We demonstrate the practicality of post-quantum key exchange by constructing ciphersuites for the Transport Layer Security (TLS) protocol that provide key exchange based on the ring learning with errors (R-LWE)
在格密码中,我们接触最多的应该是 LWE (Learning with Error) 和Ring-LWE (Ring Learning with Error,简称RLWE)。LWE在网络上已经有很多详细介绍了,但是RLWE介绍非常少,所以,我决定做一个RLWE的专题系列。 一、SIS和LWE 在将RLWE之前,我们还是得先看一下SIS和LWE。LWE大家比较熟悉了,那么SIS是什么呢?short int...
The learning with errors over rings (Ring-LWE) problem鈥攐r more accurately, family of problems鈥攈as emerged as a promising foundation for cryptography due to its practical efficiency, conjectured quantum resistance, and provable worst-case hardness: breaking certain instantiations of Ring-LWE is ...
The functional encryption scheme designed using the lattice can realize fine-grained encryption and it can resist quantum attacks. Unfortunately, the sizes of the keys and ciphertexts in cryptographic applications based on learning with errors are large,
increasing interest from both companies and government agencies in building quantum computers, a number of works have proposed instantiations of practical post-quantum key exchange protocols based on hard problems in ideal lattices, mainly based on the Ring Learning With Errors (R-L...
Furst, Michael J. Kearns, and Richard J. Lipton. Cryptographic primitives based on hard learning problems. In CRYPTO, pages 278–291, 1993. Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. J. ACM, 56(6), 2009. Preliminary version in STOC 2005....
Among the leading candidates for post-quantum public key encryption (PKE) schemes are those based on the Learning with Errors (LWE) problem and its ring equivalent (Ring-LWE). Starting with the seminal work of Regev [29], there has been considerable work on various aspects of designing public...
Vaikuntanathan 2 The Ring LWE Problem, and Variants In this section, we describe a variant of the “ring learning with errors” (RLWE) assumption of Lyubaskevsky, Peikert and Regev [26], that we call polynomial LWE (or, PLWE). This assumption is in fact implicit in [26], and can ...
Regev[6] introduced Learning With Errors (LWE) problem supported by a theoretical proof of security over lattice. However, a large parameter matrixAlimits its efficiency. Lyubashevsky etal.[7] proposed Ring-Learning With Errors (Ring-LWE) over polynomial ring to avoid the large matrix. Although ...
There are three main branches of postquantum cryptosystems: based on codes, on multivariate quadratic equations or on lattices [1]. Lattice-based cryptographic constructions, founded on thelearning with errors(LWE) problem [21] and its ring variant known as ring-LWE problem [15], have become a...