µÚ21 ¾í µÚ2 ÆÚ ±±¾©µç×ӿƼ¼Ñ§ÔºÑ§±¨ 2013 Äê6 ÔÂ
Vol. 21No. 2 Journal of Beijing Electronic Science and Technology Institute
Ò»ÖÖÐÂÐÍ»ùÓÚ R – LWE µÄ¹«Ô¿ÃÜÂëÌåÖÆ* *
°× ½¡ 1 £¬2 Áõ »Û 1 £¬2 ÕÅ Èô óä 1 £¬2 Ñî ÑÇ ÌÎ 2 1. ±±¾©µç×ӿƼ¼Ñ§Ôº ±±¾© 1000701
2. Î÷°²µç×ӿƼ¼´óѧ ͨÐŹ¤³ÌѧԺ Î÷°² 710071
Jun. 2013
Õª Òª: ¸ñ¹«Ô¿ÃÜÂëÌåÖÆÓÉÆä¿ÉµÖ¿¹Á¿×Ó¹¥»÷ÒÔ¼°ÔËËã¼òµ¥µÄÓŵ㣬ÒѳÉΪÃÜÂëѧ½çµÄÑо¿ÈÈ µã¡£±¾ÎÄ»ùÓÚ¸ñÀíÂÛÖеĻ·ÉϵĴíÎóѧϰÎÊÌ⣬Éè¼ÆÁËÒ»ÖÖ¹«Ô¿ÃÜÂëÌåÖÆ£¬¸ø³öÁ˸ù«Ô¿ÃÜÂëÌå ÖƵľßÌå²ÎÊýÑ¡Ôñ£¬ÃÜÔ¿Éú³ÉºÍ¼Ó½âÃÜ·½·¨¡£ÁíÍ⣬»¹¶Ô¸Ã·½°¸µÄ°²È«ÐÔºÍЧÂʽøÐзÖÎö£¬²¢½« ÆäÓë NTRU ¹«Ô¿ÃÜÂëÌåÖƽøÐÐÁ˱Ƚϣ¬Ö¸³öÁ˱¾·½°¸µÄÓÅÊÆ¡£
¹Ø¼ü´Ê: ÃÜÂëѧ; ºóÁ¿×ÓÃÜÂë; ¸ñ¹«Ô¿ÃÜÂë; R – LWE; »ùÓÚ R – LWE ¹«Ô¿ÃÜÂëÌåÖÆ
ÖÐͼ·ÖÀàºÅ: TN918. 1 ÎÄÏ×±êʶÂë: A ÎÄÕ±àºÅ: 1672 – 464X( 2013) 06 – 46 – 04
ÒýÑÔ 1Ô¤±¸ÖªÊ¶
½üÄêÀ´£¬¸ñ¹«Ô¿ÃÜÂëÒÔÆ俹Á¿×Ó¹¥»÷£¬°²È«
ÐÔ¿ÉÒÔ»ùÓÚËæ»ú¸ñÉϵÄƽ¾ù״̬ϸñÀ§ÄÑÎÊÌâ
ÒÔ¼°Ç±ÔڵļÆËãЧÂʵȣ¬ÎüÒýÁËÖÚ¶àѧÕߵĹØ×¢
ºÍÑо¿¡£Í¬Ê±Ò²²úÉúÁË´óÁ¿»ùÓÚ¸ñÀ§ÄÑÎÊÌâµÄ
1. 1 ¸ñµÄ»ù´¡¸ÅÄî
¶¨Òå1[2]:Éè¦Í1£¬¦Í2£¬…£¬¦Ím ÏßÐÔÎ޹أ¬mά¸ñ
L( ¦Í1£¬¦Í2£¬…£¬¦Ím) ÊÇÖ¸ÓÉÏòÁ¿ ¦Í1£¬¦Í2£¬…£¬¦Ím Éú³É
µÄÒ»¸öÏòÁ¿¼¯£¬ËüµÄÐÎʽ±íʾÈçÏÂ:
m
L ( ¦Í 1 £¬¦Í 2 £¬… £¬¦Í m ) = ¦² a i ¦Í i £¬a i ¡Ê Z
i = 1
³Æ{¦Í1£¬¦Í2£¬…£¬¦Ím} Ϊ¸ñ L µÄÒ»×é»ù£¬ÇÒ¼Ç
