical 2 n 2 / 3 + ǫ -time algorithm to solve Short Generator Principal Ideal Problem (SG-PIP) on cyclotomic fields ⋆ Bauch, Bernstein, de Valence, Lange, van Vredendaal (2017): classical polynomial-time algorithm to solve SG-PIP on a class of multiquadratic fields Andrea LESAVOUREY Multicubic fields 6 / 39

  10. Outline Motivation 1 Cryptography Lattice-based cryptography Recalls 2 Lattices Cryptography and ideal lattices Cyclotomic and multiquadratic fields Our work 3 General Framework Procedures Results Andrea LESAVOUREY Multicubic fields 7 / 39

  11. General Context Definition We call lattice any discrete subgroup L of R n where n is a positive integer i.e. a free Z -submodule of R n Andrea LESAVOUREY Multicubic fields 8 / 39

  12. General Context Definition We call lattice any discrete subgroup L of R n where n is a positive integer i.e. a free Z -submodule of R n Any set B of free vector which generates L is called a basis. Andrea LESAVOUREY Multicubic fields 8 / 39

  13. General Context Definition We call lattice any discrete subgroup L of R n where n is a positive integer i.e. a free Z -submodule of R n Any set B of free vector which generates L is called a basis. Andrea LESAVOUREY Multicubic fields 8 / 39

  14. General Context Definition We call lattice any discrete subgroup L of R n where n is a positive integer i.e. a free Z -submodule of R n Any set B of free vector which generates L is called a basis. There are infinitely many basis Andrea LESAVOUREY Multicubic fields 8 / 39

  15. General Context Definition We call lattice any discrete subgroup L of R n where n is a positive integer i.e. a free Z -submodule of R n Any set B of free vector which generates L is called a basis. There are infinitely many basis Some are consider better than others : orthogonality, short vectors Andrea LESAVOUREY Multicubic fields 8 / 39

  16. Problems on lattices Andrea LESAVOUREY Multicubic fields 9 / 39

  17. Problems on lattices Shortest Vector Problem (SVP) : Find the shortest vector of L . Note λ 1 ( L ) its norm. Andrea LESAVOUREY Multicubic fields 9 / 39

  18. Problems on lattices γ × λ 1 ( L ) γ -Approximate Shortest Vector Problem ( γ -SVP) : Find a vector of L with norm less than γ × λ 1 ( L ) Andrea LESAVOUREY Multicubic fields 9 / 39

  19. Problems on lattices t Closest Vector Problem (CVP): Given t a target vector, find a vector of L closest to t Andrea LESAVOUREY Multicubic fields 9 / 39

  20. Problems on lattices t Approximate Closest Vector Problem ( γ -CVP): Given t a target vector, find a vector of L within distance γ × d ( t , L ) of t Andrea LESAVOUREY Multicubic fields 9 / 39

  21. Ideal lattices We consider here several objects : Andrea LESAVOUREY Multicubic fields 10 / 39

  22. Ideal lattices We consider here several objects : ⋆ K a number field i.e. a finite extension of Q Q [ X ] K ≃ ( P ( X )) Andrea LESAVOUREY Multicubic fields 10 / 39

  23. Ideal lattices We consider here several objects : ⋆ K a number field i.e. a finite extension of Q Q [ X ] K ≃ ( P ( X )) ⋆ O K , the ring of integers of K O K = { x ∈ K | ∃ Q ( X ) ∈ Z [ X ] monic , Q ( x ) = 0 } Andrea LESAVOUREY Multicubic fields 10 / 39

  24. Ideal lattices We consider here several objects : ⋆ K a number field i.e. a finite extension of Q Q [ X ] K ≃ ( P ( X )) ⋆ O K , the ring of integers of K O K = { x ∈ K | ∃ Q ( X ) ∈ Z [ X ] monic , Q ( x ) = 0 } ⋆ O × K the group of units of O K (or K ) � � u ∈ O K | u − 1 ∈ O K O × K = Andrea LESAVOUREY Multicubic fields 10 / 39

  25. Ideal lattices We consider here several objects : ⋆ K a number field i.e. a finite extension of Q Q [ X ] K ≃ ( P ( X )) ⋆ O K , the ring of integers of K O K = { x ∈ K | ∃ Q ( X ) ∈ Z [ X ] monic , Q ( x ) = 0 } ⋆ O × K the group of units of O K (or K ) � � u ∈ O K | u − 1 ∈ O K O × K = ⋆ I an ideal of O × K i.e. an additive subgroup stable by multiplication. ⋄ principal ideals : generated by an element i.e g O K Andrea LESAVOUREY Multicubic fields 10 / 39

  26. Log-unit lattice Let r 1 be the number of real embeddings of K and 2 r 2 be the number of complex embeddings. We have n = r 1 + 2 r 2 . Andrea LESAVOUREY Multicubic fields 11 / 39

