Candidate Multilinear Maps from Ideal Lattices

We describe plausible lattice-based constructions with properties that approximate the sought-after multilinear maps in hard-discrete-logarithm groups, and show an example application of such multi-linear maps that can be realized using our approximation. The security of our constructions relies on seemingly hard problems in ideal lattices, which can be viewed as extensions of the assumed hardness of the NTRU function.

[1]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[2]  Ronald Fagin,et al.  Proceedings of the 37th Annual ACM Symposium on Theory of Computing, Baltimore, MD, USA, May 22-24, 2005 , 2005, STOC.

[3]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[4]  Adi Shamir,et al.  Lattice Attacks on NTRU , 1997, EUROCRYPT.

[5]  Peter Stevenhagen,et al.  Algorithmic Number Theory: Lattices, Number Fields, Curves and Cryptography , 2011 .

[6]  Yael Tauman Kalai,et al.  Succinct Functional Encryption and Applications: Reusable Garbled Circuits and Beyond , 2012, IACR Cryptol. ePrint Arch..

[7]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[8]  Joseph H. Silverman,et al.  NSS: An NTRU Lattice-Based Signature Scheme , 2001, EUROCRYPT.

[9]  Peter Stevenhagen,et al.  THE ARITHMETIC OF NUMBER RINGS , 2008 .

[10]  Aggelos Kiayias,et al.  Traitor Tracing with Constant Transmission Rate , 2002, EUROCRYPT.

[11]  Dj Daniel Bernstein,et al.  A general number field sieve implementation , 1993 .

[12]  Phong Q. Nguyen,et al.  Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures , 2009, Journal of Cryptology.

[13]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[14]  Victor Shoup,et al.  Lower Bounds for Discrete Logarithms and Related Problems , 1997, EUROCRYPT.

[15]  Ron Rothblum,et al.  On the Circular Security of Bit-Encryption , 2013, TCC.

[16]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[17]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[18]  Daniele Micciancio,et al.  Improving Lattice Based Cryptosystems Using the Hermite Normal Form , 2001, CaLC.

[19]  D. Boneh,et al.  Factoring N = pr q for large r , 1999 .

[20]  Carl Pomerance,et al.  The Development of the Number Field Sieve , 1994 .

[21]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[22]  Dan Boneh,et al.  Factoring N = prq for Large r , 1999, CRYPTO.

[23]  Craig Gentry,et al.  Sampling Discrete Gaussians Efficiently and Obliviously , 2012, IACR Cryptol. ePrint Arch..

[24]  Walter Fumy Advances in cryptology, EUROCRYPT '97 : International Conference on the Theory and Application of Cryptographic Techniques, Konstanz, Germany, May 11-15, 1997 : proceedings , 1997 .

[25]  Chris Peikert,et al.  An Efficient and Parallel Gaussian Sampler for Lattices , 2010, CRYPTO.

[26]  Markus Rückert,et al.  Aggregate and Verifiably Encrypted Signatures from Multilinear Maps Without Random Oracles , 2009, IACR Cryptol. ePrint Arch..

[27]  Antoine Joux,et al.  A One Round Protocol for Tripartite Diffie–Hellman , 2000, Journal of Cryptology.

[28]  Craig Gentry,et al.  Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[29]  K. Ramachandra,et al.  On the units of cyclotomic fields , 1966 .

[30]  William Whyte,et al.  NTRUSIGN: Digital Signatures Using the NTRU Lattice , 2003, CT-RSA.

[31]  Erich Kaltofen,et al.  Subquadratic-time factoring of polynomials over finite fields , 1995, STOC '95.

[32]  C. Moler,et al.  Advances in Cryptology , 2000, Lecture Notes in Computer Science.

[33]  Dan Boneh,et al.  Applications of Multilinear Forms to Cryptography , 2002, IACR Cryptol. ePrint Arch..

[34]  Michael Szydlo,et al.  A Method to Solve Cyclotomic Norm Equations , 2004, ANTS.

[35]  Marc Joye,et al.  Topics in Cryptology — CT-RSA 2003 , 2003 .

[36]  Vinod Vaikuntanathan,et al.  Attribute-based encryption for circuits , 2013, STOC '13.

[37]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[38]  Don Coppersmith,et al.  Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known , 1996, EUROCRYPT.

[39]  Léo Ducas,et al.  Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures , 2012, ASIACRYPT.

[40]  Arjen K. Lenstra,et al.  Factoring polynominals over algebraic number fields , 1983, EUROCAL.

