後量子金鑰交換

Yi-Fu Lai; 賴奕甫

請用此 Handle URI 來引用此文件： http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/68222

完整後設資料紀錄

DC 欄位	值	語言
dc.contributor.advisor	陳君明(Jiun-Ming Chen)
dc.contributor.author	Yi-Fu Lai	en
dc.contributor.author	賴奕甫	zh_TW
dc.date.accessioned	2021-06-17T02:15:06Z	-
dc.date.available	2021-01-04
dc.date.copyright	2018-01-04
dc.date.issued	2017
dc.date.submitted	2017-10-25
dc.identifier.citation	[1] Peter W. Shor. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM review, 41(2):303–332, 1999. [2] John Proos and Christof Zalka. Shor’s discrete logarithm quantum algorithm for elliptic curves. Quantum Information & Computation, 3(4):317–344, 2003. [3] Daniel J. Bernstein, Johannes Buchmann, and Erik Dahmen. Post-quantum cryptography. Springer Science & Business Media, 2009. [4] NIST. Workshop on cybersecurity in a post-quantum world, 2015. https://www.nist.gov/news-events/events/2015/04/workshop-cybersecurity-post-quantum-world. [5] Daniel Augot, Lejla Batina, Daniel J. Bernstein, Joppe Bos, Johannes Buchmann, Wouter Castryck, Orr Dunkelman, Tim Güneysu, Shay Gueron, Andreas Hülsing, Tanja Lange, Mohamed Saied Emam Mohamed, Christian Rechberger, Peter Schwabe, Nicolas Sendrier, Frederik Vercauteren, and Bo-Yin Yang. Initial recommendations of long-term secure post-quantum systems, 2015. https://pqcrypto.eu.org/docs/initial-recommendations.pdf. [6] Miklós Ajtai. Generating hard instances of lattice problems. In Proceedings of the twenty-eighth annual ACM symposium on Theory of computing, pages 99–108. ACM, 1996. [7] O. Goldreich, S. Goldwasser, and S. Halevi. Collision-free hashing from lattice problems”. eccc, tr96-042, 1996. Studies in Complexity and Cryptography, 1996. [8] Daniele Micciancio and Salil P. Vadhan. Statistical zero-knowledge proofs with efficient provers: Lattice problems and more. In Annual International Cryptology Conference, pages 282–298. Springer, 2003. [9] Vadim Lyubashevsky. Lattice-based identification schemes secure under active attacks. In International Workshop on Public Key Cryptography, pages 162–179. Springer, 2008. [10] Craig Gentry, Chris Peikert, and Vinod Vaikuntanathan. Trapdoors for hard lattices and new cryptographic constructions. In Proceedings of the fortieth annual ACM symposium on Theory of computing, pages 197–206. ACM, 2008. [11] Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. In In STOC, 2005. [12] Chris Peikert, Vinod Vaikuntanathan, and Brent Waters. A framework for efficient and composable oblivious transfer. In Annual International Cryptology Conference, pages 554–571. Springer, 2008. [13] Richard Lindner and Chris Peikert. Better key sizes (and attacks) for lwe-based encryption. In Cryptographers [14] Chris Peikert and Brent Waters. Lossy trapdoor functions and their applications. SIAM Journal on Computing, 40(6):1803–1844, 2011. [15] Chris Peikert. Public-key cryptosystems from the worst-case shortest vector problem. In Proceedings of the forty-first annual ACM symposium on Theory of computing, pages 333–342. ACM, 2009. [16] Daniele Micciancio and Chris Peikert. Trapdoors for lattices: Simpler, tighter, faster, smaller. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 700–718. Springer, 2012. [17] Zvika Brakerski, Craig Gentry, and Vinod Vaikuntanathan. (leveled) fully homomorphic encryption without bootstrapping. ACM Transactions on Computation Theory (TOCT), 6(3):13, 2014. [18] Jintai Ding, Xiang Xie, and Xiaodong Lin. A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive, Report 2012/688 (29 Jul 2014 revised), 2012. http://eprint.iacr.org/2012/688. [19] Vadim Lyubashevsky, Chris Peikert, and Oded Regev. On ideal lattices and learning with errors over rings. