Paper 2017/615
A Framework to Select Parameters for Lattice-Based Cryptography
Abstract
Selecting parameters in lattice-based cryptography is a challenging task, which is essentially accomplished using one of two approaches. The first (very common) approach is to derive parameters assuming that the desired security level is equivalent to the bit hardness of the underlying lattice problem, ignoring the gap implied by available security reductions. The second (barely used) approach takes the gap and thus the security reduction into account. In this work, we investigate how efficient lattice-based schemes are if they respect existing security reductions. Thus, we present a framework to systematically select parameters for any lattice-based scheme using either approaches. We apply our methodology to the schemes by Lindner and Peikert (LP), by El Bansarkhani (LARA), and by Ducas et al. (BLISS). We analyze their security reductions and derive a gap of 2, 3, and 63 bits, respectively. We show how parameters impact the schemes' efficiency when involving these gaps.
Metadata
- Available format(s)
-
PDF
- Publication info
- Published elsewhere. -
- Keywords
- Lattice-Based Cryptography Ideal Lattices Parameter Selection Security Reduction Tightness Lattice-Based Assumptions
- Contact author(s)
- nalkeilani_alkadri @ cdc informatik tu-darmstadt de
- History
- 2022-12-19: revised
- 2017-06-27: received
- See all versions
- Short URL
- https://ia.cr/2017/615
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/615,
author = {Nabil Alkeilani Alkadri and Johannes Buchmann and Rachid El Bansarkhani and Juliane Krämer},
title = {A Framework to Select Parameters for Lattice-Based Cryptography},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/615},
year = {2017},
url = {https://eprint.iacr.org/2017/615}
}
