FrodoKEM Learning With Errors Key Encapsulation Algorithm Specifications And Supporting Documentation

[1]  Joost Renes,et al.  The Matrix Reloaded: Multiplication Strategies in FrodoKEM , 2021, IACR Cryptol. ePrint Arch..

[2]  Dana Dachman-Soled,et al.  LWE with Side Information: Attacks and Concrete Security Estimation , 2020, IACR Cryptol. ePrint Arch..

[3]  Alexander Nilsson,et al.  A key-recovery timing attack on post-quantum primitives using the Fujisaki-Okamoto transformation and its application on FrodoKEM , 2020, IACR Cryptol. ePrint Arch..

[4]  Martin R. Albrecht,et al.  Estimating Quantum Speedups for Lattice Sieves , 2020, ASIACRYPT.

[5]  Martin R. Albrecht,et al.  The General Sieve Kernel and New Records in Lattice Reduction , 2019, IACR Cryptol. ePrint Arch..

[6]  Léo Ducas,et al.  On the Shortness of Vectors to be found by the Ideal-SVP Quantum Algorithm , 2019, IACR Cryptol. ePrint Arch..

[7]  Zhenfeng Zhang,et al.  Tighter security proofs for generic key encapsulation mechanism in the quantum random oracle model , 2019, IACR Cryptol. ePrint Arch..

[8]  Frederik Vercauteren,et al.  Decryption Failure Attacks on IND-CCA Secure Lattice-Based Schemes , 2019, Public Key Cryptography.

[9]  Debdeep Mukhopadhyay,et al.  Number "Not Used" Once - Practical Fault Attack on pqm4 Implementations of NIST Candidates , 2019, COSADE.

[10]  Hong Wang,et al.  IND-CCA-Secure Key Encapsulation Mechanism in the Quantum Random Oracle Model, Revisited , 2018, CRYPTO.

[11]  Damien Stehlé,et al.  CRYSTALS - Kyber: A CCA-Secure Module-Lattice-Based KEM , 2017, 2018 IEEE European Symposium on Security and Privacy (EuroS&P).

[12]  Léo Ducas,et al.  Shortest Vector from Lattice Sieving: a Few Dimensions for Free , 2018, IACR Cryptol. ePrint Arch..

[13]  Ron Steinfeld,et al.  Improved Security Proofs in Lattice-Based Cryptography: Using the Rényi Divergence Rather than the Statistical Distance , 2015, Journal of Cryptology.

[14]  Fernando Virdia,et al.  Revisiting the Expected Cost of Solving uSVP and Applications to LWE , 2017, ASIACRYPT.

[15]  Eike Kiltz,et al.  A Modular Analysis of the Fujisaki-Okamoto Transformation , 2017, TCC.

[16]  Hao Chen,et al.  Attacks on the Search-RLWE problem with small errors , 2017, SIAM J. Appl. Algebra Geom..

[17]  Stefan Mangard,et al.  Single-Trace Side-Channel Attacks on Masked Lattice-Based Encryption , 2017, CHES.

[18]  Yang Yu,et al.  Second Order Statistical Behavior of LLL and BKZ , 2017, SAC.

[19]  Chris Peikert,et al.  Pseudorandomness of ring-LWE for any ring and modulus , 2017, STOC.

[20]  Pierre-Alain Fouque,et al.  Revisiting Lattice Attacks on Overstretched NTRU Parameters , 2017, EUROCRYPT.

[21]  Martin R. Albrecht On Dual Lattice Attacks Against Small-Secret LWE and Parameter Choices in HElib and SEAL , 2017, EUROCRYPT.

[22]  Christian H. Bischof,et al.  A Parallel Variant of LDSieve for the SVP on Lattices , 2017, 2017 25th Euromicro International Conference on Parallel, Distributed and Network-based Processing (PDP).

[23]  Ronald Cramer,et al.  Short Stickelberger Class Relations and Application to Ideal-SVP , 2016, EUROCRYPT.

[24]  Alexandr Andoni,et al.  Optimal Hashing-based Time-Space Trade-offs for Approximate Near Neighbors , 2016, SODA.

[25]  Sanjit Chatterjee,et al.  Another Look at Tightness II: Practical Issues in Cryptography , 2016, IACR Cryptol. ePrint Arch..

[26]  Dominique Unruh,et al.  Post-Quantum Security of the Fujisaki-Okamoto and OAEP Transforms , 2016, TCC.

[27]  Craig Costello,et al.  Frodo: Take off the Ring! Practical, Quantum-Secure Key Exchange from LWE , 2016, IACR Cryptol. ePrint Arch..