[41]  Brent Waters,et al.  Attribute-Based Encryption for Circuits from Multilinear Maps , 2012, CRYPTO.

[42]  Johannes A. Buchmann Number Theoretic Algorithms and Cryptology , 1991, FCT.

[43]  Léo Ducas,et al.  Faster Gaussian Lattice Sampling Using Lazy Floating-Point Arithmetic , 2012, ASIACRYPT.

[44]  Craig Gentry,et al.  Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness , 2010, CRYPTO.

[45]  Dan Boneh,et al.  Homomorphic Signatures for Polynomial Functions , 2011, EUROCRYPT.

[46]  Chris Peikert,et al.  Lattices that admit logarithmic worst-case to average-case connection factors , 2007, STOC '07.

[47]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[48]  Arjen K. Lenstra,et al.  The number field sieve , 1990, STOC '90.

[49]  Ulrich Vollmer,et al.  Polynomial time quantum algorithm for the computation of the unit group of a number field , 2005, STOC '05.

[50]  Roberto Tamassia,et al.  Optimal Authenticated Data Structures with Multilinear Forms , 2010, Pairing.

[51]  Peter Stevenhagen,et al.  The number field sieve , 2008 .

[52]  Craig Gentry,et al.  Cryptanalysis of the Revised NTRU Signature Scheme , 2002, EUROCRYPT.

[53]  Walter Fumy,et al.  Advances in Cryptology — EUROCRYPT ’97 , 2001, Lecture Notes in Computer Science.

[54]  Aggelos Kiayias,et al.  Self Protecting Pirates and Black-Box Traitor Tracing , 2001, CRYPTO.

[55]  Richard J. Lipton,et al.  Algorithms for Black-Box Fields and their Application to Cryptography (Extended Abstract) , 1996, CRYPTO.

[56]  Aggelos Kiayias,et al.  BiTR: Built-in Tamper Resilience , 2011, IACR Cryptol. ePrint Arch..

[57]  Peter W. Shor,et al.  Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer , 1995, SIAM Rev..

[58]  Nadia Heninger,et al.  Ideal forms of Coppersmith's theorem and Guruswami-Sudan list decoding , 2010, Adv. Math. Commun..

[59]  Jemal H. Abawajy Advances in Information Security and Assurance, Third International Conference and Workshops, ISA 2009, Seoul, Korea, June 25-27, 2009. Proceedings , 2009, ISA.

[60]  Vinod Vaikuntanathan,et al.  Functional Encryption with Bounded Collusions via Multi-party Computation , 2012, CRYPTO.

[61]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[62]  Ueli Maurer,et al.  Advances in Cryptology — EUROCRYPT ’96 , 2001, Lecture Notes in Computer Science.

[63]  Michael Szydlo,et al.  Hypercubic Lattice Reduction and Analysis of GGH and NTRU Signatures , 2003, EUROCRYPT.

[64]  Sean Hallgren,et al.  Fast quantum algorithms for computing the unit group and class group of a number field , 2005, STOC '05.

[65]  A. K. Lenstra,et al.  The Development of the Number Field Sieve , 1993 .

[66]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices and Applications , 2012, IACR Cryptol. ePrint Arch..

[67]  Yael Tauman Kalai,et al.  Reusable garbled circuits and succinct functional encryption , 2013, STOC '13.

[68]  E. Landau,et al.  Neuer Beweis des Primzahlsatzes und Beweis des Primidealsatzes , 1903 .

[69]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[70]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[71]  Michael Szydlo,et al.  A method to solve cyclotomic norm equations f * f , 2004 .

[72]  A. Miyaji,et al.  Pairing-Based Cryptography - Pairing 2010 , 2011 .

[73]  Don Coppersmith,et al.  Finding a Small Root of a Univariate Modular Equation , 1996, EUROCRYPT.

[74]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[75]  Brent Waters,et al.  Witness encryption and its applications , 2013, STOC '13.

[76]  Craig Gentry Key Recovery and Message Attacks on NTRU-Composite , 2001, EUROCRYPT.

[77]  Hovav Shacham,et al.  Advances in Cryptology – CRYPTO 2018 , 2002, Lecture Notes in Computer Science.

[78]  Kenneth G. Paterson Advances in Cryptology - EUROCRYPT 2011 - 30th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia, May 15-19, 2011. Proceedings , 2011, EUROCRYPT.

[79]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[80]  Serge Vaudenay,et al.  Advances in Cryptology - EUROCRYPT 2006 , 2006, Lecture Notes in Computer Science.