Practical Applications of Improved Gaussian Sampling for Trapdoor Lattices

Lattice trapdoors are an important primitive used in a wide range of cryptographic protocols, such as identity-based encryption (IBE), attribute-based encryption, functional encryption, and program obfuscation. In this paper, we present software implementations of the Gentry-Peikert-Vaikuntanathan (GPV) digital signature, IBE and ciphertext-policy attribute-based encryption (CP-ABE) schemes based on an efficient Gaussian sampling algorithm for trapdoor lattices, and demonstrate that these three important cryptographic protocols are practical. One important aspect of our implementation is that it supports prime moduli, which are required in many cryptographic schemes. Also, our implementation uses bases larger than two for the gadget matrix whereas most previous implementations use the binary base. We show that the use of higher bases significantly decreases execution times and storage requirements. We adapt IBE and CP-ABE schemes originally based on learning with errors (LWE) hardness assumptions to a more efficient Ring LWE (RLWE) construction. To the best of our knowledge, ours are the first implementations employing the Gaussian sampling for non-binary bases of the gadget matrix. The experimental results demonstrate that our lattice-based signature, IBE and CP-ABE implementations, which are based on standard assumptions with post-quantum security, provide a performance comparable to the recent state-of-the-art implementation works based on stronger/non-post-quantum assumptions.

[1]  Francisco Rodríguez-Henríquez,et al.  NEON Implementation of an Attribute-Based Encryption Scheme , 2013, ACNS.

[2]  Chris Peikert,et al.  A Decade of Lattice Cryptography , 2016, Found. Trends Theor. Comput. Sci..

[3]  Berk Sunar,et al.  Implementation and Evaluation of a Lattice-Based Key-Policy ABE Scheme , 2017, IEEE Transactions on Information Forensics and Security.

[4]  Amit Sahai,et al.  Bounded Ciphertext Policy Attribute Based Encryption , 2008, ICALP.

[5]  Francisco Rodríguez-Henríquez,et al.  Software Implementation of an Attribute-Based Encryption Scheme , 2015, IEEE Transactions on Computers.

[6]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[7]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[8]  Damien Stehlé,et al.  Bases Hermite-Korkine-Zolotarev réduites “ pires cas ” , 2007 .

[9]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[10]  Josep Domingo-Ferrer,et al.  Ciphertext-policy hierarchical attribute-based encryption with short ciphertexts , 2014, Inf. Sci..

[11]  Chris Peikert,et al.  A Toolkit for Ring-LWE Cryptography , 2013, IACR Cryptol. ePrint Arch..

[12]  Kurt Rohloff,et al.  Designing an FPGA-Accelerated Homomorphic Encryption Co-Processor , 2017, IEEE Transactions on Emerging Topics in Computing.

[13]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[14]  Zhenfei Zhang,et al.  Falcon: Fast-Fourier Lattice-based Compact Signatures over NTRU , 2019 .

[15]  M. Robshaw,et al.  Faster Gaussian Sampling for Trapdoor Lattices with Arbitrary Modulus , 2018, IACR Cryptol. ePrint Arch..

[16]  Craig Gentry,et al.  Fully Key-Homomorphic Encryption, Arithmetic Circuit ABE and Compact Garbled Circuits , 2014, EUROCRYPT.

[17]  Vinod Vaikuntanathan,et al.  Predicate Encryption for Circuits from LWE , 2015, CRYPTO.

[18]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption , 2007, 2007 IEEE Symposium on Security and Privacy (SP '07).

[19]  Guy N. Rothblum,et al.  Obfuscating Conjunctions , 2015, Journal of Cryptology.

[20]  Matthew K. Franklin,et al.  Identity-Based Encryption from the Weil Pairing , 2001, CRYPTO.

[21]  Miklós Ajtai,et al.  Generating Hard Instances of the Short Basis Problem , 1999, ICALP.

[22]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[23]  Brent Waters,et al.  Ciphertext-Policy Attribute-Based Encryption: An Expressive, Efficient, and Provably Secure Realization , 2011, Public Key Cryptography.

[24]  Oded Regev,et al.  Quantum computation and lattice problems , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[25]  Charles F. F. Karney Sampling Exactly from the Normal Distribution , 2013, ACM Trans. Math. Softw..

[26]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[27]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[28]  Rafail Ostrovsky,et al.  Attribute-based encryption with non-monotonic access structures , 2007, CCS '07.

