increased efficiency and functionality through lattice
play

Increased efficiency and functionality through lattice-based - PowerPoint PPT Presentation

Dec 30, 2023 •171 likes •850 views

Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS, CNRS, PSL Research University, INRIA (Internship at CryptoExperts, Paris) ECRYPT-NET School on Correct and Secure Implementation Crete, Greece 8

  1. Increased efficiency and functionality through lattice-based cryptography Michele Minelli ENS, CNRS, PSL Research University, INRIA (Internship at CryptoExperts, Paris) ECRYPT-NET School on Correct and Secure Implementation – Crete, Greece 8 – 12 October 2017

  2. Why lattice-based cryptography?

  3. Why lattice-based cryptography? Conjectured hardness against quantum attacks

  4. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc.

  5. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc. Strong security guarantees from worst-case hardness

  6. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc. Strong security guarantees from worst-case hardness Versatility

  7. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc. Strong security guarantees from worst-case hardness Versatility We can build FHE

  8. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc. Strong security guarantees from worst-case hardness Versatility We can build FHE!

  9. Why lattice-based cryptography? Conjectured hardness against quantum attacks Simplicity, efficiency and parallelism: linear ops, rings, etc. Strong security guarantees from worst-case hardness Versatility We can build FHE! But we can build FHE also from other assumptions...

  10. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers .

  11. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD

  12. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m

  13. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption:

  14. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption: Hom. + : c 1 + c 2 = s ( r 11 + r 21 ) + q ( r 12 + r 22 ) + ( m 1 + m 2 )

  15. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption: Hom. + : c 1 + c 2 = s ( r 11 + r 21 ) + q ( r 12 + r 22 ) + ( m 1 + m 2 ) Hom. × : c 1 · c 2 = s ( · · · ) + q ( · · · ) + ( m 1 · m 2 )

  16. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption: Hom. + : c 1 + c 2 = s ( r 11 + r 21 ) + q ( r 12 + r 22 ) + ( m 1 + m 2 ) Hom. × : c 1 · c 2 = s ( · · · ) + q ( · · · ) + ( m 1 · m 2 ) Warning: huge numbers ahead

  17. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption: Hom. + : c 1 + c 2 = s ( r 11 + r 21 ) + q ( r 12 + r 22 ) + ( m 1 + m 2 ) Hom. × : c 1 · c 2 = s ( · · · ) + q ( · · · ) + ( m 1 · m 2 ) Parameter selection for FHE: | c | ≈ 2 · 10 7 bits | s | ≈ 2700 bits , | r 2 | ≈ 70 bits ,

  18. The DGHV scheme (extended to Z q ) Fully Homomorphic Encryption over the integers . Assumptions: approximate GCD Encryption: c = s · r 1 + q · r 2 + m return ( c mod s ) mod q Decryption: Hom. + : c 1 + c 2 = s ( r 11 + r 21 ) + q ( r 12 + r 22 ) + ( m 1 + m 2 ) Hom. × : c 1 · c 2 = s ( · · · ) + q ( · · · ) + ( m 1 · m 2 ) Parameter selection for FHE: | c | ≈ 2 · 10 7 bits | s | ≈ 2700 bits , | r 2 | ≈ 70 bits , But we don’t really need this

  19. The use case Final goal Enabling cooperation between law enforcement agencies

  20. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data.

  21. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009)

  22. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009)

  23. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009) April 28 November 25 June 18

  24. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009) April 28 November 25 June 18

  25. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009) April 28 November 25 June 18

  26. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009) 150 000 people intercepted! April 28 November 25 June 18

  27. The use case Final goal Enabling cooperation between law enforcement agencies, while maintaining an adequate level of privacy for citizens’ personal data. Concrete example (2009) 150 000 people intercepted! April 28 November 25 June 18 The intersection gives the criminals but... privacy?

  28. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain.

  29. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration

  30. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data

  31. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice

  32. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice Should use state-of-the-art but...

