Hardness of k-LWE and Applications in Traitor Tracing

Hardness of k-LWE and Applications in Traitor Tracing

We introduce the k-LWE problem, a Learning With Errors variant of the k-SIS problem. The Boneh-Freeman reduction from SIS to k-SIS suffers from an exponential loss in k. We improve and extend it to an LWE to k-LWE reduction with a polynomial loss in k, by relying on a new technique involving trapdoo...

Full description

Saved in:
Bibliographic Details
Main Authors: Ling, San, Phan, Duong Hieu, Stehlé, Damien, Steinfeld, Ron
Other Authors: School of Physical and Mathematical Sciences
Format: Article
Language:English
Published: 2017
Subjects:
Lattice-based cryptography
Traitor tracing
Online Access:https://hdl.handle.net/10356/84074
http://hdl.handle.net/10220/42953
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-84074
record_format dspace
spelling sg-ntu-dr.10356-840742023-02-28T19:41:21Z Hardness of k-LWE and Applications in Traitor Tracing Ling, San Phan, Duong Hieu Stehlé, Damien Steinfeld, Ron School of Physical and Mathematical Sciences Lattice-based cryptography Traitor tracing We introduce the k-LWE problem, a Learning With Errors variant of the k-SIS problem. The Boneh-Freeman reduction from SIS to k-SIS suffers from an exponential loss in k. We improve and extend it to an LWE to k-LWE reduction with a polynomial loss in k, by relying on a new technique involving trapdoors for random integer kernel lattices. Based on this hardness result, we present the first algebraic construction of a traitor tracing scheme whose security relies on the worst-case hardness of standard lattice problems. The proposed LWE traitor tracing is almost as efficient as the LWE encryption. Further, it achieves public traceability, i.e., allows the authority to delegate the tracing capability to “untrusted” parties. To this aim, we introduce the notion of projective sampling family in which each sampling function is keyed and, with a projection of the key on a well chosen space, one can simulate the sampling function in a computationally indistinguishable way. The construction of a projective sampling family from k-LWE allows us to achieve public traceability, by publishing the projected keys of the users. We believe that the new lattice tools and the projective sampling family are quite general that they may have applications in other areas. NRF (Natl Research Foundation, S’pore) MOE (Min. of Education, S’pore) Accepted version 2017-07-20T03:18:24Z 2019-12-06T15:37:46Z 2017-07-20T03:18:24Z 2019-12-06T15:37:46Z 2016 Journal Article Ling, S., Phan, D. H., Stehlé, D., & Steinfeld, R. (2016). Hardness of k-LWE and Applications in Traitor Tracing. Algorithmica, 79(4), 1318-1352. 0178-4617 https://hdl.handle.net/10356/84074 http://hdl.handle.net/10220/42953 10.1007/s00453-016-0251-7 en Algorithmica © 2016 Springer Science+Business Media New York. This is the author created version of a work that has been peer reviewed and accepted for publication by Algorithmica, Springer Science+Business Media New York. It incorporates referee’s comments but changes resulting from the publishing process, such as copyediting, structural formatting, may not be reflected in this document. The published version is available at: [http://dx.doi.org/10.1007/s00453-016-0251-7]. 29 p. application/pdf
institution Nanyang Technological University
building NTU Library
continent Asia
country Singapore
Singapore
content_provider NTU Library
collection DR-NTU
language English
topic Lattice-based cryptography
Traitor tracing
spellingShingle Lattice-based cryptography
Traitor tracing
Ling, San
Phan, Duong Hieu
Stehlé, Damien
Steinfeld, Ron
Hardness of k-LWE and Applications in Traitor Tracing
description We introduce the k-LWE problem, a Learning With Errors variant of the k-SIS problem. The Boneh-Freeman reduction from SIS to k-SIS suffers from an exponential loss in k. We improve and extend it to an LWE to k-LWE reduction with a polynomial loss in k, by relying on a new technique involving trapdoors for random integer kernel lattices. Based on this hardness result, we present the first algebraic construction of a traitor tracing scheme whose security relies on the worst-case hardness of standard lattice problems. The proposed LWE traitor tracing is almost as efficient as the LWE encryption. Further, it achieves public traceability, i.e., allows the authority to delegate the tracing capability to “untrusted” parties. To this aim, we introduce the notion of projective sampling family in which each sampling function is keyed and, with a projection of the key on a well chosen space, one can simulate the sampling function in a computationally indistinguishable way. The construction of a projective sampling family from k-LWE allows us to achieve public traceability, by publishing the projected keys of the users. We believe that the new lattice tools and the projective sampling family are quite general that they may have applications in other areas.
author2 School of Physical and Mathematical Sciences
author_facet School of Physical and Mathematical Sciences
Ling, San
Phan, Duong Hieu
Stehlé, Damien
Steinfeld, Ron
format Article
author Ling, San
Phan, Duong Hieu
Stehlé, Damien
Steinfeld, Ron
author_sort Ling, San
title Hardness of k-LWE and Applications in Traitor Tracing
title_short Hardness of k-LWE and Applications in Traitor Tracing
title_full Hardness of k-LWE and Applications in Traitor Tracing
title_fullStr Hardness of k-LWE and Applications in Traitor Tracing
title_full_unstemmed Hardness of k-LWE and Applications in Traitor Tracing
title_sort hardness of k-lwe and applications in traitor tracing
publishDate 2017
url https://hdl.handle.net/10356/84074
http://hdl.handle.net/10220/42953
_version_ 1759855548835037184

Similar Items