Start structure

This commit is contained in:
Fabrice Mouhartem 2017-12-19 15:25:47 +01:00
parent 245a6c8ded
commit 4a1e6fd552
8 changed files with 264 additions and 107 deletions

2
abstract.tex Normal file
View File

@ -0,0 +1,2 @@
\chapter*{Résumé}
\addcontentsline{toc}{chapter}{Résumé}

View File

@ -1,3 +1,6 @@
\thispagestyle{empty}
\chapter*{Remerciements} \chapter*{Remerciements}
\addcontentsline{toc}{chapter}{Remerciements}
\begin{otherlanguage}{french}
\end{otherlanguage}

3
chap-introduction.tex Normal file
View File

@ -0,0 +1,3 @@
\chapter{Introduction}
\pagenumbering{arabic}
\pagestyle{fancy}

90
chap-lattices.tex Normal file
View File

@ -0,0 +1,90 @@
\chapter{Lattices}
A (full-rank) lattice~$L$ is defined as the set of all integer linear
combinations of some linearly independent basis
vectors~$(\mathbf{b}_i)_{i\leq n}$ belonging to some~$\RR^n$. We work with $q$-ary lattices, for some prime $q$.
\begin{definition} \label{de:qary-lattices}
Let~$m \geq n \geq 1$, a prime~$q \geq 2$, $\mathbf{A} \in \ZZ_q^{n \times m}$ and $\mathbf{u} \in \ZZ_q^n$, define
$\Lambda_q(\mathbf{A}) := \{ \mathbf{e} \in \ZZ^m \mid \exists \mathbf{s} \in \ZZ_q^n ~\text{ s.t. }~\mathbf{A}^T \cdot \mathbf{s} = \mathbf{e} \bmod q \}$ as well as
\begin{align*}
\Lambda_q^{\perp} (\mathbf{A}) &:= \{\mathbf{e} \in \ZZ^m \mid \mathbf{A} \cdot \mathbf{e} = \mathbf{0}^n \bmod q \},&
\Lambda_q^{\mathbf{u}} (\mathbf{A}) &:= \{\mathbf{e} \in \ZZ^m \mid \mathbf{A} \cdot \mathbf{e} = \mathbf{u} \bmod q \}
\end{align*}
For any $\mathbf{t} \in \Lambda_q^{\mathbf{u}} (\mathbf{A})$, $\Lambda_q^{\mathbf{u}}(\mathbf{A})=\Lambda_q^{\perp}(\mathbf{A}) + \mathbf{t}$ so that $\Lambda_q^{\mathbf{u}} (\mathbf{A}) $
is a shift of $\Lambda_q^{\perp} (\mathbf{A})$.
\end{definition}
\noindent For a lattice~$L$, a vector $\mathbf{c} \in \RR^n$ and a real~$\sigma>0$, define the function
$\rho_{\sigma,\mathbf{c}}(\mathbf{x}) = \exp(-\pi\|\mathbf{x}- \mathbf{c} \|^2/\sigma^2)$.
The discrete Gaussian distribution of support~$L$, parameter~$\sigma$ and center $\mathbf{c}$ is defined as
$D_{L,\sigma,\mathbf{c}}(\mathbf{y}) = \rho_{\sigma,\mathbf{c}}(\mathbf{y})/\rho_{\sigma,\mathbf{c}}(L)$ for any $\mathbf{y} \in L$.
We denote by $D_{L,\sigma }(\mathbf{y}) $ the distribution centered in $\mathbf{c}=\mathbf{0}$.
We will extensively use the fact that samples
from~$D_{L,\sigma}$ are short with overwhelming probability.
\begin{lemma}[{\cite[Le.~1.5]{Bana93}}]
\label{le:small}
For any lattice~$L \subseteq
\RR^n$ and positive real number~$\sigma>0$,
we have $\Pr_{\mathbf{b} \sample D_{L,\sigma}} [\|\mathbf{b}\|
\leq \sqrt{n} \sigma] \geq 1-2^{-\Omega(n)}.$
\end{lemma}
\noindent As shown by Gentry {\em et al.}~\cite{GePeVa08}, Gaussian
distributions with lattice support can be sampled efficiently
given a sufficiently short basis of the lattice.
\begin{lemma}[{\cite[Le.~2.3]{BLPRS13}}]
\label{le:GPV}
There exists a $\PPT$ (probabilistic polynomial-time) algorithm $\textsf{GPVSample}$ that takes as inputs a
basis~$\mathbf{B}$ of a lattice~$L \subseteq \ZZ^n$ and a
rational~$\sigma \geq \|\widetilde{\mathbf{B}}\| \cdot \Omega(\sqrt{\log n})$,
