检索规则说明:AND代表“并且”;OR代表“或者”;NOT代表“不包含”;(注意必须大写,运算符两边需空一格)
检 索 范 例 :范例一: (K=图书馆学 OR K=情报学) AND A=范并思 范例二:J=计算机应用与软件 AND (U=C++ OR U=Basic) NOT M=Visual
作 者:LI Haoyu LIU Renzhang LIU Zhen PAN Yanbin XIE Tianyuan
机构地区:[1]Key Laboratory of Mathematics Mechanization,NCMIS,Academy of Mathematics and Systems Science,Chinese Academy of Sciences,Beijing 100190,China [2]State Key Laboratory of Cryptology,Beijing 100878,China [3]School of Mathematical Sciences,University of Chinese Academy of Sciences,Beijing 100049,China [4]Westone Cryptologic Research Center,Westone Information Industry INC.,Beijing 100070,China
出 处:《Journal of Systems Science & Complexity》2022年第3期1173-1190,共18页系统科学与复杂性学报(英文版)
基 金:supported by the National Natural Science Foundation of China under Grant No.61572490;the National Key Research and Development Project under Grant No.2018YFA0704705;the National Center for Mathematics and Interdisciplinary Sciences,CAS。
摘 要:As a candidate of the standard of post-quantum cryptography for NIST,Liu,et al.submitted a new public-key encryption scheme Compact-LWE,whose structure is similar to LWE,but with different distribution of errors.They thought that the special error distribution would protect Compact-LWE from known lattice-based attacks.Furthermore,they recommended a set of small parameters to improve the efficiency of Compact-LWE and claimed it can offer 192-bit security.However,in this paper,the authors show that Compact-LWE is not secure under recommended parameters by presenting two ciphertext-only attacks.First,the authors show that the message can be recovered efficiently from the ciphertext.Then the authors go further to recover an equivalent private key efficiently from the public key by exploiting the special structure of Compact-LWE.
关 键 词:Ciphertext-only attack Compact-LWE NIST post-quantum cryptography
分 类 号:TN918.4[电子电信—通信与信息系统]
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在载入数据...
正在链接到云南高校图书馆文献保障联盟下载...
云南高校图书馆联盟文献共享服务平台 版权所有©
您的IP:216.73.216.28