  33. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice Should use state-of-the-art but... AES-256 and RSA-1024

  34. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice Should use state-of-the-art but... AES-256 and RSA-1024 H : SHA-1

  35. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice Should use state-of-the-art but... AES-256 and RSA-1024 H : SHA-1

  36. Current situation EU Council Decision 2008/615/JHA Picks up a treaty signed in 2005 by Austria, Belgium, France, Germany, Luxembourg, the Netherlands and Spain. Goal: cross-border cooperation against terrorism, crime and illegal migration Tools: DNA, fingerprints and vehicle registration data In practice Should use state-of-the-art but... AES-256 and RSA-1024 H : SHA-1 Plus, there are other issues: fairness , privacy , . . .

  37. Improving the current situation Let’s say. . . France (FR) wants to query a DB with criminal records held by Germany (DE). Both countries recognize the authority of a Judge (JU).

  38. Improving the current situation Let’s say. . . France (FR) wants to query a DB with criminal records held by Germany (DE). Both countries recognize the authority of a Judge (JU). Our goals: DE does not learn FR’s query Even if authorized by JU, FR does not learn more than the records that match JU does not learn the result of the query

Recommend

How can an increased technical energy efficiency lead to increased energy consumption? Answers

How can an increased technical energy efficiency lead to increased energy consumption? Answers

How can an increased technical energy efficiency lead to increased energy consumption? Answers from an in-depth metering of the electricity demand in 400 Swedish households Peter Bennich Carlos Lopes Egil fverholm (corresponding author)

238 views • 23 slides
A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky

A History of Lattice-Based Encryption (in order of increasing efficiency) Vadim Lyubashevsky INRIA / ENS, Paris Lattice-Based Crypto & Applications 1 Bar-Ilan University, Israel 2012 Lattice-Based Encryption Schemes 1. NTRU [Hoffstein,

849 views • 47 slides
Applications of AMS There is a rich field of applications for AMS due to the increased efficiency

Applications of AMS There is a rich field of applications for AMS due to the increased efficiency

Applications of AMS There is a rich field of applications for AMS due to the increased efficiency and accuracy of radiocarbon dating. It ranges from geology, hydrology, oceanology, climatology, and a wide range of environmental applications

339 views • 29 slides
1 Typical Review Team Software Review Guidelines Developer -- presents the material

1 Typical Review Team Software Review Guidelines Developer -- presents the material

Software Qualities Maintainer Good Documentation Quality Assurance Readable Code Good Design Reliability Low Cost Correctness Portability Efficiency Increased Functionality productivity Ease of use Ease of learning Customer User

368 views • 7 slides
8/8/2007 Model Checking Motivation More and more complex systems Increased dependability

8/8/2007 Model Checking Motivation More and more complex systems Increased dependability

8/8/2007 Model Checking Motivation More and more complex systems Increased dependability : everything important Demonstration Of depends on computers SPIN SPIN Increased functionality : security, mobility Testing is becoming

202 views • 3 slides
Economy- wide CGE modelling of the multiple benefits of increased energy efficiency Prof.

Economy- wide CGE modelling of the multiple benefits of increased energy efficiency Prof.

Economy- wide CGE modelling of the multiple benefits of increased energy efficiency Prof. Karen Turner, Centre for Energy Policy, Univ. Strathclyde IPPI Presentation at BEIS, 16 th March 2017 ESRC grant ref: EP/M00760X/1 1 EPSRC EUED

426 views • 16 slides
THE BENEFITS OF RADIAL REAR TRACTOR TIRES RADIAL TIRES PROVIDE: INCREASED PRODUCTIVITY GREATER

THE BENEFITS OF RADIAL REAR TRACTOR TIRES RADIAL TIRES PROVIDE: INCREASED PRODUCTIVITY GREATER

THE BENEFITS OF RADIAL REAR TRACTOR TIRES RADIAL TIRES PROVIDE: INCREASED PRODUCTIVITY GREATER EFFICIENCY INCREASED COMFORT BETTER TRACTION INCREASED PRODUCTIVITY Reduced Working Hours INCREASED PRODUCTIVITY Lower Fuel Consumption

