The Two Faces of Lattices in Cryptology

  title={The Two Faces of Lattices in Cryptology},
  author={Phong Q. Nguyen},
  booktitle={ACM Symposium on Applied Computing},
  • Phong Q. Nguyen
  • Published in
    ACM Symposium on Applied…
    16 August 2001
  • Mathematics, Computer Science
Lattices are regular arrangements of points in n-dimensional space, whose study appeared in the 19th century in both number theory and crystallography. Since the appearance of the celebrated Lenstra-Lenstra-Lovasz lattice basis reduction algorithm twenty years ago, lattices have had surprising applications in cryptology. Until recently, the applications of lattices to cryptology were only negative, as lattices were used to break various cryptographic schemes. Paradoxically, several positive… 

A Decade of Lattice Cryptography

  • Chris Peikert
  • Computer Science, Mathematics
    Found. Trends Theor. Comput. Sci.
  • 2016
This work surveys most of the major developments in lattice cryptography over the past ten years, focusing on the foundational short integer solution SIS and learning with errors LWE problems and their more efficient ring-based variants, their provable hardness assuming the worst-case intractability of standard lattice problems, and their many cryptographic applications.

Euclidean lattices: algorithms and cryptography

This study on how to efficiently solve algorithmic problems on lattices is completed by a constructive application exploiting their apparent hardness, including the NTRU encryption function.

Identifying Ideal Lattices

It is shown that randomly generated lattices are practically never ideal, and an indication that lattice problems in ideal lattices do not represent the general case is given by providing a distinguisher, which decides in time O(n) whether a given basis of rank n spans an ideal lattice or not.

Lattice-Based Cryptography

  • Daniele Micciancio
  • Computer Science, Mathematics
    Encyclopedia of Cryptography and Security
  • 2011
This chapter describes some of the recent progress in lattice-based cryptography, which holds a great promise for post-quantum cryptography, as they enjoy very strong security proofs based on worst-case hardness, relatively efficient implementations, as well as great simplicity.

Lattice Polly Cracker cryptosystems

Design and Implementation of Lattice-Based Cryptography

A lattice-based digital signature, two fully homomorphic encryption schemes and cryptographic multilinear maps are designed and implemented and a non interactive key exchange between more than three parties has been realized for the first time.

Gröbner bases for public key cryptography

Two lattice-based cryptosystems are proposed that will show the usefulness of multivariate polynomial algebra and Grobner bases in the construction of public key cryptosSystems and improves a cryptos system that only has heuristic and challenged evidence of security.

A survey of approaches to the shortest vector problem on lattices: the LLL algorithm and beyond

This work focuses on the presentation of the famous Lenstra-Lenstra-Lovász algorithm, and several of the most crucial improvements which have been made since its discovery.

Efficient lattice-based signature scheme

A novel method of reducing a vector under the l∞-norm is presented and a digital signature scheme based on it is proposed, that trades the security level, speed and space.

Computing shortest lattice vectors on special hardware

A variant of the sieving algorithm to solve the shortest vector problem in ideal lattices, the most important type of lattices in cryptography, is presented, allowing us to find shortest vectors faster than in regular lattices.



Lattice Reduction in Cryptology: An Update

This paper surveys some applications of lattices to cryptology and focuses on recent developments of lattice reduction both in cryptography and cryptanalysis, which followed seminal works of Ajtai and Coppersmith.

Lattice Reduction: A Toolbox for the Cryptanalyst

The aim of this paper is to explain what can be achieved by lattice reduction algorithms, even without understanding the actual mechanisms involved, in the cryptanalytic attack of various systems.

A Lattice-Based Public-Key Cryptosystem

A public-key cryptosystem based on similar ideas, but with much less data expansion is presented, which is provably secure unless the worst case of a version of the SVP can be solved in probabilistic polynomial time.

Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction

Algorithms for lattice basis reduction that are improvements of the famous L3-algorithm are introduced that solve random subset sum problems of arbitrary density with 74 and 82 many weights and by breaking Damgard's hash function.

Improving Lattice Based Cryptosystems Using the Hermite Normal Form

The increased efficiency of the new cryptosystems allows the use of bigger values for the security parameter, making the functions secure against the best cryptanalytic attacks, while keeping the size of the key even below the smallest key size for which lattice cryptos system were ever conjectured to be hard to break.

The Effectiveness of Lattice Attacks Against Low-Exponent RSA

Extensive experiments with Coppersmith's lattice reduction method are presented, and various trade-offs together with practical improvements are discussed, indicating that one should be very cautious when using the low-exponent RSA encryption scheme, or one should use larger exponents.

Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97

It is shown that there is a major flaw in the design of the Goldreich, Goldwasser and Halevi public-key cryptosystem, and it is concluded that the scheme cannot provide sufficient security without being impractical.

The Dark Side of the Hidden Number Problem: Lattice Attacks on DSA

The hidden number problem is an idealized version of the problem which HowgraveGraham and Smart recently tried to solve heuristically in their (lattice-based) attacks on DSA and related signature schemes: given a few bits of the random nonces k used in sufficiently many DSA signatures, recover the secret key.

On breaking generalized knapsack public key cryptosystems

In this paper new methods, generalizing those of Shamir, are presented for attacking generalizations of the basic system. It is shown how these methods may be applied to the Graham-Shamir public-key

Approximate Integer Common Divisors

As an application of the partial approximate common divisor algorithm, it is shown that a cryptosystem proposed by Okamoto actually leaks the private information directly from the public information in polynomial time.