Approximate Greatest Common Divisor Problem Research Articles

Cryptanalysis of Modular Exponentiation Outsourcing Protocols

Abstract Public-key cryptographic primitives are time consuming for resource-constrained devices. A classical problem is to securely offload group exponentiations from a (comparatively) weak device—the client—to an untrusted more powerful device—the server. A delegation protocol must usually meet two security objectives: privacy—the exponent or the base should not be revealed to a passive adversary—and verifiability—a malicious server should not be able to make the client accept an invalid value as the result of the delegated computation. Most proposed protocols relies on a secret splitting of the exponent and the base, and a considerable amount of literature has been devoted to their analysis. Recently, Su et al. (Su, Q., Zhang, R. and Xue, R. (2020) Secure outsourcing algorithms for composite modular exponentiation based on single untrusted cloud. Comput. J., 63, 1271.) and Rangasamy and Kuppusamy (Rangasamy, J. and Kuppusamy, L. (2018) Revisiting Single-Server Algorithms for Outsourcing Modular Exponentiation. In Chakraborty, D. and Iwata, T. (eds), Progress in Cryptology - INDOCRYPT 2018: 19th International Conference in Cryptology in India, New Delhi, India, December 912, Vol. 11356, Lecture Notes in Computer Science. Springer, Heidelberg, Germany, pp. 320. proposed outsourcing protocols for modular exponentiations. They claim that their protocols achieve security (privacy and verifiability). We show that these claims are flawed and that their schemes are broken beyond repair. They remain insecure even if one increases significantly the proposed parameters (and consequently the protocols computational and communication complexities). Our attacks rely on standard lattice-based cryptanalytic techniques, namely the Coppersmith methods to find small integer zeroes of modular multivariate polynomials and simultaneous Diophantine approximation methods for the so-called approximate greatest common divisor problem.

Algorithms for CRT-variant of Approximate Greatest Common Divisor Problem

AbstractThe approximate greatest common divisor problem (ACD) and its variants have been used to construct many cryptographic primitives. In particular, the variants of the ACD problem based on Chinese remainder theorem (CRT) are being used in the constructions of a batch fully homomorphic encryption to encrypt multiple messages in one ciphertext. Despite the utility of the CRT-variant scheme, the algorithms that secures its security foundation have not been probed well enough.In this paper, we propose two algorithms and the results of experiments in which the proposed algorithms were used to solve the variant problem. Both algorithms take the same time complexity $\begin{array}{} \displaystyle 2^{\tilde{O}(\frac{\gamma}{(\eta-\rho)^2})} \end{array}$ up to a polynomial factor to solve the variant problem for the bit size of samples γ, secret primes η, and error bound ρ. Our algorithm gives the first parameter condition related to η and γ size. From the results of the experiments, it has been proved that the proposed algorithms work well both in theoretical and experimental terms.

An Efficient Quantum Somewhat Homomorphic Symmetric Searchable Encryption

In 2009, Gentry first introduced an ideal lattices fully homomorphic encryption (FHE) scheme. Later, based on the approximate greatest common divisor problem, learning with errors problem or learning with errors over rings problem, FHE has developed rapidly, along with the low efficiency and computational security. Combined with quantum mechanics, Liang proposed a symmetric quantum somewhat homomorphic encryption (QSHE) scheme based on quantum one-time pad, which is unconditional security. And it was converted to a quantum fully homomorphic encryption scheme, whose evaluation algorithm is based on the secret key. Compared with Liang’s QSHE scheme, we propose a more efficient QSHE scheme for classical input states with perfect security, which is used to encrypt the classical message, and the secret key is not required in the evaluation algorithm. Furthermore, an efficient symmetric searchable encryption (SSE) scheme is constructed based on our QSHE scheme. SSE is important in the cloud storage, which allows users to offload search queries to the untrusted cloud. Then the cloud is responsible for returning encrypted files that match search queries (also encrypted), which protects users’ privacy.

Factorization Approach to Structured Low-Rank Approximation with Applications

We consider the problem of approximating an affinely structured matrix, for example, a Hankel matrix, by a low-rank matrix with the same structure. This problem occurs in system identification, signal processing, and computer algebra, among others. We impose the low rank by modeling the approximation as a product of two factors with reduced dimension. The structure of the low-rank model is enforced by introducing a penalty term in the objective function. The proposed local optimization algorithm is able to solve the weighted structured low-rank approximation problem, as well as to deal with the cases of missing or fixed elements. In contrast to approaches based on kernel representations (in the linear algebraic sense), the proposed algorithm is designed to address the case of small targeted rank. We compare it to existing approaches on numerical examples of system identification, approximate greatest common divisor problem, and symmetric tensor decomposition and demonstrate its consistently good performance.

Fully Homomorphic Encryption Using Hidden Ideal Lattice

All the existing fully homomorphic encryption schemes are based on three different problems, namely the bounded distance decoding problem over ideal lattice, the approximate greatest common divisor problem over integers, and the learning with error problem. In this paper, we unify the first two families of problems by introducing a new class of problems, which can be reduced from both problems. Based on this new problem, namely the bounded distance decoding over hidden ideal lattice, we present a new fully homomorphic encryption scheme. Since it is a combination of the two problems to some extent, the performance of our scheme lies between the ideal lattice based schemes and the integer based schemes. Furthermore, we also show a lower bound and upper bound of the problem that our scheme is based on. Assuming this security conjecture holds, we can incorporate smaller parameters, which will result in a scheme that is more efficient than both lattice based and integer based schemes. Hence, our scheme makes a perfect alternative to the state-of-art ring learning with error based schemes.

More Practical Fully Homomorphic Encryption

In this paper, we first modify the Smart-Vercauteren’s fully homomorphic encryption scheme [SV10] by applying self-loop bootstrappable technique. The security of the modified scheme only depends on the hardness of the polynomial coset problem, removing the assumption of the sparse subset sum problem in the original paper in [SV10]. Moreover, we construct a non-self-loop in FHE by using cycle keys. Then, we further improve our scheme to make it be practical. The securities of our improving FHE’s are respectively based on the hardness of factoring integer problem, solving Diophantine equation problem, and finding approximate greatest common divisor problem.

The ERES method for computing the approximate GCD of several polynomials

The computation of the greatest common divisor (GCD) of a set of polynomials has interested the mathematicians for a long time and has attracted a lot of attention in recent years. A challenging problem that arises from several applications, such as control or image and signal processing, is to develop a numerical GCD method that inherently has the potential to work efficiently with sets of several polynomials with inexactly known coefficients. The presented work focuses on: (i) the use of the basic principles of the ERES methodology for calculating the GCD of a set of several polynomials and defining approximate solutions by developing the hybrid implementation of this methodology. (ii) the use of the developed framework for defining the approximate notions for the GCD as a distance problem in a projective space to develop an optimization algorithm for evaluating the strength of different ad-hoc approximations derived from different algorithms. The presented new implementation of ERES is based on the effective combination of symbolic–numeric arithmetic (hybrid arithmetic) and shows interesting computational properties for the approximate GCD problem. Additionally, an efficient implementation of the strength of an approximate GCD is given by exploiting some of the special aspects of the respective distance problem. Finally, the overall performance of the ERES algorithm for computing approximate solutions is discussed.