fmouhart/thesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sub-exponential

Browse Source
This commit is contained in:
Fabrice Mouhartem 2018-06-15 18:26:36 +02:00
parent 5ffded97ef
commit 7a50ab1ab5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
chap-OT-LWE.tex
View File

@ -535,7 +535,7 @@ Adapting the technique of \cite{CNS07} to the lattice setting requires the foll
(i) A signature scheme allowing to sign ciphertexts while remaining compatible with ZK proofs; (ii) A ZK protocol allowing to prove knowledge of a signature on some hidden ciphertext which belongs to a public set and was transformed into a given ciphertext; (iii) A protocol for proving the correct decryption of a ciphertext; (iv) A method of statistically re-randomizing an $\LWE$-encrypted ciphertext in a way that enables oblivious decryption. The first three ingredients can be obtained from \cref{ch:gs-lwe}. Since component (i) only needs to be secure against random-message attacks as (i) A signature scheme allowing to sign ciphertexts while remaining compatible with ZK proofs; (ii) A ZK protocol allowing to prove knowledge of a signature on some hidden ciphertext which belongs to a public set and was transformed into a given ciphertext; (iii) A protocol for proving the correct decryption of a ciphertext; (iv) A method of statistically re-randomizing an $\LWE$-encrypted ciphertext in a way that enables oblivious decryption. The first three ingredients can be obtained from \cref{ch:gs-lwe}. Since component (i) only needs to be secure against random-message attacks as
long as the adversary obtains at most $N$ signatures, we use the simplified $\SIS$-based signature scheme long as the adversary obtains at most $N$ signatures, we use the simplified $\SIS$-based signature scheme
of Section \ref{RMA-sec}. of Section \ref{RMA-sec}.
The statistical re-randomization of Regev ciphertexts is handled via the noise flooding technique \cite{AJL+12}, which consists in drowning the initial noise with a super-polynomially larger The statistical re-randomization of Regev ciphertexts is handled via the noise flooding technique \cite{AJL+12}, which consists in drowning the initial noise with a sub-exponentially larger
noise. While recent results \cite{DS16,BDPMW16} provide potentially more efficient alternatives, noise. While recent results \cite{DS16,BDPMW16} provide potentially more efficient alternatives,
we chose the flooding technique for simplicity because it does not require the use of FHE (and also because we chose the flooding technique for simplicity because it does not require the use of FHE (and also because
the known multi-bit version \cite{HAO15} of the GSW FHE~\cite{GSW13} incurs an \textit{ad hoc} circular security assumption). the known multi-bit version \cite{HAO15} of the GSW FHE~\cite{GSW13} incurs an \textit{ad hoc} circular security assumption).