APPQC: Advanced Practical Post-Quantum Cryptography From Lattices

APPQC：来自格的高级实用后量子密码学

• 批准号: EP/Y02432X/1
• 负责人: Martin Albrecht
• 金额: $ 203.15万
• 依托单位: King's College London
• 依托单位国家: 英国
• 项目类别: Research Grant
• 财政年份: 2024
• 资助国家: 英国
• 起止时间: 2024 至 无数据
• 项目状态: 未结题
• 来源: https://gtr.ukri.org/projects?ref=EP%2FY02432X%2F1
• 关键词: APPQC; Advanced; Practical; Post; Quantum

Standardisation efforts for post-quantum public-key encryption and signatures are close to completion. At the same time the most recent decade has seen the deployment, at scale, of more advanced cryptographic algorithms where no efficient post-quantum candidates exist. These algorithms e.g. permit to give strong guarantees even after some parties were compromised, privacy-preserving contact lookups, credentials and e-cash. This project will tackle the challenge of "lifting" such constructions to the post-quantum era by pursuing three guiding questions:- What is the cost of solving lattice problems with and without hints on a quantum computer? Answers to this question will provide confidence in the entire stack of lattice-based cryptography from "basic" to "advanced". Studying the presence of hints tackles side-channel attacks and advanced constructions.- What are the lattice assumptions that establish feature- and (near) performance-parity with pre-quantum cryptography? Standard lattice assumptions do not seem to establish feature parity with pairing-based or even some Diffie-Hellman-based pre-quantum constructions, how can we achieve efficient and secure advanced practical post-quantum solutions?- How efficient is a careful composition of lattice-base cryptography with other assumptions? If we want to deploy our post-quantum solutions in practice, we will need to design hybrid schemes that are secure if either of their pre- or post-quantum part is secure and to deploy many advanced lattice-based primitives in practice we need to carefully compose them with zero-knowledge proofs to rule out some attacks.Lattice-based cryptography has established itself as a key technology to realise both efficient basic primitives like post-quantum encryption and advanced solutions such as computation with encrypted data and programs. It is thus well positioned to tackle the middle ground of advanced yet practical primitives for phase 2 of the post-quantum transition.

后量子公钥加密和签名的标准化工作已接近完成。与此同时，最近十年已经大规模部署了更先进的加密算法，但不存在有效的后量子候选算法。这些算法例如即使在某些方受到损害、保护隐私的联系人查找、凭证和电子现金之后，也可以提供强有力的保证。该项目将通过追求三个指导性问题来解决将此类结构“提升”到后量子时代的挑战：-在量子计算机上有或没有提示的情况下解决晶格问题的成本是多少？这个问题的答案将为整个基于格的密码学从“基础”到“高级”堆栈提供信心。研究提示的存在可以解决侧信道攻击和高级构造。- 与前量子密码学建立特征和（接近）性能同等的格假设是什么？标准晶格假设似乎无法与基于配对甚至某些基于 Diffie-Hellman 的前量子结构建立特征奇偶性，我们如何才能实现高效且安全的先进实用后量子解决方案？- 晶格的精心组合有多高效- 具有其他假设的基础密码学？如果我们想在实践中部署我们的后量子解决方案，我们将需要设计安全的混合方案，如果它们的前量子部分或后量子部分是安全的，并且在实践中部署许多先进的基于晶格的原语，我们需要用零知识证明仔细地组合它们，以排除一些攻击。基于格的密码学已成为实现后量子加密等高效基本原语和加密数据和程序计算等高级解决方案的关键技术。因此，它能够很好地解决后量子转变第二阶段的先进而实用的原语的中间立场。