Improving GGH Public Key Scheme Using Low Density Lattice Codes
Mohammad Aref
Sign up for access to the world's latest research
checkGet notified about relevant papers
checkSave papers to use in your research
checkJoin the discussion with peers
checkTrack your impact
Abstract
Goldreich-Goldwasser-Halevi (GGH) public key cryptosystem is an instance of lattice-based cryptosystems whose security is based on the hardness of lattice problems. In fact, GGH cryptosystem is the lattice version of the first code-based cryptosystem, proposed by McEliece. However, it has a number of drawbacks such as; large public key length and low security level. On the other hand, Low Density Lattice Codes (LDLCs) are the practical classes of lattice codes which can achieve capacity on the additive white Gaussian noise (AWGN) channel with low complexity decoding algorithm. This paper introduces a public key cryptosystem based on LDLCs to withdraw the drawbacks of GGH cryptosystem. To reduce the key length, we employ the generator matrix of the used LDLC in Hermite normal form (HNF) as the public key. Also, by exploiting the linear decoding complexity of the used LDLC, the decryption complexity is decreased compared with GGH cryptosystem. These increased efficiencies allow us to use the bigger values of security parameters. Moreover, we exploit the special Gaussian vector whose variance is upper bounded by the Poltyrev limit as the perturbation vector. These techniques can resist the proposed scheme against the most efficient attacks to the GGH-like cryptosystems.
Related papers
Improving GGH cryptosystem using generalized low density lattices
2016 International Conference on Advanced Communication Systems and Information Security (ACOSIS), 2016
A new Goldreich-Goldwasser-Halevi (GGH) cryptosystem is proposed using Generalized Low Density (GLD) lattices. These low density lattices can alleviate a major drawback of the GGH scheme, namely the huge size of its public key. Indeed, we show that the new GGH that we propose in this paper reduces the key size by one order of magnitude. In addition, we show that the key generation complexity as well as those of the encryption and decryption phases are significantly decreased. The security of this new GGH is highlighted through a security analysis that reviews all known attacks on GGH systems. This allows us to conclude that our scheme does not add any new vulnerability as compared with the existing GGH schemes.
A Security Upgrade on the GGH Lattice-based Cryptosystem
Sains Malaysiana
Due to the Nguyen's attack, the Goldreich-Goldwasser-Halevi (GGH) encryption scheme, simply referred to as GGH cryptosystem, is considered broken. The GGH cryptosystem was initially addressed as the first practical latticebased cryptosystem. Once the cryptosystem is implemented in a lattice dimension of 300 and above, its inventors was conjectured that the cryptosystem is intractable. This conjecture was based on thorough security analyses on the cryptosystem against some powerful attacks. This conjecture became more concrete when all initial efforts for decrypting the published GGH Internet Challenges were failed. However, a novel strategy by the Nguyen's attack for simplifying the underlying Closest-Vector Problem (CVP) instance that arose from the cryptosystem, had successfully decrypted almost all the challenges and eventually made the cryptosystem being considered broken. Therefore, the Nguyen's attack is considered as a fatal attack on the GGH cryptosystem. In this paper, we proposed a countermeasure to combat the Nguyen's attack. By implementing the proposed countermeasure, we proved that the simplification of the underlying CVP instance could be prevented. We also proved that, the upgraded GGH cryptosystem remains practical where the decryption could be done without error. We are optimistic that, the upgraded GGH cryptosystem could make a remarkable return into the mainstream discussion of the lattice-based cryptography.
An Efficient Public Key Encryption Scheme Based on QC-MDPC Lattices
IEEE Access
In this paper, we introduce a new family of lattices, namely QC-MDPC lattices, which are a special case of LDPC lattices, and an improved bit flipping algorithm for decoding of these lattices. Encoding and decoding implementations of QC-MDPC lattices are practical in high dimensions. Indeed, to take advantage of practical decoding, we use ''Construction-A'' lattices which makes a tight connection between the structure of lattices and codes. Using these features, we design a lattice-based public key encryption scheme enjoying linear encryption and decryption complexities. The proposed scheme has a reasonable key size due to the sparseness of the parity-check matrix, and the quasi-cyclic structure of the parity-check and generator matrices. Besides, the message expansion of the proposed scheme is smaller than other latticebased and code-based cryptosystems with comparative parameters. All these features provide a lattice-based public key encryption scheme with reasonable key size, linear encryption, and decryption algorithms and small message expansion. On the other hand, we show that the cryptosystem is resistant against all known attacks both on lattice-based and code-based cryptosystems for different levels of security. INDEX TERMS QC-LDPC lattices, MDPC codes, lattice-based cryptosystem, code-based cryptosystem, public key cryptosystem.
