The classic Leftover Hash Lemma (LHL) is one of the most useful tools in cryptography, and is often used to argue that certain distributions arising from modular subset-sums are close to uniform over some finite domain. Though extremely useful and powerful in general, the applicability of the leftover hash lemma to lattice based cryptography is limited for two reasons. First, typically the distributions we care about in lattice-based cryptography are {\em discrete Gaussians}, not uniform. Second, the elements chosen from these discrete Gaussian distributions lie in an infinite domain: a lattice rather than a finite field. In this work we prove a ``lattice world analog of LHL over infinite domains, proving that certain ``generalized subset...
Security parameters and attack countermeasures for Lattice-based cryptosystems have not yet matured ...
Many advanced lattice based cryptosystems require to sample lattice points from Gaussian distributio...
The ``learning with errors\u27\u27 (LWE) problem is to distinguish random linear equations, which ha...
Discrete Gaussian distributions over lattices are central to lattice-based cryptography, and to the ...
Lattice-based cryptography aims at harnessing the security of cryptographic primitives in the conjec...
This dissertation explores optimal algorithms employed in lattice-based cryptographic schemes. Chapt...
In the case of standard \LWE samples $(\mathbf{A},\mathbf{b = sA + e})$, $\mathbf{A}$ is typically u...
The Leftover Hash Lemma states that the output of a two-universal hash function applied to an input ...
The Leftover Hash Lemma states that the output of a two-universal hash function applied to an input ...
We show that a randomly chosen linear map over a finite field gives a good hash function in the $\el...
In security proofs of lattice based cryptography, bounding the closeness of two probability distribu...
The famous Leftover Hash Lemma (LHL) states that (almost) universal hash functions are good randomne...
Many advanced lattice based cryptosystems require to sample lattice points from Gaussian distributio...
Abstract. In security proofs of lattice based cryptography, bounding the closeness of two probabilit...
Current public key cryptosystems that are based on the hardness of integer factorization and discret...
Security parameters and attack countermeasures for Lattice-based cryptosystems have not yet matured ...
Many advanced lattice based cryptosystems require to sample lattice points from Gaussian distributio...
The ``learning with errors\u27\u27 (LWE) problem is to distinguish random linear equations, which ha...
Discrete Gaussian distributions over lattices are central to lattice-based cryptography, and to the ...
Lattice-based cryptography aims at harnessing the security of cryptographic primitives in the conjec...
This dissertation explores optimal algorithms employed in lattice-based cryptographic schemes. Chapt...
In the case of standard \LWE samples $(\mathbf{A},\mathbf{b = sA + e})$, $\mathbf{A}$ is typically u...
The Leftover Hash Lemma states that the output of a two-universal hash function applied to an input ...
The Leftover Hash Lemma states that the output of a two-universal hash function applied to an input ...
We show that a randomly chosen linear map over a finite field gives a good hash function in the $\el...
In security proofs of lattice based cryptography, bounding the closeness of two probability distribu...
The famous Leftover Hash Lemma (LHL) states that (almost) universal hash functions are good randomne...
Many advanced lattice based cryptosystems require to sample lattice points from Gaussian distributio...
Abstract. In security proofs of lattice based cryptography, bounding the closeness of two probabilit...
Current public key cryptosystems that are based on the hardness of integer factorization and discret...
Security parameters and attack countermeasures for Lattice-based cryptosystems have not yet matured ...
Many advanced lattice based cryptosystems require to sample lattice points from Gaussian distributio...
The ``learning with errors\u27\u27 (LWE) problem is to distinguish random linear equations, which ha...