Information and Communications Magazine (정보와 통신)

The Korean Institute of Commucations and Information Sciences (한국통신학회)
권호 표지

랜덤선형부호의 복호화 문제와 그의 암호학적 응용

  • Published : 2015.05.29
Download PDF
⟨ Previous Next ⟩

Abstract

오류정정부호는 정보를 부호화하여 데이터 전송 과정에서 발생하는 에러를 감소시킴으로써 통신 신뢰성을 향상시킨다. 이에 따라 에러를 효율적으로 검출 및 정정할 수 있는 부호(code)가 필수적이다. 반면 암호에서는 중요한 정보를 은닉하기 위한 목적으로 비밀정보에 인위적으로 오류를 주입한다. 따라서 기밀성을 유지하기 위해서는 위와는 반대로 오류정정이 어려운 부호를 필요로 한다. 본고에서는 오류정정의 어려움으로 메시지의 비밀성은 유지되고, 덧문(trapdoor)을 가지고 있어 비밀정보가 있을 때는 메시지가 복구되는 암호학적 응용이 가능한 랜덤선형부호의 복호화 문제와 그의 응용에 대해 살펴보고자 한다. 이 문제는 암호학에서 LPN/LWE 문제로 불리며, 최근 LPN문제의 일반화된 문제인 LWE문제가 Regev에 의해 소개되면서 동형암호, 기능암호 등에 광범위하게 응용되고 있다.