[28]  Chris Peikert,et al.  How (Not) to Instantiate Ring-LWE , 2016, SCN.

[29]  Erdem Alkim,et al.  Post-quantum Key Exchange - A New Hope , 2016, USENIX Security Symposium.

[30]  Hao Chen,et al.  Security Considerations for Galois Non-dual RLWE Families , 2016, SAC.

[31]  Wouter Castryck,et al.  Provably Weak Instances of Ring-LWE Revisited , 2016, EUROCRYPT.

[32]  Ronald Cramer,et al.  Recovering Short Generators of Principal Ideals in Cyclotomic Rings , 2016, EUROCRYPT.

[33]  Frederik Vercauteren,et al.  Masking ring-LWE , 2016, Journal of Cryptographic Engineering.

[34]  Chris Peikert,et al.  A Decade of Lattice Cryptography , 2016, Found. Trends Theor. Comput. Sci..

[35]  Frederik Vercauteren,et al.  Additively Homomorphic Ring-LWE Masking , 2016, PQCrypto.

[36]  Anja Becker,et al.  New directions in nearest neighbor searching with applications to lattice sieving , 2016, IACR Cryptol. ePrint Arch..

[37]  Matthew Green,et al.  Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice , 2015, CCS.

[38]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[39]  Vinod Vaikuntanathan,et al.  Predicate Encryption for Circuits from LWE , 2015, CRYPTO.

[40]  Morris J. Dworkin,et al.  SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions , 2015 .

[41]  Pierre-Alain Fouque,et al.  An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices , 2015, IACR Cryptol. ePrint Arch..

[42]  Craig Costello,et al.  Post-Quantum Key Exchange for the TLS Protocol from the Ring Learning with Errors Problem , 2015, 2015 IEEE Symposium on Security and Privacy.

[43]  Kristin E. Lauter,et al.  Provably Weak Instances of Ring-LWE , 2015, CRYPTO.

[44]  Antoine Joux,et al.  Speeding-up lattice sieving without increasing the memory, using sub-quadratic nearest neighbor search , 2015, IACR Cryptol. ePrint Arch..

[45]  Martin R. Albrecht,et al.  Algebraic Algorithms for LWE , 2015 .

[46]  Thijs Laarhoven,et al.  Sieving for Shortest Vectors in Lattices Using Angular Locality-Sensitive Hashing , 2015, CRYPTO.

[47]  Michele Mosca,et al.  Finding shortest lattice vectors faster using quantum search , 2015, Designs, Codes and Cryptography.

[48]  Chris Peikert,et al.  Lattice Cryptography for the Internet , 2014, PQCrypto.

[49]  Frederik Vercauteren,et al.  Compact Ring-LWE Cryptoprocessor , 2014, CHES.

[50]  Daniel Dadush,et al.  On the Closest Vector Problem with a Distance Guarantee , 2014, 2014 IEEE 29th Conference on Computational Complexity (CCC).

[51]  Ron Steinfeld,et al.  GGHLite: More Efficient Multilinear Maps from Ideal Lattices , 2014, IACR Cryptol. ePrint Arch..

[52]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[53]  Martin R. Albrecht,et al.  Lazy Modulus Switching for the BKW Algorithm on LWE , 2014, Public Key Cryptography.

[54]  Tsuyoshi Takagi,et al.  Parallel Gauss Sieve Algorithm: Solving the SVP Challenge over a 128-Dimensional Ideal Lattice , 2014, Public Key Cryptography.

[55]  P. Campbell,et al.  SOLILOQUY: A CAUTIONARY TALE , 2014 .

[56]  Daniel J. Bernstein,et al.  How to manipulate curve standards: a white paper for the black hat , 2014, IACR Cryptol. ePrint Arch..

[57]  Martin R. Albrecht,et al.  On the Efficacy of Solving LWE by Reduction to Unique-SVP , 2013, ICISC.

[58]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[59]  Chris Peikert,et al.  Hardness of SIS and LWE with Small Parameters , 2013, CRYPTO.

[60]  Tim Güneysu,et al.  Towards Practical Lattice-Based Public-Key Encryption on Reconfigurable Hardware , 2013, Selected Areas in Cryptography.

[61]  Michael Schneider,et al.  Sieving for Shortest Vectors in Ideal Lattices , 2013, AFRICACRYPT.

[62]  Damien Stehlé,et al.  Classical hardness of learning with errors , 2013, STOC '13.