Dim( L) = M£¬M£¬N ·Ö±ðΪ¸ñ L µÄάÊýºÍÖÈ¡£µ± M = N ʱ£¬³Æ¸ñ L ÊÇÂúάµÄ( Full Dimensional) ¡£ 1. 2 Á½ÖÖ×î»ù±¾µÄ¸ñÀ§ÄÑÎÊÌâ
¶¨Òå 2[2]( SVP£¬Shortest Vector Problem) : ¶Ô ÓÚ¸ø¶¨¸ñµÄÒ»×é»ùB¡ÊZn¡Ám£¬ÕÒµ½¸ñÖеÄÒ»¸ö·Ç ÁãÏòÁ¿¦Ë = Bx(x¡ÊZm)£¬Ê¹µÃ¶ÔÓÚÈÎÒâµÄy¡Ê Z m £¬y ¡ 0 Âú ×ã ¡¬ ¦Ë ¡¬ ¡Ü ¡¬ B y ¡¬ ¡£
¶¨Òå 3[2]( CVP£¬Closest Vector Problem) : ¶Ô ÓÚ¸ø¶¨¸ñµÄÒ»×é»ù»ù B ¡Ê Zn¡Ám ºÍÒ»¸öÈÎÒâµÄÄ¿ ±êÏòÁ¿»ù t ¡Ê Zn £¬ÕÒµ½¸ñÖеÄÒ»¸ö·ÇÁãÏòÁ¿ ¦Ë = Bx( x ¡Ê Zm) £¬Ê¹µÃ¶ÔÓÚÈÎÒâµÄ·ÇÁãÏòÁ¿ y ¡Ê Zm£¬
¹«Ô¿ÃÜÂëÌåÖÆ£¬ÆäÖÐ×îÖøÃûµÄÊÇÓÉ Hoffstein J µÈ [ 1 ]
ÓÚ 1998 ÄêÌá³öµÄ NTRU ¹«Ô¿ÃÜÂëÌåÖÆ £¬µ«ÊÇ NTRUµÄ°²È«ÐÔûÓеõ½ÑϸñµÄÖ¤Ã÷£¬Õâһȱµã ʹµÃ NTRU µÄ°²È«ÐÔÒ»Ö±Êܵ½ÈËÃǵÄÖÊÒÉ¡£ 2005 Ä꣬Regev ½«¸ñÀíÂÛºÍѧϰÀíÂÛ½áºÏ£¬Ìá³ö ÁË Ò» ¸ö ¸ñ ÉÏ µÄ РµÄ À§ ÄÑ ÎÊ Ìâ ¡ª¡ª¡ª ´í Îó ѧ Ï° ÎÊ Ìâ
( Learning with Errors£¬LWE) [2]£¬½«¸ñ¹«Ô¿ÃÜÂëµÄ Éè¼ÆÍÆÈëÁËÒ»¸öеĽ׶Σ¬Ïà¼Ì²úÉúÁËһϵÁлù ÓÚ¸ñµÄ¹«Ô¿ÃÜÂëÌåÖÆ[2-4]¡£2010 Äê Lyuba- shevsky µÈÌá³öÁË»·ÉϵĴíÎóѧϰÎÊÌâ( R – LWE) [5]£¬Ê¹µÃ»ùÓÚ¸ñÉϵĹ«Ô¿ÃÜÂëÌåÖÆ·½°¸µÄ °²È«ÐԵõ½Á˸ü¼ÓÉîÈëµÄ±£Ö¤¡£±¾ÎÄ»ùÓÚ R – LWE ÎÊÌâÉè¼ÆÁËÒ»ÖÖÐµĹ«Ô¿ÃÜÂëÌåÖÆ£¬²¢¸ø ³öÁËÏà¹ØµÄÖ¤Ã÷ºÍ·ÖÎö½á¹û¡£
* »ù½ðÏîÄ¿: ºóÁ¿×ÓÊý×ÖÇ©ÃûËã·¨Ñо¿ÓëÉè¼Æ( NO. 61070219)
** ×÷Õß¼ò½é: °×½¡£¬( 1989 – ) £¬ÄУ¬Î÷°²µç×ӿƼ¼´óѧÔÚ¶Á˶ʿÑо¿Éú£¬Ñо¿·½ÏòΪÃÜÂëѧ¡£
µÚ21¾í Ò»ÖÖÐÂÐÍ»ùÓÚR-LWEµÄ¹«Ô¿ÃÜÂëÌåÖÆ °× ½¡ Áõ »Û ÕÅÈôóä ÑîÑÇÌÎ
