Conference Paper
An Efficient and Parallel Gaussian Sampler for Lattices.
DOI: 10.1007/9783642146237_5 Conference: Advances in Cryptology  CRYPTO 2010, 30th Annual Cryptology Conference, Santa Barbara, CA, USA, August 1519, 2010. Proceedings
Source: DBLP

Conference Paper: Fully anonymous attribute tokens from lattices
[Show abstract] [Hide abstract]
ABSTRACT: Anonymous authentication schemes such as group signatures and anonymous credentials are important privacyprotecting tools in electronic communications. The only currently known scheme based on assumptions that resist quantum attacks is the group signature scheme by Gordon et al. (ASIACRYPT 2010). We present a generalization of group signatures called anonymous attribute tokens where users are issued attributecontaining credentials that they can use to anonymously sign messages and generate tokens revealing only a subset of their attributes. We present two latticebased constructions of this new primitive, one with and one without opening capabilities for the group manager. The latter construction directly yields as a special case the first latticebased group signature scheme offering full anonymity (in the random oracle model), as opposed to the practically less relevant notion of chosenplaintext anonymity offered by the scheme of Gordon et al. We also extend our scheme to protect users from framing attacks by the group manager, where the latter creates tokens or signatures in the name of honest users. Our constructions involve new latticebased tools for aggregating signatures and verifiable CCA2secure encryption.Proceedings of the 8th international conference on Security and Cryptography for Networks; 09/2012 
Conference Paper: Faster gaussian lattice sampling using lazy floatingpoint arithmetic
[Show abstract] [Hide abstract]
ABSTRACT: Many lattice cryptographic primitives require an efficient algorithm to sample lattice points according to some Gaussian distribution. All algorithms known for this task require longinteger arithmetic at some point, which may be problematic in practice. We study how much lattice sampling can be sped up using floatingpoint arithmetic. First, we show that a direct floatingpoint implementation of these algorithms does not give any asymptotic speedup: the floatingpoint precision needs to be greater than the security parameter, leading to an overall complexity Õ(n3) where n is the lattice dimension. However, we introduce a laziness technique that can significantly speed up these algorithms. Namely, in certain cases such as NTRUSign lattices, laziness can decrease the complexity to Õ(n2) or even Õ(n). Furthermore, our analysis is practical: for typical parameters, most of the floatingpoint operations only require the doubleprecision IEEE standard.Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security; 12/2012  [Show abstract] [Hide abstract]
ABSTRACT: An identitybased signature scheme from lattices is constructed. The scheme is obtained from a modification of Agrawal, Boneh, and Boyen's lattice identitybased encryption scheme. In this construction, we use two distinct trapdoors for finding short bases. One trapdoor enables the real implementation to generate short bases for all lattices. The other trapdoor enables the simulator to generate short bases for all lattices. Furthermore, the generating short bases are used to sample short vectors as signatures. Our scheme is computationally efficient. The scheme's strong unforgeability is proven in the standard model and rests on the hardness of the small integer solution problem. Finally, we extend the basic construction to obtain a hierarchical identitybased signature scheme. Copyright © 2012 John Wiley & Sons, Ltd.Security and Communication Networks 01/2013; 6(1):6977. · 0.43 Impact Factor
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.