Lattice cryptography is a branch of cryptography based on the mathematical structure of a lattice, which has the property of resisting quantum computing attacks²³. A lattice is a discrete set of points generated from linearly independent vectors that can be used to describe many complex geometric and algebraic problems⁴. The security of lattice cryptography is usually built on the worst-case difficulty assumption that some lattice problems are hard to solve even given an optimal algorithm⁴.
A typical lattice problem is the shortest vector problem (SVP), that is, given a lattice basis (lattice basis), find the non-zero vector with the smallest length in the lattice⁴. This problem is proven to be NP-hard, and there is no known efficient quantum algorithm to solve it⁴. Based on SVP and other related problems, various lattice cryptographic primitives can be constructed, such as encryption, signature, zero-knowledge proof, etc.⁵.
One of the important and interesting primitives is an encryption scheme based on the learning with errors over rings (Ring-LWE) problem⁴. The Ring-LWE problem is a generalization of the LWE problem on the ring (ring), that is, given a ring element a and a noise item e, it is easy to calculate as+e when the relationship between e and another ring element s is unknown. , but conversely recovering s from as+e is difficult⁴. The Ring-LWE encryption scheme takes advantage of this one-way property to encrypt information safely, reliably and efficiently, and can support homomorphic operations, that is, to operate on ciphertext without decryption⁴[6].
Lattice-based ciphers have several advantages:
- They are resistant to quantum attacks, since there are currently no efficient quantum algorithms for lattice-hard problems²³.
- They can be computationally efficient, since operations on lattices are mostly matrix and vector products and require only addition².
- They can construct complex and powerful cryptographic applications, such as fully homomorphic encryption, functional encryption, code obfuscation, etc¹⁵.
In conclusion, lattice cryptography is a cutting-edge and practical field of cryptography, which provides us with a novel and powerful way to protect data security and privacy.
The following is an example of Python code for an encryption scheme based on the Ring-LWE problem, which implements the functions of key generation, encryption, and decryption:
# 导入相关库
import numpy as np
from numpy.polynomial import polynomial as poly
# 定义环上的参数
n = 16 # 环的维度
q = 12289 # 环上的模数
a = np.array([0, 1]) # 环上的不可约多项式 x + 1
# 定义噪声分布,这里使用离散高斯分布
def sample_gaussian(n):
return np.random.normal(0, 3.19, n).astype(int) % q
# 定义环上多项式乘法运算
def ring_mul(x, y):
return poly.polydiv(poly.polymul(x,y), a)[1] % q
# 定义密钥生成函数,返回公钥和私钥
def keygen():
s = sample_gaussian(n) # 随机选择私钥 s
e = sample_gaussian(n) # 随机选择噪声 e
b = ring_mul(a,s) + e # 计算公钥 b = as + e
return (b,s)
# 定义加密函数,输入公钥和明文消息,返回密文对(u,v)
def encrypt(b,m):
m = m % q # 将明文消息转换为模q整数向量
r = sample_gaussian(n) # 随机选择掩码 r
u = ring_mul(a,r) # 计算 u = ar
v = ring_mul(b,r) + m # 计算 v = br + m
return (u,v)
# 定义解密函数,输入私钥和密文对(u,v),返回明文消息
def decrypt(s,u,v):
w = ring_mul(s,u) # 计算 w = su
c = v - w # 计算 c = v - w
return c % qSource: Dialogue with Bing, 2023/3/16(1) Preliminary Exploration of Fully Homomorphic Encryption II: Lattice Cryptography and LWE Problems - Zhihu. https://zhuanlan.zhihu.com/p/150920501 Access time 2023 /3/16.
(2) Basics of Lattice Cryptography_Anonymous Function Blog-CSDN Blog. https://blog.csdn.net/m0_57291352/article/details/121382465 Access time 2023/3/16.
(3) Lattice Password Ring-LWE (section 1) - Zhihu. https://zhuanlan.zhihu.com/p/348311060 Access time 2023/3/16.
(4) Grid password introduction (science popularization) - Zhihu. https: //zhuanlan.zhihu.com/p/234950092 Access time 2023/3/16.
(5) Lattice password notes (1). https://www.ruanx.net/lattice-1/ Access time 2023/3/16 .
(6) Ring-LWE (section 1) of lattice password - Zhihu. https://bing.com/search?q=%e6%a0%bc%e5%af%86%e7%a0%81%e5 %ad%a6 access time 2023/3/16.