[63]  Nico Döttling,et al.  Lossy Codes and a New Variant of the Learning-With-Errors Problem , 2013, EUROCRYPT.

[64]  Mingjie Liu,et al.  Solving BDD by Enumeration: An Update , 2013, CT-RSA.

[65]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[66]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[67]  Tim Güneysu,et al.  Towards Efficient Arithmetic for Lattice-Based Cryptography on Reconfigurable Hardware , 2012, LATINCRYPT.

[68]  Sorin A. Huss,et al.  On the Design of Hardware Building Blocks for Modern Lattice-Based Encryption Schemes , 2012, CHES.

[69]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[70]  Jintai Ding,et al.  A Simple Provably Secure Key Exchange Scheme Based on the Learning with Errors Problem , 2012, IACR Cryptol. ePrint Arch..

[71]  David Cash,et al.  Bonsai Trees, or How to Delegate a Lattice Basis , 2010, Journal of Cryptology.

[72]  Phong Q. Nguyen,et al.  BKZ 2.0: Better Lattice Security Estimates , 2011, ASIACRYPT.

[73]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[74]  Sanjeev Arora,et al.  New Algorithms for Learning in Presence of Errors , 2011, ICALP.

[75]  Ron Steinfeld,et al.  Making NTRU as Secure as Worst-Case Problems over Ideal Lattices , 2011, EUROCRYPT.

[76]  Chris Peikert,et al.  Better Key Sizes (and Attacks) for LWE-Based Encryption , 2011, CT-RSA.

[77]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[78]  Daniele Micciancio,et al.  Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[79]  Chris Peikert,et al.  An Efficient and Parallel Gaussian Sampler for Lattices , 2010, CRYPTO.

[80]  Oded Regev,et al.  The Learning with Errors Problem (Invited Survey) , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.

[81]  Nicolas Gama,et al.  Lattice Enumeration Using Extreme Pruning , 2010, EUROCRYPT.

[82]  Saudi Arabia,et al.  FPGA Design and Implementation of Matrix Multiplier Architectures for Image and Signal Processing Applications , 2010 .

[83]  Daniele Micciancio,et al.  Cryptographic Functions from Worst-Case Complexity Assumptions , 2010, The LLL Algorithm.

[84]  David Cash,et al.  Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems , 2009, CRYPTO.

[85]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[86]  Chris Peikert Some Recent Progress in Lattice-Based Cryptography , 2009, TCC.

[87]  Phong Q. Nguyen,et al.  Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures , 2009, Journal of Cryptology.

[88]  Brent Waters,et al.  A Framework for Efficient and Composable Oblivious Transfer , 2008, CRYPTO.

[89]  Nicolas Gama,et al.  Predicting Lattice Reduction , 2008, EUROCRYPT.

[90]  Brent Waters,et al.  Lossy trapdoor functions and their applications , 2008, SIAM J. Comput..

[91]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[92]  Keisuke Tanaka,et al.  Multi-bit Cryptosystems Based on Lattice Problems , 2007, Public Key Cryptography.

[93]  Daniele Micciancio,et al.  On Bounded Distance Decoding for General Lattices , 2006, APPROX-RANDOM.

[94]  Dorit Aharonov,et al.  Lattice problems in NP ∩ coNP , 2005, JACM.

[95]  Jean-Sébastien Coron,et al.  Merkle-Damgård Revisited: How to Construct a Hash Function , 2005, CRYPTO.

[96]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[97]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[98]  Ueli Maurer,et al.  Indifferentiability, Impossibility Results on Reductions, and Applications to the Random Oracle Methodology , 2004, TCC.

[99]  Oded Regev,et al.  New lattice based cryptographic constructions , 2003, STOC '03.

[100]  Ronald Cramer,et al.  Design and Analysis of Practical Public-Key Encryption Schemes Secure against Adaptive Chosen Ciphertext Attack , 2003, SIAM J. Comput..

[101]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[102]  Daniele Micciancio,et al.  Improved cryptographic hash functions with worst-case/average-case connection , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[103]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[104]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[105]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.

[106]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[107]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[108]  Jin-Yi Cai,et al.  An improved worst-case to average-case connection for lattice problems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[109]  Eli Biham,et al.  Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.

[110]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[111]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.

[112]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[113]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[114]  Oded Goldreich,et al.  Collision-Free Hashing from Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[115]  Richard J. Lipton,et al.  Cryptographic Primitives Based on Hard Learning Problems , 1993, CRYPTO.

[116]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[117]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[118]  Adi Shamir,et al.  A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[119]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.