Minimize the Randomness in Rasta-Like Designs: How Far Can We Go?: Application to PASTA

Fabian Schmid; Christian Rechberger; Lorenzo Grassi; Fukang Liu; Roman Walch; Qingju Wang

doi:10.1007/978-3-031-82841-6_9

Minimize the Randomness in Rasta-Like Designs: How Far Can We Go? Application to PASTA

Fabian Schmid
, Christian Rechberger
, Lorenzo Grassi
, Fukang Liu
, Roman Walch
, Qingju Wang

Institute of Information Security (7050)

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Abstract

The Rasta design strategy allows building low-round ciphers due to its efficient prevention of statistical attacks and algebraic attacks by randomizing the cipher, which makes it especially suitable for hybrid homomorphic encryption (HHE), also known as transciphering. Such randomization is obtained by pseudorandomly sampling new invertible matrices for each round of each new cipher evaluation. However, naively sampling a random invertible matrix for each round significantly impacts the plain evaluation runtime, though it does not impact the homomorphic evaluation cost. To address this issue, Dasta was proposed at ToSC 2020 to reduce the cost of generating the random matrices. In this work, we address this problem from a different perspective: How far can the randomness in Rasta-like designs be reduced in order to minimize the plain evaluation runtime without sacrificing the security? To answer this question, we carefully studied the main threats to Rasta-like ciphers and the role of random matrices in ensuring security. We apply our results to the recently proposed cipher Pasta, proposing a modified version called PASTA _v2 instantiated with one initial random matrix and fixed linear layers – obtained by combining two MDS matrices with the Kronecker product – for the other rounds. Compared with Pasta, the state-of-the-art cipher for BGV- and BFV-style HHE, our evaluation shows that PASTA _v2 is up to 100 % faster in plain while having the same homomorphic runtime in the SEAL homomorphic encryption library and up to 30 % faster evaluation time in HElib, respectively.

Translated title of the contribution	Minimierung der Zufälligkeit in Rasta-ähnlichen Designs: Wie weit können wir gehen? : Anwendung auf PASTA
Original language	English
Title of host publication	Selected Areas in Cryptography – SAC 2024 - 31st International Conference, 2024, Revised Selected Papers
Subtitle of host publication	SAC 2024
Editors	Maria Eichlseder, Sébastien Gambs
Publisher	Springer
Pages	207–238
Number of pages	32
ISBN (Electronic)	978-3-031-82841-6
ISBN (Print)	978-3-031-82840-9
DOIs	https://doi.org/10.1007/978-3-031-82841-6_9
Publication status	Published - 2025
Event	Selected Areas in Cryptography 2024: SAC 2024 - Université de Québec à Montréal, Montéal, Canada Duration: 26 Aug 2024 → 30 Aug 2024 Conference number: 31st

Publication series

Name	Lecture Notes in Computer Science
Volume	15517 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	Selected Areas in Cryptography 2024
Abbreviated title	SAC
Country/Territory	Canada
City	Montéal
Period	26/08/24 → 30/08/24

Keywords

HHE
Interweaving matrix
Pasta
PASTA 2
Rasta

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Fields of Expertise

Information, Communication & Computing

Access to Document

10.1007/978-3-031-82841-6_9

https://eprint.iacr.org/2024/791.pdfLicence: CC BY 4.0

Cite this

Schmid, F., Rechberger, C., Grassi, L., Liu, F., Walch, R., & Wang, Q. (2025). Minimize the Randomness in Rasta-Like Designs: How Far Can We Go? Application to PASTA. In M. Eichlseder, & S. Gambs (Eds.), Selected Areas in Cryptography – SAC 2024 - 31st International Conference, 2024, Revised Selected Papers: SAC 2024 (pp. 207–238). (Lecture Notes in Computer Science; Vol. 15517 LNCS). Springer. https://doi.org/10.1007/978-3-031-82841-6_9