[29]  Allison Bishop,et al.  Decentralizing Attribute-Based Encryption , 2011, IACR Cryptol. ePrint Arch..

[30]  Zhenfeng Zhang,et al.  Ciphertext policy attribute-based encryption from lattices , 2012, ASIACCS '12.

[31]  Brent Waters,et al.  Homomorphic Encryption from Learning with Errors: Conceptually-Simpler, Asymptotically-Faster, Attribute-Based , 2013, CRYPTO.

[32]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[33]  Martin R. Albrecht,et al.  On the Efficacy of Solving LWE by Reduction to Unique-SVP , 2013, ICISC.

[34]  Allison Bishop,et al.  Fully Secure Functional Encryption: Attribute-Based Encryption and (Hierarchical) Inner Product Encryption , 2010, EUROCRYPT.

[35]  Bharadwaj Veeravalli,et al.  Implementation and Performance Evaluation of RNS Variants of the BFV Homomorphic Encryption Scheme , 2019, IEEE Transactions on Emerging Topics in Computing.

[36]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[37]  Frederik Vercauteren,et al.  Somewhat Practical Fully Homomorphic Encryption , 2012, IACR Cryptol. ePrint Arch..

[38]  Jiang Zhang,et al.  A Ciphertext Policy Attribute-Based Encryption Scheme without Pairings , 2011, Inscrypt.

[39]  Neil Smyth,et al.  A Practical Implementation of Identity-Based Encryption Over NTRU Lattices , 2017, IMACC.

[40]  Brent Waters,et al.  Fuzzy Identity-Based Encryption , 2005, EUROCRYPT.

[41]  Giovanni Di Crescenzo,et al.  Implementing Conjunction Obfuscation Under Entropic Ring LWE , 2018, 2018 IEEE Symposium on Security and Privacy (SP).

[42]  Shai Halevi,et al.  An Improved RNS Variant of the BFV Homomorphic Encryption Scheme , 2019, IACR Cryptol. ePrint Arch..

[43]  Satyanarayana V. Lokam,et al.  SECURITY OF HOMOMORPHIC ENCRYPTION , 2017 .

[44]  Rachid El Bansarkhani,et al.  Improvement and Effi cient Implementation of a Lattice-based Signature Scheme , 2013, IACR Cryptol. ePrint Arch..

[45]  Vinod Vaikuntanathan,et al.  Fast Proxy Re-Encryption for Publish/Subscribe Systems , 2017, IACR Cryptol. ePrint Arch..

[46]  Erkay Savas,et al.  Implementation and Evaluation of Improved Gaussian Sampling for Lattice Trapdoors , 2017, IACR Cryptol. ePrint Arch..

[47]  Chris Peikert,et al.  Better Key Sizes (and Attacks) for LWE-Based Encryption , 2011, CT-RSA.

[48]  Daniele Micciancio,et al.  Faster Gaussian Sampling for Trapdoor Lattices with Arbitrary Modulus , 2018, IACR Cryptol. ePrint Arch..

[49]  Oded Regev,et al.  New lattice based cryptographic constructions , 2003, STOC '03.

[50]  Léo Ducas,et al.  Efficient Identity-Based Encryption over NTRU Lattices , 2014, ASIACRYPT.

[51]  Brent Waters,et al.  Attribute-based encryption for fine-grained access control of encrypted data , 2006, CCS '06.

[52]  Martin R. Albrecht On Dual Lattice Attacks Against Small-Secret LWE and Parameter Choices in HElib and SEAL , 2017, EUROCRYPT.

[53]  J. Tukey,et al.  An algorithm for the machine calculation of complex Fourier series , 1965 .

[54]  Cristian Borcea,et al.  PICADOR: End-to-end encrypted Publish-Subscribe information distribution with proxy re-encryption , 2017, Future Gener. Comput. Syst..

[55]  Chris Peikert,et al.  An Efficient and Parallel Gaussian Sampler for Lattices , 2010, CRYPTO.

[56]  Frederik Vercauteren,et al.  High-Speed Polynomial Multiplication Architecture for Ring-LWE and SHE Cryptosystems , 2015, IEEE Transactions on Circuits and Systems I: Regular Papers.

[57]  Craig Gentry,et al.  Homomorphic Evaluation of the AES Circuit , 2012, IACR Cryptol. ePrint Arch..

[58]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.