4. The Advanced Encryption Standard (AES)Sam Bowne
A lecture for a college course -- CNIT 140: Cryptography for Computer Networks at City College San Francisco
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Apresentação sobre Criptografia baseada em reticulados (lattices), realizada no contexto da disciplina de Post-Quantum Cryptography do PPGCC da UFSC.
Versão odp: http://coenc.td.utfpr.edu.br/~giron/presentations/aula_lattice.odp
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWEPriyanka Aash
Destructive and constructive methods in lattice-based cryptography will be discussed. Topic 1: Cryptanalysis of Compact-LWE Authors: Jonathan Bootle; Mehdi Tibouchi; Keita Xagawa Topic 2: Two-message Key Exchange with Strong Security from Ideal Lattices Authors: Zheng Yang; Yu Chen; Song Luo
(Source: RSA Conference USA 2018)
4. The Advanced Encryption Standard (AES)Sam Bowne
A lecture for a college course -- CNIT 140: Cryptography for Computer Networks at City College San Francisco
Based on "Understanding Cryptography: A Textbook for Students and Practitioners" by Christof Paar, Jan Pelzl, and Bart Preneel, ISBN: 3642041000
Instructor: Sam Bowne
More info: https://samsclass.info/141/141_F17.shtml
Apresentação sobre Criptografia baseada em reticulados (lattices), realizada no contexto da disciplina de Post-Quantum Cryptography do PPGCC da UFSC.
Versão odp: http://coenc.td.utfpr.edu.br/~giron/presentations/aula_lattice.odp
Lattice-Based Cryptography: CRYPTANALYSIS OF COMPACT-LWEPriyanka Aash
Destructive and constructive methods in lattice-based cryptography will be discussed. Topic 1: Cryptanalysis of Compact-LWE Authors: Jonathan Bootle; Mehdi Tibouchi; Keita Xagawa Topic 2: Two-message Key Exchange with Strong Security from Ideal Lattices Authors: Zheng Yang; Yu Chen; Song Luo
(Source: RSA Conference USA 2018)
This is a Presentation On use of AES Algorithm To Encrypt Or Decrypt a Text File. This Algorithm is the latest and better than DES. It is a Networking Presentation. Thank You.
This Presentation Elliptical Curve Cryptography give a brief explain about this topic, it will use to enrich your knowledge on this topic. Use this ppt for your reference purpose and if you have any queries you'll ask questions.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka tutorial teaches Diffie-Helman algorithm which is used to exchange the symmetric key between sender and receiver. The exchange of keys is done using a mathematical calculation individually at both ends.
The Internet Key Exchange (IKE) protocol, described in RFC 2409, is a key management protocol standard which is used in conjunction with the IPsec standard. IPsec can be configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec standard.
A short introduction to cryptography. What is public and private key cryptography? What is a Caesar Cipher and how do we decrypt it? How does RSA work?
The presentation include:
-Diffie hellman key exchange algorithm
-Primitive roots
-Discrete logarithm and discrete logarithm problem
-Attacks on diffie hellman and their possible solution
-Key distribution center
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
Cloud computing is an ever-growing field in today‘s era.With the accumulation of data and the
advancement of technology,a large amount of data is generated everyday.Storage, availability and security of
the data form major concerns in the field of cloud computing.This paper focuses on homomorphic encryption,
which is largely used for security of data in the cloud.Homomorphic encryption is defined as the technique of
encryption in which specific operations can be carried out on the encrypted data.The data is stored on a remote
server.The task here is operating on the encrypted data.There are two types of homomorphic encryption, Fully
homomorphic encryption and patially homomorphic encryption.Fully homomorphic encryption allow arbitrary
computation on the ciphertext in a ring, while the partially homomorphic encryption is the one in which
addition or multiplication operations can be carried out on the normal ciphertext.Homomorphic encryption
plays a vital role in cloud computing as the encrypted data of companies is stored in a public cloud, thus taking
advantage of the cloud provider‘s services.Various algorithms and methods of homomorphic encryption that
have been proposed are discussed in this paper
This is a Presentation On use of AES Algorithm To Encrypt Or Decrypt a Text File. This Algorithm is the latest and better than DES. It is a Networking Presentation. Thank You.
This Presentation Elliptical Curve Cryptography give a brief explain about this topic, it will use to enrich your knowledge on this topic. Use this ppt for your reference purpose and if you have any queries you'll ask questions.
