Better Security Estimates for Approximate, IoT-Friendly R-LWE Cryptosystems

Autor:	O'Connor, Ruth, Khalid, Ayesha, O'Neill, Maire, Liu, Weiqiang
Rok vydání:	2022
Předmět:	post-quantum cryptography (PQC) light-weight cryptography Hardware and Architecture Artificial Intelligence IoT security lattice-based cryptography Electrical and Electronic Engineering approximate computing Computer Science Applications
Zdroj:	O'Connor, R, Khalid, A, O'Neill, M & Liu, W 2023, Better security estimates for approximate, IoT-friendly R-LWE cryptosystems . in IEEE 18th Asia-Pacific Conference on Circuits and Systems (APCCAS 2022): Proceedings . IEEE Asia-Pacific Conference on Circuits and Systems, IEEE, pp. 611-615, 18th IEEE Asia Pacific Conference on Circuits and Systems 2022, Shenzhen, China, 11/11/2022 . https://doi.org/10.1109/APCCAS55924.2022.10090405
DOI:	10.1109/apccas55924.2022.10090405
Popis:	This work explores the effect of approximation on the Ring-learning with errors (R-LWE) based public-key cryptography (PKE) systems. Lattice-based problems such as LWE have proven to be a viable alternative to the currently used PKE systems in a post-quantum world, with one such scheme taken up for standardisation in NIST's post-quantum cryptography standardisation process (CRYSTALS-Kyber). In the modern world, the Internet of Things (IoT) applications and devices have become ubiquitous. Often, they are not secure, and with the threat of quantum computing looming on the horizon, R-LWE could provide a solution. R-LWE-based schemes come at a higher computational cost, making them challenging to be implemented on IoT devices that require low energy, low area, and efficient cryptography. To enable this, approximation could aid in lowering the necessary power and memory by removing some of the complexity in R-LWE scheme. This work provides improved security estimates for an earlier presented approximate R-LWE scheme (AxRLWE), that explores the approximation via truncation of the Gaussian distribution samples values and using an approximate modular multiplier. In addition, this work calculates an effective failure rate for different truncation levels of 2 typical medium level R-LWE parameter sets and concludes a truncation of 2-bits to be the best balance between security and approximation.
Databáze:	OpenAIRE
Externí odkaz:	https://explore.openaire.eu/search/publication?articleId=doi_dedup___::bdb0e44d0c485947d5e42f05ddf7a392 https://doi.org/10.1109/apccas55924.2022.10090405 Zobrazit plný text záznamu