Professional Documents
Culture Documents
Cryptacus 2018 Paper 3
Cryptacus 2018 Paper 3
c = (s1 × a1 + (1 − s1 ) × b1 mod 2,
2. Number representations
. . . , sm × am + (1 − sm ) × bm mod 2) (5)
Certain cryptographic applications need to deal with Also, there is no direct way to compute divisions.
unusually large integers. Due to hardware limitations, pro-
cessors can only handle integers with up to 32 or 64 bits.
Traditionally, larger numbers are processed by breaking their 3. Improving Babai’s Round-off
representation into words of 32 or 64 bits, and processing
them one at a time. Babai’s round-off plays a crucial role in decrypting
PnAa −1
school-book algorithm
Pnb −1to multiply cryptograms in GGH. Given a basis B generating the lattice
two numbers a = i=0 ai wi and b = j=0 bj wj with
32 64 ~zB , for ~z ∈ Zn , and an input vector ~c, Babai’s round-off
w = 2 or 2 would proceed as follows:
approximates the closest vector ~v in the lattice to ~c as:
a −1
nX b −1
nX a −1 n
nX X b −1
2 sin(x) 5 1.79
10
tan(x)/tan(1) 5 1.92 · 10−5 1.8
acos(x)/acos(0) 5 2.82 · 10−5 1.79
asin(x)/asin(1) 5 3.22 · 10−5 1.8
101 atan(x) 5 2.85 · 10−5 1.77
cosh(x)/cosh(1) 6 3.61 · 10−5 2.31
sinh(x)/sinh(1) 5 2.57 · 10−5 1.78
tanh(x) 5 3.19 · 10−5 1.79
100 exp(x)/exp(1) 6 2.38 · 10−5 2.28
1000 1200 1400 1600 1800 ln(x+1) 6 1.08 · 10−4 2.23
Lattice Dimension
Table 1. H OMOMORPHIC EVALUATION OF NONLINEAR FUNCTIONS IN A
Figure 3. GGH decryption latency in a i7 6700k I 7 5960X