[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2023/699

Lattice-based, more general anti-leakage model and its application in decentralization

Xiaokang Dai, University of Chinese Academy of Sciences, Beijing, 100049 China, Chongqing Key Laboratory of Automated Reasoning and Cognition,Chongqing Institute of Green and Intelligent Technology, Chongqing, 400714, China
Jingwei Chen, University of Chinese Academy of Sciences, Beijing, 100049 China, Chongqing Key Laboratory of Automated Reasoning and Cognition,Chongqing Institute of Green and Intelligent Technology, Chongqing, 400714, China
Wenyuan Wu, University of Chinese Academy of Sciences, Beijing, 100049 China, Chongqing Key Laboratory of Automated Reasoning and Cognition,Chongqing Institute of Green and Intelligent Technology, Chongqing, 400714, China
Yong Feng, University of Chinese Academy of Sciences, Beijing, 100049 China, Chongqing Key Laboratory of Automated Reasoning and Cognition,Chongqing Institute of Green and Intelligent Technology, Chongqing, 400714, China
Abstract

In the case of standard \LWE samples $(\mathbf{A},\mathbf{b = sA + e})$, $\mathbf{A}$ is typically uniformly over $\mathbb{Z}_q^{n \times m}$. Under the \DLWE assumption, the conditional distribution of $\mathbf{s}|(\mathbf{A}, \mathbf{b})$ and $\mathbf{s}$ is expected to be consistent. However, in the case where an adversary chooses $\mathbf{A}$ adaptively, the disparity between the two entities may be larger. In this work, our primary focus is on the quantification of the Average Conditional Min-Entropy $\tilde{H}_\infty(\mathbf{s}|\mathbf{sA + e})$ of $\mathbf{s}$, where $\mathbf{A}$ is chosen by the adversary. Brakerski and D\"{o}ttling answered the question in one case: they proved that when $\mathbf{s}$ is uniformly chosen from $\mathbb{Z}_q^n$, it holds that $\tilde{H}_\infty(\mathbf{s}|\mathbf{sA + e}) \varpropto \rho_\sigma(\Lambda_q(\mathbf{A}))$. We prove that for any $d \leq q$, when $\mathbf{s}$ is uniformly chosen from $\mathbb{Z}_d^n$ or is sampled from a discrete Gaussian distribution, there are also similar results. As an independent result, we have also proved the regularity of the hash function mapped to the prime-order group and its Cartesian product. As an application of the above results, we improved the multi-key fully homomorphic encryption\cite{TCC:BraHalPol17} and answered the question raised at the end of their work positively: we have GSW-type ciphertext rather than Dual-GSW, and the improved scheme has shorter keys and ciphertexts.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
Leftover hash lemmaLeakage resilient cryptographyMulti-key FHE
Contact author(s)
daixiaokang @ cigit ac cn
chenjingwei @ cigit ac cn
wuwenyuan @ cigit ac cn
yongfeng @ cigit ac cn
History
2024-04-19: last of 13 revisions
2023-05-16: received
See all versions
Short URL
https://ia.cr/2023/699
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/699,
      author = {Xiaokang Dai and Jingwei Chen and Wenyuan Wu and Yong Feng},
      title = {Lattice-based, more general anti-leakage model and its application in decentralization},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/699},
      year = {2023},
      url = {https://eprint.iacr.org/2023/699}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.