Ring cryptography;Lattice cryptography;Functional programming;Haskell;Domain-specific language;Fully homomorphic encryption;Learning with errors;Learning with rounding
Crockett, Eric ; Peikert, Christopher Computer Science Halderman, Alex Boldyreva, Alexandra Lipton, Richard Costello, Craig ; Peikert, Christopher
Lattice cryptography has many compelling features, like security under worst-case hardness assumptions, apparent security against quantum attacks, efficiency and parallelism, and powerful constructions like fully homomorphic encryption. While standard constructions such as lattice-based key exchange are starting to be deployed in real-world scenarios, the most powerful lattice cryptosystems are still limited to research prototypes. This is due in part to the difficulty of implementing, instantiating, and using these schemes. In this work we present a collection of tools to facilitate broader use of lattice cryptography by improving accessibility and usability. The foundation of this work is Λ∘λ, a general-purpose software framework for lattice cryptography. The Λ∘λ library has several features which distinguish it from prior implementations, including high-level abstractions for lattice operations, advanced functionality needed for applications like homomorphic encryption, and safe interfaces. Many efficient lattice cryptosystems are based on the relatively new Learning With Errors over Rings (Ring-LWE) problem. In order to attract cryptanalytic effort and improve concrete security estimates for this widely used problem, we publish challenges for Ring-LWE and the related Learning With Rounding over Rings problem. Unlike challenges for other cryptographic problems like integer factorization, a dishonest challenger can make Ring-LWE challenges which are much harder to solve than properly generated ones. Thus we propose and implement a non-interactive, publicly verifiable cut-and-choose protocol which provides reasonably convincing evidence that the challenges are properly generated. Finally, we introduce ALCHEMY, a domain-specific language and compiler for homomorphic computations. In existing implementations of homomorphic encryption, users must manually represent a desired plaintext computation as a much more complex sequence of operations on ciphertexts. ALCHEMY automates most of the steps in this process, which dramatically reduces the expertise needed to use homomorphic encryption.
PDF
download
878987797
028-85220240