( ** Cyber Security Training: https://www.edureka.co/cybersecurity-certification-training ** )
This Edureka tutorial teaches Diffie-Helman algorithm which is used to exchange the symmetric key between sender and receiver. The exchange of keys is done using a mathematical calculation individually at both ends.
The Internet Key Exchange (IKE) protocol, described in RFC 2409, is a key management protocol standard which is used in conjunction with the IPsec standard. IPsec can be configured without IKE, but IKE enhances IPsec by providing additional features, flexibility, and ease of configuration for the IPsec standard.
A short introduction to cryptography. What is public and private key cryptography? What is a Caesar Cipher and how do we decrypt it? How does RSA work?
The presentation include:
-Diffie hellman key exchange algorithm
-Primitive roots
-Discrete logarithm and discrete logarithm problem
-Attacks on diffie hellman and their possible solution
-Key distribution center
Introduction to homomorphic encryption, encryption which allows computations on ciphertext. An overview of key aspects and the ideas that allow these schemes to work is given, as well as examples of how to apply it.
Christoph Matthies (@chrisma0), Hubert Hesse (@hubx), Robert Lehmann (@rlehmann)
Cloud computing is an ever-growing field in today‘s era.With the accumulation of data and the
advancement of technology,a large amount of data is generated everyday.Storage, availability and security of
the data form major concerns in the field of cloud computing.This paper focuses on homomorphic encryption,
which is largely used for security of data in the cloud.Homomorphic encryption is defined as the technique of
encryption in which specific operations can be carried out on the encrypted data.The data is stored on a remote
server.The task here is operating on the encrypted data.There are two types of homomorphic encryption, Fully
homomorphic encryption and patially homomorphic encryption.Fully homomorphic encryption allow arbitrary
computation on the ciphertext in a ring, while the partially homomorphic encryption is the one in which
addition or multiplication operations can be carried out on the normal ciphertext.Homomorphic encryption
plays a vital role in cloud computing as the encrypted data of companies is stored in a public cloud, thus taking
advantage of the cloud provider‘s services.Various algorithms and methods of homomorphic encryption that
have been proposed are discussed in this paper
A brief presentation on Position-Based, Device-Independent and Post Quantum Cryptographies. Detailing Position-Based QC, defining Device-Independent QC and discussing Post Device-Independent.
Summary - aims &objectives of islamic reconstruction dept by mohd asadZaid Hamid
Quaid e Azam created a department of Islamic Reconstruction in 1947 to create an Islamic state in Pakistan. He appointed the German convert Muslims Muhemmed Asad as its director general. After the death of Quaid e Azam, the whole department was burnt down by the traitors and its research lost to the nation. Now for the first time in 65 years, these rare, historical and visionary works are brought back to life, alhamdolillah. These are the lost papers of Muhemmed Asad.
These papers have an incredible historical value and set the record straight on the vision, mission, ambitions and aspirations of our founding fathers – Quaid, Allama Iqbal, Liaqat Ali Khan and Allama Asad – on the newly created Islamic state of Pakistan. These papers destroy the myth comprehensively that our founding fathers wanted to create secular state and did not wish an Islamic state. These papers are most decisive rebuttal to the liberal fascists who have been resisting the Islamic state in Pakistan and now would form the basis upon which to rebuild a glorious Islamic civilization, InshAllah!
Pakistan – the problems and solutions regarding terrorism and 4thGWZaid Hamid
4th Generation War is the latest weapon being deployed against the Muslim world to dismember Muslim countries in the greater middle east. This mode of War fare is least understood by the policy makers, leaders, and the media. Here BrassTacks brings a comprehensive presentation for the policy makers on this illusive subject.
Slides from the presentation "Modern Cryptography" delivered at Deovxx UK 2013. See Parleys.com for the full video https://www.parleys.com/speaker/5148920c0364bc17fc5697a5
Presentation Slides - Genetic algorithm based key generation for fully homomo...MajedahAlkharji
Slides describe a method to use Genetic Algorithm to generate keys for the fully homomorphic encryption scheme. Then perform some simple computations on the encrypted data.
Results show that a GA generated key provides more randomness than other conventional methods used to generate public and private keys.
LDPC Encoding and Hamming Encoding using MATLAB.
