Shopping Cart

No products in the cart.

IEEE 1363.1-2008

$62.83

IEEE Standard Specification for Public Key Cryptographic Techniques Based on Hard Problems over Lattices

Published By Publication Date Number of Pages
IEEE 2008
Guaranteed Safe Checkout
Category:

If you have any questions, feel free to reach out to our online customer service team by clicking on the bottom right corner. We’re here to assist you 24/7.
Email:[email protected]

New IEEE Standard – Inactive-Reserved. Specifications of common public-key cryptographic techniques based on hard problems over lattices supplemental to those considered in IEEE 1363 and IEEE P1363a, including mathematical primitives for secret value (key) derivation, public-key encryption, identification and digital signatures, and cryptographic schemes based on those primitives. Specifications of related cryptographic parameters, public keys and private keys. Class of computer and communications systems is not restricted.

PDF Catalog

PDF Pages PDF Title
1 IEEE Std 1363.1-2008 Front Cover
3 Title Page
6 Introduction
Notice to users
Laws and regulations
Copyrights
7 Updating of IEEE documents
Errata
Interpretations
Patents
Participants
9 CONTENTS
11 Important Notice
1. Overview
1.1 Scope
1.2 Purpose
12 2. Normative references
3. Definitions, acronyms, and abbreviations
3.1 Definitions
19 3.2 Acronyms and abbreviations
21 4. Types of cryptographic techniques
4.1 General model
4.2 Schemes
22 4.3 Additional methods
4.4 Algorithm specification conventions
23 5. Mathematical notation
25 6. Polynomial representation and operations
6.1 Introduction
6.2 Polynomial representation
6.3 Polynomial operations
6.3.1 Polynomial multiplication
6.3.2 Reduction of a polynomial mod q
6.3.3 Inversion in (Z/qZ)[X]/(XN – 1)
28 7. Data types and conversions
7.1 Bit strings and octet strings
7.2 Converting between integers and bit strings (I2BSP and BS2IP)
7.2.1 Integer to bit string primitive (I2BSP)
29 7.2.2 Bit string to integer primitive (BS2IP)
7.3 Converting between integers and octet strings (I2OSP and OS2IP)
7.3.1 Integer to octet string primitive (I2OSP)
7.3.2 Octet string to integer primitive (OS2IP)
30 7.4 Converting between bit strings and right-padded octet strings (BS2ROSP and ROS2BSP)
7.4.1 Bit string to right-padded octet string primitive (BS2ROSP)
7.4.2 Right-padded octet string to bit string primitive (ROS2BSP)
31 7.5 Converting between ring elements and bit strings (RE2BSP and BS2REP)
7.5.1 Ring element to bit string primitive (RE2BSP)
7.5.2 Bit string to ring element primitive (BS2REP)
32 7.6 Converting between ring elements and octet strings (RE2OSP and OS2REP)
7.6.1 Ring element to octet string primitive (RE2OSP)
7.6.2 Octet string to ring element primitive (OS2REP)
8. Supporting algorithms
8.1 Overview
33 8.2 Hash functions
8.3 Encoding methods
8.3.1 General
8.3.2 Blinding polynomial generation methods (BPGM)
34 8.4 Supporting algorithms
8.4.1 Mask generation functions
35 8.4.2 Index generation function
38 9. Short vector encryption scheme (SVES)
9.1 Encryption scheme (SVES) overview
9.2 Encryption scheme (SVES) operations
9.2.1 Key generation
39 9.2.2 Encryption operation
41 9.2.3 Decryption operation
43 9.2.4 Key pair validation methods
9.2.5 Public key validation
45 Annex A (informative) Security considerations
A.1 Lattice security: background
A.1.1 Lattice definitions
46 A.1.2 Hard lattice problems
A.1.3 Theoretical complexity of hard lattice problems
A.1.4 Lattice reduction algorithms
47 A.1.5 The Gaussian heuristic and the closest vector problem
48 A.1.6 Modular lattices: definition
A.1.7 Modular lattices and quotient polynomial rings
A.1.8 Balancing CVP in modular lattices
49 A.1.9 Fundamental CVP ratios in modular lattices
A.1.10 Creating a balanced CVP for modular lattices containing a short vector
50 A.1.11 Modular lattices containing (short) binary vectors
51 A.1.12 Convolution modular lattices
A.1.13 Heuristic solution time for CVP in modular lattices
52 A.1.14 Zero-forcing
A.2 Experimental solution times for NTRU lattices—full key recovery
A.2.1 Experimental solution times for NTRU lattices using BKZ reduction
54 A.2.2 Alternative target vectors
A.3 Combined lattice and combinatorial attacks on LBP-PKE keys and messages
A.3.1 Overview
A.3.2 Lattice strength
55 A.3.3 Reduced lattices and the “cliff”
A.3.3.1 Running time to obtain a given profile
56 A.3.3.2 The cliff height α and ps
58 A.3.4 Combinatorial strength
A.3.4.1 Combinatorial attacks on LBP-PKE keys and messages
A.3.4.2 Combinatorial strength in the hybrid case
60 A.3.5 Summary
A.4 Other security considerations for LBP-PKE encryption
A.4.1 Entropy requirements for key and salt generation
A.4.2 Reduction mod q
A.4.3 Selection of N
A.4.4 Relationship between q and N
A.4.5 Form of q
61 A.4.6 Leakage of m’(1)
A.4.7 Relationship between p, q, and N
A.4.8 Adaptive chosen ciphertext attacks
62 A.4.9 Invertibility of g in Rq
A.4.10 Decryption failures
A.4.11 OID
63 A.4.12 Use of hash functions by supporting functions
A.4.13 Generating random numbers in [0, N – 1]
A.4.14 Attacks based on variation in decryption times
64 A.4.15 Choosing to attack r or m
A.4.16 Quantum computers
A.4.17 Other considerations
A.5 A parameter set generation algorithm
65 A.6 Possible parameter sets
A.6.1 Size-optimized
A.6.1.1 ees401ep1
66 A.6.1.2 ees449ep1
A.6.1.3 ees677ep1
67 A.6.1.4 ees1087ep2
A.6.2 Cost-optimized
68 A.6.2.1 ees541ep1
A.6.2.2 ees613ep1
69 A.6.2.3 ees887ep1
A.6.2.4 ees1171ep1
70 A.6.3 Speed-optimized
A.6.3.1 ees659ep1
71 A.6.3.2 ees761ep1
A.6.3.3 ees1087ep1
72 A.6.3.4 ees1499ep1
A.7 Security levels of parameter sets
A.7.1 Assumed security levels versus current knowledge
73 A.7.2 Potential research
74 Annex B (informative) Bibliography
IEEE 1363.1-2008
$62.83