A Lattice Based Joint Encryption, Encoding and Modulation Scheme
ArXiv, 2019
A new nonlinear Rao-Nam like symmetric key encryption scheme is presented in this paper. QC-LDPC lattices that are practically implementable in high dimensions due to their low complexity encoding and decoding algorithms, are used in our design. Then, a joint scheme is proposed which is capable of encrypting, encoding and data modulation simultaneously. The proposed cryptosystem withstands all variants of chosen plaintext attacks applied on Rao-Nam like cryptosystems due to its nonlinearity. The sparseness of the parity-check matrix of QC-LDPC lattices, quasi-cyclic nature of their generator and parity-check matrices, simple hardware structure for generating intentional error vector, permutation and nonlinear functions, result in a small key size for our scheme. The lattice codes related to the lattices used in this paper have high rate which are suitable for bandlimited AWGN channels. Therefore, the joint scheme based on these lattices facilitates secure, reliable and efficient dat...
A Lattice Based Public Key Cryptosystem Using Polynomial Representations
2003
In Crypto 97, a public key cryptosystem based on the closest vector problem was suggested by Goldreich, Goldwasser and Halevi [4]. In this paper, we propose a public key cryptosystem applying representations of polynomials to the GGH encryption scheme. Its key size is much smaller than the GGH system so that it is a quite practical and efficient lattice based cryptosystem.
Improving the efficiency of the LDPC code-based McEliece cryptosystem through irregular codes
2013 IEEE Symposium on Computers and Communications (ISCC), 2013
We consider the framework of the McEliece cryptosystem based on low-density parity-check (LDPC) codes, which is a promising post-quantum alternative to classical public key cryptosystems. The use of LDPC codes in this context allows to achieve good security levels with very compact keys, which is an important advantage over the classical McEliece cryptosystem based on Goppa codes. However, only regular LDPC codes have been considered up to now, while some further improvement can be achieved by using irregular LDPC codes, which are known to achieve better error correction performance than regular LDPC codes. This is shown in this paper, for the first time at our knowledge. The possible use of irregular transformation matrices is also investigated, which further increases the efficiency of the system, especially in regard to the public key size.
An asymmetric cryptography using Gaussian integers
2020
In this paper, the already strong McEliece cryptosystem is enhanced with a two-dimensional finite Gaussian integer. By substituting the one-dimensional linear code with a two-dimensional code employing a finite Gaussian integer, a new system simultaneously increases the key space and the errors to be correct by syndrome decoding. We compare the proposed system against the classic McEliece system in three aspects: the work factors performing the trial of the attacks, the computational complexity cost, and the empirical running time of the system. Compared to the classic McEliece cryptosystem, the enhanced cryptosystem achieves a higher security level against key recovering and decoding attacks. By carefully selecting parameters, a small code element can improve the key strength without compromising the runtime efficiency.
Public-Key Cryptosystems Based on Linear Codes
IMA Conference on Cryptography and Coding, 1995
this report, the use of hiding matrices is proposed to modify all the abovePKC. The modified open keys are as follows:
A Joint Encryption-Encoding Scheme using QC-LDPC Codes based on Finite Geometry
Scientia Iranica, 2022
Joint encryption-encoding schemes have been released to fulfill both reliability and security desires in a single step. Using Low Density Parity-Check (LDPC) codes in joint encryptionencoding schemes, as an alternative to classical linear codes, would shorten the key size as well as improving error correction capability. In this article, a joint encryption-encoding scheme using Quasi-Cyclic Low Density Parity-Check (QC-LDPC) codes based on finite geometry is presented. It is observed that our proposed scheme not only outperforms its predecessors in key size and transmission rate, but also remains secure against all known cryptanalyses of code-based secret key cryptosystems. In this paper, we have proposed an idea to make QC-LDPC based cryptosystems secure against reaction attacks. It is subsequently shown that our scheme benefits from low computational complexity. By taking the advantage of QC-LDPC codes based on finite geometry, the key size of our scheme is very close to its target security level. In addition, using the proposed scheme, a wide range of desirable transmission rates are achievable. This variety of codes makes our cryptosystem suitable for a number of different communication and cryptographic standards such as wireless personal area networks (WPAN) and digital video broadcasting (DVB).
