Authors:
Tikaram Sanyashi
;
Sreyans Nahata
;
Rushang Dhanesha
and
Bernard Menezes
Affiliation:
Indian Institute of Technology Bombay, Powai, Mumbai and India
Keyword(s):
Learning with Errors, Linear Programming, Integer Linear Programming, Galbraith’s Binary LWE.
Related
Ontology
Subjects/Areas/Topics:
Applied Cryptography
;
Cryptographic Techniques and Key Management
;
Data Engineering
;
Data Integrity
;
Databases and Data Security
;
Information and Systems Security
Abstract:
Unlike many widely used cryptosytems, Learning with Errors (LWE) - based cryptosystems are known to be invulnerable to quantum computers. Galbraith’s Binary LWE (GB-LWE) was proposed to reduce the large key size of the original LWE scheme by over two orders of magnitude. In GB-LWE, recovering the plaintext from the ciphertext involves solving for the binary vector x in the equation xA = b (A, a 640×256 binary matrix and b, a 256 element integer vector are knowns). Previously, lattice-based attacks on binary matrices larger than 400 × 256 were found to be infeasible. Linear programming was proposed and shown to handle significantly larger matrices but its success rate for 640 × 256 matrices was found to be negligible. Our strategy involves identification of regimes L, M and H within the output (based on LP relaxation) where the mis-prediction rates are low, medium or high respectively. Bits in the output vector are guessed and removed to create and solve a reduced instance. We report
extensive experimental results on prediction accuracy and success probability as a function of number of bits removed in L, M and H. We identify trade-offs between lower execution time and greater probability of success. Our success probability is much higher than previous efforts and its execution time of 1 day with 150 cores is a partial response to the challenge posed in (Galbraith, 2013) to solve a random 640 × 256 instance using “current computing facilities in less than a year”.
(More)