  27. Log-unit lattice Let r 1 be the number of real embeddings of K and 2 r 2 be the number of complex embeddings. We have n = r 1 + 2 r 2 . Consider the Log morphism defined on K \ { 0 } by Log ( x ) := ( log | σ i ( x ) | ) i = 1 ,..., n . Andrea LESAVOUREY Multicubic fields 11 / 39

  28. Log-unit lattice Let r 1 be the number of real embeddings of K and 2 r 2 be the number of complex embeddings. We have n = r 1 + 2 r 2 . Consider the Log morphism defined on K \ { 0 } by Log ( x ) := ( log | σ i ( x ) | ) i = 1 ,..., n . K ≃ Z m Z × Z r 1 + r 2 − 1 . O × Andrea LESAVOUREY Multicubic fields 11 / 39

  29. Log-unit lattice Let r 1 be the number of real embeddings of K and 2 r 2 be the number of complex embeddings. We have n = r 1 + 2 r 2 . Consider the Log morphism defined on K \ { 0 } by Log ( x ) := ( log | σ i ( x ) | ) i = 1 ,..., n . K ≃ Z m Z × Z r 1 + r 2 − 1 . O × Log ( O × K ) is a lattice of rank r 1 + r 2 − 1. Andrea LESAVOUREY Multicubic fields 11 / 39

  30. Cryptography and ideal lattices Consider K and O K as before. Moreover let I = g O K be a principal ideal where g is supposed to be short as a vector. Andrea LESAVOUREY Multicubic fields 12 / 39

  31. Cryptography and ideal lattices Consider K and O K as before. Moreover let I = g O K be a principal ideal where g is supposed to be short as a vector. We are focusing on cryptosystems such that : ⋆ I is public, given by integral basis for example Andrea LESAVOUREY Multicubic fields 12 / 39

  32. Cryptography and ideal lattices Consider K and O K as before. Moreover let I = g O K be a principal ideal where g is supposed to be short as a vector. We are focusing on cryptosystems such that : ⋆ I is public, given by integral basis for example ⋆ g is private. Andrea LESAVOUREY Multicubic fields 12 / 39

  33. Cryptography and ideal lattices An attack on such a cryptosystem can be decomposed in two steps : Andrea LESAVOUREY Multicubic fields 13 / 39

  34. Cryptography and ideal lattices An attack on such a cryptosystem can be decomposed in two steps : 1. Find a generator h = gu of I ( u ∈ O × K ) Andrea LESAVOUREY Multicubic fields 13 / 39

  35. Cryptography and ideal lattices An attack on such a cryptosystem can be decomposed in two steps : 1. Find a generator h = gu of I ( u ∈ O × K ) 2. Find g given h . Andrea LESAVOUREY Multicubic fields 13 / 39

  36. Cryptography and ideal lattices An attack on such a cryptosystem can be decomposed in two steps : 1. Find a generator h = gu of I ( u ∈ O × K ) 2. Find g given h . The second step can be viewed as a search for a unit v such that hv is short : it is a reducing phase Andrea LESAVOUREY Multicubic fields 13 / 39

Recommend

Ideal Lattices and Ring-LWE: Overview and Open Problems Chris Peikert Georgia Institute of

Ideal Lattices and Ring-LWE: Overview and Open Problems Chris Peikert Georgia Institute of

Ideal Lattices and Ring-LWE: Overview and Open Problems Chris Peikert Georgia Institute of Technology ICERM 23 April 2015 1 / 16 Agenda 1 Ring-LWE and its hardness from ideal lattices 2 Open questions Selected bibliography: LPR10 V.

810 views • 77 slides
More Efficient Cryptographic Multilinear Maps from Ideal Lattices Ron Steinfeld Clayton School

More Efficient Cryptographic Multilinear Maps from Ideal Lattices Ron Steinfeld Clayton School

Introduction GGH Construction GGHLite Conclusions More Efficient Cryptographic Multilinear Maps from Ideal Lattices Ron Steinfeld Clayton School of IT Monash University, Australia (Based on joint work with A. Langlois and D. Stehl e, ENS

706 views • 39 slides
A subfield-logarithm attack against ideal lattices, part 1: the number-field sieve D. J.

A subfield-logarithm attack against ideal lattices, part 1: the number-field sieve D. J.