Minimize the Randomness in Rasta-Like Designs: How Far Can We Go? Application to PASTA. / Schmid, Fabian ; Rechberger, Christian; Grassi, Lorenzo et al.
Selected Areas in Cryptography – SAC 2024 - 31st International Conference, 2024, Revised Selected Papers: SAC 2024. ed. / Maria Eichlseder; Sébastien Gambs. Springer, 2025. p. 207–238 (Lecture Notes in Computer Science; Vol. 15517 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference paper › peer-review

Schmid, F , Rechberger, C, Grassi, L, Liu, F, Walch, R & Wang, Q 2025, Minimize the Randomness in Rasta-Like Designs: How Far Can We Go? Application to PASTA. in M Eichlseder & S Gambs (eds), Selected Areas in Cryptography – SAC 2024 - 31st International Conference, 2024, Revised Selected Papers: SAC 2024. Lecture Notes in Computer Science, vol. 15517 LNCS, Springer, pp. 207–238, Selected Areas in Cryptography 2024, Montéal, Canada, 26/08/24. https://doi.org/10.1007/978-3-031-82841-6_9

Schmid F , Rechberger C, Grassi L, Liu F, Walch R, Wang Q. Minimize the Randomness in Rasta-Like Designs: How Far Can We Go? Application to PASTA. In Eichlseder M, Gambs S, editors, Selected Areas in Cryptography – SAC 2024 - 31st International Conference, 2024, Revised Selected Papers: SAC 2024. Springer. 2025. p. 207–238. (Lecture Notes in Computer Science). Epub 2025 Mar 13. doi: 10.1007/978-3-031-82841-6_9

Schmid, Fabian ; Rechberger, Christian ; Grassi, Lorenzo et al. / Minimize the Randomness in Rasta-Like Designs: How Far Can We Go? Application to PASTA. Selected Areas in Cryptography – SAC 2024 - 31st International Conference, 2024, Revised Selected Papers: SAC 2024. editor / Maria Eichlseder ; Sébastien Gambs. Springer, 2025. pp. 207–238 (Lecture Notes in Computer Science).

@inproceedings{06a2e9c69f3d4cb282d59bbd679b6ca9,

title = "Minimize the Randomness in Rasta-Like Designs: How Far Can We Go?: Application to PASTA",

abstract = "The Rasta design strategy allows building low-round ciphers due to its efficient prevention of statistical attacks and algebraic attacks by randomizing the cipher, which makes it especially suitable for hybrid homomorphic encryption (HHE), also known as transciphering. Such randomization is obtained by pseudorandomly sampling new invertible matrices for each round of each new cipher evaluation. However, naively sampling a random invertible matrix for each round significantly impacts the plain evaluation runtime, though it does not impact the homomorphic evaluation cost. To address this issue, Dasta was proposed at ToSC 2020 to reduce the cost of generating the random matrices. In this work, we address this problem from a different perspective: How far can the randomness in Rasta-like designs be reduced in order to minimize the plain evaluation runtime without sacrificing the security? To answer this question, we carefully studied the main threats to Rasta-like ciphers and the role of random matrices in ensuring security. We apply our results to the recently proposed cipher Pasta, proposing a modified version called PASTA v2 instantiated with one initial random matrix and fixed linear layers – obtained by combining two MDS matrices with the Kronecker product – for the other rounds. Compared with Pasta, the state-of-the-art cipher for BGV- and BFV-style HHE, our evaluation shows that PASTA v2 is up to 100 \% faster in plain while having the same homomorphic runtime in the SEAL homomorphic encryption library and up to 30 \% faster evaluation time in HElib, respectively.",

keywords = "RASTA, PASTA, Hybride Homomorphe Verschl{\"u}sselung, HHE, Interweaving matrix, Pasta, PASTA 2, Rasta",

author = "Fabian Schmid and Christian Rechberger and Lorenzo Grassi and Fukang Liu and Roman Walch and Qingju Wang",

year = "2025",

doi = "10.1007/978-3-031-82841-6\_9",

language = "English",

isbn = "978-3-031-82840-9",

series = "Lecture Notes in Computer Science",

publisher = "Springer",

pages = "207–238",

editor = "Maria Eichlseder and S{\'e}bastien Gambs",

booktitle = "Selected Areas in Cryptography – SAC 2024 - 31st International Conference, 2024, Revised Selected Papers",

address = "United States",

note = "Selected Areas in Cryptography 2024 : SAC 2024, SAC ; Conference date: 26-08-2024 Through 30-08-2024",

}

TY - GEN

T1 - Minimize the Randomness in Rasta-Like Designs: How Far Can We Go?