and outputs vectors~$\mathbf{b} \in L$ with distribution~$D_{L,\sigma}$.
\end{lemma}
%We
%use an algorithm that jointly samples a uniform~$\mathbf{A}$ and a short
%basis of~$\Lambda_q^{\perp}(\mathbf{A})$.
\begin{lemma}[{\cite[Th.~3.2]{AlPe09}}]
\label{le:TrapGen}
There exists a $\PPT$ algorithm $\TrapGen$ that takes as inputs $1^n$,
$1^m$ and an integer~$q \geq 2$ with~$m \geq \Omega(n \log q)$, and
outputs a matrix~$\mathbf{A} \in \ZZ_q^{n \times m}$ and a
basis~$\mathbf{T}_{\mathbf{A}}$ of~$\Lambda_q^{\perp}(\mathbf{A})$ such
that~$\mathbf{A}$ is within statistical distance~$2^{-\Omega(n)}$
to~$U(\ZZ_q^{n \times m})$, and~$\|\widetilde{\mathbf{T}_{\mathbf{A}}}\| \leq
\bigO(\sqrt{n \log q})$.
\end{lemma}
\noindent Lemma~\ref{le:TrapGen} is often combined with the sampler from Lemma~\ref{le:GPV}. Micciancio and Peikert~\cite{MiPe12} recently proposed a more efficient
approach for this combined task, which should be preferred in practice but, for the sake of simplicity, we present our schemes using~$\TrapGen$.
We also make use of an algorithm that extends a trapdoor for~$\mathbf{A} \in \ZZ_q^{n \times m}$ to a trapdoor of any~$\mathbf{B} \in \ZZ_q^{n \times m'}$ whose left~$n \times m$
submatrix is~$\mathbf{A}$.
\begin{lemma}[{\cite[Le.~3.2]{CaHoKiPe10}}]\label{lem:extbasis}
There exists a $\PPT$ algorithm $\ExtBasis$ that takes as inputs a
matrix~$\mathbf{B} \in \ZZ_q^{n \times m' }$ whose first~$m$ columns
span~$\ZZ_q^n$, and a basis~$\mathbf{T}_{\mathbf{A}}$
of~$\Lambda_q^{\perp}(\mathbf{A})$ where~$\mathbf{A}$ is the left~$n \times
m$ submatrix of~$\mathbf{B}$, and outputs a basis~$\mathbf{T}_{\mathbf{B}}$
of~$\Lambda_q^{\perp}(\mathbf{B})$ with~$\|\widetilde{\mathbf{T}_{\mathbf{B}}}\|
\leq \|\widetilde{\mathbf{T}_{\mathbf{A}}}\|$.
\end{lemma}
\noindent In our security proofs, analogously to \cite{Boy10,BHJKS15} we also use a technique due to Agrawal, Boneh and Boyen~\cite{ABB1} that implements
an all-but-one trapdoor mechanism (akin to the one of Boneh and Boyen \cite{BB04}) in the lattice setting.
%In other words we need the following algorithm:
\begin{lemma}[{\cite[Th.~19]{ABB1}}]\label{lem:sampler}
There exists a $\PPT$ algorithm $\SampleR$ that takes as inputs matrices $\mathbf A, \mathbf C \in \ZZ_q^{n \times m}$, a low-norm matrix $\mathbf R \in \ZZ^{m \times m}$,
a short basis $\mathbf{T_C} \in \ZZ^{m \times m}$ of $\Lambda_q^{\perp}(\mathbf{C})$, a vector $\mathbf u \in \ZZ_q^{n}$ and a rational $\sigma$ such that $\sigma \geq \|
\widetilde{\mathbf{T_C}}\| \cdot \Omega(\sqrt{\log n})$, and outputs a short vector $\mathbf{b} \in \ZZ^{2m}$ such that $\left[ \begin{array}{c|c} \mathbf A ~ &~ \mathbf A
\cdot \mathbf R + \mathbf C \end{array} \right]\cdot \mathbf b = \mathbf u \bmod q$ and with distribution statistically close to $D_{L,\sigma}$ where $L$ denotes the shifted
lattice $\Lambda^\mathbf{u}_q \left( \left[ \begin{array}{c|c} \mathbf A ~&~ \mathbf A \cdot \mathbf R + \mathbf C \end{array} \right] \right)$.
%$\{ \mathbf x \in \ZZ^{2 m} : \left[ \begin{array}{c|c} \mathbf A ~&~ \mathbf A \cdot \mathbf R + \mathbf C \end{array} \right] \cdot \mathbf x = \mathbf u \bmod q \}$.
\end{lemma}

