Thomas Plantard

Selected RNS Bases for Modular Multiplication

The selection of the elements of the bases in an RNS modular multiplication method is crucial and has a great impact in the overall performance.This work proposes specific sets of optimal RNS moduli with elements of Hamming weight three whose inverses used in the MRS reconstruction have very small Hamming weight. This property is exploited in RNS bases conversions, to completely remove and replace the products by few additions/subtractions and shifts, reducing the time complexity of modular multiplication.These bases are specially crafted to computation with operands of sizes

Efficient multiplication in GF(p/sup k/) for elliptic curve cryptography

256

RNS bases and conversions

or more and are suitable for cryptographic applications such as the ECC protocols.

Broadcast Attacks against Lattice-Based Cryptosystems

We present a new multiplication algorithm for the implementation of elliptic curve cryptography (ECC) over the finite extension fields GF(p/sup k/) where p is a prime number greater than 2k. In the context of ECC we can assume that p is a 7-to-10-bit number, and easily find values for k which satisfy: p>2k, and for security reasons log/sub 2/(p)/spl times/k/spl sime/160. All the computations are performed within an alternate polynomial representation of the field elements which is directly obtained from the inputs. No conversion step is needed. We describe our algorithm in terms of matrix operations and point out some properties of the matrices that can be used to improve the design. The proposed algorithm is highly parallelizable and seems well adapted to hardware implementation of elliptic curve cryptosystems.

Fully Homomorphic Encryption Using Hidden Ideal Lattice

Residue Number Systems (RNS) allow the distribution of large dynamic range computations over small modular rings, which allows the speed up of computations. This feature is well known, and already used in both DSP and cryptography. Most of implementations use RNS bases of three elements to reduce the complexity of conversions, but if can increase the number of RNS modular computational channels, then we are able to compute over smaller rings and thus further increase the speed of computation. In this paper, we deal with conversion from RNS to RNS or RNS to standard representations of numbers. We find, in the literature, two classes of conversion algorithms: those directly based on the chinese remainder theorem and those which use an intermediate Mixed Radix representation. We analyze these two different methods, show where the choice of the base is important and discuss the base selection criteria. We deduce that MRS conversions offer more possibilities than the CRT conversions. We provide features of RNS bases which provide low complexity of both RNS computation and conversion. We introduce some examples of bases well suited for cryptography applications.

On the CCA-1 security of somewhat homomorphic encryption over the integers

In 1988, Hastad proposed the classical broadcast attack against public key cryptosystems. The scenario of a broadcast attack is as follows. A single message is encrypted by the sender directed for several recipients who have different public keys. By observing the ciphertexts only, an attacker can derive the plaintext without requiring any knowledge of any recipients secret key. Hastads attack was demonstrated on the RSA algorithm, where low exponents are used. In this paper, we consider the broadcast attack in the lattice-based cryptography, which interestingly has never been studied in the literature. We present a general method to rewrite lattice problems that have the same solution in one unique easier problem. Our method is obtained by intersecting lattices to gather the required knowledge. These problems are used in lattice based cryptography and to model attack on knapsack cryptosystems. In this work, we are able to present some attacks against both lattice and knapsack cryptosystems. Our attacks are heuristics. Nonetheless, these attacks are practical and extremely efficient. Interestingly, the merit of our attacks is not achieved by exploring the weakness of the trapdoor as usually studied in the literature, but we merely concentrate on the problem itself. As a result, our attacks have many security implications on most of the lattice-based or knapsack cryptosystems.

A Digital Signature Scheme based on CVP

All the existing fully homomorphic encryption schemes are based on three different problems, namely the bounded distance decoding problem over ideal lattice, the approximate greatest common divisor problem over integers, and the learning with error problem. In this paper, we unify the first two families of problems by introducing a new class of problems, which can be reduced from both problems. Based on this new problem, namely the bounded distance decoding over hidden ideal lattice, we present a new fully homomorphic encryption scheme. Since it is a combination of the two problems to some extent, the performance of our scheme lies between the ideal lattice based schemes and the integer based schemes. Furthermore, we also show a lower bound and upper bound of the problem that our scheme is based on. Assuming this security conjecture holds, we can incorporate smaller parameters, which will result in a scheme that is more efficient than both lattice based and integer based schemes. Hence, our scheme makes a perfect alternative to the state-of-art ring learning with error based schemes.

Efficient Dynamic Provable Data Possession with Public Verifiability and Data Privacy

The notion of fully homomorphic encryption is very important since it enables many important applications, such as the cloud computing scenario. In EUROCRYPT 2010, van Dijk, Gentry, Halevi and Vaikuntanathan proposed an interesting fully homomorphic encryption scheme based on a somewhat homomorphic encryption scheme using integers. In this paper, we demonstrate a very practical CCA-1 attack against this somewhat homomorphic encryption scheme. Given a decryption oracle, we show that within O(λ2) queries, we can recover the secret key successfully, where λ is the security parameter for the system.

Babaï round-off CVP method in RNS: Application to lattice based cryptographic protocols

This invention pertains to the production of glycol monoalkyl ethers and dialkyl ethers by reaction of an aldehyde, and an alcohol with carbon monoxide and hydrogen in the presence of a catalyst comprising a cobalt-containing compound and a Group VIB donor ligand.

Arithmetic operations in the polynomial modular number system

We present a Dynamic Provable Data Possession (PDP) system with Public Verifiability and Data Privacy. Three entities are involved: a client who is the owner of the data to be stored, a server that stores the data and a Third Party Auditor (TPA) who may be required when the client wants to check the integrity of its data stored on the server. The system is publicly verifiable with the possible help of the TPA who acts on behalf of the client. The system exhibits data dynamicity at block level allowing data insertion, deletion and modification to be performed. Finally, the system is secure at the untrusted server and data private. We present a practical PDP system by adopting asymmetric pairings to gain efficiency and reduce the group exponentiation and pairing operations. In our scheme, no exponentiation and only three pairings are required during the proof of data possession check, which clearly outperforms all the existing schemes in the literature. Furthermore, our protocol supports proof of data possession on as many data blocks as possible at no extra cost.