|
Digital Signatures are a means to protect digital information from intentional modification and to authenticate the source of digital information. Public key cryptography provides a rich set of different cryptographic algorithms the create digital signatures. However, all of the public key signatures currently in use will become completely insecure if scientists are ever able to build a moderately sized quantum computer. New digital signature algorithms such as the Ring learning with errors signature (RLWE-SIG) described in this article are examples of a new class of Quantum Safe cryptographic algorithms designed to resist cryptanalytic attacks run on a quantum computer.〔 == Background == Developments in quantum computing over the past decade and the optimistic prospects for real quantum computers within 20 years have begun to threaten the basic cryptography that secures the internet. A relatively small quantum computer capable of processing only ten thousand of bits of information would easily break all of the widely used public key cryptography algorithms used to protect privacy and digitally sign information on the internet.〔〔 One of the most widely used public key algorithm used to create digital signatures is known as RSA. Its security is based on the classical difficulty of factoring the product of two large and unknown primes into the constituent primes. The integer factorization problem is believed to be intractable on any conventional computer if the primes are chosen at random and are sufficiently large. However, to factor the product of two n-bit primes, a quantum computer with roughly 6n bits of logical qubit memory and capable of executing a program known as Shor’s algorithm will easily accomplish the task. Shor's algorithm can also quickly break digital signatures based on what is known as the discrete logarithm problem and the more esoteric elliptic curve discrete logarithm problem.〔 In effect, a relatively small quantum computer running Shor's algorithm could quickly break all of the digital signatures used to ensure the privacy and integrity of information on the internet today.〔 Even though we do not know when a quantum computer to break RSA and other digital signature algorithms will exist, there has been active research over the past decade to create cryptographic algorithms which remain secure even when an attacker has the resources of a quantum computer at their disposal.〔 This new area of cryptography is called Post Quantum or Quantum Safe cryptography.〔〔 This article is about one class of these algorithms: digital signatures based on the Ring Learning with Errors problem. The use of this problem in cryptography was introduced by Oded Regev in 2005 and has been the source of several cryptographic designs. The creators of the RLWE basis for cryptography believe that an important feature of these algorithms based on Ring-Learning with Errors is their provable reduction to known hard problems. The signature described below has a provable reduction to the Shortest Vector Problem in an ideal lattice.〔 This means that if an attack can be found on the Ring-LWE cryptosystem then a whole class of presumed hard computational problems will have a solution. The first RLWE-SIG was developed by Lyubashevsky in his paper "Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures" and refined in "Lattice Signatures Without Trapdoors" in 2011. A number of refinements and variants have followed. This article highlights some features of a RLWE-SIG which closely follows the original Lyubashevsky work and is due to the work of Guneysu, Lyubashevsky and Popplemann ((GLP )).〔 A RLWE-SIG works in the quotient ring of polynomials modulo a degree n polynomial Φ(x) with coefficients in the finite field Fq for an odd prime q ( i.e. the ring Fq()/Φ(x) ).〔 Multiplication and addition of polynomials will work in the usual fashion with results of a multiplication reduced mod Φ(x). For this presentation a typical polynomial is expressed as: The field Fq has its representative elements in the set . The polynomial Φ(x) will be the cyclotomic polynomial xn + 1. 抄文引用元・出典: フリー百科事典『 ウィキペディア(Wikipedia)』 ■ウィキペディアで「Ring learning with errors signature」の詳細全文を読む スポンサード リンク
|