An LDPC code is a linear block code characterised by a very sparse parity-check matrix. This means that the parity check matrix has a very low concentration of 1’s in it, hence the name is “low-density parity-check” code. The sparseness of LDPC codes is what as it can lead to excellent performance in terms of bit error rates.
An incremental algorithm for transition-based CCG parsingAkira Miyazawa
I introduce a paper “An incremental algorithm for transition-based CCG parsing” by Bharat Ram Ambati, Tejaswini Deoskar, Mark Johnson and Mark Steedman.
Fuzzy clustering algorithm can not obtain good clustering effect when the sample characteristic is not obvious and need to determine the number of clusters firstly. For thi0s reason, this paper proposes an adaptive fuzzy kernel clustering algorithm. The algorithm firstly use the adaptive function of clustering number to calculate the optimal clustering number, then the samples of input space is mapped to highdimensional feature space using gaussian kernel and clustering in the feature space. The Matlab simulation results confirmed that the algorithm's performance has greatly improvement than classical clustering algorithm and has faster convergence speed and more accurate clustering results.
Fuzzy clustering algorithm can not obtain good clustering effect when the sample characteristic is not
obvious and need to determine the number of clusters firstly. For thi0s reason, this paper proposes an
adaptive fuzzy kernel clustering algorithm. The algorithm firstly use the adaptive function of clustering
number to calculate the optimal clustering number, then the samples of input space is mapped to highdimensional
feature space using gaussian kernel and clustering in the feature space. The Matlab simulation
results confirmed that the algorithm's performance has greatly improvement than classical clustering algorithm and has faster convergence speed and more accurate clustering results
Digital systems:
Design of a Burglar Alarm using Simple Combinational Logic.
FPGA design verified on BASYS experimenter board utilizing Verilog programming language in Xilinx design suite.
Detailed cryptographic analysis of contact tracing protocolsChristian Spolaore
A detailed description of DP3T, Google/Apple and PEP-PT
contact tracing protocols. After a brief mathematical introduction on modern cryptography, the primitives used in the protocols are specifically taken into consideration. Then, they are described in details and linked to the standard goals of information security, analyzing if the proposed designs reach them or not. Finally, there can be found a quick but interesting description of the main issues regarding BLE Technology and an example of a secret sharing scheme which could be used to prevent local attacks to the system (refer also to: https://www.slideshare.net/ChristianSpolaore1/introduction-to-contact-tracing-apps-and-privacy-issues).
EE 567ProjectDue Tuesday, December 3, 2019 at 640 p.m..docxgidmanmary
EE 567
Project
Due Tuesday, December 3, 2019 at 6:40 p.m.
Work all 3 Parts.
Instructions.
Your project should be typed on one side of the paper only and stapled
in the upper left hand corner. You should include a cover page and an
appendix where you include your Matlab code. Do not place your project
inside any kind of binder. This is to be an individual effort. You may consult
any written material (hard or soft copy) but you may not solicit input from
any person except that you may ask the professor or TA questions regard-
ing your project. Your project report should be self-contained, that is, the
reader should be able to understand the problems and your solutions without
consulting the actual project assignment.
Part 1.
Assume we have downconverted a received signal via a mixing operation
and now we wish to apply a LPF. One way to implement a LPF is simply to
compute an average. In continuous time we would just integrate the signal
since dividing by the integration time T to compute the average would not
affect the performance since the noise would be scaled by the same amount
as the signal component. In discrete time we would implement a sum instead
of an integral. For this part we will assume we have a discrete time signal
but we will compute an average instead of just a sum.
So let us assume the input to the LPF is a signal of the form
s(k) =
√
E + double frequency terms + n(k), k = 0, 1, . . .
where we have assumed scaling so that n(k) is a standard normal random
variable for each k and ni is independent of nj for i 6= j, i, j = 0, 1, . . ..
We may ignore the double frequency terms and assume they are suppressed,
either completely or at least sufficiently, by the LPF. The output of the LPF
1
is
y(n) =
1
N
n
∑
k=n−N +1
s(k), n = 0, 1 . . .
where we take y(n) = 0 for n < 0.
Even though we are computing an average we will refer to this type of filter
as an integrate and dump or I&D filter.
