The Two Faces of Lattices in Cryptology

@inproceedings{Nguyen2001TheTF,
  title={The Two Faces of Lattices in Cryptology},
  author={Phong Q. Nguyen},
  booktitle={Selected Areas in Cryptography},
  year={2001}
}
  • Phong Q. Nguyen
  • Published in
    Selected Areas in…
    16 August 2001
  • Mathematics, Computer Science
Lattices are regular arrangements of points in n-dimensional space, whose study appeared in the 19th century in both number theory and crystallography. Since the appearance of the celebrated Lenstra-Lenstra-Lovasz lattice basis reduction algorithm twenty years ago, lattices have had surprising applications in cryptology. Until recently, the applications of lattices to cryptology were only negative, as lattices were used to break various cryptographic schemes. Paradoxically, several positive… 

A Decade of Lattice Cryptography

  • Chris Peikert
  • Computer Science, Mathematics
    Found. Trends Theor. Comput. Sci.
  • 2016
TLDR
This work surveys most of the major developments in lattice cryptography over the past ten years, focusing on the foundational short integer solution SIS and learning with errors LWE problems and their more efficient ring-based variants, their provable hardness assuming the worst-case intractability of standard lattice problems, and their many cryptographic applications.

Identifying Ideal Lattices

TLDR
It is shown that randomly generated lattices are practically never ideal, and an indication that lattice problems in ideal lattices do not represent the general case is given by providing a distinguisher, which decides in time O(n) whether a given basis of rank n spans an ideal lattice or not.

Lattice-Based Cryptography

  • Daniele Micciancio
  • Computer Science, Mathematics
    Encyclopedia of Cryptography and Security
  • 2011
TLDR
This chapter describes some of the recent progress in lattice-based cryptography, which holds a great promise for post-quantum cryptography, as they enjoy very strong security proofs based on worst-case hardness, relatively efficient implementations, as well as great simplicity.

Reduction algorithms for the cryptanalysis of lattice based asymmetrical cryptosystems

TLDR
The aim of this thesis is to study the most commonly used lattice basis reduction algorithms, namely Lenstra Lenstra Lovasz (LLL) and Block Kolmogorov Zolotarev (BKZ) algorithms, which are utilized to approximately solve the mentioned lattice based problems.

Lattice Polly Cracker cryptosystems

Design and Implementation of Lattice-Based Cryptography

TLDR
A lattice-based digital signature, two fully homomorphic encryption schemes and cryptographic multilinear maps are designed and implemented and a non interactive key exchange between more than three parties has been realized for the first time.

Gröbner bases for public key cryptography

TLDR
Two lattice-based cryptosystems are proposed that will show the usefulness of multivariate polynomial algebra and Grobner bases in the construction of public key cryptosSystems and improves a cryptos system that only has heuristic and challenged evidence of security.

A survey of approaches to the shortest vector problem on lattices: the LLL algorithm and beyond

TLDR
This work focuses on the presentation of the famous Lenstra-Lenstra-Lovász algorithm, and several of the most crucial improvements which have been made since its discovery.

Efficient lattice-based signature scheme

TLDR
A novel method of reducing a vector under the l∞-norm is presented and a digital signature scheme based on it is proposed, that trades the security level, speed and space.

Computing shortest lattice vectors on special hardware

TLDR
A variant of the sieving algorithm to solve the shortest vector problem in ideal lattices, the most important type of lattices in cryptography, is presented, allowing us to find shortest vectors faster than in regular lattices.
...

References

SHOWING 1-10 OF 152 REFERENCES

Lattice Reduction in Cryptology: An Update

TLDR
This paper surveys some applications of lattices to cryptology and focuses on recent developments of lattice reduction both in cryptography and cryptanalysis, which followed seminal works of Ajtai and Coppersmith.

Lattice Reduction: A Toolbox for the Cryptanalyst

TLDR
The aim of this paper is to explain what can be achieved by lattice reduction algorithms, even without understanding the actual mechanisms involved, in the cryptanalytic attack of various systems.

A Lattice-Based Public-Key Cryptosystem

TLDR
A public-key cryptosystem based on similar ideas, but with much less data expansion is presented, which is provably secure unless the worst case of a version of the SVP can be solved in probabilistic polynomial time.

Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction

TLDR
Algorithms for lattice basis reduction that are improvements of the famous L3-algorithm are introduced that solve random subset sum problems of arbitrary density with 74 and 82 many weights and by breaking Damgard's hash function.

The Effectiveness of Lattice Attacks Against Low-Exponent RSA

TLDR
Extensive experiments with Coppersmith's lattice reduction method are presented, and various trade-offs together with practical improvements are discussed, indicating that one should be very cautious when using the low-exponent RSA encryption scheme, or one should use larger exponents.

Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97

TLDR
It is shown that there is a major flaw in the design of the Goldreich, Goldwasser and Halevi public-key cryptosystem, and it is concluded that the scheme cannot provide sufficient security without being impractical.

The Dark Side of the Hidden Number Problem: Lattice Attacks on DSA

TLDR
The hidden number problem is an idealized version of the problem which HowgraveGraham and Smart recently tried to solve heuristically in their (lattice-based) attacks on DSA and related signature schemes: given a few bits of the random nonces k used in sufficiently many DSA signatures, recover the secret key.

On breaking generalized knapsack public key cryptosystems

In this paper new methods, generalizing those of Shamir, are presented for attacking generalizations of the basic system. It is shown how these methods may be applied to the Graham-Shamir public-key

Approximate Integer Common Divisors

TLDR
As an application of the partial approximate common divisor algorithm, it is shown that a cryptosystem proposed by Okamoto actually leaks the private information directly from the public information in polynomial time.

On the hardness of the shortest vector problem

TLDR
It is proved that the shortest vector problem is NP-hard (for randomized reductions) to approximate within some constant factor greater than 1 in any lp norm (p ≥ 1).
...