1
chap-pairings.tex Normal file
View File

@ -0,0 +1 @@
\chapter{Pairing-based cryptography}

View File

@ -85,7 +85,7 @@ Nom Prénom, grade/qualité, établissement/entreprise \hfill Examinateur/trice
\bigskip \bigskip
%Nom Prénom, grade/qualité, établissement/entreprise \hfill Directeur/trice de thèse %Nom Prénom, grade/qualité, établissement/entreprise \hfill Directeur/trice de thèse
Benoît Libert, Directeur de Recherche, CNRS et École Normale Supérieure de Lyon\hfill Directeur de thèse Benoît Libert, Directeur de Recherche, CNRS et ENS de Lyon\hfill Directeur de thèse
%Nom Prénom, grade/qualité, établissement/entreprise \hfill Co-directeur/trice de thèse % le cas échéant %Nom Prénom, grade/qualité, établissement/entreprise \hfill Co-directeur/trice de thèse % le cas échéant

18
macros.tex Normal file
View File

@ -0,0 +1,18 @@
% Abbreviations
%% Usual
\newcommand{\PPT}{\textsf{PPT}\xspace}
%% Algorithms
\newcommand{\TrapGen}{\textsf{TrapGen}\xspace}
\newcommand{\ExtBasis}{\textsf{ExtBasis}\xspace}
\newcommand{\SampleR}{\textsf{SampleR}\xspace}
% Operators
\newcommand{\sample}{\xspace\ensuremath{\hookleftarrow}\xspace}
\newcommand{\bigO}{\ensuremath{\mathcal{O}}}
% Sets
%% Usual sets
\newcommand{\RR}{\xspace\ensuremath{\mathbb{R}}\xspace}
\newcommand{\ZZ}{\xspace\ensuremath{\mathbb{Z}}\xspace}
\newcommand{\CC}{\xspace\ensuremath{\mathbb{C}}\xspace}
\newcommand{\QQ}{\xspace\ensuremath{\mathbb{Q}}\xspace}

View File

@ -1,26 +1,66 @@
\documentclass[a4paper]{book} \documentclass[a4paper, 11pt]{memoir}
\usepackage[utf8]{inputenc} \usepackage[utf8x]{inputenc}
\usepackage[french]{babel} \usepackage[french,english]{babel}
%\usepackage[UKenglish]{babel} %\usepackage[UKenglish]{babel}
\usepackage[T1]{fontenc} \usepackage[T1]{fontenc}
\usepackage{libertine} \usepackage{libertine}
\usepackage{fancyhdr}
\pagestyle{fancy}
\usepackage[pagebackref]{hyperref}
\renewcommand*{\backref}[1]{}
\renewcommand*{\backrefalt}[4]{\small Citations: \S{} #4}
\hypersetup{colorlinks=true, linkcolor=black!50!blue, citecolor=black!50!green, breaklinks=true}
\usepackage{amsmath, amssymb, mathrsfs} \usepackage{amsmath, amssymb, mathrsfs}
\usepackage{amsthm} \usepackage{amsthm}
\usepackage{pdfpages} \newtheorem{theorem}{Theorem}
\newtheorem{lemma}{Lemma}
\theoremstyle{definition}
\newtheorem{definition}{Definition}
\title{} \usepackage{pdfpages}
\author{} \usepackage{xspace}
\date{}
\input macros
\title{Cryptographie protégeant la vie privée avec des fonctionnalité avancées}
\author{Fabrice Mouhartem}
\date{\today}
\begin{document} \begin{document}
\pagenumbering{roman} \pagenumbering{roman}
\includepdf{garde.pdf} \includepdf{garde.pdf}
\pagestyle{empty} \pagestyle{empty}
%%%%%%%%%%%%%
% Décidaces %
%%%%%%%%%%%%%
\cleardoublepage
\vspace*{\stretch{1}}
\begin{flushright}
À \ldots
\end{flushright}
\vspace*{\stretch{2}}
\input acknowledgements \input acknowledgements
\input abstract
\tableofcontents
\addcontentsline{toc}{chapter}{Contents}
\input chap-introduction
\part{Background and definitions}
\input chap-lattices
\input chap-pairings
\bibliographystyle{alpha}
\bibliography{these.bib}
\end{document} \end{document}
% vim: spl=en