Keywords

References

  1. S. Agrawal, D. Boneh, and X. Boyen, "Efficient lattice (h)ibe in the standard model," EUROCRYPT, pp. 553-572, 2010.
  2. B. Applebaum, D. Cash, C. Peikert, and A. Sahai, "Fast cryptographic primitives and circular-secure encryption based on hard learning problems," CRYPTO 2009, vol. 5677, pages 595-618, 2009.
  3. M. Ajtai and C. Dwork, "A public-key cryptosystem with worst-case/average-case equivalence," STOC, pp. 284-293, 1997.
  4. S. Arora and R. Ge, "New algorithms for learning in presence of errors," ICALP(1), pp. 403-415, 2011.
  5. M. Ajtai, "Generating hard instances of lattice problems(ex-tended abstract)," STOC, pp. 99-108, 1996.
  6. M. Ajtai, "Generating hard instances of the short basis problem," ICALP, pp. 1-9, 1999.
  7. M. Alekhnovich, "More on average case vs approximation complexity," computational complexity, vol. 20, pp. 755-786, 2011. https://doi.org/10.1007/s00037-011-0029-x
  8. L. Babai, "lattice reduction and the nearest lattice point problem," STACS'85, pp. 13-20, 1985.
  9. A. Blum, A. Kalai, and H. Wasserman, "Noise-tolerant learning, the parity problem, and the statistical query model," J.ACM, vol. 50, pp. 506-519, Jul. 2003. https://doi.org/10.1145/792538.792543
  10. A. Blum, M. L. Furst, M. J. Kearns, and R. J. Lipton, "Cryptographic primitives based on hard learning problems," CRYPTO, pp. 278-291, 1993.
  11. D. Boneh, E. Goh, and K. Nissim, "Evaluating 2-DNF formulas on ciphertexts," Crypto, vol. 3378, pp.325-341, Aug. 2005.
  12. Z. Brakerski, C. Gentry, and V. Vaikuntanathan, "(leveled)fully homomorphic encryption without bootstrapping," ITCS, pp. 309-325, 2012.
  13. D. J. Bernstein and T. Lange, "Never trust a bunny," Cryptology ePrint Archive: 2012/355, 2012.
  14. Z. Brakerski, A. Langlois, C. Peikert, O. Regev, and D. Stehle, "Classical hardness of learning with errors," STOC, pp. 575-584, 2013.
  15. E. Berlekamp, R. McEliece, and H. van Tilborg, "On the inherent intractability of certain coding problems," IEEE Trans. on Inf Theory, vol. 24, pp. 384-386, may 1978. https://doi.org/10.1109/TIT.1978.1055873
  16. Z. Brakerski and V. Vaikuntanathan, "Efficient fully homomorphic encryption from (standard) LWE," FOCS, pp. 97-106, 2011.
  17. Z. Brakerski and V. Vaikuntanathan, "Lattice-based FHE as secure as PKE," ITCS, pp. 1-12, 2014.
  18. D. Cash, D. Hofheinz, E. Kiltz, and C. Peikert, "Bonsaitrees, or how to delegate a lattice basis," Cryptology ePrint Archive: 2010/591, 2010.
  19. N. Dttling, J. Mller-Quade, and A. C.A. Nascimento, "IND-CCA secure cryptography based on a variant of the LPN problem, ASIACRYPT, vol. 7658, pp. 485-503, 2012.
  20. T. ElGamal, "A Public-Key Cryptosystem and a signature scheme based on discrete logarithms," IEEE Trans. on Inf. Theory, vol. 31, pp. 469-472, 1985. https://doi.org/10.1109/TIT.1985.1057074
  21. V. Feldman, P. Gopalan, S. Khot, and A. K. Ponnuswami, "New results for learning noisy parities and half-spaces," Found. of Comp. Science, pp. 563-574, oct. 2006.
  22. S. Goldwasser, S. Micali, "Probabilistic Encryption and How to Play Mental Poker Keeping Secret All Patial Information," Proc. of the 14th Annual ACM Symp. on Theory of Comp., pp. 365-377, 1982.
  23. C. Gentry, C. Peikert, and V. Vaikuntanathan, "Trapdoors for hard lattices and new cryptographic constructions," STOC, pp. 197-206, 2008.
  24. H. Gilbert, M. Robshaw and H. Sibert, "An Active Attack against HB+ - A Provably Secure Lightweight Protocol," Cryptology ePint Archive: 2005/237, 2005.
  25. H. Gilbert, M. J.B. Robshaw, and Y. Seurin, "How to encrypt with the LPN problem," Automata, Languages and Programming, vol. 5126, pp. 679-690, 2008.
  26. C. Gentry, A. Sahai, and B. Waters, "Homomorphic encryption from learning with errors: Conceptuallysimpler, asymptotically-faster, attribute-based," CRYPTO, pp. 75-92, 2013.
  27. N. J. Hopper and M. Blum, "Secure human identification protocols," ASIACRYPT, vol. 2248, pp. 52-66, 2001.
  28. A. Jain, S. Krenn, K. Pietrzak, and A. Tentes, "Commitments and efficient zero-knowledge proofs from learning parity with noise," Cryptology ePrint Archive: 2012/513, 2012.
  29. A. Juels and S. A. Weis, "Authenticating pervasive devices with human protocols," CRYPTO, vol. 3621, pp 293-308, 2005.
  30. J. Katz, J. Shin, and A. Smith, "Parallel and concurrent security of the hb and hb+ protocols," Journal of Crypto., vol.23, pp. 402-421, 2010. https://doi.org/10.1007/s00145-010-9061-2
  31. E. Levieil and P. Fouque, "An improved LPN algorithm," Security and Cryptography for Networks, vol. 4116, pp. 348-359, 2006.
  32. V. Lyubashevsky and D. Micciancio, "On bounded distance decoding, unique shortest vectors, and the minimum distance problem," CRYPTO, pp. 577-594, 2009.
  33. R. Lindner and C. Peikert, "Better key sizes (and attacks) for LWE-based encryption," CT-RSA, pp. 319-339, 2011.
  34. D. Micciancio, "The shortest vector in a lattice is hard to approximate to within some constant," FOCS, pp. 92-98, 1998.
  35. D. Micciancio and P. Mol, "Pseudorandom knapsacks and the sample complexity of LWE search-todecision reductions," CRYPTO, pp. 465-484, 2011.
  36. D. Micciancio and O. Regev, "Worst-case to average-case reductions based on gaussian measures," FOCS, pp. 372-381, 2004.
  37. D. Micciancio and O. Regev, "Lattice-based cryptography," 2008.
  38. C. Peikert, "Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem," Proc. of the 41st annual ACM symp. on Theory of computing, pp. 333-342, 2009.
  39. K. Pietrzak, "Subspace LWE," The theory of Cryptography, vol. 7194, 2012.
  40. C. Peikert and A. Rosen, "Lattices that admit logarithmic worst-case to average-case connection factors," STOC, pp. 478-487, 2007.
  41. C. Peikert, V. Vaikuntanathan, and B. Waters, "A framework for efficient and composable oblivious transfer," CRYPTO, pp. 554-571, 2008.
  42. C. Peikert and B. Waters, "Lossy trapdoor functions and their applications," STOC, pp. 187-196, 2008.
  43. O. Regev, "New lattice-based cryptographic constructions," J. ACM, vol. 51, pp. 899-942, 2004. https://doi.org/10.1145/1039488.1039490
  44. O. Regev, "On lattices, learning with errors, random linear codes, and cryptography," Proc. of the 37th annual ACM symp. on Theory of Comp.,pp. 84-93, 2005.
  45. O. Regev, "On lattices, learning with errors, random linear codes, and cryptography," J. ACM, vol. 56, 2009.
  46. A. Rosen and G. Segev, "Chosen-ciphertext security via correlated products," SIAM J. Comput., vol. 39, pp. 3058-3088, 2010. https://doi.org/10.1137/100782929
  47. P. W. Shor, "Polynomial-time algorithms for prime factorizationand discrete logarithms on a quantum computer," SIAM J. Comput., vol. 26, pp. 1484-1509, 1997. https://doi.org/10.1137/S0097539795293172
  48. R. Rivest, L. Adleman, M. Dertouzo, "On Data Banks and Privacy Homomorphisms," Found. of Secure Comput., pp. 169-177, 1978.
  49. S. A. Weis, "New Foundations for Efficient Authentication, Commutative Cryptography and Private Disjointness Testing," MIT Computer Science Ph.D.Thesis. 2006.