Now for implementation purposes we can also construct a LPF using an
IIR filter. Let
ỹ(n) = (1 − α)s(n) + αỹ(n − 1), n = 0, 1 . . .
where we take ỹ(−1) = 0.
a. Determine (analytically) the value of α = α(N ) so that the mean and
variance of the IIR filter output matches the mean and variance of the
I&D filter output as n → ∞. For this task you may assume without
loss of generality that you only have noise present.
b. Compute (analytically) the impulse response of the I&D filter.
c. Compute (analytically) the step response of the I&D filter.
d. Compute (analytically) the impulse response of the IIR filter using the
value of α found in part (a).
e. Compute (analytically) the step response of the IIR filter using the
value of α found in part (a).
f. Plot the impulse response for each filter on the same graph using N = 8.
g. Plot the step response for each filter on the same graph using N = 8.
Part 2.
Assume we have downconverted a BPSK signal such that the input to a
LPF is of the form
s(k) = A + double frequency terms ...
International Journal of Managing Information Technology (IJMIT)IJMIT JOURNAL
We present an improved SPFA algorithm for the single source shortest path problem. For a random graph, the empirical average time complexity is O(|E|), where |E| is the number of edges of the input network. SPFA maintains a queue of candidate vertices and add a vertex to the queue only if that vertex is relaxed. In the improved SPFA, MinPoP principle is employed to improve the quality of the queue. We theoretically analyse the advantage of this new algorithm and experimentally demonstrate that the algorithm is efficient
An improved spfa algorithm for single source shortest path problem using forw...IJMIT JOURNAL
We present an improved SPFA algorithm for the single source shortest path problem. For a random graph,
the empirical average time complexity is O(|E|), where |E| is the number of edges of the input network.
SPFA maintains a queue of candidate vertices and add a vertex to the queue only if that vertex is relaxed.
In the improved SPFA, MinPoP principle is employed to improve the quality of the queue. We theoretically
analyse the advantage of this new algorithm and experimentally demonstrate that the algorithm is efficient.
An improved spfa algorithm for single source shortest path problem using forw...IJMIT JOURNAL
We present an improved SPFA algorithm for the single source shortest path problem. For a random graph,
the empirical average time complexity is O(|E|), where |E| is the number of edges of the input network.
SPFA maintains a queue of candidate vertices and add a vertex to the queue only if that vertex is relaxed.
In the improved SPFA, MinPoP principle is employed to improve the quality of the queue. We theoretically
analyse the advantage of this new algorithm and experimentally demonstrate that the algorithm is efficient.
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
Key Discussion Pointers:
1. Introduction to Data Privacy
- What is data privacy
- Privacy laws around the globe
- DPDPA Journey
2. Understanding the New Indian DPDPA 2023
- Objectives
- Principles of DPDPA
- Applicability
- Rights & Duties of Individuals
- Principals
- Legal implications/penalties
3. A practical approach to DPDPA compliance
- Personal data Inventory
- DPIA
- Risk treatment
It covers popular IaaS/PaaS attack vectors, list them, and map to other relevant projects such as STRIDE & MITRE. Security professionals can better understand what are the common attack vectors that are utilized in attacks, examples for previous events, and where they should focus their controls and security efforts.
Discuss Security Incidents & Business Use Case, Understanding Web 3 Pros
and Web 3 Cons. Prevention mechanism and how to make sure that it doesn’t happen to you?
Emerging New Threats And Top CISO Priorities in 2022 (Bangalore)Priyanka Aash
Round Table Discussion On "Emerging New Threats And Top CISO Priorities In 2022"_ Bangalore
Date - 28 September, 2022. Decision Makers of different organizations joined this discussion and spoke on New Threats & Top CISO Priorities
Cloud Security: Limitations of Cloud Security Groups and Flow LogsPriyanka Aash
Cloud Security Groups are the firewalls of the cloud. They are built-in and provide basic access control functionality as part of the shared responsibility model. However, Cloud Security Groups do not provide the same protection or functionality that enterprises have come to expect with on-premises deployments. In this talk we will discuss the top cloud risks in 2020, why perimeters are a concept of the past and how in the world of no perimitiers do Cloud Security groups, the "Cloud FIrewalls", fit it. We will practically explore Cloud Security Group limitations across different cloud setups from a single vNet to multi-cloud
Most organizations have good enterprise-level security policies that define their approach to maintaining, improving, and securing their information and information systems. However, once the policies are signed by senior leadership and distributed throughout the organization, significant cybersecurity governance challenges remain. In this workshop I will explain the transforming organizational security to strengthen defenses and integrate cybersecurity with the overall approach toward security governance, risk management and compliance.
