TY - CHAP
T1 - Tighter security for efficient lattice cryptography via the rényi divergence of optimized orders
AU - Takashima, Katsuyuki
AU - Takayasu, Atsushi
N1 - Publisher Copyright:
© Springer International Publishing Switzerland 2015.
PY - 2015
Y1 - 2015
N2 - In security proofs of lattice based cryptography, to bound the closeness of two probability distributions is an important procedure. To measure the closeness, the Rényi divergence has been used instead of the classical statistical distance. Recent results have shown that the Rényi divergence offers security reductions with better parameters, e.g. smaller deviations for discrete Gaussian distributions. However, since previous analyses used a fixed order Rényi divergence, i.e., order two, they lost tightness of reductions. To overcome the deficiency, we adaptively optimize the orders based on the advantages of the adversary for several lattice-based schemes. The optimizations enable us to prove the security with both improved efficiency and tighter reductions. Indeed, our analysis offers security reductions with smaller parameters than the statistical distance based analysis and the reductions are tighter than that of previous Rényi divergence based analysis. As applications, we show tighter security reductions for sampling discrete Gaussian distributions with smaller precomputed tables for BLISS signatures, and variants of learning with errors (LWE) problem and small integer solution (SIS) problem called k-LWE and k-SIS.
AB - In security proofs of lattice based cryptography, to bound the closeness of two probability distributions is an important procedure. To measure the closeness, the Rényi divergence has been used instead of the classical statistical distance. Recent results have shown that the Rényi divergence offers security reductions with better parameters, e.g. smaller deviations for discrete Gaussian distributions. However, since previous analyses used a fixed order Rényi divergence, i.e., order two, they lost tightness of reductions. To overcome the deficiency, we adaptively optimize the orders based on the advantages of the adversary for several lattice-based schemes. The optimizations enable us to prove the security with both improved efficiency and tighter reductions. Indeed, our analysis offers security reductions with smaller parameters than the statistical distance based analysis and the reductions are tighter than that of previous Rényi divergence based analysis. As applications, we show tighter security reductions for sampling discrete Gaussian distributions with smaller precomputed tables for BLISS signatures, and variants of learning with errors (LWE) problem and small integer solution (SIS) problem called k-LWE and k-SIS.
KW - BLISS
KW - LWE
KW - Lattice based cryptography
KW - Rényi divergence
KW - SIS
KW - Sampling discrete Gaussian
KW - Tight reduction
UR - http://www.scopus.com/inward/record.url?scp=84948754995&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84948754995&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-26059-4_23
DO - 10.1007/978-3-319-26059-4_23
M3 - Chapter
AN - SCOPUS:84948754995
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 412
EP - 431
BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
PB - Springer Verlag
ER -