参考
RLWE (Ring Learning With Errors) Problem
BLISS (Bimodal Lattice Signature Scheme)
- 基础
- BLISS
NTRU
falcon
dilithium

参考

RLWE (Ring Learning With Errors) Problem

Introduction to post-quantum cryptographyand learning with errors

Equivalence of Search and Decisional (Ring-) LWE

Python and Crypto: Learning With Errors (LWE) and Ring LWE

在F_q有限域上的多项式 p(x) 环

b_i(x) = a_i(x) * s(x) + e_i(x)

search LWE problem: 已知(b_i(x), a_i(x))求解s(x)是困难的

Decision LWE problem: 已知(b_i(x), a_i(x))，检查是否可以求解s(x)，还是随机pair

RLWE-KEX

Ring Learning With Errors for Key Exchange (RLWE-KEX)

b_A(x) = A * s_A(x) + e_A(x)

b_B(x) = A * s_B(x) + e_B(x)

两边交换b_A(x), b_B(x)

share_A = s_A(x) * b_B(x) / p(x) = s_A(x) * (A * s_B(x) + e_B(x)) / p(x)

share_B = b_A(x) * s_B(x) / p(x) = s_B(x) * (A * s_A(x) + e_A(x)) / p(x)

LWE encryption

Directions in Practical Lattice Cryptography Vadim Lyubashevsky IBM Research – Zurich.

On Ideal Lattices andLearning With Errors Over Rings

Lattice-Based Cryptography

公钥为 (a, t)

a*s + e = t

随机生成(r, e1)

r*a + e1 = u

r*t + e2 + m = v

明文为m, 密文为 (u, v)

解密 v - us = rt + e2 + m - (ra + e1)s
= r(as + e) + e2 + m - (ra + e1)s = m + re + e2 - e1s

LWE signature

t = a*s + e 

c = H( a*u + v, m )

z = s*c + u

a*z - t*c = a*(s*c + u) - (a*s + e)*c = a*u - e*c

BLISS (Bimodal Lattice Signature Scheme)

Lattice Signatures and Bimodal Gaussians

Post-quantum Signature Bliss

基础

私钥S, 公钥(T, A)

T = A*S mod q

message digest μ

c = H( A*y mod q, μ ) 

z = S*c + y

签名 (z, c)

校验 c = H( Az − Tc mod q, μ) = H( ASc + Ay − Tc mod q, μ)

BLISS

A*S = q*I_n mod 2q

签名 y 为随机数 c = H( Ay mod 2q, μ ) b 为随机选取的0/1 z = y + (−1)^bS*c

校验 c = H( Az + qc mod 2q, μ) = H( Ay + (-1)^bASc + q*c mod 2q, μ)

NTRU

ntru prime

Quantum technology and its impact on security in mobile networks

falcon

dilithium

Published

30 January 2020

Share On

twitter

weibo

本作品采用知识共享署名-非商业性使用-相同方式共享 4.0 国际许可协议进行许可。

PQC: Lattice-based

参考