Daniel Cabarcas

Discrete Ziggurat: A Time-Memory Trade-Off for Sampling from a Gaussian Distribution over the Integers

Several lattice-based cryptosystems require to sample from a discrete Gaussian distribution over the integers. Existing methods to sample from such a distribution either need large amounts of memory or they are very slow. In this paper we explore a different method that allows for a flexible time-memory trade-off, offering developers freedom in choosing how much space they can spare to store precomputed values. We prove that the generated distribution is close enough to a discrete Gaussian to be used in lattice-based cryptography. Moreover, we report on an implementation of the method and compare its performance to existing methods from the literature. We show that for large standard deviations, the Ziggurat algorithm outperforms all existing methods.

Integrity, authenticity, non-repudiation, and proof of existence for long-term archiving

The world increasingly depends on archives to store digital documents, such as land registers and medical records, for long periods of time. For stored documents to remain trustworthy, archives must provide proofs that a document existed on a certain date and has not been changed since. In addition, in many cases, the origin of the document must be verifiable and the originator must not be able to repudiate that she is the originator. In this paper, we survey the solutions that provide the above protection goals in the long term. We analyze and compare the solutions with respect to their functionalities (which protection goals do they achieve?), the trust assumptions they require, and their performance. From this analysis and comparison, we deduce deficiencies of the current solutions and important research problems that must be solved in order to come up with protection solutions that are even more satisfactory.

Flexible partial enlargement to accelerate gröbner basis computation over F 2

Recent developments in multivariate polynomial solving algorithms have made algebraic cryptanalysis a plausible threat to many cryptosystems. However, theoretical complexity estimates have shown this kind of attack unfeasible for most realistic applications. In this paper we present a strategy for computing Grobner basis that challenges those complexity estimates. It uses a flexible partial enlargement technique together with reduced row echelon forms to generate lower degree elements–mutants. This new strategy surpasses old boundaries and obligates us to think of new paradigms for estimating complexity of Grobner basis computation. The new proposed algorithm computed a Grobner basis of a degree 2 random system with 32 variables and 32 equations using 30 GB which was never done before by any known Grobner bases solver.

Efficient ZHFE Key Generation

In this paper we present a new algorithm to construct the keys of the multivariate public key encryption scheme ZHFE. Constructing ZHFEs trapdoor involves finding a low degree polynomial of q-Hamming-weight-three, as an aid to invert a pair of q-Hamming-weight-two polynomials of high degree and high rank. This is done by solving a large sparse linear system of equations. We unveil the combinatorial structure of the system in order to reveal the hidden structure of the matrix associated with it. When the systems variables and equations are organized accordingly, an almost block diagonal shape emerges. We then exploit this shape to solve the system much faster than when ZHFE was first proposed. The paper presents the theoretical details explaining the structure of the matrix. We also present experimental data that confirms the notable improvement of the key generation complexity, which makes ZHFE more suitable for practical implementations.

Assessing trust in the long-term protection of documents

Digital archives rely on trusted parties, such as certification authorities, to ensure authenticity, integrity and proof of existence protection for documents. In this paper, we analyse the trust assumptions that a verifier has to make in order to trust in the protection of a document. We show that trust fades out in the long term due to the ever-growing number of trusted parties. Despite such a dire prospect, current technologies such as X.509 PKI do not assess trust, thereby leaving verifiers in the dark. We present a certification scheme for documents that provides verifiers with a better assessment of trust than in X.509 PKI. In the proposed scheme, trusted parties are rated based on the correctness of their performance. From the ratings, verifiers can assess quantitatively the trust in the trusted parties for the short term, and in the protection of documents for the long term. The proposed scheme encourages trusted parties to work properly.

Provably secure LWE encryption with smallish uniform noise and secret

In this paper we propose the first provably secure public key encryption scheme based on the Learning with Errors (LWE) problem, in which secrets and errors are sampled uniformly at random from a relatively small set rather than from the commonly used discrete Gaussian distribution. Using a uniform distribution, instead of a Gaussian, has the potential of improving computational efficiency a great deal due to its simplicity, thus making the scheme attractive for use in practice. At the same time our scheme features the strong security guarantee of being based on the hardness of worst-case lattice problems. After presenting the construction of our scheme we prove its security and propose asymptotic parameters. Finally, we compare our scheme on several measures to one of the most efficient LWE-based encryption schemes with Gaussian noise. We show that the expected efficiency improvement is debunked, due to the large blow-up of the parameter sets involved.

Key Recovery Attack for ZHFE

At PQCRYPTO 2014, Porras, Baena and Ding introduced ZHFE, an interesting new technique for multivariate post-quantum encryption. The scheme is a generalization of HFE in which a single low degree polynomial in the central map is replaced by a pair of high degree polynomials with a low degree cubic polynomial contained in the ideal they generate. We present a key recovery attack for ZHFE based on the independent discoveries of the low rank property of ZHFE by Verbel and by Perlner and Smith-Tone. Thus, although the two central maps of ZHFE have high degree, their low rank property makes ZHFE vulnerable to the Kipnis-Shamir (KS) rank attack. We adapt KS attack pioneered by Bettale, Faugere and Perret in application to HFE, and asymptotically break ZHFE.

Linear algebra to compute syzygies and Gröbner bases

In this paper, we introduce a new method to avoid zero reductions in Gröbner basis computation. We call this method LASyz, which stands for Lineal Algebra to compute Syzygies. LASyz uses exhaustively the information of both principal syzygies and non-trivial syzygies to avoid zero reductions. All computation is done using linear algebra techniques. LASyz is easy to understand and implement. The method does not require to compute Gröbner bases of subsequences of generators incrementally and it imposes no restrictions on the reductions allowed. We provide a complete theoretical foundation for the LASyz method and we describe an algorithm to compute Gröbner bases for zero dimensional ideals based on this foundation. A qualitative comparison with similar algorithms is provided and the performance of the algorithm is illustrated with experimental data.

Rank Analysis of Cubic Multivariate Cryptosystems.

In this work we analyze the security of cubic cryptographic constructions with respect to rank weakness. We detail how to extend the big field idea from quadratic to cubic, and show that the same rank defect occurs. We extend the min-rank problem and propose an algorithm to solve it in this setting. We show that for fixed small rank, the complexity is even lower than for the quadratic case. However, the rank of a cubic polynomial in n variables can be larger than n, and in this case the algorithm is very inefficient. We show that the rank of the differential is not necessarily smaller, rendering this line of attack useless if the rank is large enough. Similarly, the algebraic attack is exponential in the rank, thus useless for high rank.

Efficient Integer Encoding for Homomorphic Encryption via Ring Isomorphisms

Homomorphic encryption allows computation on encrypted data at the cost of a significant loss in efficiency. In this paper we propose a powerful integer encoding for homomorphic encryption. The proposed encoding offers more efficient and convenient homomorphic computations on integers compared to previously used methods. This is possible by making the message space of the encryption scheme isomorphic to an integer quotient ring. The encoding can be used across various lattice-based homomorphic encryption schemes such as NTRU and various ring-LWE based schemes. We analyse the efficiency of our proposed encoding, which shows a significant gain compared to a naive integer encoding for a ring-LWE based scheme.