Âú×㡬¦Ë-t¡¬¡Ü¡¬By-t¡¬¡£ 1.3 »·ÉϵIJî´íѧϰÎÊÌâ
±¾ÎÄ»ùÓÚ»·ÉϵIJî´íѧϰÎÊÌâÉè¼Æ¹«Ô¿ÃÜ ÂëÌåÖÆ£¬Á½¸öÖ÷ÒªµÄ»·ÉϵIJî´íѧϰÎÊÌⶨ
Òå[5][6]ÈçÏ¡£
¶¨Òå4(SearchR-LWEÎÊÌâ):ÁîR = Zq[x]/( xn +1) £¬n = 2k£¬k¡Ý1£¬q = 1mod2n£¬a¡Ê Rm( ÆäÖÐ m ΪһÕûÊý£¬±íʾ a µÄάÊý) £¬a Ϊ¾ùÔÈ Ëæ»úÑ¡È¡£¬e ¡Ê R Ϊ·þ´ÓijһÕý̬·Ö²¼ ¦·a µÄ²î ´í £¬Èô ÒÑ Öª b ¡Ê R £¬ÇÒ b = a ¡¤ s + e £¬Ôò ÓÉ ( a £¬b ) Çó ½â s µÄÎÊÌâ¼ÈÊÇ Search R – LWE ÎÊÌâ¡£
¶¨Òå5(DecisionR-LWEÎÊÌâ):ÁîR =
Zq[x]/(xn +1)£¬n=2k£¬k¡Ý1£¬q=1mod2n£¬s¡Ê
Rm ¾ùÔÈÑ¡È¡µÄ( ÆäÖÐ m ΪһÕûÊý£¬±íʾ s µÄά
Êý) £¬a¡ÊRm£¬e¡ÊRΪ·þ´ÓijһÕý̬·Ö²¼¦·a µÄ²î
´í£¬¼ÆËãb=a¡¤s+e£¬ÇÒb¡ÊR£¬¼ÇA Ϊ(a£¬b) s£¬¦·
µÄ·Ö²¼£¬ÔòÈçºÎÇø·Ö As£¬¦· Óë R ¡Á R ÉϵľùÔÈ·Ö²¼ ÎÊÌâ¾ÍÊÇ Decision R – LWE ÎÊÌâ¡£¶øÈç¹û Deci- sion R – LWE ÎÊÌâÊÇÀ§Äѵģ¬ÄÇô As£¬¦· ¾ÍÊÇαËæ »úµÄ¡£
2 ÐÂÐÍ»ùÓÚ R – LWE µÄ¹«Ô¿¼ÓÃÜ ·½°¸
2. 1 Ïà¹Ø²ÎÊýÑ¡Ôñ¼°ÔËËã¹æÔò з½°¸ÖÐÖ÷Òª²ÎÊýÓÐ n£¬p£¬q¡£
n: È·¶¨¼ÓÃÜ·½°¸ÖжàÏîʽµÄ×î´ó´ÎÊý¡£ÔÚ
±£Ö¤¼ÆËãЧÂʺͰ²È«ÐԵıê׼ϣ¬n ÖµÔ½´óÔ½ ºÃ£¬Ó¦¸ÃÊÇ2k¡£
q: ´óÄ£Êý£¬Í¨³£ÊÇÒ»¸öÕýÕûÊý£¬q ÖµµÄ´óС Óë¾ßÌåʵÀýÏà¹Ø¡£q ÖµÓ¦¸Ã×ã¹»´ó£¬ÕâÑù²Å¿ÉÒÔ ±£Ö¤×ã¹»¸ßµÄ°²È«ÐÔ£¬µ«ÊÇ q ÖµÔ½´óÕ¼ÓõÄϵͳ ×ÊÔ´¾Í»áÔ½¶à£¬²¢»áÔö¼ÓÕûÊý¼ÆËãÁ¿¡£
¡¤47¡¤ k¡ÊR£¬¶¨ÒåÈçÏÂÔËËã:k¡¤f(x) = kf0 +kf1x
+ …kf
n-1
