Singapore : , : Springer Nature Singapore : , : Imprint : Springer, , 2023

9789819987399

9789819987382

1 online resource (396 pages)

Lecture Notes in Computer Science, , 1611-3349 ; ; 14444

SteinfeldRon

005.824

Cryptography

Data encryption (Computer science)

Computer networks

Application software

Data protection

Computer networks - Security measures

Cryptology

Computer Communication Networks

Computer and Information Systems Applications

Security Services

Mobile and Network Security

Inglese

Intro -- Preface -- Organization -- Contents - Part VII -- Post-quantum Cryptography -- Antrag: Annular NTRU Trapdoor Generation -- 1 Introduction -- 1.1 Hash-and-Sign Lattice-Based Signatures -- 1.2 The Hybrid Sampler and Mitaka -- 1.3 Contributions and Technical Overview of This Paper -- 2 Preliminaries -- 2.1 Cyclotomic Fields -- 2.2 NTRU Lattices -- 2.3 Gaussian and Chi-Squared Distributions -- 3 New Trapdoor Algorithms for Hybrid Sampling -- 3.1 Hash-then-Sign Over Lattices in a Nutshell -- 3.2 NTRU Trapdoors in Falcon and Mitaka -- 3.3 Antrag: Annular NTRU Trapdoor Generation -- 3.4 On the

Distribution of Embeddings -- 4 Success Probability and Security Analysis -- 4.1 Success Probability over Power-of-Two Cyclotomics -- 4.2 Security Analysis for Power-of-Two Cyclotomics -- 4.3 Practical Security Assessment -- 4.4 Extension to More General Cyclotomic Rings -- 5 Antrag in Practice -- 5.1 Optimization and Parameter Selection -- 5.2 Implementation Results -- References -- G+G: A Fiat-Shamir Lattice Signature Based on Convolved Gaussians -- 1 Introduction -- 2 Preliminaries -- 2.1 Probabilities -- 2.2 Lattice Gaussian Distributions -- 2.3 Smoothing Parameter -- 2.4 Cryptographic Definitions -- 2.5 Hardness Assumptions -- 3 The G+G Identification Protocol -- 3.1 Description of the Scheme -- 3.2 Completeness and Commitment Recoverability -- 3.3 Honest-Verifier Zero-Knowledge and Commitment Min-Entropy -- 3.4 Special Soundness and Lossy Soundness -- 3.5 Asymptotic Parameters Analysis -- 4 Optimizations and Concrete Parameters -- 4.1 Description of the Module-Based Scheme -- 4.2 Concrete Parameters -- 4.3 Optimized NTRU Key Generation Algorithm -- A  The Fiat-Shamir Transform -- B  Related Work -- References -- On Gaussian Sampling, Smoothing Parameter and Application to Signatures -- 1 Introduction -- 2 Algebraic and Computational Background.

2.1 Euclidean Lattices -- 2.2 Discrete Gaussian Distributions -- 3 Algebraic Extensions and Sampling -- 3.1 Gaussian Measures over Short Sequences of Groups -- 4 Generic Applications of the Short-Sequence Sampler -- 4.1 Domain Extension and Restriction -- 4.2 A Filtration Sampler -- 4.3 Recovering Some Known Samplers -- 5 The Linear Sampler -- 5.1 Smoothing Parameters and Linear Transformations -- 5.2 Sampling by Linear Transformation -- 5.3 Application: Sampling in Tensor Lattices -- 6 Sampling in Remarkable Lattices -- 6.1 Sampling in Low Dimensional Root Lattices. -- 6.2 Sampling in An Lattices. -- 6.3 The king Sampler -- 7 Application I: Improved Samplers for Mitaka -- 7.1 Hybrid Sampling and Representation of Cyclotomic Numbers -- 7.2 Sampling over Cyclotomic Fields of Conductor 23k -- 7.3 Sampling over Prime Cyclotomic Fields -- 8 Application II: New Compact Lattice Gadgets -- 8.1 The Yu-Jia-Wang Compact Gadget Framework -- 8.2 Compact Gadget from the E8 Lattice -- References -- FESTA: Fast Encryption from Supersingular Torsion Attacks -- 1 Introduction -- 2 Preliminaries -- 2.1 Cryptographic Preliminaries -- 2.2 Isogenies -- 3 The FESTA Trapdoor Function -- 4 Security of the FESTA Trapdoor -- 5 The FESTA Public-Key Encryption Protocol -- 5.1 IND-CCA Encryption in the QROM -- 5.2 IND-CCA Encryption in the Standard Model -- 6 Concrete Instantiation -- 6.1 Recovering an Isogeny from Torsion Point Images -- 6.2 Computing Parameters -- 6.3 Further Optimisations -- 7 Implementation -- 7.1 Montgomery Curve x-Only Isogenies -- 7.2 Optimisations of the (2,2)-Isogeny Chain -- 7.3 Parameters -- 8 Conclusion -- References -- A Polynomial Time Attack on Instances of M-SIDH and FESTA -- 1 Introduction -- 2 Background -- 2.1 SIDH -- 2.2 M-SIDH -- 2.3 FESTA -- 2.4 CSIDH -- 3 Generalized Lollipop Attacks -- 3.1 Strategy.