572 views • 12 slides
C C C C IP LINI Improved survival chances for critically ill patients Increased efficiency

C C C C IP LINI Improved survival chances for critically ill patients Increased efficiency

C C C C IP LINI Improved survival chances for critically ill patients Increased efficiency and safety in clinical practice C Closed Loop Insulin Infusion for Critically ll Patients Mission Approach improve survival chances close

337 views • 4 slides
Farm Mechanization for Increased Efficiency Richard Wiswall Cate Farm, Vermont March 2014

Farm Mechanization for Increased Efficiency Richard Wiswall Cate Farm, Vermont March 2014

Farm Mechanization for Increased Efficiency Richard Wiswall Cate Farm, Vermont March 2014 www.catefarm.com www.richardwiswall.com Acknowledgements This presentation was developed for UVM Extension New Farmer Project With funding from the

643 views • 47 slides
Trademark and Unfair Competition Law Slides 9: Functionality LAWS 7341-001 Prof. Kristelia

Trademark and Unfair Competition Law Slides 9: Functionality LAWS 7341-001 Prof. Kristelia

Trademark and Unfair Competition Law Slides 9: Functionality LAWS 7341-001 Prof. Kristelia Garca Class Outline Functionality Utilitarian (aka mechanical) functionality Aesthetic functionality Morton-Norwich

749 views • 18 slides
Lattice gas simulations Tony Kim Spring 2007 18.354 Project 1) Introducing the lattice gas;

Lattice gas simulations Tony Kim Spring 2007 18.354 Project 1) Introducing the lattice gas;

Lattice gas simulations Tony Kim Spring 2007 18.354 Project 1) Introducing the lattice gas; ntroducing the lattice gas; 2) Analytic description of the lattice gas; 3) Program objectives; 4) How to implement it (efficiently); 5)

321 views • 28 slides
Lattice QCD Outline 1. Lattice QCD (why and what) 2. Precision flavour physics 3. (g-2) on

Lattice QCD Outline 1. Lattice QCD (why and what) 2. Precision flavour physics 3. (g-2) on

Birmingham High Energy Physics Group - Particle Physics Seminar, University of Birmingham, 08.06.2016 Andreas Jttner Lattice QCD Outline 1. Lattice QCD (why and what) 2. Precision flavour physics 3. (g-2) on the lattice 4. Pushing

713 views • 52 slides
Lattice Points in Polytopes Richard P. Stanley U. Miami & M.I.T. A lattice polygon Georg

Lattice Points in Polytopes Richard P. Stanley U. Miami & M.I.T. A lattice polygon Georg

Lattice Points in Polytopes Richard P. Stanley U. Miami & M.I.T. A lattice polygon Georg Alexander Pick (18591942) P : lattice polygon in R 2 (vertices Z 2 , no self-intersections) Boundary and interior lattice points Picks

1.4k views • 120 slides
Lattice Methods in Field Theory Contents 1. Motivation 2. BasicsEuclidean quantisation 3.

Lattice Methods in Field Theory Contents 1. Motivation 2. BasicsEuclidean quantisation 3.

Lattice Methods in Field Theory Contents 1. Motivation 2. BasicsEuclidean quantisation 3. Lattice gauge fields Jonathan Flynn 4. Lattice fermions University of Southampton 5. Lattice QCD 6. Numerical simulations BUSSTEPP 2002

550 views • 22 slides
When is the lattice of closure operators on a subgroup lattice again a subgroup lattice? Martha

When is the lattice of closure operators on a subgroup lattice again a subgroup lattice? Martha

When is the lattice of closure operators on a subgroup lattice again a subgroup lattice? Martha Kilpack 1 and Arturo Magidin 2 1 Brigham Young University 2 University of Louisiana at Lafayette Groups St Andrews 2017 Martha Kilpack and Arturo

1.43k views • 77 slides
Review on Lattice Muon g-2 HVP Calculation Kohtaroh Miura (GSI Helmholtz-Instute Mainz) Lattice

