How to validate the secret of a ring learning with errors (RLWE) key
Cryptology ePrint Archive, 2018•eprint.iacr.org
We use the signal function from RLWE key exchange to derive an efficient zero knowledge
authentication protocol to validate an RLWE key $ p= as+ e $ with secret $ s $ and error $ e
$ in the Random Oracle Model (ROM). With this protocol, a verifier can validate that a key $
p $ presented to him by a prover $ P $ is of the form $ p= as+ e $ with $ s, e $ small and that
the prover knows $ s $. We accompany the description of the protocol with proof to show that
it has negligible soundness and completeness error. The soundness of our protocol relies …
authentication protocol to validate an RLWE key $ p= as+ e $ with secret $ s $ and error $ e
$ in the Random Oracle Model (ROM). With this protocol, a verifier can validate that a key $
p $ presented to him by a prover $ P $ is of the form $ p= as+ e $ with $ s, e $ small and that
the prover knows $ s $. We accompany the description of the protocol with proof to show that
it has negligible soundness and completeness error. The soundness of our protocol relies …
Abstract
We use the signal function from RLWE key exchange to derive an efficient zero knowledge authentication protocol to validate an RLWE key with secret and error in the Random Oracle Model (ROM). With this protocol, a verifier can validate that a key presented to him by a prover is of the form with small and that the prover knows . We accompany the description of the protocol with proof to show that it has negligible soundness and completeness error. The soundness of our protocol relies directly on the hardness of the RLWE problem. The protocol is applicable for both LWE and RLWE but we focus on the RLWE based protocol for efficiency and practicality. We also present a variant of the main protocol with a commitment scheme to avoid using the ROM.
eprint.iacr.org
以上显示的是最相近的搜索结果。 查看全部搜索结果