xn-1
f(x)¡¤g(x) =¦²( ¦² fg)xk
ij
n-1
k = 0 i + j = k( modn)
2. 2 ÃÜÔ¿Éú³É
Ôڸ÷½°¸ÖмÓÃܹ«Ô¿ÊÇ h( x) £¬½âÃÜ˽ԿÊÇ
f ( x ) ºÍ f p ( x ) £¬Ñ¡ È¡ ·½ ·¨ Èç Ï ѡ¶¨¶àÏîʽf(x)£¬g(x)£¬Âú×ãf(x)¡¤g(x) =
0modq¡£
f( x) ¡¤fq ( x) = 1modq¡£
h(x) =fq(x) +1¡£
¹« Ô¿ Ϊ ( h ( x ) £¬g ( x ) ) £¬ ˽ Ô¿ Ϊ ( f ( x ) £¬
fp( x) ) ¡£
2. 3 ¼ÓÃܹý³Ì
¸Ã·½°¸ÖмÓÃÜʱÒýÈëËæ»ú²î´í¶àÏîʽ e( x) ¡Ê ¦·¦Á£¬¦·¦Á ÊDzÎÊýΪ ¦Á µÄijһ¸ß˹·Ö²¼£¬½«Ã÷ÎÄ
p: СģÊý£¬Í¨³£ÊÇÒ»¸öСµÄÕýÕûÊý¡£ n
2. 4 ½âÃܹý³Ì
½ÓÊÕµ½µÄÃÜÎÄÊÇ c( x) £¬Ê¹ÓÃ˽Կ f( x) ºÍ
fp(x) ¶ÔÃÜÎĽøÐнâÃܵIJ½ÖèÈçÏÂ: ¦Á(x) = f(x)¡¤c(x)
= f(x)¡¤h(x)¡¤m(x) +f(x)¡¤g(x) ¡¤e( x)
= [f(x) ¡¤fq(x) + f(x)]¡¤m(x) + f( x) ¡¤g( x) ¡¤e( x) modq (1)
= f(x)¡¤m(x)
fp(x)¡¤a(x) = fp(x)¡¤f(x)¡¤m(x)modp
= m( x) ( 2)
ÆäÖÐÔÚµÚ( 1) ²½ºÍµÚ( 2) ²½µÄ½âÃܹý³ÌÖÐÓÐ
¿ÉÄܳöÏÖ½âÃÜʧ°Ü£¬¼´µ±µÚ( 1) ²½µÄϵÊý²»ÔÚÇø ¼ä(-q£¬q]ÄÚ»òÕßµÚ(2)²½µÄϵÊýÔÚ²»ÔÚÇø
22
ÊÇֻҪѡȡºÏÊʵIJÎÊý£¬½âÃÜʧ°ÜµÄ¿ÉÄÜÐÔ»¹ÊÇ ·Ç³£Ð¡µÄ£¬»¹¿ÉÒÔ²ÉÓÃÏñNTRUÀàËÆ[7]µÄ±ÜÃâ ½âÃÜʧ°ÜµÄ·½·¨ÒÔ¼õÉÙ½âÃÜʧ°ÜµÄ¸ÅÂÊ¡£
ת»»Îª¶àÏîʽ m( x) £¬¼ÆËãÃÜÎÄΪ: c( x) ¡¤m(x) +g(x)¡¤e(x)¡£
= h( x)
¼ä ( –
pp
ÁîR=Zq[x]/(x+1)£¬¶ÔÓÚ»·ÖеÄÁ½¸ö¶à
£¬ ]Ö®¼äʱ±ã»á³öÏÖ½âÃÜʧ°ÜÏÖÏ󣬵«
Ïîʽ fºÍg£¬±íʾΪÈçÏÂÐÎʽf( x) = f0 + f1( x) +
…+f xn-1£¬g(x)=g+g(x)+…+f xn-1£¬ n-1 01 n-1
22
¡¤48¡¤
