APPQC: Advanced Practical Post-Quantum Cryptography From Lattices

APPQC：来自格的高级实用后量子密码学

• 批准号: EP/Y02432X/1
• 负责人: Martin Albrecht
• 金额: $ 203.15万
• 依托单位: King's College London
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2024
• 资助国家: 英国
• 起止时间: 2024 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FY02432X%2F1
• 关键词: APPQC; Advanced; Practical; Post; Quantum

Standardisation efforts for post-quantum public-key encryption and signatures are close to completion. At the same time the most recent decade has seen the deployment, at scale, of more advanced cryptographic algorithms where no efficient post-quantum candidates exist. These algorithms e.g. permit to give strong guarantees even after some parties were compromised, privacy-preserving contact lookups, credentials and e-cash. This project will tackle the challenge of "lifting" such constructions to the post-quantum era by pursuing three guiding questions:- What is the cost of solving lattice problems with and without hints on a quantum computer? Answers to this question will provide confidence in the entire stack of lattice-based cryptography from "basic" to "advanced". Studying the presence of hints tackles side-channel attacks and advanced constructions.- What are the lattice assumptions that establish feature- and (near) performance-parity with pre-quantum cryptography? Standard lattice assumptions do not seem to establish feature parity with pairing-based or even some Diffie-Hellman-based pre-quantum constructions, how can we achieve efficient and secure advanced practical post-quantum solutions?- How efficient is a careful composition of lattice-base cryptography with other assumptions? If we want to deploy our post-quantum solutions in practice, we will need to design hybrid schemes that are secure if either of their pre- or post-quantum part is secure and to deploy many advanced lattice-based primitives in practice we need to carefully compose them with zero-knowledge proofs to rule out some attacks.Lattice-based cryptography has established itself as a key technology to realise both efficient basic primitives like post-quantum encryption and advanced solutions such as computation with encrypted data and programs. It is thus well positioned to tackle the middle ground of advanced yet practical primitives for phase 2 of the post-quantum transition.

后量子公钥加密和签名的标准化工作即将完成。与此同时，最近十年来，在没有有效的后量子候选者的情况下，更先进的密码算法得到了大规模的部署。例如，这些算法允许即使在某些方受到损害之后也提供强有力的保证，保护隐私的联系人查找，凭证和电子现金。该项目将通过追求三个指导性问题来解决将这种结构“提升”到后量子时代的挑战：-在量子计算机上使用和不使用提示解决晶格问题的成本是多少？这个问题的答案将提供对整个基于格的密码学堆栈的信心，从“基本”到“高级”。研究提示的存在可以解决侧信道攻击和高级构造。建立与前量子密码学的特征和（接近）性能奇偶性的晶格假设是什么？标准的晶格假设似乎不能与基于配对的甚至一些基于Diffie-Hellman的前量子构造建立特征奇偶性，我们如何才能实现有效和安全的先进实用后量子解决方案？把格基密码学与其他假设仔细组合起来，效率有多高？如果我们想在实践中部署我们的后量子解决方案，我们将需要设计混合方案，如果它们的前量子部分或后量子部分是安全的，那么它们是安全的，并且在实践中部署许多高级的基于格的原语，我们需要用零知识证明来仔细地组合它们以排除一些攻击。基于格的密码学已经确立了自己作为实现有效的基本原语（如后量子部分）和基于格的密码学的关键技术的地位。量子加密和先进的解决方案，如加密数据和程序的计算。因此，它很好地定位于解决后量子过渡阶段2的先进但实用的原语的中间地带。