{"id":239777,"date":"2016-06-17T15:36:13","date_gmt":"2016-06-17T22:36:13","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/research\/?post_type=msr-project&p=239777"},"modified":"2024-09-30T20:48:00","modified_gmt":"2024-10-01T03:48:00","slug":"lattice-cryptography-library","status":"publish","type":"msr-project","link":"https:\/\/www.microsoft.com\/en-us\/research\/project\/lattice-cryptography-library\/","title":{"rendered":"Lattice Cryptography Library"},"content":{"rendered":"

LatticeCrypto was a high-performance and portable software library that implemented lattice-based cryptographic algorithms. The first release of the library provided an implementation of lattice-based key exchange with security based on the Ring Learning With Errors (R-LWE) problem using new algorithms for the underlying Number Theoretic Transform (NTT) [1]. The chosen parameters provided at least 128 bits of security against attackers running classical and quantum computers.<\/p>\n

The library is no longer actively maintained but we are continuing to provide a link to further cryptographic research.<\/p>\n

\n

LatticeCrypto implemented the key exchange protocol proposed by Alkim, Ducas, P\u00f6ppelmann and Schwabe [3], which built upon previous work by Bos, Costello, Naehrig and Stebila [2], and was an instantiation of Peikert’s key exchange [4]. The implementation incorporated then novel techniques for computing the Number Theoretic Transform to achieve higher performance. The library was fully protected against timing and cache attacks (i.e., all operations on secret data run in constant time) and was significantly faster than previous implementations at the time, e.g., it was up to 1.4 times faster than the previously fastest R-LWE key exchange implementation at the same security level [3].<\/p>\n

The need for post-quantum cryptography<\/h1>\n

A large-scale quantum computer breaks most public-key cryptography that is currently used on the internet such as RSA encryption and digital signatures, ECDH key exchange and ECDSA signatures. Even if no such quantum computer exists today, the prospect of one being built in the not-too-distant future makes it necessary to prepare our cryptography infrastructure and protect our data\u00a0against\u00a0future attacks\u00a0now. This release is part of a larger effort to identify and deploy asymmetric cryptographic schemes that resist quantum attacks and can replace vulnerable algorithms.<\/p>\n

R-LWE-based cryptography<\/h1>\n

The R-LWE problem was introduced by Lyubashevsky, Peikert, and Regev in [5] as a hard lattice problem for constructing cryptographic schemes. Its additional ring structure leads to significant efficiency and bandwidth improvements over schemes built from the Learning With Errors (LWE) problem introduced by Regev in [6]. Solving the R-LWE problem is currently believed to be infeasible even for a quantum computer, which makes schemes based on its hardness candidates for post-quantum cryptography.<\/p>\n

The LatticeCrypto Library:<\/h2>\n