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 1–23. Springer, 2010. [20] Damien Stehlé and Ron Steinfeld. Making ntru as secure as worst-case problems over ideal lattices. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 27–47. Springer, 2011. [21] Chris Peikert. Lattice cryptography for the internet. In International Workshop on Post-Quantum Cryptography, pages 197–219. Springer, 2014. [22] Erdem Alkim, Léo Ducas, Thomas Pöppelmann, and Peter Schwabe. Post-quantum key exchange - a new hope. Cryptology ePrint Archive, Report 2015/1092, 2015. http://eprint.iacr.org/2015/1092. [23] Jintai Ding. A simple provably secure key exchange scheme based on the learning with errors problem. Cryptology ePrint Archive, Report 2012/688, 2012. https://eprint.iacr.org/2012/688/20121210:115748. [24] Joppe W. Bos, Craig Costello, Michael Naehrig, and Douglas Stebila. Post-quantum key exchange for the tls protocol from the ring learning with errors problem. In Security and Privacy (SP), 2015 IEEE Symposium on, pages 553–570. IEEE, 2015. [25] Oded Regev. The learning with errors problem. Invited survey in CCC, page 15, 2010. [26] Benny Applebaum, David Cash, Chris Peikert, and Amit Sahai. Fast cryptographic primitives and circular-secure encryption based on hard learning problems. In Advances in Cryptology-CRYPTO 2009, pages 595–618. Springer, 2009. [27] Miklós Ajtai. The shortest vector problem in l 2 is np-hard for randomized reductions. In Proceedings of the thirtieth annual ACM symposium on Theory of computing, pages 10–19. ACM, 1998. [28] Claus-Peter Schnorr and Martin Euchner. Lattice basis reduction: Improved practical algorithms and solving subset sum problems. Mathematical programming, 66(1-3):181–199, 1994. [29] Arjen Klaas Lenstra, Hendrik Willem Lenstra, and László Lovász. Factoring polynomials with rational coefficients. Mathematische Annalen, 261(4):515–534, 1982. [30] Nicolas Gama and Phong Q. Nguyen. Predicting lattice reduction. In Annual International Conference on the Theory and Applications of Cryptographic Techniques, pages 31–51. Springer, 2008. [31] Martin R Albrecht, Rachel Player, and Sam Scott. On the concrete hardness of learning with errors. Journal of Mathematical Cryptology, 9(3):169–203, 2015. [32] Claus Peter Schnorr. Lattice reduction by random sampling and birthday methods. In Annual Symposium on Theoretical Aspects of Computer Science, pages 145–156. Springer, 2003. [33] Yuanmi Chen. Réduction de réseau et sécurité concrète du chiffrement complètement homomorphe. PhD thesis, Paris 7, 2013. [34] Guillaume Hanrot, Xavier Pujol, and Damien Stehlé. Analyzing blockwise lattice algorithms using dynamical systems. In Annual Cryptology Conference, pages 447–464. Springer, 2011. [35] Yuanmi Chen and Phong Nguyen. Bkz 2.0: Better lattice security estimates. Advances in Cryptology–ASIACRYPT 2011, pages 1–20, 2011. [36] Thijs Laarhoven. Sieving for shortest vectors in lattices using angular localitysensitive hashing. In Annual Cryptology Conference, pages 3–22. Springer, 2015. [37] Thijs Laarhoven. Search problems in cryptography. PhD thesis, Eindhoven University of Technology, 2015.
dc.identifier.uri	http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/68222	-
dc.description.abstract	量子計算近年來的進展，使後量子密碼學受到關注。晶格密碼學是後量子密碼學的分支之一。晶格密碼學已被發現其蘊含諸多優美的性質，例如能建構多種密碼系統的底蘊，穩健的安全性保障，而當中首屈一指的莫過於抗量子計算的能力。於西元2015 年，Alkim 等人利用新型error-reconciliation 機構，改良Peikert 的密碼系統，建立出新的後量子金鑰交換密碼系統，NEWHOPE。甚至於翌年Google 實驗性的採納Canary 瀏覽器上數月之久。受到Alkim 等人工作之啟發，我們運用錯誤更正碼中的奇偶檢查矩陣，構築了新的error-reconciliation 機構、建立在丁等人的密碼系統上，架構新的後量子金鑰交換系統。我們的金鑰交換系統，需要較大的訊息傳輸量(在與NEWHOPE 相同安全性下多出768 位元)，少於NEWHOPE-simple 的訊息傳輸量(在與NEWHOPE 相同安全性下多出1024 位元)，但能夠與NEWHOPE 所有參數相容、並有相同的安全性。因此也能做為另一項可實行後量子金鑰交換的選擇。	zh_TW