3.2 Information Retrieved from the Attack -- 3.3 Comparison to Lollipop Attack -- 4 M-SIDH -- 4.1 Case 0 = id -- 4.2 Case 0 = 0 -- 4.3 Backdoors -- 5 FESTA -- 5.1 Case 0 = id -- 5.2 Case 0 = 0 -- 5.3 Backdoors -- 5.4 Overstretched FESTA -- 6 CSIDH -- A Maximal Commutative Subgroups of `3́9`42`"̇613A``45`47`"603AGL2(ZN) -- References -- NEV: Faster and Smaller NTRU Encryption Using Vector Decoding -- 1 Introduction -- 1.1 Our Results -- 1.2 Technical Overview -- 1.3 Comparison to the State of the Art -- 2 Preliminaries -- 2.1 Notation -- 2.2 Public-Key Encryption -- 2.3 Key Encapsulation

Mechanism -- 2.4 Hard Problems -- 3 NTRU Encryption Using Vector Decoding -- 3.1 Plaintext Encoding and Decoding -- 3.2 A Provably Secure IND-CPA NTRU Encryption -- 3.3 An IND-CCA NTRU KEM from FO-Transformation -- 4 An Optimized NTRU Encryption from sspRLWE -- 4.1 Randomized Plaintext Encoding and Decoding -- 4.2 A OW-CPA Secure NTRU Encryption from sspRLWE -- 4.3 On the Hardness of the SspRLWE Problem -- 5 Concrete Attacks and Parameters -- 5.1 Lattice Attacks Against NTRU and (ssp)RLWE -- 5.2 Recommended Parameters -- 6 Implementations -- 6.1 Partial NTT Multiplication -- 6.2 Partial NTT Inversion -- 6.3 Symmetric Primitives -- 6.4 Multi-target Countermeasure -- 6.5 Compressed Representation of Rq Elements -- 7 Benchmarks and Comparisons -- References -- Cryptographic Smooth Neighbors -- 1 Introduction -- 2 Preliminaries and Prior Methods -- 3 The CHM Algorithm -- 3.1 Finding Smooth Twins with the CHM Algorithm -- 3.2 Generalising the CHM Algorithm -- 3.3 Equivalence with Previous Algorithms -- 4 Searching for Large Twin Smooth Instances: CHM in Practice -- 4.1 Running CHM in Practice -- 4.2 Optimisations -- 4.3 Implementation -- 5 Fantastic p's and Where to Find Them: Cryptographic Primes of the Form p=2rn-1 -- 5.1 Choosing n.