A subfield-logarithm attack against ideal lattices, part 1: the number-field sieve D. J. Bernstein University of Illinois at Chicago & Technische Universiteit Eindhoven Sieving small integers 0 using primes 2 3 5 7: 1

646 views • 42 slides
Standard lattices of compatibly embedded finite fields Luca De Feo, Hugues Randriam, douard

Standard lattices of compatibly embedded finite fields Luca De Feo, Hugues Randriam, douard

Context Overview Standard lattices Standard lattices of compatibly embedded finite fields Luca De Feo, Hugues Randriam, douard Rousseau JNCF 2019 1 / 22 Context Overview Standard lattices C ONTENTS Context Overview Standard lattices

382 views • 36 slides
Algorithms for Breakthrough STOC 2009 Gentry multiquadratic number fields cryptosystem Fully

Algorithms for Breakthrough STOC 2009 Gentry multiquadratic number fields cryptosystem Fully

1 2 Algorithms for Breakthrough STOC 2009 Gentry multiquadratic number fields cryptosystem Fully homomorphic encryption using ideal lattices D. J. Bernstein was broken several years later, under reasonable assumptions. Jens Bauch,

2.01k views • 183 slides
Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and

Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and

Partitioning via Non-Linear Polynomial Functions: More Compact IBEs from Ideal Lattices and Bilinear Maps Shuichi Katsumata (The University of Tokyo) Shota Yamada (AIST) ASIACRYPT Born in 1991 (Japan) Me Born in 1991 (Japan) Background

850 views • 62 slides
On Ideal Lattices and Learning With Errors Over Rings Vadim Lyubashevsky 1 Chris Peikert 2 Oded

On Ideal Lattices and Learning With Errors Over Rings Vadim Lyubashevsky 1 Chris Peikert 2 Oded

On Ideal Lattices and Learning With Errors Over Rings Vadim Lyubashevsky 1 Chris Peikert 2 Oded Regev 1 1 Tel Aviv University 2 Georgia Institute of Technology Eurocrypt 2010 1 / 12 The Learning With Errors Problem [Regev05]

819 views • 59 slides
How Ideal Lattices unlocked Fully Homomorphic Encryption Francisco Jos e VIAL PRADO December

How Ideal Lattices unlocked Fully Homomorphic Encryption Francisco Jos e VIAL PRADO December

How Ideal Lattices unlocked Fully Homomorphic Encryption Francisco Jos e VIAL PRADO December 10, 2014 Ph.D. advisor : Louis GOUBIN Introduction Gentrys IL scheme Other FHE schemes Open questions This talk Introduction Gentrys

718 views • 58 slides
Lattices from Maximal Quaternion Orders with Full Diversity Cintya Wink de Oliveira Benedito

Lattices from Maximal Quaternion Orders with Full Diversity Cintya Wink de Oliveira Benedito

Lattices from Maximal Quaternion Orders with Full Diversity Cintya Wink de Oliveira Benedito Postdoctoral Research Associate at University of Campinas - IMECC/UNICAMP Scholarship: CNPq Poster proposal: Construct ideal lattices on totally

152 views • 4 slides
Ring of Integers of Abelian Number Fields and Algebraic Lattices Robson Ricardo de Araujo

Ring of Integers of Abelian Number Fields and Algebraic Lattices Robson Ricardo de Araujo

Ring of Integers of Abelian Number Fields and Algebraic Lattices Robson Ricardo de Araujo dearaujorobsonricardo@gmail.com Prof. Dr. Antonio Aparecido de Andrade (orientador) andrade@ibilce.unesp.br SP Coding and Information School January

367 views • 5 slides
Short Bases of Lattices over Number Fields Claus Fieker Damien Stehl e University of Sydney/

Short Bases of Lattices over Number Fields Claus Fieker Damien Stehl e University of Sydney/

Overview The Result The Technique Example Conclusion Short Bases of Lattices over Number Fields Claus Fieker Damien Stehl e University of Sydney/ Magma LIP CNRS/ENSL/U. Lyon/INRIA/UCBL ANTS-IX, July 2010 Overview The Result The

387 views • 19 slides
Improvements to ideal class group and regulator computation in real quadratic number fields cois

Improvements to ideal class group and regulator computation in real quadratic number fields cois

Outline Introduction Classical Algorithms Practical improvements Improvements to ideal class group and regulator computation in real quadratic number fields cois Biasse 1 , Michael J. Jacobson Jr 2 Jean-Fran 1 Ecole polytechnique, 2

1.35k views • 112 slides
Some Quasi-Periodic and almost periodic solutions in coupled map lattices and flows E. Fontich,

Some Quasi-Periodic and almost periodic solutions in coupled map lattices and flows E. Fontich,

Some Quasi-Periodic and almost periodic solutions in coupled map lattices and flows E. Fontich, Y. Sire D. Blazevski R. de la Llave Georgia Institute of Technology http://www.ma.utexas.edu/mp arc-bin/mpa?yn=12-26 Hamiltonian PDEs, Fields

952 views • 61 slides
How SMPng Works and Why It Doesn't Work The Way You Think NYC*BUG February 6, 2013 John Baldwin

How SMPng Works and Why It Doesn't Work The Way You Think NYC*BUG February 6, 2013 John Baldwin