T2 - Selected Areas in Cryptography 2024

AU - Schmid, Fabian

AU - Rechberger, Christian

AU - Grassi, Lorenzo

AU - Liu, Fukang

AU - Walch, Roman

AU - Wang, Qingju

N1 - Conference code: 31st

PY - 2025

Y1 - 2025

N2 - The Rasta design strategy allows building low-round ciphers due to its efficient prevention of statistical attacks and algebraic attacks by randomizing the cipher, which makes it especially suitable for hybrid homomorphic encryption (HHE), also known as transciphering. Such randomization is obtained by pseudorandomly sampling new invertible matrices for each round of each new cipher evaluation. However, naively sampling a random invertible matrix for each round significantly impacts the plain evaluation runtime, though it does not impact the homomorphic evaluation cost. To address this issue, Dasta was proposed at ToSC 2020 to reduce the cost of generating the random matrices. In this work, we address this problem from a different perspective: How far can the randomness in Rasta-like designs be reduced in order to minimize the plain evaluation runtime without sacrificing the security? To answer this question, we carefully studied the main threats to Rasta-like ciphers and the role of random matrices in ensuring security. We apply our results to the recently proposed cipher Pasta, proposing a modified version called PASTA v2 instantiated with one initial random matrix and fixed linear layers – obtained by combining two MDS matrices with the Kronecker product – for the other rounds. Compared with Pasta, the state-of-the-art cipher for BGV- and BFV-style HHE, our evaluation shows that PASTA v2 is up to 100 % faster in plain while having the same homomorphic runtime in the SEAL homomorphic encryption library and up to 30 % faster evaluation time in HElib, respectively.

AB - The Rasta design strategy allows building low-round ciphers due to its efficient prevention of statistical attacks and algebraic attacks by randomizing the cipher, which makes it especially suitable for hybrid homomorphic encryption (HHE), also known as transciphering. Such randomization is obtained by pseudorandomly sampling new invertible matrices for each round of each new cipher evaluation. However, naively sampling a random invertible matrix for each round significantly impacts the plain evaluation runtime, though it does not impact the homomorphic evaluation cost. To address this issue, Dasta was proposed at ToSC 2020 to reduce the cost of generating the random matrices. In this work, we address this problem from a different perspective: How far can the randomness in Rasta-like designs be reduced in order to minimize the plain evaluation runtime without sacrificing the security? To answer this question, we carefully studied the main threats to Rasta-like ciphers and the role of random matrices in ensuring security. We apply our results to the recently proposed cipher Pasta, proposing a modified version called PASTA v2 instantiated with one initial random matrix and fixed linear layers – obtained by combining two MDS matrices with the Kronecker product – for the other rounds. Compared with Pasta, the state-of-the-art cipher for BGV- and BFV-style HHE, our evaluation shows that PASTA v2 is up to 100 % faster in plain while having the same homomorphic runtime in the SEAL homomorphic encryption library and up to 30 % faster evaluation time in HElib, respectively.

KW - RASTA

KW - PASTA

KW - Hybride Homomorphe Verschlüsselung

KW - HHE

KW - Interweaving matrix

KW - Pasta

KW - PASTA 2

KW - Rasta

UR - https://www.scopus.com/pages/publications/105001269623

U2 - 10.1007/978-3-031-82841-6_9

DO - 10.1007/978-3-031-82841-6_9

M3 - Conference paper

SN - 978-3-031-82840-9

T3 - Lecture Notes in Computer Science

SP - 207

EP - 238

BT - Selected Areas in Cryptography – SAC 2024 - 31st International Conference, 2024, Revised Selected Papers

A2 - Eichlseder, Maria

A2 - Gambs, Sébastien

PB - Springer

Y2 - 26 August 2024 through 30 August 2024

ER -