fmouhart/thesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

sub-exponential

Browse Source
This commit is contained in:
Fabrice Mouhartem 2018-06-15 18:26:36 +02:00
parent 5ffded97ef
commit 7a50ab1ab5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
chap-OT-LWE.tex
View File

@ -535,7 +535,7 @@ Adapting the technique of \cite{CNS07} to the lattice setting requires the foll
(i) A signature scheme allowing to sign ciphertexts while remaining compatible with ZK proofs; (ii) A ZK protocol allowing to prove knowledge of a signature on some hidden ciphertext which belongs to a public set and was transformed into a given ciphertext; (iii) A protocol for proving the correct decryption of a ciphertext; (iv) A method of statistically re-randomizing an $\LWE$-encrypted ciphertext in a way that enables oblivious decryption. The first three ingredients can be obtained from \cref{ch:gs-lwe}. Since component (i) only needs to be secure against random-message attacks as
long as the adversary obtains at most $N$ signatures, we use the simplified $\SIS$-based signature scheme
of Section \ref{RMA-sec}.
The statistical re-randomization of Regev ciphertexts is handled via the noise flooding technique \cite{AJL+12}, which consists in drowning the initial noise with a super-polynomially larger
The statistical re-randomization of Regev ciphertexts is handled via the noise flooding technique \cite{AJL+12}, which consists in drowning the initial noise with a sub-exponentially larger
noise. While recent results \cite{DS16,BDPMW16} provide potentially more efficient alternatives,
we chose the flooding technique for simplicity because it does not require the use of FHE (and also because
the known multi-bit version \cite{HAO15} of the GSW FHE~\cite{GSW13} incurs an \textit{ad hoc} circular security assumption).