HTML5 Webook

44/64

42Research HighlightsNew cryptographic technology for the quantum computer ageProposal of Public Key Encryption based on Lattices for International StandardizationPROTECTFig.1 : Transition of public key encryptionIt has been known that a quan-tum computer of suicient per-formance is capable of breaking RSA and discrete logarithm problems, which are currently used to secure com-munications over the Internet. At the same time, the commercialization of quantum computers and their availability as a free-of-charge cloud service in re-cent years reflect the progress made in their performance and penetration. It is therefore possible that current public key encryption will be unable to provide se-cure communications sometime in the future (Fig.1). To protect the communication of infor-mation in the age of quantum computers, the Cybersecurity Research Institute of NICT developed LOTUS (Learning with errOrs based encryption with chosen ci-phertexT secUrity for poSt quantum era) as a new cryptosystem that aims to satis-fy the following conditions:(1) Quantum-resistant: Must be dii-cult to break even by quantum computers(2) Versatile: Must be applicable to browsers, databases, and many communication, transportation, and industrial systems. LOTUS is a lattice-based cryptosys-tem*1 based, in particular, on the LWE “A base cryptosys-tem is added with functionality”problem*2, which has been intensively studied of late. The LOTUS team at Se-curity Fundamentals Laboratory ex-plains the design rationale of LOTUS as follows: “It is achieved by first con-figuring a base cryptosystem and then adding functionality for checking the structure of ciphertext at the time of decryption.”This cryptographic technology is a first-round candidate in the PQC stan-dardization process held by the Na-tional Institute of Standards and Tech-nology (NIST) of the United States. All submitted candidates, including LO-TUS, are being analyzed by experts in this field for a period of three years or more that started at the end of 2017 to choose a new standard for the future.Footnote*1 Lattice-based cryptosystemA set of points arranged in a regular way in space is called a lattice and a cipher that ensures safety by using the mathematical properties of a lat-tice is called a lattice-based cryptosystem. Here, expressing the property of regular arrangement as a matrix enables encryption and decryption processing to be performed in parallel, ensuring ecient implementations.*2 LWE problemShort for Learning with Errors problem. Given a set of simultaneous linear equations in which the number of equations is greater than the number of variables, this problem consists of finding an integer solution such that the dierence between the left side and right side of each equation be-comes small. It has been shown that this problem is as hard as the lattice shortest vector problem depending on parameters, which indicates that nding a solution would take an extremely large amount of time even for a quantum computer.