3 з½°¸µÄÐÔÄÜ·ÖÎö
±±¾©µç×ӿƼ¼Ñ§ÔºÑ§±¨ 2013 Äê
3. 3 з½°¸Óë NTRU ·½°¸µÄ±È½Ï Ä¿Ç°£¬»ùÓÚ¸ñÀíÂ۵Ĺ«Ô¿ÃÜÂë×îͨÓõıãÊÇ
NTRU£¬ËäÈ» NTRU µÄ°²È«ÐÔδµÃµ½ÑϸñµÄÖ¤Ã÷£¬ µ«ÊÇÆäÐÔÄÜÖ¸±êÔÚ¸ñÀíÂÛ¹«Ô¿ÃÜÂëÖоßÓкÜÇ¿ µÄ²Î¿¼ÐÔ£¬½ÓÏÂÀ´ÎÒÃǽ«¸Ã·½°¸Óë NTRU ·½°¸½ø ÐÐÏàÓ¦µÄ±È½Ï˵Ã÷¡£
¸Ã·½°¸µÄÃÜÔ¿Éú³É¹ý³ÌÏà¶ÔÓÚ NTRU ½ÏΪ ¼òµ¥£¬NTRU ÖаüÀ¨Á½´ÎÇóÄ£ÄæÒÔ¼°Ò»´ÎÇóÄ£³Ë ÔËË㣬µ«ÔÚ±¾·½°¸ÖÐÖ»ÐèÒªÒ»´ÎÇóÄ£ÄæºÍÒ»´ÎÇó Ä£³Ë£¬Òò´Ë±¾·½°¸µÄÃÜÔ¿Éú³É¹ý³Ì¼ÆË㸴ÔÓÐÔ½Ï µÍ¡£NTRU µÄ¼ÓÃÜËã·¨ÊÇÒ»´ÎÇóÄ£³ËºÍÄ£¼ÓÔË Ë㣬½âÃÜË㷨ΪÁ½´ÎÇóÄ£³ËÔËË㣬±¾·½°¸ÔÚ¼ÓÃÜ ¹ý³ÌºÍ½âÃܹý³ÌÉÏÓë NTRU ¼ÓÃÜËã·¨ÀàËÆ£¬Ð§ÂÊ Ïàͬ¡£
ÁíÍ⣬¸Ã·½°¸Í¬ NTRU ·½°¸ÀàËÆ£¬¶¼´æÔÚÒ» ¶¨µÄ½âÃÜʧ°ÜÎÊÌ⣬¸Ã·½°¸µÄ½âÃÜʧ°ÜÎÊÌâͬÑù ¿ÉÒÔ²ÉÓà NTRU ¼ÓÃÜ·½°¸½âÃÜʧ°ÜÎÊÌâµÄ½â¾ö ·½°¸À´½â¾ö¡£
4 ½áÊøÓï
±¾ÎÄ»ùÓÚ R – LWE ÎÊÌâÉè¼ÆÁËÒ»ÖÖ¹«Ô¿¼Ó ÃÜÌåÖÆ£¬¸Ã¼ÓÃÜÌåÖÆºÍ NTRU ÀàËÆ£¬¾ßÓиñÀíÂÛ ¹«Ô¿ÃÜÂëÌåÖƿɵֿ¹Á¿×Ó¹¥»÷ºÍÔËËã¼òµ¥µÄÓÅ µã£¬µ«ÊÇ»ùÓÚµÄÀ§ÄÑÎÊÌâÓÐËù²»Í¬£¬ÔÚÃÜÔ¿Éú³É ¹ý³ÌÉϵÄËã·¨¸´ÔÓ¶ÈÂÔµÍÓÚ NTRU ·½°¸¡£µ«ÊÇ ¸Ã·½°¸µÄ¹«Ô¿ºÍÃÜÔ¿³É¶¼½Ï´ó£¬²¢ÇÒ»¹´æÔÚÒ»¶¨ µÄ½âÃÜ´íÎóÏÖÏó£¬ÈçºÎ½â¾öÕâЩÎÊÌ⣬½«³ÉΪÏ һ²½¹¤×÷µÄÑо¿Öص㡣
²Î¿¼ÎÄÏ×:
[1]HOFFSTEIN J£¬PIPHER J£¬SILVERMAN J H. NTRU : A ring – based public key cryptosystem [C]. Proceedings of the 3rd International Sympo- sium ( ANTS – III) £¬LNCS 1423£¬1998: 267
– 288.
