Cryptology ePrint Archive: Report 2017/1127

On the Leakage Resilience of Ideal-Lattice Based Public Key Encryption

Dana Dachman-Soled and Huijing Gong and Mukul Kulkarni and Aria Shahverdi

Abstract: We consider the leakage resilience of the Ring-LWE analogue of the Dual-Regev encryption scheme (R-Dual-Regev for short), originally presented by Lyubashevsky et al. (Eurocrypt '13). Specifically, we would like to determine whether the R-Dual-Regev encryption scheme remains IND-CPA secure, even in the case where an attacker leaks information about the secret key.

We consider the setting where $R$ is the ring of integers of the $m$-th cyclotomic number field, for $m$ which is a power-of-two, and the Ring-LWE modulus is set to $q \equiv 1 \mod m$. This is the common setting used in practice and is desirable in terms of the efficiency and simplicity of the scheme. Unfortunately, in this setting $R_q$ is very far from being a field so standard techniques for proving leakage resilience in the general lattice setting, which rely on the leftover hash lemma, do not apply. Therefore, new techniques must be developed.

In this work, we put forth a high-level approach for proving the leakage resilience of the R-Dual-Regev scheme, by generalizing the original proof of Lyubashevsky et al. (Eurocrypt '13). We then give three instantiations of our approach, proving that the R-Dual-Regev remains IND-CPA secure in the presence of three natural, non-adaptive leakage classes.

Category / Keywords: public-key cryptography / lattice-based cryptography, leakage resilience, Ring-LWE

Date: received 21 Nov 2017

Contact author: ariash at umd edu

Available format(s): PDF | BibTeX Citation

Version: 20171124:070042 (All versions of this report)

Short URL: ia.cr/2017/1127

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]