Paper 2023/699
Lattice-based, more general anti-leakage model and its application in decentralization
Xiaokang Dai, University of Chinese Academy of Sciences, Beijing, 100049 China, Chongqing Key Laboratory of Automated Reasoning and Cognition,Chongqing Institute of Green and Intelligent Technology, Chongqing, 400714, China
Jingwei Chen, University of Chinese Academy of Sciences, Beijing, 100049 China, Chongqing Key Laboratory of Automated Reasoning and Cognition,Chongqing Institute of Green and Intelligent Technology, Chongqing, 400714, China
Wenyuan Wu, University of Chinese Academy of Sciences, Beijing, 100049 China, Chongqing Key Laboratory of Automated Reasoning and Cognition,Chongqing Institute of Green and Intelligent Technology, Chongqing, 400714, China
Yong Feng, University of Chinese Academy of Sciences, Beijing, 100049 China, Chongqing Key Laboratory of Automated Reasoning and Cognition,Chongqing Institute of Green and Intelligent Technology, Chongqing, 400714, China
Abstract
In the case of standard \LWE samples , is typically uniformly over . Under the \DLWE assumption, the conditional distribution of and is expected to be consistent. However, in the case where an adversary chooses adaptively, the disparity between the two entities may be larger. In this work, our primary focus is on the quantification of the Average Conditional Min-Entropy of , where is chosen by the adversary. Brakerski and D\"{o}ttling answered the question in one case: they proved that when is uniformly chosen from , it holds that . We prove that for any , when is uniformly chosen from or is sampled from a discrete Gaussian distribution, there are also similar results.
As an independent result, we have also proved the regularity of the hash function mapped to the prime-order group and its Cartesian product. As an application of the above results, we improved the multi-key fully homomorphic encryption\cite{TCC:BraHalPol17} and answered the question raised at the end of their work positively: we have GSW-type ciphertext rather than Dual-GSW, and the improved scheme has shorter keys and ciphertexts.