The Internet is home to seemingly infinite amounts of confidential and personal information. As a result of this mass storage of information, the system needs to be constantly updated and enforced to prevent hackers from retrieving such valuable and sensitive data. This increasing number of cyber-attacks has led to an increasing importance of Ethical Hacking. So Ethical hackers' job is to scan vulnerabilities and to find potential threats on a computer or networks. An ethical hacker finds the weakness or loopholes in a computer, web applications or network and reports them to the organization. It requires a thorough knowledge of Networks, web servers, computer viruses, SQL (Structured Query Language), cryptography, penetration testing, Attacks etc. In this session, you will learn all about ethical hacking. You will understand the what ethical hacking, Cyber- attacks, Tools and some hands-on demos. This session will also guide you with the various ethical hacking certifications available today.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfPaige Cruz
Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack.
While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack.
I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Transcript: Selling digital books in 2024: Insights from industry leaders - T...BookNet Canada
The publishing industry has been selling digital audiobooks and ebooks for over a decade and has found its groove. What’s changed? What has stayed the same? Where do we go from here? Join a group of leading sales peers from across the industry for a conversation about the lessons learned since the popularization of digital books, best practices, digital book supply chain management, and more.
Link to video recording: https://bnctechforum.ca/sessions/selling-digital-books-in-2024-insights-from-industry-leaders/
Presented by BookNet Canada on May 28, 2024, with support from the Department of Canadian Heritage.
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Albert Hoitingh
In this session I delve into the encryption technology used in Microsoft 365 and Microsoft Purview. Including the concepts of Customer Key and Double Key Encryption.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Quantum Computing: Current Landscape and the Future Role of APIs
Lattice Cryptography
1. Which Ring-Based SHE Scheme is best?
Anamaria Costache and Nigel P. Smart
University of Bristol
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 1
2. Fully Homomorphic Encryption
Homomorphic encryption allows to compute on encrypted data.
Allows to outsource computation to an untrusted server.
Signal processing satellite applications.
Analysing data (e.g. medical data) without compromising
confidential information.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 2
4. Fully Homomorphic Encryption
A (fully) homomorphic encryption scheme E comprises of four
algorithms: KeyGen, Enc, Dec and Evaluate.
For (sk, pk) ← KeyGen(λ), plaintext message m with
corresponding ciphertext c and circuit C , we say that E is
correct if
Dec(sk, Evaluate(pk, C, c)) = C(m).
E is
Fully Homomorphic if it is correct for all circuits C.
Somewhat Homomorphic if it is correct for some circuits C.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 4
5. Fully Homomorphic Encryption
RSA encryption is multiplicatively homomorphic [Rivest Shamir
Adleman 77].
Paillier is additively homomorphic [Paillier 99].
A scheme both additively and multiplicatively homomorphic is
more powerful, but also harder to obtain.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 5
6. A History of Homomorphic Encryption
First Generation: Gentry’s first FHE scheme, bootstrappable
[Gentry 09]
Second Generation: Ring-Based leveled Somewhat
Homomorphic Schemes, smaller ciphertexts. Use double-CRT
to achieve a SIMD system and enhance efficiency. [Gentry
Halevi Smart 11]
Third Generation: Schemes such as [Gentry Sahai Waters 13].
Integer-based schemes, but slower computations and
somewhat impractical.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 6
7. The problem
Different applications call for different parameters. For example
plaintext spaces vary, or depth of the circuit we want to
evaluate.
Ideally we want an unbounded scheme, but not all applications
require this.
Even when restricted to a certain form of HE, there are many
schemes available.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 7
8. We pick four of the most used Ring-Based schemes, BGV, FV,
NTRU and YASHE and compare them against each other.
On the face of it, YASHE and FV should be more efficient since
they are scale-invariant, which should save in computation time.
Similarly, NTRU and YASHE have fewer ring elements in the
ciphertexts.
What effect do the above have on the efficiency of the scheme?
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 8
9. A Noise Problem
All messages are encrypted by adding a noise factor to a
multiple of the original message.
Enc(pk, m) = c = α · m + e( mod q).
But then c · c has noise 2 · α · m + e2:
c · c = (α · m + e) · (α · m + e) = α2 · m2 + 2 · α · m + e2.