[2]Regev O. On lattices£¬learning with errors£¬ran-
dom linear codes£¬and cryptography[C]. In Pro-
3. 1 з½°¸µÄ°²È«ÐÔÖ¤Ã÷
¶¨Àí: Èç¹û¶Ôз½°¸´æÔÚÒ»¸öÔËÐÐʱ¼ä T ÄÜ
³É¹¦»ñµÃ m( x) µÄ IND – CPA Ëã·¨£¬Ôò´æÔÚÒ»¸ö ÔËÐÐʱ¼äΪT’ =T+O(n)µÄËã·¨¿ÉÒÔ½â¾ö Search R – LWE ÎÊÌâ¡£
Ö¤Ã÷:ÁîAΪ¸ø¶¨·½°¸µÄIND-CPA¹¥»÷Ëã ·¨£¬À´¹¹ÔìÒ»¸öÇó½â Search R – LWE ÎÊÌâµÄËã ·¨ B¡£¸ø¶¨ÎÊ´ðÆ÷ O £¬Ö÷ÒªÓÃÓÚ´Ó As£¬¦· ÖнøÐгé Ñù(As£¬¦·Îª(a£¬b)µÄ·Ö²¼£¬ÆäÖÐb=a¡¤s+e£¬e¡Ê R ·þ´ÓijһÕý̬·Ö²¼) ¡£Ëã·¨ B ÀûÓÃÎÊ´ðÆ÷ O ´Ó A s £¬¦· ÖÐ µÃ µ½ Ò» ¸ö Ñù ±¾ ( a £¬b ) £¬Æä ÖÐ b = a ¡¤ s + e £¬ e ¡Ê R ·þ´ÓijһÕý̬·Ö²¼¡£Ëã·¨ B Ìá³ö¶ÔÑù±¾ ( a£¬b) µÄÌôÕ½£¬Ïëͨ¹ý ( a£¬b) Çó½âµÃµ½ s ¡£Ëã·¨ Bͨ¹ýÊʵ±µÄ¹¹ÔìÉú³Éb’ =as+ge£¬½«(a£¬b’) ·¢Ë͸øËã·¨A£¬ËãA½ÓÊÕµ½(a£¬b’)ÒÔºó£¬Í¨¹ýÉÏ Êö·½°¸µÄ½âÃܹý³Ì±ã¿ÉÒԵõ½ÏàÓ¦µÄ s ¡£ËùÒÔ ÎÒÃÇͨ¹ý±¾·½°¸ IND – CPA ¹¥»÷Ëã·¨¹¹Ôì³öµÄ Ëã·¨¿ÉÒÔÇó½â Search R – LWE ÎÊÌâ¡£×ÛÉÏËù Êö£¬¸Ãз½°¸ÊÇÂú×ãÓïÒ尲ȫµÄ¡£
3. 2 з½°¸µÄЧÂÊ·ÖÎö
з½°¸ÔÚÃÜÔ¿Ñ¡È¡µÄ¹ý³ÌÖÐÐèÒªµÃµ½Âú×ã f( x) ¡¤g( x) = 0modq£¬f( x) ¡¤fq( x) = 1modq ºÍ h(x) =fq(x) +1µÄÃÜÔ¿£¬Òò´ËÃÜÔ¿µÄÉú³Éʱ¼ä ¹ý³¤£¬µ«ÊÇ¿¼Âǵ½ÃÜԿϵͳÔÚʵ¼ÊÓ¦ÓÃʱ´ó¶à¶¼ ÊÇ ²É È¡¡°¶à ´Î Ò» ÃÜ ¡±·½ ʽ ½ø ÐÐ £¬Òò ´Ë ÔÚ Êµ ¼Ê Ó¦ Óà Öв»±Øÿ´Î¶¼²úÉúеÄÃÜÔ¿¶Ô£¬Òò´Ë²»»á½Ï´óµÄ Ó°Ïì¸Ã·½°¸µÄË㷨ЧÂÊ¡£
¶ÔÓڸ÷½°¸µÄ½âÃܹý³ÌºÍ¼ÓÃܹý³Ì£¬ÎÒÃǶ¼ ÊDzÉÓüòµ¥µÄ¶àÏîʽģ³ËºÍ¶àÏîʽģ¼ÓËã·¨£¬Õâ ÖÖËã·¨ÏßÐÔÔËË㣬Ïà¶ÔÓÚĿǰͨÓõĴóÕûÊý·Ö½â ÎÊÌâ¡¢ÀëÉ¢¶ÔÊýÎÊÌâÒÔ¼°ÍÖÔ²ÇúÏßÎÊÌâÀ´Ëµ£¬¶¼ ´ó´ó½µµÍÁËÔËËãµÄ¸´ÔӶȣ¬¿ÉÒÔÓÐЧµØÌá¸ßÎÒÃÇ µÄÊý¾Ý¼Ó½âÃÜËٶȡ£
×ÛÉÏËùÊö£¬¸Ã·½°¸¾ßÓнϸߵÄЧÂÊ¡£
µÚ21¾í Ò»ÖÖÐÂÐÍ»ùÓÚR-LWEµÄ¹«Ô¿ÃÜÂëÌåÖÆ °× ½¡ Áõ »Û ÕÅÈôóä ÑîÑÇÌÎ
ceedings of STOC£¬2005£¬pp. 113 – 117. [3]Gentry C£¬Peikert C£¬and Vaikuntanathan V.
