Public-key cryptosystems from the worst-case shortest vector problem: extended abstract

@article{Peikert2009PublickeyCF,
  title={Public-key cryptosystems from the worst-case shortest vector problem: extended abstract},
  author={Chris Peikert},
  journal={Electron. Colloquium Comput. Complex.},
  year={2009},
  volume={15}
}
  • Chris Peikert
  • Published 31 May 2009
  • Computer Science, Mathematics
  • Electron. Colloquium Comput. Complex.
We construct public-key cryptosystems that are secure assuming theworst-case hardness of approximating the minimum distance on n-dimensional lattices to within small Poly(n) factors. Prior cryptosystems with worst-case connections were based either on the shortest vector problem for a special class of lattices (Ajtai and Dwork, STOC 1997; Regev, J. ACM 2004), or on the conjectured hardness of lattice problems for quantum algorithms (Regev, STOC 2005). Our main technical innovation is a… 

Figures from this paper

Efficient Public Key Encryption Based on Ideal
TLDR
The main technical tools are an adaptation of Ajtai's trapdoor key genera- tion algorithm and a re-interpretation of Regev's quantum reduction between the Bounded Distance Decoding problem and sam- pling short lattice vectors.
Making NTRU as Secure as Worst-Case Problems over Ideal Lattices
TLDR
This work shows how to modify NTRUEncrypt to make it provably secure in the standard model, under the assumed quantum hardness of standard worst-case lattice problems, restricted to a family of lattices related to some cyclotomic fields.
Efficient Public Key Encryption Based on Ideal Lattices
TLDR
This work achieves CPA-security against subexponential attacks, with (quasi-)optimal asymptotic performance, in public key encryption schemes with security provably based on the worst case hardness of the approximate Shortest Vector Problem in some structured lattices, called ideal lattices.
Threshold Decryption and Zero-Knowledge Proofs for Lattice-Based Cryptosystems
TLDR
A variant of Regev’s cryptosystem first presented in [Reg05], but with a new choice of parameters is presented, and by a recent classical reduction by Peikert the scheme is proved semantically secure based on the worst-case lattice problem GapSVP.
Lattice-based signature schemes with additional features
TLDR
This thesis demonstrates the great versatility of lattices in cryptography and facilitates privacy-friendly electronic elections, fair online contract signing, signature compression, secure signatures in the strongest sense, as well as identity-based primitives.
Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness
TLDR
A worst-case / average-case connection is proved that bases Gentry's scheme (in part) on the quantum hardness of the shortest independent vector problem (SIVP) over ideal lattices in the worst- case.
Public Key Cryptosystems from the Multiplicative Learning with Errors
  • Gu Chun-sheng
  • Computer Science, Mathematics
    2010 International Conference on Multimedia Information Networking and Security
  • 2010
TLDR
Two public key cryptosystems based on the multiplicative learning with errors (MLWE) problem are constructed and are semantically secure assuming the worst-case hardness of the decisional composite residuosity problem and the search problem.
On lattices, learning with errors, random linear codes, and cryptography
  • O. Regev
  • Computer Science, Mathematics
    JACM
  • 2009
TLDR
A (classical) public-key cryptosystem whose security is based on the hardness of the learning problem, which is a reduction from worst-case lattice problems such as GapSVP and SIVP to a certain learning problem that is quantum.
On the Design and Improvement of Lattice-based Cryptosystems
TLDR
This thesis proposes the first lattice-based sequential aggregate signature scheme that enables a group of signers to sequentially generate an aggregate signature of reduced storage size such that the verifier is still able to check that each signer indeed signed a message.
A provably secure variant of NTRU cryptosystem
TLDR
The aim of this thesis is to present Stehle's and Steinfield's work in a slightly more accessi-ble form, providing some more background and details in some points.
...
...

References

SHOWING 1-10 OF 59 REFERENCES
Trapdoors for hard lattices and new cryptographic constructions
TLDR
A new notion of trapdoor function with preimage sampling, simple and efficient "hash-and-sign" digital signature schemes, and identity-based encryption are included.
New lattice-based cryptographic constructions
  • O. Regev
  • Mathematics, Computer Science
    JACM
  • 2004
TLDR
A new public key cryptosystem whose security guarantee is considerably stronger than previous results is provided, and a family of collision resistant hash functions with an improved security guarantee in terms of the unique shortest vector problem is proposed.
The First and Fourth Public-Key Cryptosystems with Worst-Case/Average-Case Equivalence
  • M. Ajtai, C. Dwork
  • Computer Science, Mathematics
    Electron. Colloquium Comput. Complex.
  • 2007
TLDR
A public-key cryptosystem with worst-case/average case equivalence, which generalizes a conceptually simple modification of the “Ajtai-Dwork” cryptos system and provides a unified treatment of the two cryptosSystems.
On lattices, learning with errors, random linear codes, and cryptography
TLDR
A public-key cryptosystem whose hardness is based on the worst-case quantum hardness of SVP and SIVP, and an efficient solution to the learning problem implies a <i>quantum</i>, which can be made classical.
Multi-bit Cryptosystems Based on Lattice Problems
TLDR
It is shown that the multi-bit versions of several single-bit cryptosystems based on lattice problems encrypt O(log n)-bit plaintexts into ciphertexts of the same length as the original ones with reasonable sacrifices of the hardness of the underlying lattICE problems.
A public-key cryptosystem with worst-case/average-case equivalence
We present a probabilistic public key cryptosystem which is secure unless the worst case of the following lattice problem can be solved in polynomial time: “Find the shortest nonzero vector in an n
Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems
TLDR
Public-key and symmetric-key cryptosystems that provide security for key-dependent messages and enjoy circular security and a pseudorandom generator that can be computed by a circuit of n ·polylog(n) size are constructed.
Cryptographic Hardness for Learning Intersections of Halfspaces
Lossy trapdoor functions and their applications
TLDR
Using lossy TDFs, this work develops a new approach for constructing several important cryptographic primitives, including (injective) trapdoor functions, collision-resistant hash functions, oblivious transfer, and chosen ciphertext-secure cryptosystems.
On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem
TLDR
This work proves the equivalence, up to a small polynomial approximation factor, of the lattice problems uSVP, BDD and GapSVP and the Ajtai-Dwork and the Regev cryptosystems, which were previously only known to be based on the hardness of USVP.
...
...