How SMPng Works and Why It Doesn't Work The Way You Think NYC*BUG February 6, 2013 John Baldwin jhb@FreeBSD.org Ideal SMP Ideal Ideal SMP Ideal Best Ideal SMP Ideal Best Decent Ideal SMP Ideal Best Decent Hump Ideal SMP Ideal

886 views • 21 slides
Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems

Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems

Recall Cycle-Free Codes and Lattices Lattices from Codes Codes from Lattices Lattices from Codes or Codes from Lattices Amin Sakzad Dept of Electrical and Computer Systems Engineering Monash University amin.sakzad@monash.edu Oct. 2013

851 views • 55 slides
Lecture 9: Theta functions and lattices May 12, 2020 1 / 7 Lattices in R n A lattice is an

Lecture 9: Theta functions and lattices May 12, 2020 1 / 7 Lattices in R n A lattice is an

Lecture 9: Theta functions and lattices May 12, 2020 1 / 7 Lattices in R n A lattice is an additive subgroup R n such that Z n ( is free on n generators) b Z R R n ( spans the whole real vector space) # n +

246 views • 7 slides
Transcendental lattices and supersingular reduction lattices of a singular K3 surface Keio, 2007

Transcendental lattices and supersingular reduction lattices of a singular K3 surface Keio, 2007

Transcendental lattices and supersingular reduction lattices of a singular K3 surface Keio, 2007 September Ichiro Shimada (Hokkaido University, Sapporo, JAPAN) By a lattice, we mean a finitely generated free Z -module equipped with a

611 views • 31 slides
Lattices from Octonion Algebras Octonion Algebras Lattices via Octonion Algebras Nelson G.

Lattices from Octonion Algebras Octonion Algebras Lattices via Octonion Algebras Nelson G.

Nelson, Cintya, Sueli Lattices Lattices from Octonion Algebras Octonion Algebras Lattices via Octonion Algebras Nelson G. Brasil Junior 1 Cintya W. O. Benedito 2 Examples Sueli I. R. Costa 1 1 Institute of Mathematics, Statistics and

650 views • 6 slides
Unification on Subvarieties of Introduction Algebraic Unification Pseudocomplemented lattices

Unification on Subvarieties of Introduction Algebraic Unification Pseudocomplemented lattices

Unification on Subvarieties of Pseudocomple- mented lattices L.M. Cabrer Unification on Subvarieties of Introduction Algebraic Unification Pseudocomplemented lattices Fragments of Heyting algebras P-Lattices Definition Duality

570 views • 33 slides
Computational complexity of lattice problems and cyclic lattices Lenny Fukshansky Claremont

Computational complexity of lattice problems and cyclic lattices Lenny Fukshansky Claremont

Lattices Computational complexity Complexity of cyclic lattices Well-rounded cyclic lattices Computational complexity of lattice problems and cyclic lattices Lenny Fukshansky Claremont McKenna College Undergraduate Summer Research Program

1.17k views • 65 slides
Some topological lattices. Walter Taylor Algebras Lattices in Hawaii 2018 Honoring R. Freese, W.

Some topological lattices. Walter Taylor Algebras Lattices in Hawaii 2018 Honoring R. Freese, W.

Some topological lattices. Walter Taylor Algebras Lattices in Hawaii 2018 Honoring R. Freese, W. Lampe, J. B. Nation May 24, 2018 Our subject matter. We will be concerned with some finite two-dimensional simplicial complexes, such as (Three

796 views • 57 slides
Order and lattices from graphs Spring School SGT 2018 Set e, June 11-15, 2018 Stefan Felsner

Order and lattices from graphs Spring School SGT 2018 Set e, June 11-15, 2018 Stefan Felsner

Order and lattices from graphs Spring School SGT 2018 Set e, June 11-15, 2018 Stefan Felsner Technische Universit at Berlin Outline Orders and Lattices Definitions The Fundamental Theorem Dimension and Planarity Lattices and Graphs

251 views • 10 slides
PV = nRT 0C and a pressure of 1140 mm Hg. Calculate the number of Ideal gas equation: moles

PV = nRT 0C and a pressure of 1140 mm Hg. Calculate the number of Ideal gas equation: moles

The Ideal Gas Law The Ideal Gas Law Summarizes all the Gas Laws: Charles: V directly proportional T Boyle: V inversely proportional P V/T = K V P x V = K T v Absolute zero = 0 Kelvin P V/n = K Avogadro: V directly proportional n

497 views • 3 slides
Spectrum problems for structures arising from lattices and rings lattices and rings

Spectrum problems for structures arising from lattices and rings lattices and rings

Spectrum problems for structures arising from Spectrum problems for structures arising from lattices and rings lattices and rings Hochsters Theorem for commutative Friedrich Wehrung unital rings Stone duality for bounded

1.66k views • 125 slides

More recommend