Trapdoors for hard lattices and new cryptographic constructions[C]. STOC¡¯08£¬Victoria£¬BC£¬ Canada£¬ACM£¬2008: 197 – 206.
[4]Peikert C. Public – key cryptosystems from the worst – case shortest vector problem[C]. STOC¡¯ 09£¬Maryland£¬USA£¬ACM£¬2009: 333 – 342.
[5]LYUBASHEVSHY V£¬PEIKERT C£¬REGEV O.
¡¤49¡¤ On ideal lattice and learning with errors over rings
[C]. In Eurocrypt 2010£¬LNCS 6110£¬Spring – Verlag£¬2010: 1 – 23.
[6]ÕŽ¨º½£¬ºØ½¡£¬ºúÓèå§. »ùÓÚ R – LWE µÄÐÂÐÍ NTRU ¼ÓÃÜ·½°¸[J]. µç×ӿƼ¼. 2012. 5. 15. [7]ÀîÐÂÉ磬ÕÅÓ¯£¬ºúÓèå§. Ò»ÖÖ NTRU ½âÃÜʧ°ÜÑÐ
¾¿·½°¸µÄ·ÖÎöºÍ¸Ä½ø[J]. Ó¦ÓÃÊýѧѧ±¨. 2008 Äê 7 ÔÂ. µÚ 31 ¾í£¬µÚ 4 ÆÚ.
A New Public – key Cryptosystem Based on R – LWE
Bai Jian1£¬2 Liu Hui1£¬2 Zhang Ruoqing1£¬2 Yang Yatao2
1. Beijing Electronic Science and Technology Institute£¬Beijing 100070£¬China
2. School of Telecommunication Engineering£¬Xi’dian University£¬Xi’an£¬710071£¬China Abstract: Public – key cryptosystems based on lattice is post – quantum cryptography and the efficiency is high£¬which now becomes a hot topic. Public – key cryptosystem is designed based on the learning with errors over ring in lattice. We give the choice of parameters and how to generate the keys£¬encrypt
theplaintextanddecryptthecipertextindetails. Andalso£¬thesecurityofthispublic-keycryptosys- tem and the analysis of efficiency are discussed. In the end£¬we compare the public – key cryptosystem with NTRU.
Keywords: Cryptography; Post – quantum Cryptosystem; Public – key Cryptosystem Based on Lattice; R – LWE ( Learning with Errors over Rings) ; Public – key Cryptosystem Based on R – LWE
( ÔðÈαà¼: ÍõÂüÖé)