dc.description.abstract	The advances in quantum computing in recent years draw attention to the post-quantum cryptography. Lattice-based cryptography is a branch of the post-quantum cryptography. Lattice-based cryptography has been discovered several attractive properties such as its versatility and strong provable security guarantees but the most of all is its resistance against the quantum computing. In 2015, Erdem Alkim, Leo Ducas, Thomas Poppelmann, and Peter Schwabe introduced a post-quantum key exchange protocol, NEWHOPE, with a new error-reconciliation mechanism which ameliorated Peikert's key exchange protocol (PQCrypto 2014) with not only better efficiency but better security margin. Moreover, the NEWHOPE had even been experimented on Google Canary browser in the specific connection in 2016 for a few months. Inspired by the work of Alkim et al., we would like to present a new error-reconciliation mechanism based on the protocol of Ding et al. Our protocol requires a little larger message size ($768$ bits more under the same security level with NEWHOPE) and less than NEWHOPE-simple ($1024$ bits more than NEWHOPE under the same security level) but being compatible with all parameters in NEWHOPE under the same security level and thus can also be regarded as an alternative choice of practical post-quantum key exchange.	en
dc.description.provenance	Made available in DSpace on 2021-06-17T02:15:06Z (GMT). No. of bitstreams: 1 ntu-106-R04221003-1.pdf: 463390 bytes, checksum: 59ac5ff4bec7daeae1f17d9115bd1524 (MD5) Previous issue date: 2017	en
dc.description.tableofcontents	誌謝 ii Acknowledgement iv 中文摘要 vi Abstract viii Lists of Figures xii Lists of Tables xiv 1 Introduction 1 1.1 Contributions . . . . . . . . . . . . . . . 3 2 Preliminary 4 2.1 Learning with Errors . . . . . . . . . . . . . . 4 2.2 Learning with Errors over Rings . . . . . . . . . 6 2.3 Notation . . . . . . . . . . . .. . . . . . . 7 2.4 Diffie-Hellman Like Key Exchange . . . . . . 7 3 Our Protocol 9 3.1 Dimension of 2 . . . . . . . . . . . . . 9 3.2 Dimension of 4 . . . . . . . . . . . 11 3.3 Quantization . . . . . . .. . . . . . 16 3.4 Passive Security . . . . . . . . . . 20 4 Cryptoanalysis 24 4.1 Notation . . . . . . . . . . . . .. . 24 4.2 Lattice Reduction and Basic Tools . . 25 4.2.1 Gaussian Reduction . . . . . .. . . 25 4.2.2 LLL Algorithm . . . . . . . . . . 25 4.2.3 BKZ Algorithm . . . . . . . . . 26 4.3 Primal Attack . . . . . . . . . . . 28 4.4 Dual Attack . . . . . . . . . . 31 Bibliography 37
dc.language.iso	en
dc.subject	後量子金鑰交換	zh_TW
dc.subject	晶格密碼學	zh_TW
dc.subject	環-LWE	zh_TW
dc.subject	ring-LWE	en
dc.subject	post-quantum key exchange	en
dc.subject	lattice-based cryptography	en
dc.title	後量子金鑰交換	zh_TW
dc.title	Post-Quantum Key Exchange	en
dc.type	Thesis
dc.date.schoolyear	106-1
dc.description.degree	碩士
dc.contributor.oralexamcommittee	鄭振牟(Chen-Mou Cheng),楊柏因(Bo-Ying Yang)
dc.subject.keyword	環-LWE,後量子金鑰交換,晶格密碼學,	zh_TW
dc.subject.keyword	ring-LWE,post-quantum key exchange,lattice-based cryptography,	en
dc.relation.page	37
dc.identifier.doi	10.6342/NTU201704317
dc.rights.note	有償授權
dc.date.accepted	2017-10-25
dc.contributor.author-college	理學院	zh_TW
dc.contributor.author-dept	數學研究所	zh_TW
顯示於系所單位：	數學系

文件中的檔案：

檔案	大小	格式
ntu-106-1.pdf 未授權公開取用	452.53 kB	Adobe PDF

顯示文件簡單紀錄

系統中的文件，除了特別指名其著作權條款之外，均受到著作權保護，並且保留所有的權利。