Efficient protocols for oblivious linear function evaluation from ring-LWE1

An oblivious linear function evaluation protocol, or OLE, is a two-party protocol for the function f ( x ) = a x + b, where a sender inputs the field elements a, b, and a receiver inputs x and learns f ( x ). OLE can be used to build secret-shared multiplication, and is an essential component of many secure computation applications including general-purpose multi-party computation, private set intersection and more. In this work, we present several efficient OLE protocols from the ring learning with errors (RLWE) assumption. Technically, we build two new passively secure protocols, which build upon recent advances in homomorphic secret sharing from (R)LWE (Boyle et al. in: EUROCRYPT 2019, Part II (2019) 3–33 Springer), with optimizations tailored to the setting of OLE. We upgrade these to active security using efficient amortized zero-knowledge techniques for lattice relations (Baum et al. in: CRYPTO 2018, Part II (2018) 669–699 Springer), and design new variants of zero-knowledge arguments that are necessary for some of our constructions. Our protocols offer several advantages over existing constructions. Firstly, they have the lowest communication complexity amongst previous, practical protocols from RLWE and other assumptions; secondly, they are conceptually very simple, and have just one round of interaction for the case of OLE where b is randomly chosen. We demonstrate this with an implementation of one of our passively secure protocols, which can perform more than 1 million OLEs per second over the ring Z m , for a 120-bit modulus m, on standard hardware.

A Cryptographic Test of Quantumness and Certifiable Randomness from a Single Quantum Device

We consider a new model for the testing of untrusted quantum devices, consisting of a single polynomial time bounded quantum device interacting with a classical polynomial time verifier. In this model, we propose solutions to two tasks—a protocol for efficient classical verification that the untrusted device is “truly quantum” and a protocol for producing certifiable randomness from a single untrusted quantum device. Our solution relies on the existence of a new cryptographic primitive for constraining the power of an untrusted quantum device: post-quantum secure trapdoor claw-free functions that must satisfy an adaptive hardcore bit property. We show how to construct this primitive based on the hardness of the learning with errors (LWE) problem.

An Effective NTRU-Based Fully Homomorphic Encryption Scheme

Fully homomorphic encryption (FHE) supports arbitrary computations on ciphertexts without decryption to protect users’ privacy. However, currently, there are still some shortcomings in research studies on FHE. For example, the NTRU-based FHE scheme constructed using the approximate eigenvector method requires complex matrix multiplications, and the power-of-two cyclotomic ring cannot prevent subfield attacks. To address these problems, this paper proposed a NTRU-based FHE scheme constructed based on the power-of-prime cyclotomic ring and made the following improvements: (1) the power-of-prime cyclotomic ring is immune to subfield attacks; (2) complex matrix multiplications are replaced with matrix-vector multiplications to modify the ciphertext forms and decryption structures, so as to gain advantages in storage, transportation, and computations; (3) the single instruction multiple data (SIMD) technology is introduced, and homomorphic operations are executed through the Chinese remainder theorem, further improving the scheme computation and storage efficiency. The ciphertext of the scheme is in a form of a vector, and no key exchange is required for homomorphic operations. In addition, this scheme can eliminate the decisional small polynomial ratio (DSPR) assumption under certain conditions and only relies on the ring learning with errors (RLWE) assumption. The standard security model can prove that this scheme is secure against chosen-plaintext (IND-CPA) attacks. Compared with similar schemes, the proposed scheme improves the efficiency at least by a factor of l φ x / d + 1 and quadratically decreases the noise growth rate.

DiLizium: A Two-Party Lattice-Based Signature Scheme

In this paper, we propose DiLizium: a new lattice-based two-party signature scheme. Our scheme is constructed from a variant of the Crystals-Dilithium post-quantum signature scheme. This allows for more efficient two-party implementation compared with the original but still derives its post-quantum security directly from the Module Learning With Errors and Module Short Integer Solution problems. We discuss our design rationale, describe the protocol in full detail, and provide performance estimates and a comparison with previous schemes. We also provide a security proof for the two-party signature computation protocol against a classical adversary. Extending this proof to a quantum adversary is subject to future studies. However, our scheme is secure against a quantum attacker who has access to just the public key and not the two-party signature creation protocol.

