Cryptology ePrint Archive: Report 2015/1134

$\Lambda \circ \lambda$: Functional Lattice Cryptography

Eric Crockett and Chris Peikert

Abstract: This work describes the design, implementation, and evaluation of \lol, a general-purpose software framework for lattice-based cryptography. The \lol framework has several novel properties that distinguish it from prior implementations of lattice cryptosystems, including the following.

\emph{Generality, modularity, concision:} \lol defines a collection of general, highly composable interfaces for mathematical operations used across lattice cryptography, allowing for a wide variety of schemes to be expressed very naturally and at a high level of abstraction. For example, we implement an advanced fully homomorphic encryption (FHE) scheme in as few as 2--5 lines of code per feature, via code that very closely matches the scheme's mathematical definition.

\emph{Theory affinity:} \lol is designed from the ground-up around the specialized ring representations, fast algorithms, and worst-case hardness proofs that have been developed for the Ring-LWE problem and its cryptographic applications. In particular, it implements fast algorithms for sampling from \emph{theory-recommended} error distributions over \emph{arbitrary} cyclotomic rings, and provides tools for maintaining tight control of error growth in cryptographic schemes.

\emph{Safety:} \lol has several facilities for reducing code complexity and programming errors, thereby aiding the \emph{correct} implementation of lattice cryptosystems. In particular, it uses strong typing to \emph{statically enforce}---i.e., at compile time---a wide variety of constraints among the various parameters.

\emph{Advanced features:} \lol exposes the rich \emph{hierarchy} of cyclotomic rings to cryptographic applications. We use this to give the first-ever implementation of a collection of FHE operations known as ``ring switching,'' and also define and analyze a more efficient variant that we call ``ring tunneling.''

Lastly, this work defines and analyzes a variety of mathematical objects and algorithms for the recommended usage of Ring-LWE in cyclotomic rings, which we believe will serve as a useful knowledge base for future implementations.

Category / Keywords: implementation / lattice cryptography, Ring-LWE, fully homomorphic encryption

Original Publication (with major differences): ACM CCS 2016
DOI:
10.1145/2976749.2978402

Date: received 23 Nov 2015, last revised 17 Aug 2016

Contact author: cpeikert at alum mit edu, ecrockett0@gmail com

Available format(s): PDF | BibTeX Citation

Note: Updated with new performance data, comparisons to computer algebra systems.

Version: 20160817:064132 (All versions of this report)

Short URL: ia.cr/2015/1134

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]