This grows quickly, implying a need for a noise-management
control.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 9
10. A Noise Management Technique: SwitchModulus
We use a chain of primes p0 < p1 < · · · < pL−1 and let
qt = t
i=0 pi.
This gives a chain of moduli q0 < q1 < · · · < qL−1 such that
qi | qi+1.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 10
11. qt qt−1 · · · q1
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 11
12. The four schemes; DecBGV
pk (c)
Decryption of a ciphertext ((c0, c1), t) at level t is performed by
setting
m ← [c0 − sk · c1]qt ,
and outputting
m mod p.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 12
13. The four schemes; DecYASHE
pk (c)
Decryption of a ciphertext (c, t) at level t is performed by setting
m ←
p
qt
· [c · sk]qt ,
and outputting
m mod p.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 13
14. How do we compare the four schemes?
We follow the security analysis in [Gentry Halevi Smart 13],
which itself follows on from Lindner-Peikert [Lindner Peikert 10].
We assume that we encrypt, perform ζ additions, one
multiplication, ζ additions, one multiplication and so on. We
perform a SwitchKey operation and a Scale after each
multiplication.
We measure efficiency by the size of a ciphertext in kBytes.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 14
15. Analysis
Decryption is done by either modular reduction or a rounding
operation. Thus if the noise is too large, we could decrypt
erroneously.
To ensure correct decryption, we require
4 · cm · B∗
scale = 2 · cm · B <
p0 For BGV and NTRU
p0
p For FV and YASHE.
(1)
This gives us a lower bound on our bottom modulus.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 15
16. Top modulus
We want to find the sizes of the primes used in moduli. We start
with the top level and calculate the primes we need with correct
decryption in mind.
We start off with a fresh ciphertext. We perform a number of
additions, one multiplication and one scale operation, and
calculate a noise bound B2 on the resulting ciphertext.
We require
pL−1 ≈ B2
B∗
scale
.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 16
17. Middle moduli
For the middle moduli, we use the same methodology. The only
difference is that that we do not start off with a fresh ciphertext,
so the initial noise will be different.
We call this bound B (t), and we require
pt ≈
B (t)
B∗
scale
.
We can then iterate downwards, using
log2 qt = log2 qt+1 − log2 pt+1.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 17
18. Results; L = 5 and varying plaintext modulus size
log2(p)
0 50 100 150 200 250
6
8
10
12
14
16
log2(p)
log2(|c|)kBytes
BGV FV
NTRU YASHE
We see that the BGV scheme quickly takes over all other values.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 18
19. Results; L = 5 and varying plaintext modulus size
log2(p)
0 2 4 6 8 10 12 14
4.5
5
5.5
6
6.5
7
log2(p)
log2(|c|)kBytes
BGV FV NTRU YASHE
For small values of p, YASHE is indeed preferable. But as seen in
the previous slide, BGV is better overall.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 19
20. Results; plaintext modulus p = 2, for varying depth L
5 10 15 20 25 30
2
4
6
8
10
12
L
log2(|c|)kBytes
BGV FV NTRU YASHE
As previously, YASHE wins for small p...
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 20
21. Results; plaintext modulus p = 232
, for varying depth L
5 10 15 20 25 30
4
6
8
10
12
14
16
L
log2(|c|)kBytes
BGV
FV
NTRU
YASHE
... and BGV for large p. In fact, the size of L has no impact on the
schemes’ performance.
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 21
22. Open questions
We have done a crude security analysis, in order to examine
how the scheme parameters are affected by scaling the
plaintext modulus p and the depth required of the scheme.
A stricter security analysis would contribute to the survey. This
would need to take into account attacks such as [Albrecht Bai
Ducas 16].
Anamaria Costache and Nigel P. Smart
Which Ring-Based SHE Scheme is best? Slide 22
24. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
CT-RSA Conference 2016
NFLlib
NTT-based Fast Lattice Library
Carlos Aguilar-Melchor1
Joris Barrier2
Serge Guelton3
Adrien Guinet3
Marc-Olivier Killijian2
Tancrède Lepoint4
1
Université de Toulouse, CNRS, France, carlos.aguilar@enseeiht.fr
2
Université de Toulouse, CNRS, France, {joris.barrier,marco.killijian}@laas.fr
3
Quarkslab, France, {sguelton,aguinet}@quarkslab.com
4
CryptoExperts, France, tancrede.lepoint@cryptoexperts.com
February 23, 2016
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 1/16
25. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
Outline
1 Introduction
2 NFLlib
What is in the box ?
