International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 28 November 2015

Eric Crockett, Chris Peikert
ePrint Report ePrint Report
This work describes the design and implementation of \\lol, a

general-purpose software library for lattice cryptography, written in

the functional and strongly typed language Haskell. In comparison

with several prior implementations of lattice-based cryptographic

schemes, \\lol has several novel and distinguishing features,

which include:

* \\emph{Generality and modularity:} \\lol defines simple but

general interfaces for the lattice cryptography ``toolbox,\'\'

allowing for a wide variety of cryptographic schemes to be expressed

very naturally and concisely. For example, we implement an advanced

fully homomorphic encryption (FHE) scheme in as few as 2--5 lines of

code per feature, via code that very closely matches the scheme\'s

mathematical definition.

* \\emph{Parallelism:} \\lol automatically exploits multi-core

parallelism, achieving nearly linear speedups per core. It also

allows for the use of other parallel ``backends\'\' (e.g., based on

GPUs or other specialized hardware), with no changes to application

code.

* \\emph{Theory affinity:} \\lol is designed from the ground-up

around the specialized ring representations, fast algorithms, and

worst-case hardness proofs that have been developed for the Ring-LWE

problem and its cryptographic applications. In particular, \\lol

implements fast algorithms for sampling from

\\emph{theory-recommended} error distributions over \\emph{arbitrary}

cyclotomic rings, and provides tools for maintaining tight control

of error growth in cryptographic schemes.

* \\emph{Advanced features:} \\lol exposes the rich \\emph{hierarchy}

of cyclotomic rings to cryptographic applications. We use this to

give the first-ever implementation of a set of FHE operations

collectively known as ``ring switching,\'\' and also describe a more

efficient variant that we call ``ring tunneling.\'\'

Finally, we document a variety of perspectives, objects, and

algorithms related to practical and theoretically sound usage of

Ring-LWE in cyclotomic rings, which we believe will serve as a useful

reference for future implementations.

Expand

Additional news items may be found on the IACR news page.