• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.34 no.2
• /
• pp.157-166
• /
• 2024

Probability of decryption failure of a public key cryptography based on LWE(learning with errors) is determined by its architecture and parameter settings. Since large decryption failure probability leads to attacks[1] on scheme as well as degradation of performance, TiGER[2], a Ring-LWE(R)-based KEM proposed for the first round of KpqC, tried to reduce the decryption failure probability by using error correction code Xef and D2 encoding method. However, D'Anvers et al. has shown that the commonly assumed independence of each bit error is not established since in the case of an encryption scheme based on Ring-LWE(R) using an error correction code, there is error dependency which is not negligible[3]. In this paper, since TiGER does not consider the error dependency, we calcualte the decryption failure probability of TiGER by considering the error dependency. In addition, we found that the bit error probability is incorrectly calculated in TiGER, so we present the correct calculation.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.13 no.12
• /
• pp.6260-6276
• /
• 2019

With the rapid development of cloud computing, it raises real questions on privacy protection, which greatly limits the use of cloud computing. However, fully homomorphic encryption (FHE) can make cloud computing consistent with privacy. In this paper, we propose a simpler FHE scheme based on ring LWE problem, with a smaller size of ciphertext and a lower noise-expansion factor for homomorphic multiplication. Then based on our optimized RLWE-based FHE scheme, we propose a fast single-database private information retrieval protocol, combining with batching and number theoretic transform technology.

• Proceedings of the IEEK Conference
• /
• 1999.11a
• /
• pp.368-371
• /
• 1999

In this paper, we propose a neural network processor architecture with on-chip learning and with reconfigurability according to the data dependencies of the algorithm applied. For the neural network model applied, the proposed architecture can be configured into either SIMD or SRA(Systolic Ring Array) without my changing of on-chip configuration so as to obtain a high throughput. However, changing of system configuration can be controlled by user program. To process activation function, which needs amount of cycles to get its value, we design it by using PWL(Piece-Wise Linear) function approximation method. This unit has only single latency and the processing ability of non-linear function such as sigmoid gaussian function etc. And we verified the processing mechanism with EBP(Error Back-Propagation) model.