Results 1 
3 of
3
Accelerating lattice reduction with FPGAs
 IN PROCEEDINGS OF THE FIRST INTERNATIONAL CONFERENCE ON PROGRESS IN CRYPTOLOGY: CRYPTOLOGY AND INFORMATION SECURITY IN LATIN
, 2010
"... We describe an FPGA accelerator for the Kannan–Fincke– Pohst enumeration algorithm (KFP) solving the Shortest Lattice Vector Problem (SVP). This is the first FPGA implementation of KFP specifically targeting cryptographically relevant dimensions. In order to optimize this implementation, we theoreti ..."
Abstract

Cited by 6 (2 self)
 Add to MetaCart
(Show Context)
We describe an FPGA accelerator for the Kannan–Fincke– Pohst enumeration algorithm (KFP) solving the Shortest Lattice Vector Problem (SVP). This is the first FPGA implementation of KFP specifically targeting cryptographically relevant dimensions. In order to optimize this implementation, we theoretically and experimentally study several facets of KFP, including its efficient parallelization and its underlying arithmetic. Our FPGA accelerator can be used for both solving standalone instances of SVP (within a hybrid CPU–FPGA compound) or myriads of smaller dimensional SVP instances arising in a BKZtype algorithm. For devices of comparable costs, our FPGA implementation is faster than a multicore CPU implementation by a factor around 2.12.
Lattice Cryptography for the Internet
, 2014
"... In recent years, latticebased cryptography has been recognized for its many attractive properties, such as strong provable security guarantees and apparent resistance to quantum attacks, flexibility for realizing powerful tools like fully homomorphic encryption, and high asymptotic efficiency. Inde ..."
Abstract

Cited by 6 (1 self)
 Add to MetaCart
In recent years, latticebased cryptography has been recognized for its many attractive properties, such as strong provable security guarantees and apparent resistance to quantum attacks, flexibility for realizing powerful tools like fully homomorphic encryption, and high asymptotic efficiency. Indeed, several works have demonstrated that for basic tasks like encryption and authentication, latticebased primitives can have performance competitive with (or even surpassing) those based on classical mechanisms like RSA or DiffieHellman. However, there still has been relatively little work on developing lattice cryptography for deployment in realworld cryptosystems and protocols. In this work we take a step toward that goal, by giving efficient and practical latticebased protocols for key transport, encryption, and authenticated key exchange that are suitable as “dropin ” components for proposed Internet standards and other open protocols. The security of all our proposals is provably based (sometimes in the randomoracle model) on the wellstudied “learning with errors over rings” problem, and hence on the conjectured worstcase hardness of problems on ideal lattices (against quantum algorithms). One of our main technical innovations (which may be of independent interest) is a simple, lowbandwidth reconciliation technique that allows two parties who “approximately agree ” on a secret value to reach exact agreement, a setting common to essentially all latticebased encryption schemes. Our technique reduces the ciphertext length of prior (already compact) encryption schemes nearly twofold, at essentially no cost. 1
Technion
, 2014
"... We build a system that provides succinct noninteractive zeroknowledge proofs (zkSNARKs) for program executions on a von Neumann RISC architecture. The system has two components: a cryptographic proof system for verifying satisfiability of arithmetic circuits, and a circuit generator to translate ..."
Abstract
 Add to MetaCart
We build a system that provides succinct noninteractive zeroknowledge proofs (zkSNARKs) for program executions on a von Neumann RISC architecture. The system has two components: a cryptographic proof system for verifying satisfiability of arithmetic circuits, and a circuit generator to translate program executions to such circuits. Our design of both components improves in functionality and efficiency over prior work, as follows. Our circuit generator is the first to be universal: it does not need to know the program, but only a bound on its running time. Moreover, the size of the output circuit depends additively (rather than multiplicatively) on program size, allowing verification of larger programs. The cryptographic proof system improves proving and verification times, by leveraging new algorithms and a pairing library tailored to the protocol. We evaluated our system for programs with up to 10,000 instructions, running for up to 32,000 machine steps, each of which can arbitrarily access randomaccess memory; and also demonstrated it executing programs that use justintime compilation. Our proofs are 230 bytes long at 80 bits of security, or 288 bytes long at 128 bits of security. Typical verification time is 5 milliseconds, regardless of the original program’s running time.