Clever Geek Handbook

Postquantenkryptographie. NewHope Key Generation Protocol - Übersicht

Schönen Tag!





In der modernen Welt gibt es immer mehr Aussagen ĂŒber die potenzielle Bedrohung durch Quantencomputer in Bezug auf die verwendeten Kryptographieprotokolle. Der Quantencomputer ist bereits in der Lage, die Probleme des diskreten Logarithmus und der Faktorisierung einer Zahl zu lösen, wodurch alle darauf basierenden Protokolle gefĂ€hrdet werden.







Heute werden wir das NewHope-Protokoll betrachten, das auf einer anderen schwierigen Aufgabe basiert - dem Problem des Lernens mit Fehlern in einem Ring (Ring-LWE).





NewHope – , , . , SIS, LWE Ring-LWE:





1. SIS

SIS (Short integer solution problem) – .





, n q ( ):





A = (\ overrightarrow {a_1}, \ overrightarrow {a_2}, \ dots, \ overrightarrow {a_m}) \ in \ mathbb {Z} ^ {n \ times m} _q

L ^ {\ perp} A:





L ^ {\ perp} (A) = \ {z \ in \ mathbb {Z} ^ m: Az = 0 \}

( ) , .





, x \ in \ mathbb {Z} ^ m  , Ax = 0. , , .





\ beta \ ll q , z, || z || \ leq \ beta \ ll q. z ( q). , , . , .





? , ( ).





t \ ll T.- . z.





L_u ^ {\ perp} (A) = \ {z: Az = u \} = t + L ^ {\ perp} (A)

, z A .





, 2 ^ {\ theta (n)}, n - .





2. LWE ( Learning with errors)

:





:





n – ;





q – , . n, q \ ca. n ^ 2;





\ chi , );





A \ in \ mathbb {Z} ^ {n \ times m} _q a_i \in \mathbb{Z}^n_q;





k, \chi.





, s \in \mathbb{Z}^n_q, s a_i. ( q):





a_1 \gets \mathbb{Z}^n_q ,\: b_1 \approx\: <s, a_1> \: mod \: q a_2 \gets \mathbb{Z}^n_q ,\: b_2 \approx\: <s, a_2> \: mod \: q \dots





b_1=<s,a_1>+k_1\in \mathbb{Z}_q

k_1 k.





, (LWE on lattices).





:





L\left(A\right)=\{z\in \mathbb{Z}^m:z^T\equiv s^TA\ mod\ q\}=q\left(L^\bot\left(A\right)\right)

– .





, q. .





, , :





: b^T\approx v^T=s^TA\in L(A)\ v.





3.

LWE, - SIS:





Public key encryption (LWE):





, . – .





, e^\prime-ex\ll\ \frac{q}{2}.





0, 0, \frac{q}{2} 1.





? (A, u) (b, b’). A , , 4 , .





One-way function (SIS):





- -:





https://www.di.ens.fr/chloe.hebant/presentation/SISproblem.pdf
https://www.di.ens.fr/chloe.hebant/presentation/SISproblem.pdf

, . . (IV).





, f , H(m) .





f- (One-way function):





, :





n \in \mathbb{N} q = poly(n) m = m(n).





H_n- \{f_A\}_{A\in Z^{n\times m}} f_A:\{0,1\}^m\rightarrow Z_n^m





e\in{\{0,1\}}^n :





f_A\left(e\right)=A \times e\>\ mod\>\ q

SIS.





? , P SIS .





4.

:





. A 640 \times 8 15 :





: https://summerschool-croatia.cs.ru.nl/2018/
: https://summerschool-croatia.cs.ru.nl/2018/

2) / O(n^2), .





?





5. Ring-LWE

.





? , LWE . , n ?





\ left (\ begin {matrix} \ begin {matrix} \ vdots \\ a_i \\\ end {matrix} \\\ vdots \\\ end {matrix} \ right) \ widetilde {\ ast} \ left (\ begin {matrix} \ begin {matrix} \ vdots \\ s \\\ end {matrix} \\\ vdots \\\ end {matrix} \ right) + \ left (\ begin {matrix} \ begin {matrix} \ vdots \\ e_i \\\ end {matrix} \\\ vdots \\\ end {matrix} \ right) = \ left (\ begin {matrix} \ begin {matrix} \ vdots \\ b_i \\\ end {matrix} \\\ vdots \\\ end {matrix} \ right) \ in \ mathbb {Z} _q ^ n

\ widetilde {\ ast}?





– R_q = R / qR, R = \ mathbb {Z} _q \ left [X \ right] / \ left (X ^ n + 1 \ right), n – .





R_q {deg (R} _q) <nc q.





? . , , : x \ \ rightarrow \ -x \ mod \ q. .





/? , 2 O \ left (n \ logn \ right), O \ left (n ^ 2 \ right).





LWE , a_i, s, k , .





6. NewHope

, NewHope , Bos, Castello, Naehrig Stebila. TLS Ring-LWE.





, NewHope.





, .





:





, .





  1. n = 1024, q = 12289 ( , q \ equiv1 \ mod \ 2n). NTT ( ), n – , q – , . D_4.





  2. a. : seed – 256 , SHAKE-128 ( SHA3).   , 1024 a. : , TLS ( 2 ), NewHope , a. , backdoor , “” .





  3. – , . - , ( ). seed /dev/urandom 16- . s e.





  4. ( b, seed).





  5. a, s’, e’, e”, u.





  6. v, , . . v = bs '+ e ”= ass' + es '+ e”, v '= us = ass' + e's, , . , – , 0 \ frac {q} {2}. , .





  7. . : . q , \ left [0,1 \ right). D_4 D_2( ). \ {\ left (0, \ 1 \ right), \ left (1/2, \ 1/2 \ right) \}. .





Quelle https://eprint.iacr.org/2015/1092.pdf
https://eprint.iacr.org/2015/1092.pdf

. , , : , 1, , 0. , , . HelpRec, . . , , .





8.    Rec 1 4 ( ).





9.    256 , , .





7.





2019 NIST post-quantum crypto project, , . NIST , , KYBER ( Module-LWE) , . 3 KYBER.





, Google Canary CECPQ1 CECPQ2.





Quelle: https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html
: https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html

:









  2. Haskell





  3. FPGA





:





  1. https://newhopecrypto.org/





  2. https://eprint.iacr.org/2015/1092.pdf





  3. https://eprint.iacr.org/2014/599.pdf





  4. https://www.di.ens.fr/chloe.hebant/presentation/SISproblem.pdf





  5. http://www.ee.cityu.edu.hk/~twhk05/achieve/Wai%20Ho%20Mow.pdf





  6. https://simons.berkeley.edu/talks/lwe-worst-case-average-case-reductions-and-cryptomania

    https://simons.berkeley.edu/talks/algebraic-lattices-and-ring-lwe





  7. https://www.ei.ruhr-uni-bochum.de/media/sh/veroeffentlichungen/2013/08/14/lwe_encrypt.pdf





  8. https://summerschool-croatia.cs.ru.nl/2018/slides/Introduction%20to%20post-quantum%20cryptography%20and%20learning%20with%20errors.pdf





  9. https://people.csail.mit.edu/vinodv/6876-Fall2015/L12.pdf





  10. https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html











More articles:


All Articles