Review on Lattice Muon g-2 HVP Calculation Kohtaroh Miura (GSI Helmholtz-Instute Mainz) Lattice

Introduction Challenges and Progresses Discussion Summary and Conclusions Review on Lattice Muon g-2 HVP Calculation Kohtaroh Miura (GSI Helmholtz-Instute Mainz) Lattice 2018, 36th International Symposium on Lattice Field Theory, Michigan

885 views • 49 slides
Trademark and Unfair Competition Law Slides 10: Utilitarian v. Aesthetic Functionality LAWS

Trademark and Unfair Competition Law Slides 10: Utilitarian v. Aesthetic Functionality LAWS

Trademark and Unfair Competition Law Slides 10: Utilitarian v. Aesthetic Functionality LAWS 7341-001 Prof. Kristelia Garca Class Outline Utilitarian Functionality Aesthetic Functionality 2 Disc Factors (9 th Cir.) Whether the

287 views • 9 slides
Raise the Roof Increased Rooftop Solar Efficiency Beyond Flat Panel PV February 19, 2015 SERDP

Raise the Roof Increased Rooftop Solar Efficiency Beyond Flat Panel PV February 19, 2015 SERDP

SERDP & ESTCP Webinar Series Raise the Roof Increased Rooftop Solar Efficiency Beyond Flat Panel PV February 19, 2015 SERDP & ESTCP Webinar Series Welcome and Introductions Rula Deeb, Ph.D. Webinar Coordinator Webinar Agenda

743 views • 57 slides
Constructing a Crystal Once you specify the lattice, you can then hang a

Constructing a Crystal Once you specify the lattice, you can then hang a

Constructing a Crystal Once you specify the lattice, you can then hang a collection of atoms off of each position in the lattice Important: every lattice point (point on the scaffold) must have the exact same environment.

304 views • 18 slides
Efficiency and Growth T. Gutowski 2.83 and 2.813 1 Efficiency and Growth Can efficiency

Efficiency and Growth T. Gutowski 2.83 and 2.813 1 Efficiency and Growth Can efficiency

Efficiency and Growth T. Gutowski 2.83 and 2.813 1 Efficiency and Growth Can efficiency improvements out run growth? Historical review of 10 activities including materials and electricity production and consumer services (Dahmus &

647 views • 62 slides
An approach from Lattice Computing to fMRI analysis Manuel Graa, Maite Garca-Sebastin, Ivan

An approach from Lattice Computing to fMRI analysis Manuel Graa, Maite Garca-Sebastin, Ivan

Introduction The Linear Mixing Model Lattice Independence and Lattice Autoassociative Memories Endmember Induction Heuristic Algorithm (EIHA) A case study Conclusions and discussion An approach from Lattice Computing to fMRI analysis Manuel

457 views • 31 slides
Lattice Calculation of PDFs Two Challenges. Euclidean lattice precludes the calculation of

Lattice Calculation of PDFs Two Challenges. Euclidean lattice precludes the calculation of

Lattice Calculation of PDFs Two Challenges. Euclidean lattice precludes the calculation of light-cone correlation functions So Use Operator-Product-Expansion to formulate in terms of Mellin Moments with respect to Bjorken x . Z d

317 views • 10 slides
Real Time Analytics Vertica A SQL analytic engine Built for Speed, Scale and Efficiency

Real Time Analytics Vertica A SQL analytic engine Built for Speed, Scale and Efficiency

Real Time Analytics Vertica A SQL analytic engine Built for Speed, Scale and Efficiency Supports standard SQL Provides rich Analytic functionality and is extensible Integrates well with Big Data ecosystem tools Runs on

618 views • 22 slides
The Lattice Project A Computational Grid System Presented by Adam Bazinet The Lattice Project

The Lattice Project A Computational Grid System Presented by Adam Bazinet The Lattice Project

The Lattice Project A Computational Grid System Presented by Adam Bazinet The Lattice Project The Lattice Project is primarily aimed at effectively sharing computational resources between departments and institutions, starting with those in

360 views • 12 slides

More recommend