Rachid El Bansarkhani

Improvement and Efficient Implementation of a Lattice-Based Signature Scheme

Lattice-based signature schemes constitute an interesting alternative to RSA and discrete logarithm based systems which may become insecure in the future, for example due to the possibility of quantum attacks. A particularly interesting scheme in this context is the GPV signature schemei?ź[ GPV08 ] combined with the trapdoor construction from Micciancio and Peikerti?ź[ MP12 ] as it admits strong security proofs and is believed to be very efficient in practice. This paper confirms this belief and shows how to improve the GPV scheme in terms of space and running time and presents an implementation of the optimized scheme. A ring variant of this scheme is also introduced which leads to a more efficient construction. Experimental results show that GPV with the new trapdoor construction is competitive to the signature schemes that are currently used in practice.

High-Speed Signatures from Standard Lattices

At CT-RSA 2014 Bai and Galbraith proposed a lattice-based signature scheme optimized for short signatures and with a security reduction to hard standard lattice problems. In this work we first refine the security analysis of the original work and propose a new 128-bit secure parameter set chosen for software efficiency. Moreover, we increase the acceptance probability of the signing algorithm through an improved rejection condition on the secret keys. Our software implementation targeting Intel CPUs with AVX/AVX2 and ARM CPUs with NEON vector instructions shows that even though we do not rely on ideal lattices, we are able to achieve high performance. For this we optimize the matrix-vector operations and several other aspects of the scheme and finally compare our work with the state of the art.

Lightweight energy consumption-based intrusion detection system for wireless sensor networks

Wireless sensor networks are increasingly used in industrial settings and in safety-critical applications, generating a financial and social impact. Complementing to cryptographic means to protect the communication, it is desirable to monitor the performance of the system and detect attackers during operation. However, existing intrusion detection systems are too resource-demanding. In this paper, we propose a lightweight, energy-efficient system, which makes use of mobile agents to detect intrusions based on the energy consumption of the sensor nodes as a metric. A linear regression model is applied to predict the energy consumption. Simulation results indicate that denial-of-service attacks, such as flooding, can be detected with high accuracy, while keeping the number of false-positives very low.

Towards Lattice Based Aggregate Signatures

We propose the first lattice-based sequential aggregate signature (SAS) scheme that is provably secure in the random oracle model. As opposed to factoring and number theory based systems, the security of our construction relies on worst-case lattice problems. Generally speaking, SAS schemes enable any group of signers ordered in a chain to sequentially combine their signatures such that the size of the aggregate signature is much smaller than the total size of all individual signatures. This paper shows how to instantiate our construction with trapdoor function families and how to generate aggregate signatures resulting in one single signature. In particular, we instantiate our construction with the provably secure NTRUSign signature scheme presented by Stehle and Steinfeld at Eurocrypt 2011. This setting allows to generate aggregate signatures being asymptotically as large as individual ones and thus provide optimal compression rates as known from RSA based SAS schemes.

An efficient lattice-based secret sharing construction

This paper presents a new construction of a lattice-based verifiable secret sharing scheme. Our proposal is based on lattices and the usage of linear hash functions to enable each participant to verify its received secret share. The security of this scheme relies on the hardness of some well known approximation problems in lattices such as nc-approximate SVP. Different to protocols proposed by Pedersen this scheme uses efficient matrix vector operations instead of exponentiation to verify the secret shares.

Augmented Learning with Errors: The Untapped Potential of the Error Term

The Learning with Errors (LWE) problem has gained a lot of attention in recent years leading to a series of new cryptographic applications. Interestingly, cryptographic primitives based on LWE often do not exploit the full potential of the error term beside of its importance for security. To this end, we introduce a novel LWE-close assumption, namely Augmented Learning with Errors (A-LWE), which allows one to hide auxiliary data injected into the error term by a technique that we call message embedding. In particular, it enables existing cryptosystems to strongly increase the message throughput per ciphertext. We show that A-LWE is for certain instantiations at least as hard as the LWE problem. This inherently leads to new cryptographic constructions providing high data load encryption and customized security properties as required, for instance, in economic environments such as stock markets resp. for financial transactions. The security of those constructions basically stems from the hardness to solve the A-LWE problem.As an application we introduce (among others) the first lattice-based replayable chosen-ciphertext secure encryption scheme from A-LWE.

An Efficient Lattice-Based Multisignature Scheme with Applications to Bitcoins

Multisignature schemes constitute important primitives when it comes to save the storage and bandwidth costs in presence of multiple signers. Such constructions are extensively used in financial applications such as Bitcoins, where more than one key is required in order to authorize Bitcoin transactions. However, many of the current state-of-the-art multisignature schemes are based on the RSA or discrete-log assumptions, which may become insecure in the future, for example due to the possibility of quantum attacks. In this paper we propose a new multisignature scheme that is built on top of the intractability of lattice problems that remain hard to solve even in presence of powerful quantum computers. The size of a multisignature is quasi optimal and our scheme can also easily be transformed into a more general aggregate signature scheme. Finally, we give an efficient implementation of the scheme which testifies its practicality and competitive capacity.

MQSAS - A Multivariate Sequential Aggregate Signature Scheme

(Sequential) Aggregate signature schemes enable a group of users \(u_1, \dots , u_k\) with messages \(m_1, \dots , m_k\) to produce a single signature \(\varSigma \) which states the integrity and authenticity of all the messages \(m_1, \dots , m_k\). The length of the signature \(\varSigma \) is thereby significantly shorter than a concatenation of individual signatures. Therefore, aggregate signatures can improve the efficiency of numerous applications, e.g. the BGPsec protocol of Internet routing and the development of new efficient aggregate signature schemes is an important task for cryptographic research. On the other hand, most of the existing schemes for aggregate signatures are based on number theoretic problems and therefore become insecure as soon as large enough quantum computers come into existence. In this paper, we propose a technique to extend multivariate signature schemes such as HFEv- to sequential aggregate signature schemes. By doing so, we create the first multivariate signature scheme of this kind, which is, at the same time, also one of the first post-quantum aggregate signature schemes. Our scheme is very efficient and offers compression rates that outperform current lattice-based constructions for practical parameters.

Code-Based Identification and Signature Schemes in Software

In this paper we present efficient implementations of several code-based identification schemes, namely the Stern scheme, the Veron scheme and the Cayrel-Veron-El Yousfi scheme. We also explain how to derive and implement signature schemes from the previous identification schemes using the Fiat-Shamir transformation. For a security of 80 bits and a document to be signed of size 1 kByte, we reach a signature in about 4 ms on a standard CPU.

An Efficient and Secure Coding-Based Authenticated Encryption Scheme

An authenticated encryption (AE) scheme is a better way to simultaneously provide privacy and authenticity. This paper presents a new and efficient two-pass AE scheme, called SCAE, which is different from previously proposed ones based on number theoretic problems such as factoring and discrete logarithm problem or block ciphers. The proposed scheme is based on coding theory and is the first AE scheme of this type. Its security is related to the hardness of the regular syndrome decoding problem. The security requirement of privacy and that of authenticity are also proved. Additionally, the performance of SCAE is comparable to that of the other efficient schemes from the theoretical point of view. A software or hardware implementation of the proposed scheme is left open as future work to show its speed in practice.