Key Lattice-Based Cryptographic Schemes

Maryam Ziaee
Jan 19
4 min read

Here's an in-depth look at some key lattice-based cryptographic schemes:

1. NTRU (Nth-degree TRinomial-based cryptosystem)

Description: NTRU is an encryption scheme designed by Jean-Jacques Quisquater and his team. It's a public-key encryption system that relies on polynomial multiplication modulo an irreducible polynomial in a specific domain.

Key Generation:

The public key is a polynomial $f(X)$ in the NTRU ring, which is a ring of polynomials in a variable X.
The private key consists of the pair $(f(X), s)$, where s is an integer.

Encryption:

The plaintext is a polynomial p.
The ciphertext c is computed as $c = (f(X) * m(X)) mod n(X)$.

Decryption: The decryption process involves computing $(f(X) * p(X)) mod n(X)$ using the private key.

Security:

NTRU's security relies on the difficulty of two problems:
1. NTRU Problem: Finding a non-zero polynomial x such that $x \in \mathbb{Z}_N[X]$ satisfies $f(X) \equiv (x, n(X) / x) \pmod{N}$.
2. NTRU Ring Problem: Given a polynomial $f' \in \mathbb{Z}[X]$ with $\deg(f') \leq N$, and a polynomial $f \in \mathbb{Z}_N[X]$, find a polynomial $x \in \mathbb{Z}[X]$ with $\deg(x) \leq N$ such that $(x, f) \equiv f' \pmod{N}$.

Advantages: Efficient encryption and decryption processes due to the use of polynomial multiplication, which makes NTRU suitable for resource-constrained devices.

2. LWE (Learning With Errors)

Description: LWE is a problem introduced by Oded Regev in 2005. It is a key component in many lattice-based cryptographic schemes, serving as a foundation for various cryptographic constructions.

Formulation: Given a uniformly chosen vector $\mathbf{s} \in \mathbb{Z}_q^n$ and $\mathbf{a_i} \in \mathbb{Z}_q^n$, for $i = 1, 2, ..., n$, the LWE problem is to recover the value of $\mathbf{s}$ given an oracle that computes the following:$\mathbf{A} = \langle \mathbf{a}_1 , \mathbf{a}_2 , ..., \mathbf{a}_n \rangle$, $\mathbf{b} = \langle b_1 , b_2 , ..., b_n \rangle$.

The LWE problem can be defined as follows:

Decision LWE (dLWE): Given an oracle that solves an LWE instance $\langle \mathbf{A} , \mathbf{b} \rangle$, distinguish between $\mathbf{b}$ and a uniform vector $\mathbf{b'} \in \mathbb{Z}_q^n$.
Search LWE (sLWE): Find $\mathbf{s} \in \mathbb{Z}_q^n$ that satisfies $\mathbf{As} = \mathbf{b} \pmod{q}$.

Security: LWE's security relies on the hardness of solving LWE instances.

Key Applications: LWE is used in various lattice-based cryptographic schemes, including:

NTRU encryption
Ring-LWE and Module-LWE encryption
Fully Homomorphic Encryption

3. Ring-LWE

Description: Ring-LWE is a variant of the LWE problem that involves polynomials in a ring.

Formulation: Let $\mathbb{Z}_q[X]$ denote the ring of polynomials with coefficients in $\mathbb{Z}_q$. The Ring-LWE problem can be defined as follows:

Decision Ring-LWE (dRing-LWE): Given an oracle that solves a Ring-LWE instance $\langle \Phi , \mathbf{b} \rangle$, distinguish between $\mathbf{b}$ and a uniform vector $\mathbf{b'} \in \mathbb{Z}_q^n$.
Search Ring-LWE (sRing-LWE): Find $\mathbf{a}$ (a polynomial) that satisfies $\Phi\mathbf{a} = \mathbf{b} \pmod q$.

Security: Ring-LWE's security relies on the hardness of solving Ring-LWE instances.

Key Applications: Ring-LWE is used in various lattice-based cryptographic schemes, including:

Ring-LWE encryption
Module-LWE encryption
Fully Homomorphic Encryption

4. Module-LWE

Description: Module-LWE is a variant of Ring-LWE that involves modules over a ring.

Formulation: Let $\mathcal{O}$ denote a module over a ring $\mathcal{R}$. The Module-LWE problem can be defined as follows:

Decision Module-LWE (dModule-LWE): Given an oracle that solves a Module-LWE instance $\langle \Phi , \mathbf{b} \rangle$, distinguish between $\mathbf{b}$ and a uniform vector $\mathbf{b'} \in \mathcal{O}$.
Search Module-LWE (sModule-LWE): Find $\mathbf{a}$ that satisfies $\Phi\mathbf{a} = \mathbf{b} \pmod{\mathcal{O}}$.

Security: Module-LWE's security relies on the hardness of solving Module-LWE instances.

Key Applications: Module-LWE is used in various lattice-based cryptographic schemes, including:

Module-LWE encryption
Fully Homomorphic Encryption

5. FHE (Fully Homomorphic Encryption) using Lattice-Based Cryptography

Description: FHE is a form of encryption that allows computations on ciphertexts without decrypting them first. Lattice-based cryptography provides a promising approach to constructing FHE schemes.

Key Components: Lattice-based FHE schemes typically involve the following components:

Ring-LWE or Module-LWE encryption: This serves as the building block for the FHE scheme.
Homomorphic evaluation: This is a key component that enables computations on ciphertexts.
Noise management: This ensures that the noise level in the ciphertexts remains small and manageable.

Security: The security of lattice-based FHE schemes relies on the hardness of solving problems like Ring-LWE, Module-LWE, or other lattice-based problems.

6. Homomorphic Encryption Scheme (HElib)

Description: HElib is a library for implementing FHE and other homomorphic encryption schemes. It provides an efficient and flexible framework for experimenting with different HE schemes.

Key Features: HElib supports various HE schemes, including:

CKKS (Cheon-Kim-Kim-Song) encryption scheme
Ring-LWE-based FHE
Module-LWE-based FHE

Security: The security of HElib depends on the underlying HE schemes it supports.

7. Lizard (Lattice-based Digital Signatures)

Description: Lizard is a lattice-based digital signature scheme designed to provide short signatures.

Key Components: Lizard involves the following components:

Key generation: This generates the public and private keys.
Signature generation: This generates the signature using the private key.
Verification: This verifies the signature using the public key.

Security: Lizard's security relies on the hardness of solving problems like LWE, SVP, or other lattice-based problems.

Conclusion

Lattice-based cryptography offers a rich set of cryptographic primitives, including encryption schemes, digital signatures, and fully homomorphic encryption. The schemes mentioned above provide a starting point for understanding the diversity of lattice-based cryptography and its applications.