# The Two Faces of Lattices in Cryptology

@inproceedings{Nguyen2001TheTF, title={The Two Faces of Lattices in Cryptology}, author={Phong Q. Nguyen}, booktitle={Selected Areas in Cryptography}, year={2001} }

Lattices are regular arrangements of points in n-dimensional space, whose study appeared in the 19th century in both number theory and crystallography. Since the appearance of the celebrated Lenstra-Lenstra-Lovasz lattice basis reduction algorithm twenty years ago, lattices have had surprising applications in cryptology. Until recently, the applications of lattices to cryptology were only negative, as lattices were used to break various cryptographic schemes. Paradoxically, several positive…

## 273 Citations

### A Decade of Lattice Cryptography

- Computer Science, MathematicsFound. Trends Theor. Comput. Sci.
- 2016

This work surveys most of the major developments in lattice cryptography over the past ten years, focusing on the foundational short integer solution SIS and learning with errors LWE problems and their more efficient ring-based variants, their provable hardness assuming the worst-case intractability of standard lattice problems, and their many cryptographic applications.

### Identifying Ideal Lattices

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

It is shown that randomly generated lattices are practically never ideal, and an indication that lattice problems in ideal lattices do not represent the general case is given by providing a distinguisher, which decides in time O(n) whether a given basis of rank n spans an ideal lattice or not.

### Lattice-Based Cryptography

- Computer Science, MathematicsEncyclopedia of Cryptography and Security
- 2011

This chapter describes some of the recent progress in lattice-based cryptography, which holds a great promise for post-quantum cryptography, as they enjoy very strong security proofs based on worst-case hardness, relatively efficient implementations, as well as great simplicity.

### Reduction algorithms for the cryptanalysis of lattice based asymmetrical cryptosystems

- Computer Science, Mathematics
- 2008

The aim of this thesis is to study the most commonly used lattice basis reduction algorithms, namely Lenstra Lenstra Lovasz (LLL) and Block Kolmogorov Zolotarev (BKZ) algorithms, which are utilized to approximately solve the mentioned lattice based problems.

### Design and Implementation of Lattice-Based Cryptography

- Computer Science, Mathematics
- 2014

A lattice-based digital signature, two fully homomorphic encryption schemes and cryptographic multilinear maps are designed and implemented and a non interactive key exchange between more than three parties has been realized for the first time.

### Gröbner bases for public key cryptography

- Computer Science, MathematicsISSAC '08
- 2008

Two lattice-based cryptosystems are proposed that will show the usefulness of multivariate polynomial algebra and Grobner bases in the construction of public key cryptosSystems and improves a cryptos system that only has heuristic and challenged evidence of security.

### A survey of approaches to the shortest vector problem on lattices: the LLL algorithm and beyond

- Computer Science
- 2011

This work focuses on the presentation of the famous Lenstra-Lenstra-Lovász algorithm, and several of the most crucial improvements which have been made since its discovery.

### Efficient lattice-based signature scheme

- Computer Science, MathematicsInt. J. Appl. Cryptogr.
- 2008

A novel method of reducing a vector under the l∞-norm is presented and a digital signature scheme based on it is proposed, that trades the security level, speed and space.

### Computing shortest lattice vectors on special hardware

- Computer Science, Mathematics
- 2011

A variant of the sieving algorithm to solve the shortest vector problem in ideal lattices, the most important type of lattices in cryptography, is presented, allowing us to find shortest vectors faster than in regular lattices.

## References

SHOWING 1-10 OF 152 REFERENCES

### Lattice Reduction in Cryptology: An Update

- Mathematics, Computer ScienceANTS
- 2000

This paper surveys some applications of lattices to cryptology and focuses on recent developments of lattice reduction both in cryptography and cryptanalysis, which followed seminal works of Ajtai and Coppersmith.

### Lattice Reduction: A Toolbox for the Cryptanalyst

- Mathematics, Computer ScienceJournal of Cryptology
- 1998

The aim of this paper is to explain what can be achieved by lattice reduction algorithms, even without understanding the actual mechanisms involved, in the cryptanalytic attack of various systems.

### A Lattice-Based Public-Key Cryptosystem

- Computer Science, MathematicsInf. Comput.
- 1998

A public-key cryptosystem based on similar ideas, but with much less data expansion is presented, which is provably secure unless the worst case of a version of the SVP can be solved in probabilistic polynomial time.

### Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction

- Computer Science, MathematicsEUROCRYPT
- 1995

Algorithms for lattice basis reduction that are improvements of the famous L3-algorithm are introduced that solve random subset sum problems of arbitrary density with 74 and 82 many weights and by breaking Damgard's hash function.

### The Effectiveness of Lattice Attacks Against Low-Exponent RSA

- Computer SciencePublic Key Cryptography
- 1999

Extensive experiments with Coppersmith's lattice reduction method are presented, and various trade-offs together with practical improvements are discussed, indicating that one should be very cautious when using the low-exponent RSA encryption scheme, or one should use larger exponents.

### Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97

- Computer Science, MathematicsCRYPTO
- 1999

It is shown that there is a major flaw in the design of the Goldreich, Goldwasser and Halevi public-key cryptosystem, and it is concluded that the scheme cannot provide sufficient security without being impractical.

### The Dark Side of the Hidden Number Problem: Lattice Attacks on DSA

- Computer Science, Mathematics
- 2001

The hidden number problem is an idealized version of the problem which HowgraveGraham and Smart recently tried to solve heuristically in their (lattice-based) attacks on DSA and related signature schemes: given a few bits of the random nonces k used in sufficiently many DSA signatures, recover the secret key.

### On breaking generalized knapsack public key cryptosystems

- Computer Science, MathematicsSTOC
- 1983

In this paper new methods, generalizing those of Shamir, are presented for attacking generalizations of the basic system. It is shown how these methods may be applied to the Graham-Shamir public-key…

### Approximate Integer Common Divisors

- Computer Science, MathematicsCaLC
- 2001

As an application of the partial approximate common divisor algorithm, it is shown that a cryptosystem proposed by Okamoto actually leaks the private information directly from the public information in polynomial time.

### On the hardness of the shortest vector problem

- Mathematics, Computer Science
- 1998

It is proved that the shortest vector problem is NP-hard (for randomized reductions) to approximate within some constant factor greater than 1 in any lp norm (p ≥ 1).