Specific Modulus
NTT form
CRT Representation
Gaussian Random Generator
3 Applications : Ideal Lattice Cryptography
High Performance Key Exchange
Somewhat Fully Homomorphic Encryption
4 Application : PIR
5 Conclusion
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 2/16
26. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
A Brief Overview
A Library…
NFLlib is a homemade C++ library to efficiently deal with polynomials.
…Specialized
Indeed, NFLlib works exclusively with polynomials usually considered in (ideal) lattice-based
cryptography.
polynomials of fixed degree (a power of two),
with coefficient of fixed size (modular operations).
P(X) = a0 + a1X + a2X2
+ · · · + an−1Xn−1
+ anXn
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 3/16
27. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
A Brief Overview
A Library…
NFLlib is a homemade C++ library to efficiently deal with polynomials.
…Specialized
Indeed, NFLlib works exclusively with polynomials usually considered in (ideal) lattice-based
cryptography.
polynomials of fixed degree (a power of two),
with coefficient of fixed size (modular operations).
P(X) = a0 + a1X + a2X2
+ · · · + an−1Xn−1
+ anXn
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 3/16
28. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
How to use NFLlib : Practice example
1 /* Set polynomial type with T the native type used
2 * such as uint16_t, uint32_t, uint64_t */
3 using poly_t = nfl::poly_from_modulus<T, degree, modulus>;
4 poly_t p1, p2, p3, p_res;
5
6 /*Fill polynomials with noise using different noise generators */
7 p1 = poly_t(nfl::uniform); //or p1 = nfl::uniform;
8 p2 = poly_t(nfl::gaussian<poly_t>(prng_instance));
9 p3 = poly_t(nfl::bounded(bound));
10
11 /*Overloaded operators for an easy use */
12 p_res = (p1 * p2) + p3 - p1;
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 4/16
29. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
NFLlib
1 Introduction
2 NFLlib
What is in the box ?
Specific Modulus
NTT form
CRT Representation
Gaussian Random Generator
3 Applications : Ideal Lattice Cryptography
High Performance Key Exchange
Somewhat Fully Homomorphic Encryption
4 Application : PIR
5 Conclusion
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 5/16
30. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
What is in the box ?
Enabled Optimizations
NFLlib is a C++ library with state of the art optimizations :
Specific modulus ;
NTT polynomial representation ;
CRT representation to use big modulus ;
NTT and iNTT optimized algorithm ;
SSE and AVX2 processor instructions.
Remark : HElib
This kind of optimizations are implemented in HElib in the DoubleCRT class.
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 6/16
31. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
Modulus Optimizations
We choose our primes such as for an integer 1 ≤ s0 ≤ s − 1, a chosen prime p verifies ( Note
that all our 62-bit primes verify Eq. 1) :
(1 + 1/23s0
) · β/(2s0
+ 1) < p < β/2s0
(1)
Algorithm 1: Modular reduction with a modulus verifying Eq. 1
Input: u = u1,u0 ∈ [0,p2
), p verifying Eq. (1), v0 = β2
/p mod β, 1 ≤ s0 ≤ s − 1 margin
bits
Output: r = u mod p
1 q ← v0 · u1 + 2s0
· u mod β2
2 r ← u − q/β · p mod β
3 if r ≥ p then r ← r − p
4 return r
Algo. 1 is a significantly improvement from Moller, N., Granlund, T., “Improved division by invariant integers”. IEEE Trans.
Computers (2011).
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 7/16
32. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
NTT form
Polynomials representation
In NFLlib polynomials are represented and handled in an evaluated form using the Number
Theoretic Transform (Discrete Fourrier Transform).
Advantages
By the book, polynomials multiplication is in O(n2
). In the NTT form, the multiplication is an
element-to-element multiplication in (obviously) O(n).
→ Great performance improvement
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 8/16
33. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
NTT form
Polynomials representation
In NFLlib polynomials are represented and handled in an evaluated form using the Number
Theoretic Transform (Discrete Fourrier Transform).
Advantages
By the book, polynomials multiplication is in O(n2
). In the NTT form, the multiplication is an
element-to-element multiplication in (obviously) O(n).
