#### Filter Results:

- Full text PDF available (71)

#### Publication Year

1997

2017

- This year (4)
- Last 5 years (19)
- Last 10 years (41)

#### Publication Type

#### Co-author

#### Journals and Conferences

#### Key Phrases

Learn More

- Yuanmi Chen, Phong Q. Nguyen
- ASIACRYPT
- 2011

The best lattice reduction algorithm known in practice for high dimension is Schnorr-Euchner’s BKZ: all security estimates of lattice cryptosystems are based on NTL’s old implementation of BKZ. However, recent progress on lattice enumeration suggests that BKZ and its NTL implementation are no longer optimal, but the precise impact on security estimates was… (More)

- Nicolas Gama, Phong Q. Nguyen
- EUROCRYPT
- 2008

Despite their popularity, lattice reduction algorithms remain mysterious cryptanalytical tools. Though it has been widely reported that they behave better than their proved worst-case theoretical bounds, no precise assessment has ever been given. Such an assessment would be very helpful to predict the behaviour of lattice-based attacks, as well as to select… (More)

- Phong Q. Nguyen, Oded Regev
- Journal of Cryptology
- 2006

Lattice-based signature schemes following the Goldreich–Goldwasser–Halevi (GGH) design have the unusual property that each signature leaks information on the signer’s secret key, but this does not necessarily imply that such schemes are insecure. At Eurocrypt ’03, Szydlo proposed a potential attack by showing that the leakage reduces the key-recovery… (More)

- Nicolas Gama, Phong Q. Nguyen, Oded Regev
- EUROCRYPT
- 2010

Lattice enumeration algorithms are the most basic algorithms for solving hard lattice problems such as the shortest vector problem and the closest vector problem, and are often used in public-key cryptanalysis either as standalone algorithms, or as subroutines in lattice reduction algorithms. Here we revisit these fundamental algorithms and show that… (More)

- Phong Q. Nguyen
- CRYPTO
- 1999

Recent results of Ajtai on the hardness of lattice problems have inspired several cryptographic protocols. At Crypto ’97, Goldreich, Goldwasser and Halevi proposed a public-key cryptosystem based on the closest vector problem in a lattice, which is known to be NP-hard. We show that there is a major flaw in the design of the scheme which has two… (More)

- Phong Q. Nguyen, Thomas Vidick
- J. Mathematical Cryptology
- 2008

The most famous lattice problem is the Shortest Vector Problem (SVP), which has many applications in cryptology. The best approximation algorithms known for SVP in high dimension rely on a subroutine for exact SVP in low dimension. In this paper, we assess the practicality of the best (theoretical) algorithm known for exact SVP in low dimension: the sieve… (More)

- Phong Q. Nguyen, Damien Stehlé
- EUROCRYPT
- 2005

The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L outputs a socalled L-reduced basis in polynomial time O(dn log B), using arithmetic operations on… (More)

- Nicolas Gama, Phong Q. Nguyen
- STOC
- 2008

The celebrated Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL) can naturally be viewed as an algorithmic version of Hermite's inequality on Hermite's constant. We present a polynomial-time blockwise reduction algorithm based on duality which can similarly be viewed as an algorithmic version of Mordell's inequality on Hermite's constant.… (More)

- Dario Catalano, Rosario Gennaro, Nick Howgrave-Graham, Phong Q. Nguyen
- ACM Conference on Computer and Communications…
- 2001

We re-examine Paillier's cryptosystem, and show that by choosing a particular discrete log base <i>g</i>, and by introducing an alternative decryption procedure, we can extend the scheme to allow an arbitrary exponent <i>e</i> instead of <i>N</i>. The use of low exponents substantially increases the efficiency of the scheme. The semantic security is now… (More)

- Mingjie Liu, Phong Q. Nguyen
- CT-RSA
- 2013

Bounded Distance Decoding (BDD) is a basic lattice problem used in cryptanalysis: the security of most lattice-based encryption schemes relies on the hardness of some BDD, such as LWE. We study how to solve BDD using a classical method for finding shortest vectors in lattices: enumeration with pruning speedup, such as Gama-NguyenRegev extreme pruning from… (More)