#### Filter Results:

- Full text PDF available (75)

#### Publication Year

2003

2017

- This year (9)
- Last 5 years (37)
- Last 10 years (75)

#### Publication Type

#### Co-author

#### Journals and Conferences

#### Key Phrases

Learn More

- Damien Stehlé, Ron Steinfeld
- EUROCRYPT
- 2011

NTRUEncrypt, proposed in 1996 by Hoffstein, Pipher and Silverman, is the fastest known lattice-based encryption scheme. Its moderate key-sizes, excellent asymptotic performance and conjectured resistance to quantum computers could make it a desirable alternative to factorisation and discrete-log based encryption schemes. However, since its introduction,… (More)

We show that the Learning with Errors (LWE) problem is classically at least as hard as standard worst-case lattice problems. Previously this was only known under quantum reductions.
Our techniques capture the tradeoff between the dimension and the modulus of LWE instances, leading to a much better understanding of the landscape of the problem. The proof is… (More)

- Phong Q. Nguyen, Damien Stehlé
- EUROCRYPT
- 2005

The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L outputs a socalled L-reduced basis in polynomial time O(dn log B), using arithmetic operations on… (More)

- Damien Stehlé, Ron Steinfeld
- ASIACRYPT
- 2010

We describe two improvements to Gentry's fully homomorphic scheme based on ideal lattices and its analysis: we provide a more aggressive analysis of one of the hardness assumptions (the one related to the Sparse Subset Sum Problem) and we introduce a probabilistic decryption algorithm that can be implemented with an algebraic circuit of low multiplicative… (More)

- Jean-Michel Muller, Nicolas Brisebarre, +6 authors Serge Torres
- 2010

- Phong Q. Nguyen, Damien Stehlé
- ANTS
- 2006

Despite their popularity, lattice reduction algorithms remain mysterious in many ways. It has been widely reported that they behave much more nicely than what was expected from the worst-case proved bounds, both in terms of the running time and the output quality. In this article, we investigate this puzzling statement by trying to model the average case of… (More)

- Guillaume Hanrot, Damien Stehlé
- CRYPTO
- 2007

The security of lattice-based cryptosystems such as NTRU, GGH and Ajtai-Dwork essentially relies upon the intractability of computing a shortest non-zero lattice vector and a closest lattice vector to a given target vector in high dimensions. The best algorithms for these tasks are due to Kannan, and, though remarkably simple, their complexity estimates… (More)

- Guillaume Hanrot, Xavier Pujol, Damien Stehlé
- CRYPTO
- 2011

Strong lattice reduction is the key element for most attacks against lattice-based cryptosystems. Between the strongest but impractical HKZ reduction and the weak but fast LLL reduction, there have been several attempts to nd e cient trade-o s. Among them, the BKZ algorithm introduced by Schnorr and Euchner [FCT'91] seems to achieve the best time/quality… (More)

- Cong Ling, Laura Luzzi, Jean-Claude Belfiore, Damien Stehlé
- IEEE Transactions on Information Theory
- 2014

We propose a new scheme of wiretap lattice coding that achieves semantic security and strong secrecy over the Gaussian wiretap channel. The key tool in our security proof is the flatness factor, which characterizes the convergence of the conditional output distributions corresponding to different messages and leads to an upper bound on the information… (More)

- Jung Hee Cheon, Kyoohyung Han, Changmin Lee, Hansol Ryu, Damien Stehlé
- IACR Cryptology ePrint Archive
- 2014

We describe a polynomial-time cryptanalysis of the (approximate) multilinear map of Coron, Lepoint and Tibouchi (CLT). The attack relies on an adaptation of the so-called zeroizing attack against the Garg, Gentry and Halevi (GGH) candidate multilinear map. Zeroizing is much more devastating for CLT than for GGH. In the case of GGH, it allows to break… (More)