→ Great performance improvement
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 8/16
34. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
CRT Representation
Motivation
For performance reason we do not use specialized libraries to handle moduli that do not fit in
native types when working directly with polynomials. However, we don’t want to limit too
strictly moduli sizes. So we use Chinese Theorem Representation (CRT) to deal with big
moduli by splitting them in smaller integers.
Recover
To recover big moduli we call an external library because we cannot do a better implementation.
HElib
Note that in HElib they use FFT representation for big modulus instead of CRT.
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 9/16
35. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
Gaussian Random Generator
Description
unsigned int sigma = 20;
unsigned int security = 128;
unsigned int sample = 1 << 14;
FastGaussianNoise<uint8_t, T, 2> fg_prng(sigma, security, sample);
Distribution Uniform D3·19 D300
cycles / bit generated1
0.4 1.39 3.43
1We implement a constant time algorithm with a ×4 overhead
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 10/16
36. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
Applications : Key Exchange & SFHE
1 Introduction
2 NFLlib
What is in the box ?
Specific Modulus
NTT form
CRT Representation
Gaussian Random Generator
3 Applications : Ideal Lattice Cryptography
High Performance Key Exchange
Somewhat Fully Homomorphic Encryption
4 Application : PIR
5 Conclusion
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 11/16
37. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
High Performance Key Exchange
Key Exchange Protocol
To illustrate the performances of our library in a concrete setting we implement an equivalent
of the key transport protocol RSASVE of NIST SP 800 56B. The client chooses a random
message and encrypts it with the server public key then, the server decrypts this random value
that is used to derivate (with a hashing function) a common secret.
Protocol 80 bits 128 bits 256 bits
RSA 7.95 Kops/s 0.31 Kops/s N/A
ECDH 7.01 Kops/s 5.93 Kops/s 1.61 Kops/s
RLWE/NFLlib 2
N/A 1020 Kops/s 508 Kops/s
2Enabled forward secrecy divides performances by 2
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 12/16
38. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
Somewhat Fully Homomorphic Encryption
SFHE
We modified the open-source implementation of the somewhat homomorphic encryption
scheme of Fan and Vercauteren from [1] and directly replaced flint by NFLlib .
Encrypt Decrypt Hom. Add. Hom. Mult.
[1] with flint 26.7ms 13.3ms 1.1ms 91.2ms
[1] with NFLlib 0.9ms 0.9 ms 0.01ms 17.2ms
Gain ×30 ×15 ×110 ×5.5
1. Tancrède Lepoint and Michael Naehrig. “A Comparison of the Homomorphic Encryption Schemes FV and YASHE”
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 13/16
39. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
Application : PIR
1 Introduction
2 NFLlib
What is in the box ?
Specific Modulus
NTT form
CRT Representation
Gaussian Random Generator
3 Applications : Ideal Lattice Cryptography
High Performance Key Exchange
Somewhat Fully Homomorphic Encryption
4 Application : PIR
5 Conclusion
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 14/16
40. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
Private Information Retrieval
Computational Private Information Retrieval (PIR)
A PIR scheme is a protocol in which a user retrieves a record from a database while hiding
which from the database administrators. A computational PIR protocol requires that the
database server executes an homomorphic cryptography based algorithm over all the database
content.
Protocol [2] [3] [4]
Throughput 0.5 Gb/s 1 Gb/s 20 Gb/s
2. J. T. Trostle and A. Parrish, “Efficient computationally private information retrieval from anonymity or trapdoor groups,” in
ISC 2010
3. C. Aguilar Melchor and P. Gaborit, “A Fast Private Information Retrieval Protocol,” in ISIT’08
4. cPIR based on Lipmaa scheme using lattice based cryptography implemented with NFLlib
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 15/16
41. Introduction NFLlib Applications : Ideal Lattice Cryptography Application : PIR Conclusion
Conclusion
NFLlib is an optimized and efficient library designed to handle
polynomials over polynomials rings Zp[x]/(xn
+ 1) in NTT form.
It can be used as a building block for ideal lattice based
cryptography that can be more efficient than existing
implementations based on NTL or flint .
Code available at : https://github.com/quarkslab/NFLlib
Carlos Aguilar-Melchor, Joris Barrier, Serge Guelton, Adrien Guinet, Marc-Olivier Killijian, Tancrède Lepoint | NFLlib : NTT-based Fast Lattice Library 16/16