Multiparty Homomorphic Encryption from Ring-Learning-with-Errors

We propose and evaluate a secure-multiparty-computation (MPC) solution in the semi-honest model with dishonest majority that is based on multiparty homomorphic encryption (MHE). To support our solution, we introduce a multiparty version of the Brakerski-Fan-Vercauteren homomorphic cryptosystem and implement it in an open-source library. MHE-based MPC solutions have several advantages: Their transcript is public, their o~ine phase is compact, and their circuit-evaluation procedure is noninteractive. By exploiting these properties, the communication complexity of MPC tasks is reduced from quadratic to linear in the number of parties, thus enabling secure computation among potentially thousands of parties and in a broad variety of computing paradigms, from the traditional peer-to-peer setting to cloud-outsourcing and smart-contract technologies. MHE-based approaches can also outperform the state-of-the-art solutions, even for a small number of parties. We demonstrate this for three circuits: private input selection with application to private-information retrieval, component-wise vector multiplication with application to private-set intersection, and Beaver multiplication triples generation. For the first circuit, privately selecting one input among eight thousand parties’ (of 32 KB each) requires only 1.31 MB of communication per party and completes in 61.7 seconds. For the second circuit with eight parties, our approach is 8.6 times faster and requires 39.3 times less communication than the current methods. For the third circuit and ten parties, our approach generates 20 times more triples per second while requiring 136 times less communication per-triple than an approach based on oblivious transfer. We implemented our scheme in the Lattigo library and open-sourced the code at github.com/ldsec/lattigo.

Lossless Data Hiding in LWE-Encrypted Domains Based on Key-Switching

This paper proposes a lossless data hiding scheme in learning with errors (LWE)-encrypted domain based on key-switching technique. Lossless data hiding and extraction could be realized by a third party without knowing the private key for decryption. Key-switching-based least-significant-bit (KSLSB) data hiding method has been designed during the lossless data hiding process. The owner of the plaintext first encrypts the plaintext by using LWE encryption and uploads ciphertext to a (trusted or untrusted) third server. Then the server performs KSLSB to obtain a marked ciphertext. To enable the third party to manage ciphertext flexibly and keep the plaintext secret, the embedded data can be extracted from the marked ciphertext without using the private key of LWE encryption in the proposed scheme. Experimental results demonstrate that data hiding would not compromise the security of LWE encryption, and the embedding rate is 1 bit per bit of plaintext without introducing any loss into the directly decrypted result.

Lattice Cryptography based Geo-encrypted Contact Tracing for Infection Detection

The world has already witnessed many epidemic diseases in the past years, like H1N1, SARS, and Ebola etc. Now, Covid-19 has also been added to list, which is declared as pandemic by World Health Organization. One of the most commonly used method to tackle the spread of such diseases is using mobile applications to perform contact tracing of the infected person. However, contact tracing applications involve transmitting sensitive location based data of the infected person to the government servers. Therefore, recently this has raised a lot of concerns regarding privacy of the infected persons. This work proposes a light-weight and secure encryption scheme, based on location based encryption which can be used to transfer the location data to the server without compromising its security. The main aim of the work is design an algorithm in such a way that the encrypted transferred data can only be decrypted at the server and in-between data leakage can be prevented. This work proposes to use location based encryption combined with Learning with Errors problems in Lattices, which can provide a solution to privacy concerns in contact tracing, which will even be applicable in the post quantum period.

Lattice Cryptography based Geo-encrypted Contact Tracing for Infection Detection

The world has already witnessed many epidemic diseases in the past years, like H1N1, SARS, and Ebola etc. Now, Covid-19 has also been added to list, which is declared as pandemic by World Health Organization. One of the most commonly used method to tackle the spread of such diseases is using mobile applications to perform contact tracing of the infected person. However, contact tracing applications involve transmitting sensitive location based data of the infected person to the government servers. Therefore, recently this has raised a lot of concerns regarding privacy of the infected persons. This work proposes a light-weight and secure encryption scheme, based on location based encryption which can be used to transfer the location data to the server without compromising its security. The main aim of the work is design an algorithm in such a way that the encrypted transferred data can only be decrypted at the server and in-between data leakage can be prevented. This work proposes to use location based encryption combined with Learning with Errors problems in Lattices, which can provide a solution to privacy concerns in contact tracing, which will even be applicable in the post quantum period.