In co-operation with IACR

16th IMA International Conference on Cryptography and Coding

12 – 14 December 2017, St Catherine’s College, University of Oxford


Special Session: Lattice-based Cryptographic Constructions and Architectures

Co-chairs: Martin Albrecht, Máire O'Neill


Practical Post-quantum (H)IBE

Peter Campbell and Michael Groves

Abstract: Identity Based Encryption (IBE) is useful in situations where an encrypted channel must be established quickly. For example public safety communications require secure voice in push-to-talk, broadcast and group call modes. Original IBE proposals were based on elliptic curve pairings, which are not quantum safe. More recently there has been excellent research by a number of authors on quantum-safe IBE constructions using lattices, which are becoming increasingly practical. We present recent NCSC work on a new post-quantum IBE proposal based on Ring-LWE which we believe offers efficiency and security advantages in practical use cases. We have also extended the scheme to Hierarchical IBE, which may be useful for practical key management and fine grained security.


Efficient Implementation of Lattice-based Cryptography for Embedded Devices

Tim Guneysu, Tobias Oder

Abstract: The expected advent of powerful quantum computers poses a serious threat to the security of currently deployed public-key cryptosystems. In particular, this becomes a major challenge for constrained embedded systems that are expected to provide long-term security guarantees. In this context, Lattice-based cryptography may be one of the most interesting quantum-safe cryptographic directions as it can be used to provide basic cryptographic primitives such as encryption, digital signatures and key exchange, but also more advanced primitives such as identity-based encryption. However, to become a viable alternative to current embedded cryptographic solutions, it is required to evaluate the performance of lattice-based primitives on resource-constrained devices to assess their suitability for practical applications. In this talk, we will present an overview of implementations of a broad-range of lattice-based schemes on embedded devices and discuss latest implementation challenges.


If and how implementation attacks shape the design of lattice-based signature schemes

Nina Bindel

Abstract: While lattice-based cryptography is more and more considered to be practical, investigations concerning implementation attacks, such as fault or side channel attacks, are at the first setout. Few early results exists, such as the cache-side-channel attack on the signature scheme BLISS by Groot Bruinderinck et al., works on fault attacks against the NTRU encryption scheme, as well as fault analyses of several ideal-lattice-based signature schemes. Concurrently also the understanding if and how those kinds of attacks influence the design and implementations of new lattice-based primitives recently started to grow.

In our presentation we summarize the current state-of-the-art and we illustrate possible points of attacks. To make things concrete we focus on our submission to NIST’s call for post-quantum candidates- a digital signature scheme from the ring learning with errors problem. We explain our design choices that depend on possible side channel and fault attack vulnerabilities. For example we discuss the possible attack vectors of different designs when considering probabilistic vs. deterministic signature schemes. Moreover, we explain the (im)possibility of implementing lattice-based signature schemes without cache side channels. Based on this discussion we present our optimizations, implemented countermeasures, and their efficacy. Finally, we discuss how our scheme and its implementation compares with other post-quantum and classical signature schemes from the literature.


Exploring Fault Attacks Resistance and Possible Countermeasures for Lattice Based Cryptography

Francesco Regazzoni

Abstract: The future advent of quantum computer pushes for the design and implementation of public-key cryptosystems capable of resisting to quantum attacks. Lattice-based cryptography, especially when implemented over ideal lattices, is one of the most promising candidates to replace current public-key systems. For this reason, area and performance of different designs have been widely explored in several platforms, including embedded ones. However, the resistance of these constructions against physical attacks still remain largely unexplored.

In this talk, we systematically explore the resistance of Ring-LWE encryption with respect to fault attacks. We carefully analyze the schemes and their implementations and we identify possible points where a deliberate injection of faults could help the adversary. We examine to which extend the advantage could lead to a successful key recovery and we discuss possible practical implementations of these attacks. Finally, we propose possible countermeasures to harden Ring-LWE implementations.


This conference is supported by SAFEcrypto