5.2 Probability of Sufficient Smoothness -- 6 Results and Comparisons -- 6.1 Record Twin Smooth Computations -- 6.2 Concrete Parameters for SQISign -- 6.3 Performance Estimates -- References -- Non-interactive Commitment from Non-transitive Group Actions -- 1 Introduction -- 2 Preliminaries -- 2.1 Group Actions -- 2.2 Cryptographic Assumptions on Group Actions -- 2.3 Commitment Schemes -- 3 Our Framework -- 3.1 A First Attempt -- 3.2 Group Actions with Canonical Elements -- 4 The Commitment Scheme -- 4.1 Bit Commitment Scheme from a GACE -- 5 Linkable Commitments -- 5.1 Linkable Bit Commitment from GACE -- 6 An Instantiation with Tensors -- 6.1 3-Tensors and Group Actions -- 6.2 GACE and Bit Commitment from Tensors -- 7 Conclusions -- A 2GA-PR Reduces to Hiding(Com) -- B Hiding(Com) Reduces to dGA-IP -- References -- Pseudorandomness of Decoding, Revisited: Adapting OHCP to Code-Based Cryptography -- 1 Introduction -- 2 Preliminaries -- 3 Search-to-Decision Reduction in the Oracle Comparison Problem (OCP) Framework -- 3.1 Building LPN-Oracles from a Decoding Instance: Step 2 -- 3.2 Oracle Comparison Problem Technique: Step 3 -- 4 Instantiations -- 4.1 Plain Decoding -- 5 Failed Attempt: The Case of Structured Codes -- 6 Conclusion -- References -- Blockwise Rank Decoding Problem and LRPC Codes: Cryptosystems with Smaller Sizes -- 1 Introduction -- 1.1 Our Contribution -- 1.2 Technical Overview -- 1.3 Other Related Works -- 1.4 Organization -- 2 Notations -- 3 The -RD Problem and Its Complexity -- 3.1 The -Errors and -RD Problem -- 3.2 Reduction, Support and Coefficient Matrices -- 3.3 Combinatorial Attacks on the -RD Problem -- 3.4 Algebraic Attack by Annulator Polynomial -- 3.5 Algebraic Attacks by the MaxMinors Modeling -- 3.6 Summary of Complexities for Solving the -RD Problem -- 4 The -LRPC Codes and Decoding Algorithm -- 4.1 The -LRPC Codes.

4.2 Decoding -Errors -- 4.3 Correctness of the Decoding Algorithm -- 4.4 The Decoding Complexity -- 4.5 Decoding Failure Probability -- 4.6 Error Correction Capability -- 4.7 The -RSR Algorithm -- 5 Applications to Cryptography -- 5.1 Improved RQC -- 5.2 Improved Lake (ROLLO-I) -- 5.3 Improved Locker (ROLLO-II) -- 5.4 Improved Ouroboros-R (ROLLO-III) -- 5.5 Performance and Comparison -- 6 Conclusion and Future Work -- References -- SDitH in the QROM -- 1 Introduction -- 2 SDitH as a 3-Round Identification Scheme -- 2.1 Preliminaries -- 2.2 SDitH and the Hypercube Approach -- 2.3

Polynomial Zero Test -- 2.4 Protocol Formulation -- 3 Security of the 3-Round IDS -- 4 The Signature Scheme -- 4.1 Signature Scheme Security -- 5 Performance -- References -- A New Formulation of the Linear Equivalence Problem and Shorter LESS Signatures -- 1 Introduction -- 1.1 Related Works -- 1.2 Our Contributions -- 2 Notation and Background -- 2.1 Notation -- 2.2 Linear Codes -- 3 The Code Equivalence Problem -- 4 A New Formulation -- 4.1 Splitting Monomials with Respect to Information Sets -- 4.2 LEP with Information Sets -- 5 Compact Proofs of Equivalence from IS-LEP -- 5.1 A New Invariant for Codes -- 5.2 Proof-of-Knowledge with IS-LEP -- 6 New Instances for LESS Signatures -- References -- Correction to: Cryptographic Smooth Neighbors -- Author Index.

The eight-volume set LNCS 14438 until 14445 constitutes the proceedings of the 29th International Conference on the Theory and Application of Cryptology and Information Security, ASIACRYPT 2023, held in Guangzhou, China, during December 4-8, 2023. The total of 106 full papers presented in these proceedings was carefully reviewed and selected from 375 submissions. The papers were organized in topical sections as follows: Part I: Secure Multi-party computation; threshold cryptography; . Part II: proof systems - succinctness and foundations; anonymity; Part III: quantum cryptanalysis; symmetric-key cryptanalysis; Part IV: cryptanalysis of post-quantum and public-key systems; side-channels; quantum random oracle model; Part V: functional encryption, commitments and proofs; secure messaging and broadcast; Part VI: homomorphic encryption; encryption with special functionalities; security proofs andsecurity models; Part VII: post-quantum cryptography; Part VIII: quantum cryptography; key exchange; symmetric-key design.