Revisiting Orthogonal Lattice Attacks on Approximate Common Divisor Problems and their Applications

In this paper, we revisit three existing types of orthogonal lattice (OL) attacks and propose optimized cases to solve approximate common divisor (ACD) problems. In order to reduce both space and time costs, we also make an improved lattice using the rounding technique. Further, we present asymptotic formulas of the time complexities on our optimizations as well as three known OL attacks. Besides, we give specific conditions that the optimized OL attacks can work and show how the attack ability depends on the blocksize β in the BKZ-β algorithm. Therefore, we put forward a method to estimate the concrete cost of solving the random ACD instances. It can be used in the choice of practical parameters in ACD problems. Finally, we give the security estimates of some ACD-based FHE constructions from the literature and also analyze the implicit factorization problem with sufficient number of samples. In the above situations, our optimized OL attack using the rounding technique performs fastest in practice.

[1]  Jean-Sébastien Coron,et al.  Practical Multilinear Maps over the Integers , 2013, CRYPTO.

[2]  Craig Gentry,et al.  Packed Ciphertexts in LWE-Based Homomorphic Encryption , 2013, Public Key Cryptography.

[3]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[4]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[5]  Jean-Sébastien Coron,et al.  Public Key Compression and Modulus Switching for Fully Homomorphic Encryption over the Integers , 2012, EUROCRYPT.

[6]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[7]  Jean-Sébastien Coron,et al.  Fully Homomorphic Encryption over the Integers with Shorter Public Keys , 2011, IACR Cryptol. ePrint Arch..

[8]  Noboru Kunihiro,et al.  Better Lattice Constructions for Solving Multivariate Linear Equations Modulo Unknown Divisors , 2013, ACISP.

[9]  Vinod Vaikuntanathan,et al.  Lattice-based FHE as secure as PKE , 2014, IACR Cryptol. ePrint Arch..

[10]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[11]  Tancrède Lepoint Design and Implementation of Lattice-Based Cryptography , 2014 .

[12]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[13]  Nick Howgrave-Graham,et al.  Approximate Integer Common Divisors , 2001, CaLC.

[14]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[15]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[16]  Vinod Vaikuntanathan,et al.  Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages , 2011, CRYPTO.

[17]  Anja Becker,et al.  New directions in nearest neighbor searching with applications to lattice sieving , 2016, IACR Cryptol. ePrint Arch..

[18]  Phong Q. Nguyen,et al.  BKZ 2.0: Better Lattice Security Estimates , 2011, ASIACRYPT.

[19]  Jung Hee Cheon,et al.  Fully Homomophic Encryption over the Integers Revisited , 2015, EUROCRYPT.

[20]  Claus-Peter Schnorr,et al.  Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems , 1991, FCT.

[21]  Gene Tsudik,et al.  Public key cryptography -- PKC 2009 : 12th International Conference on Practice and Theory in Public Key Cryptography, Irvine, CA, USA, March 18-20, 2009 : proceedings , 2009 .

[22]  Chris Peikert,et al.  Faster Bootstrapping with Polynomial Error , 2014, CRYPTO.

[23]  Zvika Brakerski,et al.  FHE over the Integers: Decomposed and Batched in the Post-Quantum Regime , 2017, Public Key Cryptography.

[24]  Damien Stehlé,et al.  Analyzing Blockwise Lattice Algorithms Using Dynamical Systems , 2011, CRYPTO.

[25]  Jean-Sébastien Coron,et al.  Scale-Invariant Fully Homomorphic Encryption over the Integers , 2014, Public Key Cryptography.

[26]  Jung Hee Cheon,et al.  Batch Fully Homomorphic Encryption over the Integers , 2013, EUROCRYPT.

[27]  Zvika Brakerski,et al.  Fully Homomorphic Encryption without Modulus Switching from Classical GapSVP , 2012, CRYPTO.

[28]  Craig Gentry,et al.  Fully Homomorphic Encryption over the Integers , 2010, EUROCRYPT.

[29]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[30]  Claus-Peter Schnorr,et al.  Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction , 1995, EUROCRYPT.

[31]  Santanu Sarkar,et al.  Approximate Integer Common Divisor Problem Relates to Implicit Factorization , 2011, IEEE Transactions on Information Theory.

[32]  Jean-Charles Faugère,et al.  Implicit Factoring with Shared Most Significant and Middle Bits , 2010, Public Key Cryptography.

[33]  Fernando Virdia,et al.  Revisiting the Expected Cost of Solving uSVP and Applications to LWE , 2017, ASIACRYPT.

[34]  Thijs Laarhoven,et al.  Sieving for Shortest Vectors in Lattices Using Angular Locality-Sensitive Hashing , 2015, CRYPTO.

[35]  Phong Q. Nguyen,et al.  Faster Algorithms for Approximate Common Divisors: Breaking Fully-Homomorphic-Encryption Challenges over the Integers , 2012, IACR Cryptol. ePrint Arch..

[36]  Mehdi Tibouchi,et al.  FHE Over the Integers and Modular Arithmetic Circuits , 2016, CANS.

[37]  Jintai Ding,et al.  A New Algorithm for Solving the General Approximate Common Divisors Problem and Cryptanalysis of the FHE Based on the GACD problem , 2014 .

[38]  Nadia Heninger,et al.  Approximate common divisors via lattices , 2011, IACR Cryptol. ePrint Arch..

[39]  Ron Steinfeld,et al.  Faster Fully Homomorphic Encryption , 2010, ASIACRYPT.

[40]  Kaoru Kurosawa,et al.  (Batch) Fully Homomorphic Encryption over Integers for Non-Binary Message Spaces , 2014, EUROCRYPT.

[41]  Jean-Sébastien Coron,et al.  Rounding and Chaining LLL: Finding Faster Small Roots of Univariate Polynomial Congruences , 2014, IACR Cryptol. ePrint Arch..

[42]  Craig Gentry,et al.  Fully Homomorphic Encryption with Polylog Overhead , 2012, EUROCRYPT.

[43]  Nadia Heninger,et al.  Ideal forms of Coppersmith's theorem and Guruswami-Sudan list decoding , 2010, Adv. Math. Commun..

[44]  Phong Q. Nguyen,et al.  The LLL Algorithm - Survey and Applications , 2009, Information Security and Cryptography.

[45]  Steven D. Galbraith,et al.  Algorithms for the Approximate Common Divisor Problem , 2016, IACR Cryptol. ePrint Arch..

[46]  Nicolas Gama,et al.  Predicting Lattice Reduction , 2008, EUROCRYPT.

[47]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[48]  Claus-Peter Schnorr,et al.  Lattice Reduction by Random Sampling and Birthday Methods , 2003, STACS.

[49]  Jeffrey C. Lagarias,et al.  The computational complexity of simultaneous Diophantine approximation problems , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[50]  Jean-Sébastien Coron,et al.  New Multilinear Maps Over the Integers , 2015, CRYPTO.

[51]  Martin R. Albrecht On Dual Lattice Attacks Against Small-Secret LWE and Parameter Choices in HElib and SEAL , 2017, EUROCRYPT.

[52]  Jacques Stern,et al.  Merkle-Hellman Revisited: A Cryptanalysis of the Qu-Vanstone Cryptosystem Based on Group Factorizations , 1997, CRYPTO.

[53]  Tsuyoshi Takagi,et al.  Improved Progressive BKZ Algorithms and Their Precise Cost Estimation by Sharp Simulator , 2016, EUROCRYPT.

[54]  Damien Stehlé,et al.  An LLL-reduction algorithm with quasi-linear time complexity: extended abstract , 2011, STOC '11.