Public-Key Cryptography – PKC 2020: 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Edinburgh, UK, May 4–7, 2020, Proceedings, Part II

Following the recent line of work on solving the closest vector problem with preprocessing (CVPP) using approximate Voronoi cells, we improve upon previous results in the following ways: – We derive sharp asymptotic bounds on the success probability of the randomized slicer, by modelling the behaviour of the algorithm as a random walk on the coset of the lattice of the target vector. We thereby solve the open question left by Doulgerakis–Laarhoven–De Weger [PQCrypto 2019] and Laarhoven [MathCrypt 2019]. – We obtain better trade-offs for CVPP and its generalisations (strictly, in certain regimes), both with and without nearest neighbour searching, as a direct result of the above sharp bounds on the success probabilities. – We show how to reduce the memory requirement of the slicer, and in particular the corresponding nearest neighbour data structures, using ideas similar to those proposed by Becker–Gama–Joux [Cryptology ePrint Archive, 2015]. Using 2 memory, we can solve a single CVPP instance in 2 time. – We further improve on the per-instance time complexities in certain memory regimes, when we are given a sufficiently large batch of CVPP problem instances for the same lattice. Using 2 memory, we can heuristically solve CVPP instances in 2 amortized time, for batches of size at least 2. Our random walk model for analysing arbitrary-step transition probabilities in complex step-wise algorithms may be of independent interest, both for deriving analytic bounds through convexity arguments, and for computing optimal paths numerically with a shortest path algorithm. As a side result we apply the same random walk model to graph-based nearest neighbour searching, where we improve upon results of Laarhoven [SOCG 2018] by deriving sharp bounds on the success probability of the corresponding greedy search procedure.

[1]  Edoardo Persichetti,et al.  Improving the Efficiency of Code-Based Cryptography , 2012 .

[2]  Rafail Ostrovsky,et al.  Round Complexity of Authenticated Broadcast with a Dishonest Majority , 2007, 48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07).

[3]  Rachid Guerraoui,et al.  Fast byzantine agreement , 2013, PODC '13.

[4]  Zhenfeng Zhang,et al.  On the non-tightness of measurement-based reductions for key encapsulation mechanism in the quantum random oracle model , 2019, IACR Cryptol. ePrint Arch..

[5]  Tatsuaki Okamoto,et al.  Secure Integration of Asymmetric and Symmetric Encryption Schemes , 1999, Journal of Cryptology.

[6]  Carl Eklund,et al.  National Institute for Standards and Technology , 2009, Encyclopedia of Biometrics.

[7]  Hugo Krawczyk,et al.  HMQV: A High-Performance Secure Diffie-Hellman Protocol , 2005, CRYPTO.

[8]  Elaine Shi,et al.  Sublinear-Round Byzantine Agreement Under Corrupt Majority , 2020, Public Key Cryptography.

[9]  Sandro Coretti,et al.  Probabilistic Termination and Composability of Cryptographic Protocols , 2016, Journal of Cryptology.

[10]  Silvio Micali,et al.  ALGORAND: The Efficient and Democratic Ledger , 2016, ArXiv.

[11]  Matthias Fitzi,et al.  On the Number of Synchronous Rounds Sufficient for Authenticated Byzantine Agreement , 2009, DISC.

[12]  Victor Shoup,et al.  Sequences of games: a tool for taming complexity in security proofs , 2004, IACR Cryptol. ePrint Arch..

[13]  Hong Wang,et al.  IND-CCA-Secure Key Encapsulation Mechanism in the Quantum Random Oracle Model, Revisited , 2018, CRYPTO.

[14]  Kristin E. Lauter,et al.  Stronger Security of Authenticated Key Exchange , 2006, ProvSec.

[15]  Vinod Vaikuntanathan,et al.  Fault-Tolerant Distributed Computing in Full-Information Networks , 2006, 2006 47th Annual IEEE Symposium on Foundations of Computer Science (FOCS'06).

[16]  Mohsen Toorani On Continuous After-the-Fact Leakage-Resilient Key Exchange , 2014, IACR Cryptol. ePrint Arch..

[17]  Yong Li,et al.  No-Match Attacks and Robust Partnering Definitions: Defining Trivial Attacks for Security Protocols is Not Trivial , 2017, CCS.

[18]  Jonathan Katz,et al.  Adaptively secure broadcast, revisited , 2011, PODC '11.

[19]  Sven Schäge TOPAS: 2-Pass Key Exchange with Full Perfect Forward Secrecy and Optimal Communication Complexity , 2015, CCS.

[20]  Alex Samorodnitsky,et al.  On the Round Complexity of Randomized Byzantine Agreement , 2019, IACR Cryptol. ePrint Arch..

[21]  Zhenfeng Zhang,et al.  Tighter security proofs for generic key encapsulation mechanism in the quantum random oracle model , 2019, IACR Cryptol. ePrint Arch..

[22]  Silvio Micali,et al.  An Optimal Probabilistic Protocol for Synchronous Byzantine Agreement , 1997, SIAM J. Comput..

[23]  Yunlei Zhao,et al.  OAKE: a new family of implicitly authenticated diffie-hellman protocols , 2013, CCS.

[24]  William Whyte,et al.  Choosing Parameter Sets for NTRUEncrypt with NAEP and SVES-3 , 2005, IACR Cryptol. ePrint Arch..

[25]  Jared Saia,et al.  Breaking the O(n2) bit barrier: scalable byzantine agreement with an adaptive adversary , 2010, PODC.

[26]  Kai-Min Chung,et al.  Large-Scale Secure Computation: Multi-party Computation for (Parallel) RAM Programs , 2015, CRYPTO.

[27]  Bruce M. Kapron,et al.  Fast asynchronous byzantine agreement and leader election with full information , 2008, SODA '08.

[28]  Kartik Nayak,et al.  Communication complexity of byzantine agreement, revisited , 2018, Distributed Computing.

[29]  Erik Vee,et al.  Scalable leader election , 2006, SODA '06.

[30]  Fang Song,et al.  Mitigating Multi-Target Attacks in Hash-based Signatures , 2016, IACR Cryptol. ePrint Arch..

[31]  Tommaso Gagliardoni,et al.  Semantic Security and Indistinguishability in the Quantum World , 2015, IACR Cryptol. ePrint Arch..

[32]  Rafail Ostrovsky,et al.  New Techniques for Noninteractive Zero-Knowledge , 2012, JACM.

[33]  Danny Dolev,et al.  Authenticated Algorithms for Byzantine Agreement , 1983, SIAM J. Comput..

[34]  Martin Hirt,et al.  Adaptively Secure Broadcast , 2010, EUROCRYPT.

[35]  Eike Kiltz,et al.  A Concrete Treatment of Fiat-Shamir Signatures in the Quantum Random-Oracle Model , 2018, IACR Cryptol. ePrint Arch..

[36]  Jonathan Katz,et al.  On expected constant-round protocols for Byzantine agreement , 2006, J. Comput. Syst. Sci..

[37]  Tibor Jager,et al.  On the Security of TLS-DHE in the Standard Model , 2012, CRYPTO.

[38]  Aggelos Kiayias,et al.  Ouroboros: A Provably Secure Proof-of-Stake Blockchain Protocol , 2017, CRYPTO.

[39]  Elaine Shi,et al.  Consensus through Herding , 2019, IACR Cryptol. ePrint Arch..

[40]  Takashi Yamakawa,et al.  Tightly-Secure Key-Encapsulation Mechanism in the Quantum Random Oracle Model , 2018, IACR Cryptol. ePrint Arch..