Sonia Bogos scite author profile

Abstract. Homomorphic encryption allows to make specific operations on private data which stays encrypted. While applications such as cloud computing require to have a practical solution, the encryption scheme must be secure. In this article, we detail and analyze in-depth the homomorphic encryption scheme proposed by Zhou and Wornell in [20]. From the analysis of the encryption scheme, we are able to mount three attacks. The first attack enables to recover a secret plaintext message broadcasted to multiple users. The second attack performs a chosen ciphertext key recovery attack and it was implemented and verified. The last attack is a related chosen plaintext decryption attack.

show abstract

Optimization of $$\mathsf {LPN}$$ Solving Algorithms

Bogos

Vaudenay

2016

View full text Add to dashboard Cite

show abstract

On solving L P N using B K W and variants

2015

View full text Add to dashboard Cite

The Learning Parity with Noise problem (LPN) is appealing in cryptography as it is considered to remain hard in the post-quantum world. It is also a good candidate for lightweight devices due to its simplicity. In this paper we provide a comprehensive analysis of the existing LPN solving algorithms, both for the general case and for the sparse secret scenario. In practice, the LPN-based cryptographic constructions use as a reference the security parameters proposed by Levieil and Fouque. But, for these parameters, there remains a gap between the theoretical analysis and the practical complexities of the algorithms we consider. The new theoretical analysis in this paper provides tighter bounds on the complexity of LPN solving algorithms and narrows this gap between theory and practice. We show that for a sparse secret there is another algorithm that outperforms BKW and its variants. Following from our results, we further propose practical parameters for different security levels.

show abstract

Towards Efficient LPN-Based Symmetric Encryption

Bogos

Korolija

Locher

et al. 2021

View full text Add to dashboard Cite

Due to the rapidly growing number of devices that need to communicate securely, there is still significant interest in the development of efficient encryption schemes. It is important to maintain a portfolio of different constructions in order to enable a quick transition if a novel attack breaks a construction currently in use. A promising approach is to construct encryption schemes based on the learning parity with noise (LPN) problem as these schemes can typically be implemented fairly efficiently using mainly "exclusive or" (XOR) operations. Most LPNbased schemes in the literature are asymmetric, and there is no practical evaluation of any LPN-based symmetric encryption scheme. In this paper, we propose a novel LPN-based symmetric encryption scheme that is more efficient than related schemes. Apart from analyzing our scheme theoretically, we provide the first practical evaluation of a symmetric LPN-based scheme, including a study of its performance in terms of attainable throughput depending on the selected parameters. As the encryption scheme lends itself to an implementation in hardware, we further evaluate it on a low-end SoC FPGA. The measurement results attest that our encryption scheme achieves high performance rates in terms of throughput on such hardware, providing evidence that symmetric encryption schemes based on hard learning problems may be constructed that can compete with state-of-the-art encryption schemes.

show abstract

How to Sequentialize Independent Parallel Attacks?

Bogos

Vaudenay

2015

View full text Add to dashboard Cite

Abstract. We assume a scenario where an attacker can mount several independent attacks on a single CPU. Each attack can be run several times in independent ways. Each attack can succeed after a given number of steps with some given and known probability. A natural question is to wonder what is the optimal strategy to run steps of the attacks in a sequence. In this paper, we develop a formalism to tackle this problem. When the number of attacks is infinite, we show that there is a magic number of steps m such that the optimal strategy is to run an attack for m steps and to try again with another attack until one succeeds. We also study the case of a finite number of attacks. We describe this problem when the attacks are exhaustive key searches, but the result is more general. We apply our result to the learning parity with noise (LPN) problem and the password search problem. Although the optimal m decreases as the distribution is more biased, we observe a phase transition in all cases: the decrease is very abrupt from m corresponding to exhaustive search on a single target to m = 1 corresponding to running a single step of the attack on each target. For all practical biased examples, we show that the best strategy is to use m = 1. For LPN, this means to guess that the noise vector is 0 and to solve the secret by Gaussian elimination. This is actually better than all variants of the Blum-KalaiWasserman (BKW) algorithm.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Sonia Bogos

Cryptanalysis of a homomorphic encryption scheme

Optimization of $$\mathsf {LPN}$$ Solving Algorithms

On solving L P N using B K W and variants

Towards Efficient LPN-Based Symmetric Encryption

How to Sequentialize Independent Parallel Attacks?

Contact Info

Product

Resources

About