2017
DOI: 10.1007/s00145-017-9265-9
|View full text |Cite
|
Sign up to set email alerts
|

Improved Security Proofs in Lattice-Based Cryptography: Using the Rényi Divergence Rather than the Statistical Distance

Abstract: The Rényi divergence is a measure of closeness of two probability distributions. We show that it can often be used as an alternative to the statistical distance in security proofs for lattice-based cryptography. Using the Rényi divergence is particularly suited for security proofs of primitives in which the attacker is required to solve a search problem (e.g., forging a signature). We show that it may also be used in the case of distinguishing problems (e.g., semantic security of encryption schemes), when they… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

1
71
1

Year Published

2018
2018
2021
2021

Publication Types

Select...
5
2
1

Relationship

0
8

Authors

Journals

citations
Cited by 58 publications
(73 citation statements)
references
References 28 publications
1
71
1
Order By: Relevance
“…Here the measure of "closeness" is the Rényi divergence of the orders specified in Table 1. We refer to [10] for more details on the Rényi divergence, but for our purposes it suffices to say that the nearer the divergence is to 1, the tighter the security reduction is (when replacing the rounded Gaussian distribution with our discrete approximation to it), which gives rise to either higher (provable) security, or better parameters.…”
Section: Error Distributionsmentioning
confidence: 99%
“…Here the measure of "closeness" is the Rényi divergence of the orders specified in Table 1. We refer to [10] for more details on the Rényi divergence, but for our purposes it suffices to say that the nearer the divergence is to 1, the tighter the security reduction is (when replacing the rounded Gaussian distribution with our discrete approximation to it), which gives rise to either higher (provable) security, or better parameters.…”
Section: Error Distributionsmentioning
confidence: 99%
“…Recently, Bai et al proposed that Rényi divergence can be used as an alternative to the statistical distance in security proofs for lattice-based cryptography [8]. The definition of Rényi divergence is as follows.…”
Section: Discrete Gaussian Samplingmentioning
confidence: 99%
“…Bai et al showed that using Rényi divergence in place of statistical distance can result in less precision in the implementation of the security analysis for lattice-based cryptography [8]. In some cases, using Rényi divergence leads to security proofs allowing for taking smaller parameters in the cryptographic schemes.…”
Section: Discrete Gaussian Samplingmentioning
confidence: 99%
See 1 more Smart Citation
“…whenever p, q ∈ L α (µ) and coincides with the classical KLD measure at α → 1. The Renyi entropy and the Renyi divergence are widely used in recent complex physical and statistical problems; see, for example, [47][48][49][50][51][52][53][54][55][56]. Other non-logarithmic extensions of Shannon entropy include the classical f -entropies [57], the Tsallis entropy [58] as well as the more recent generalized (α, β, γ)-entropy [59,60] among many others; the corresponding divergences and the minimum divergence criteria are widely used in critical information theoretic and statistical problems; see [57,[59][60][61][62][63][64][65][66][67][68][69][70] for details.…”
Section: Introductionmentioning
confidence: 99%