Lattice Based Efficient Threshold Public Key Encryption Scheme
J. Wirel. Mob. Networks Ubiquitous Comput. Dependable Appl., 2013
A (t,u)threshold public key encryption (TPKE) is a public key encryption where a private key is splitted among u decryption servers (insiders) and at least t decryption servers (insiders) are required to decrypt the ciphertext but no group of t− 1 or less malicious insiders can decrypt the message. Bendlin and Damgard [1] presented first lattice based threshold public key encryption scheme based on Regev’s LWE based encryption system [2]. We propose efficient lattice based threshold public key encryption scheme based on [3]. We have reduced size of the public key from (n2+1)log n×‖Zq‖ to (n2 +1)×‖Zq‖ with the same ciphertext size where ‖Zq‖ is the number of bits required to represent an element of Zq. Resplittable threshold public key encryption (RTPKE) was introduced by Hanaoka et al [4] in a generic construction of CCA secure uni-directional proxy re-encryption scheme. RTPKE is a threshold public key encryption with an additional randomized algorithm Tsplit. Based on our efficient...
Related papers
Improving the Rao-Nam secret key cryptosystem using regular EDF-QC-LDPC codes
2012
This paper proposes an efficient joint secret key encryption-channel coding cryptosystem, based on regular Extended Difference Family Quasi-Cyclic Low-Density Parity-Check codes. The key length of the proposed cryptosystem decreases up to 85 percent using a new efficient compression algorithm. Cryptanalytic methods show that the improved cryptosystem has a significant security advantage over Rao-Nam cryptosystem against chosen plaintext attacks, benefiting from an improvement on the structure of the Rao-Nam cryptosystem and proper choices of code parameters. Moreover, the proposed cryptosystem benefits from the highest code rate and a proper error performance.
Low-density lattice codes
Information Theory, IEEE …, 2008
A New Analysis of the McEliece Cryptosystem Based on QC-LDPC Codes
2008
We improve our proposal of a new variant of the McEliece cryptosystem based on QC-LDPC codes. The original McEliece cryptosystem, based on Goppa codes, is still unbroken up to now, but has two major drawbacks: long key and low transmission rate. Our variant is based on QC-LDPC codes and is able to overcome such drawbacks, while avoiding the known attacks. Recently, however, a new attack has been discovered that can recover the private key with limited complexity. We show that such attack can be avoided by changing the form of some constituent matrices, without altering the remaining system parameters. We also propose another variant that exhibits an overall increased security level. We analyze the complexity of the encryption and decryption stages by adopting efficient algorithms for processing large circulant matrices. The Toom-Cook algorithm and the short Winograd convolution are considered, that give a significant speed-up in the cryptosystem operations.
Techniques of Lattice Based Cryptography Studied on a Pervasive Computing Environment
International Journal on Computational Science & Applications, 2015
Creation of smart spaces and scaling of devices to achieve miniaturization in pervasive computing environments has put forth a question on the degree of security of such devices. Security being a unique challenge in such environments, solution demands scalability, access control, heterogeneity, trust. Most of the existing cryptographic solutions widely in use rely on the hardness of factorization and number theory problems. With the increase in cryptanalytic attacks these schemes will soon become insecure. We need an alternate security mechanism which is as hard as the existing number theoretic approaches. In this work, we discuss the aspects of Lattice based cryptography as a new dimension of providing security whose strength lies in the hardness of lattice problems. We discuss about a cryptosystem whose security relies on high lattice dimension.
Security and complexity of the McEliece cryptosystem based on QC-LDPC codes
2011
In the context of public key cryptography, the McEliece cryptosystem represents a very smart solution based on the hardness of the decoding problem, which is believed to be able to resist the advent of quantum computers. Despite this, the original McEliece cryptosystem, based on Goppa codes, has encountered limited interest in practical applications, partly because of some constraints imposed by this very special class of codes. We have recently introduced a variant of the McEliece cryptosystem including low-density parity-check codes, that are state-of-the-art codes, now used in many telecommunication standards and applications. In this paper, we discuss the possible use of a bit-flipping decoder in this context, which gives a significant advantage in terms of complexity. We also provide theoretical arguments and practical tools for estimating the trade-off between security and complexity, in such a way to give a simple procedure for the system design.
