Further improvements of the estimation of key enumeration with applications to solving LWE

In post-quantum cryptography, Learning With Errors (LWE) is one of the dominant underlying mathematical problems. The dual attack is one of the main strategies for solving the LWE problem, and it has recently gathered significant attention within the research community. The attack strategy consists...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Cryptography and communications Ročník 16; číslo 5; s. 1163 - 1182
Hlavní autoři: Budroni, Alessandro, Mårtensson, Erik
Médium: Journal Article
Jazyk:angličtina
Vydáno: New York Springer US 01.09.2024
Springer Nature B.V
Témata:
Algorithms
Annan elektroteknik och elektronik
Binomial distribution
Circuits
Coding and Information Theory
Communications Engineering
Computer Science
Data Structures and Information Theory
Electrical Engineering, Electronic Engineering, Information Engineering
Elektroteknik och elektronik
Engineering and Technology
Enumeration
Information and Communication
Mathematics of Computing
Networks
Normal distribution
Other Electrical Engineering, Electronic Engineering, Information Engineering
Probability
Probability distribution
Quantum cryptography
Success
Teknik
68P30
Learning with Errors
Lattice-based cryptography
Dual attacks
94A60
Cryptography
ISSN:1936-2447, 1936-2455, 1936-2455
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:In post-quantum cryptography, Learning With Errors (LWE) is one of the dominant underlying mathematical problems. The dual attack is one of the main strategies for solving the LWE problem, and it has recently gathered significant attention within the research community. The attack strategy consists of a lattice reduction part and a distinguishing part. The latter includes an enumeration subroutine over a certain number of positions of the secret key. Our contribution consists of giving a precise and efficient approach for calculating the expected complexity of such an enumeration procedure, which was missing in the literature. This allows us to decrease the estimated cost of the whole dual attack, both classically and quantumly, on well-known protocols such as Kyber, Saber, and TFHE. In addition, we explore different enumeration strategies to investigate some potential further improvements. As our method of calculating the expected cost of enumeration is pretty general, it might be of independent interest in other areas of cryptanalysis or even in different research areas.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:1936-2447
1936-2455
1936-2455
DOI:10.1007/s12095-024-00722-1