Advances Post-Quantum Aggregation with Code-Based Homomorphic Encryption and LPN

Researchers are tackling the critical challenge of secure aggregation , enabling collaborative data analysis without compromising individual privacy , in a world rapidly approaching the era of quantum computing. Sebastian Bitzer, Maximilian Egger, Mumin Liu, and Antonia Wachter-Zeh, all from the Technical University of Munich, demonstrate a novel post-quantum approach to aggregation, moving beyond the commonly used lattice-based methods to a code-based alternative founded on the Learning Parity with Noise (LPN) assumption. This work is significant because it introduces a new framework utilising key- and message-additive homomorphic encryption, incorporating clever optimizations like a committee-based decryptor and Chinese Remainder Theorem, potentially offering improved efficiency and security compared to existing information-theoretically secure protocols. Their analysis, grounded in a new Hint-LPN assumption, establishes the scheme’s equivalence to standard LPN, paving the way for practical, quantum-resistant aggregation solutions.

This breakthrough addresses a critical need for cryptographic agility and resilience against potential advances in quantum computing and lattice cryptanalysis. The team achieved this by instantiating a general framework for aggregation using a key- and message-additive homomorphic encryption scheme, specifically designed with a novel code-based construction.

Central to this innovation is a committee-based decryptor, realised through secret sharing, and a Chinese Remainder Theorem (CRT)-based optimisation. This optimisation strategically decomposes aggregation across multiple smaller moduli, substantially reducing the communication costs associated with LPN-based instantiations and potentially benefiting other secure aggregation constructions. The study rigorously analyses the security of the proposed scheme under a new “Hint-LPN” assumption, demonstrating its equivalence to standard LPN for appropriately chosen parameters, a result that may prove valuable for future cryptographic constructions and side-channel leakage analysis. Experiments show that the framework’s performance is competitive, identifying parameter regimes where the LPN-based approach surpasses information-theoretically secure aggregation protocols.
The research establishes a general framework for secure aggregation built upon key- and message-additive homomorphic encryption, with a unique code-based instantiation. Scientists propose a novel scheme that relies on the hardness of the Learning Parity with Noise (LPN) problem, a coding-theoretic assumption known for its plausibly post-quantum security. This construction incorporates a committee-based decryptor, implemented using secret sharing, and a CRT-based optimisation to minimise communication overhead. The team’s detailed security analysis, conducted under the new Hint-LPN assumption, confirms its equivalence to standard LPN under suitable parameter settings, potentially offering broader implications for code-based cryptography.

Furthermore, the study unveils performance evaluations demonstrating that, while LPN-based instantiations may incur higher communication costs than lattice-based schemes, the proposed approach outperforms information-theoretically secure protocols in specific parameter regimes. A SageMath tool has been made available to facilitate parameter optimisation, enabling practical implementation and further exploration of this promising technique. This work opens avenues for developing more robust and versatile secure aggregation protocols, crucial for safeguarding sensitive data in increasingly interconnected and computationally powerful environments.

LPN-Based Secure Aggregation via Secret Sharing enables privacy-preserving

Scientists engineered a novel secure aggregation protocol leveraging code-based cryptography, specifically the Learning Parity with Noise (LPN) assumption, to circumvent vulnerabilities posed by quantum computing. The research team developed a framework centred around key- and message-additive homomorphic encryption, pioneering a code-based instantiation for enhanced security and resilience. This approach addresses limitations in existing lattice-based methods by exploring an alternative post-quantum hardness assumption, offering crypto-agility against evolving cryptanalytic advances. The study pioneered a committee-based decryptor realised via secret sharing, enabling the aggregation of inputs from multiple parties without revealing individual contributions.

Researchers implemented a Chinese Remainder Theorem (CRT)-based optimisation, strategically decomposing aggregation across multiple smaller moduli to substantially reduce the communication costs associated with LPN-based instantiations. This innovative technique not only improves efficiency but also holds potential benefits for other secure aggregation constructions, demonstrating a versatile methodological advancement. Experiments employed a new Hint-LPN assumption for security analysis, demonstrating its equivalence to standard LPN under suitable parameters, a result potentially valuable for future cryptographic constructions and side-channel leakage analysis. The team meticulously analysed the security of the proposed scheme, establishing a robust foundation for its practical application in sensitive data aggregation scenarios.

This rigorous evaluation confirms the protocol’s resilience against adversarial attacks and ensures the confidentiality of individual contributions. Furthermore, scientists evaluated the framework’s performance with concrete parameter choices, identifying regimes where the LPN-based approach outperforms information-theoretically secure aggregation protocols. A SageMath tool was developed for parameter optimisation, facilitating the fine-tuning of the system for specific application requirements and enhancing its adaptability. This detailed performance analysis, coupled with the innovative CRT optimisation, establishes a compelling case for the viability of code-based secure aggregation in federated learning and other privacy-preserving applications.

Hint-LPN Equivalence Secures Aggregation Schemes effectively

Scientists have developed a new code-based approach to secure aggregation, enabling multiple parties to combine inputs without revealing individual contributions. The research, grounded in the Learning Parity with Noise (LPN) assumption, presents a framework for key- and message-additive homomorphic encryption, offering a potentially post-quantum secure solution. Experiments demonstrate the construction employs a committee-based decryptor realised via secret sharing, and incorporates a Chinese Remainder Theorem (CRT)-based optimisation to reduce communication costs associated with LPN instantiations. The team measured the security of the proposed scheme under a new Hint-LPN assumption, proving its equivalence to standard LPN for suitable parameters.

Data shows this equivalence is crucial, potentially benefiting future cryptographic constructions and aiding in the analysis of side-channel leakage in code-based cryptography. Researchers established that for parameters chosen appropriately, Hint-LPN provides a comparable level of security to the well-studied standard LPN problem. This finding may be of independent interest for advancing code-based cryptographic techniques and enhancing their resilience against attacks. Results demonstrate the framework’s performance with concrete parameter choices, revealing trade-offs between communication costs and security levels.

While LPN-based instantiations incur higher communication overhead than lattice-based schemes, tests prove the approach outperforms information-theoretically secure protocols in specific parameter regimes. Specifically, the study identifies conditions where the CRT-based optimisation significantly reduces communication costs, making the code-based approach more efficient. A SageMath tool was developed to facilitate parameter optimisation, allowing researchers to tailor the system to specific application requirements. Scientists recorded that the protocol operates by embedding user inputs into a finite field Fq, ensuring that integer addition can be performed without overflows.

The system consists of a server, N users, and a decryptor, with each user holding a k-dimensional private input mj, which is then encrypted using a key-additive homomorphic encryption scheme. The server receives encrypted inputs, aggregates them, and forwards the result to the decryptor, who recovers the aggregate sum m = PN j=1 mj ∈Fk q.