Broadcast Attacks against Lattice-based Cryptosystems*

More documents

Recommendations

Info

14 Thomas Plantard and Willy Susilo201816GGH Type AGGH Type BKnapsack Density 1Knapsack Density 2Random LatticeNumber of Broadcast Challenges14121086420 50 100 150 200 250 300Lattice DimensionFig. 1. Number of needed broadcast challenges to extract message from differentcryptosystems.concerned by our attacks. This is clearly due to the huge extension factor whichallows those cryptosystems to put a strong part of random and hence, thereis no common vector. For the same reason, the proposition of knapsack-basedprobabilistic encryption of [60] will be naturally resistant as well. In the samedirection, we remark that after some tests, NTRU lattices should be extremelyweak against intersecting lattices. However, the fact that half of its message israndom leads to a complete protection against broadcast attacks. Those remarksinspired an obvious countermeasure. Concerned cryptosystems have just to addto their messages a random part (e.g. a hash of the public key itself) that is sufficientlybig to prevent two messages to be equal under a reasonable probability.This is inline with the direction suggested in the traditional cryptography (e.g.[2,3]) to ensure the security in the IND-CCA sense. The cost of such countermeasure is an expansion factor which have repercussion in both space and timecomplexity. If the solution was known before, the utility of such counter measurewas never shown to be necessary. This is the result of this work. Nonetheless, ifthe solution is ‘simple’, some further techniques should be incorporated as forcryptosystems which resist to LLL attacks with two messages, after intersectioneven of only two messages, the new problem will be easier compared to theoriginal problem.
Broadcast Attacks against Lattice-based Cryptosystems 15Intersecting lattice has shown to be interesting to perform cryptanalysis.However, we believe that those kind of techniques can also lead to constructiveutilization as original from other techniques used generally in cryptography.References1. Håstad, J.: Solving simultaneous modular equations of low degree. SIAM J. Comput.17 (1988) 336–3412. Bellare, M., Boldyreva, A., Micali, S.: Public-key encryption in a multi-user setting:Security proofs and improvements. In: EUROCRYPT. (2000) 259–2743. Baudron, O., Pointcheval, D., Stern, J.: Extended notions of security for multicastpublic key cryptosystems. In: ICALP. (2000) 499–5114. Merkle, R.C., Hellman, M.E.: Hiding information and signatures in trapdoor knapsacks.IEEE Transactions on Information Theory IT-24 (1978) 525–5305. Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions onInformation Theory IT-22 (1976) 644–6546. Karp, K.M.: Reducibility among combinatorial problems. Complexity of ComputerComputations (1972)7. Shamir, A.: A polynomial time algorithm for breaking the basic merkle-hellmancryptosystem. In: CRYPTO. (1982) 279–2888. Shamir, A.: A polynomial-time algorithm for breaking the basic merkle-hellmancryptosystem. IEEE Transactions on Information Theory 30 (1984) 699–7049. Adleman, L.M.: On breaking generalized knapsack public key cryptosystems (abstract).In: STOC. (1983) 402–41210. Lagarias, J.C., Odlyzko, A.M.: Solving low-density subset sum problems. Journalof the ACM 32 (1985) 229–24611. Coster, M.J., LaMacchia, B.A., Odlyzko, A.M.: An iproved low-denisty subset sumalgorithm. In: EUROCRYPT. (1991) 54–6712. Coster, M.J., Joux, A., LaMacchia, B.A., Odlyzko, A.M., Schnorr, C.P., Stern, J.:Improved low-density subset sum algorithms. Computational Complexity 2 (1992)111–12813. Schnorr, C.P., Hörner, H.H.: Attacking the chor-rivest cryptosystem by improvedlattice reduction. In: EUROCRYPT. (1995) 1–1214. Omura, K., Tanaka, K.: Density attack to the knapsack cryptosystems with enumerativesource encoding. IEICE Trans Fundam Electron Commun Comput Sci87 (2004) 1564–156915. Chor, B., Rivest, R.L.: A knapsack-type public key cryptosystem based on arithmeticin finite fields. IEEE Transactions on Information Theory 34 (1988) 901–90916. Okamoto, T., Tanaka, K., Uchiyama, S.: Quantum public-key cryptosystems. In:CRYPTO. (2000) 147–16517. Odlyzko, A.M.: The rise and fall of knapsack cryptosystems. Cryptology andComputational Number Theory 42 (1990) 75–8818. Nguyen, P.Q., Stern, J.: Adapting density attacks to low-weight knapsacks. In:ASIACRYPT. (2005) 41–5819. Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-caseequivalence. In: Twenty-Ninth Annual ACM Symposium on the Theory of Computing(STOC 1997). (1997) 284–29320. Nguyen, P.Q., Stern, J.: Cryptanalysis of the ajtai-dwork cryptosystem. In: Advancesin Cryptology - CRYPTO 1998. (1998) 223–242
Page 1 and 2: Broadcast Attacks against Lattice-b
Page 4 and 5: 4 Thomas Plantard and Willy Susilop
Page 6 and 7: 6 Thomas Plantard and Willy SusiloD
Page 8 and 9: 8 Thomas Plantard and Willy SusiloD
Page 10 and 11: 10 Thomas Plantard and Willy Susilo

Broadcast Attacks against Lattice-based Cryptosystems*

Create successful ePaper yourself

Delete template?

Save as template?