EEH: A GGH-Like Public Key Cryptosystem Over The Eisenstein Integers Using Polynomial Representations
2015
GGH class of public-key cryptosystems relies on computational problems based on the closest vector problem (CVP) in lattices for their security. The subject of lattice based cryptography is very active and there have recently been new ideas that revolutionised the field. We present EEH, a GGH-Like public key cryptosystem based on the Eisenstein integers Z[ζ 3 ] where ζ 3 is a primitive cube root of unity. EEH applies representations of polynomials to the GGH encryption scheme and we discuss its key size and parameters selection. We also provide theoretical and experimental data to compare the security and efficiency of EEH to GGH with comparable parameter sets and show that EEH is an improvement over GGH in terms of security and efficiency.
Improvement of Lattice-Based Cryptography Using CRT
Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, 2010
In this paper, we first critically analyze two existing latticebased cryptosystems, namely GGH and Micciancio, and identify their drawbacks. Then, we introduce a method for improving the implementation of GGH using the Chinese Remainder Theorem (CRT). Furthermore, we also propose another cryptosystem optimized for CRT, drawing on the strengths of both cryptosystems. We provide a fair comparison between our scheme and the existing ones.
Lattice-based Encryption Over Standard Lattices in Hardware
Lattice-based cryptography has gained credence recently as a replacement for current public-key cryptosystems, due to its quantum-resilience, versatility, and relatively low key sizes. To date, encryption based on the learning with errors (LWE) problem has only been investigated from an ideal lattice standpoint, due to its computation and size efficien-cies. However, a thorough investigation of standard lattices in practice has yet to be considered. Standard lattices may be preferred to ideal lattices due to their stronger security assumptions and less restrictive parameter selection process. In this paper, an area-optimised hardware architecture of a standard lattice-based cryptographic scheme is proposed. The design is implemented on a FPGA and it is found that both encryption and decryption fit comfortably on a Spartan-6 FPGA. This is the first hardware architecture for standard lattice-based cryptography reported in the literature to date, and thus is a benchmark for future implementations. Additionally, a revised discrete Gaussian sampler is proposed which is the fastest of its type to date, and also is the first to investigate the cost savings of implementing with λ/2-bits of precision. Performance results are promising in comparison to the hardware designs of the equivalent ring-LWE scheme, which in addition to providing a stronger security proof; generate 1272 encryptions per second and 4395 decryptions per second.
On the Design of Hardware Building Blocks for Modern Lattice-Based Encryption Schemes
Lecture Notes in Computer Science, 2012
We present both a hardware and a software implementation variant of the learning with errors (LWE) based cryptosystem presented by Lindner and Peikert. This work helps in assessing the practicality of lattice-based encryption. For the software implementation, we give a comparison between a matrix and polynomial based variant of the LWE scheme. This module includes multiplication in polynomial rings using Fast Fourier Transform (FFT). In order to implement lattice-based cryptography in an efficient way, it is crucial to apply the systems over polynomial rings. FFT speeds up multiplication in polynomial rings, which is the most critical operation in lattice-based cryptography, from quadratic to quasi-linear runtime. For the hardware variant, we show how this fundamental building block of lattice-based cryptography can be implemented and evaluated in terms of performance. A second important component for lattice-based cryptosystems is the sampling from discrete Gaussian distributions. We examine three different variants for sampling Gaussian distributed integers, namely rejection sampling, a rounding based approach, and a look-up table based approach in hardware.
Hyperelliptic curves encryption combined with block codes for Gaussian channel
In this paper, a new cryptographic system is constructed using a combination of a hyperelliptic curve of genus g ¼ 2 over the Galois field GF(2 n ) and a Reed-Solomon code (N, K) over the Galois field GF(2 m ) and this system uses a smaller key than the elliptic curves cryptosystem and the Rivest, Shamir, and Adleman cryptosystem. The design criterion for the combination can be expressed as the data compression condition and addressing capability of the code. In addition, the system performance is compared with other systems; extraordinary improvements of 8 and 16.5 dB can be obtained for a BER=10 À5 , when compared with binary phase shift keying and differential chaos shift keying, respectively. This system has a polynomial complexity, which depends on data length and the number of operations in GF(2 n ).
Loading Preview
Sorry, preview is currently unavailable. You can download the paper by clicking the button above.