# The Two Faces of Lattices in Cryptology

@inproceedings{Nguyen2001TheTF, title={The Two Faces of Lattices in Cryptology}, author={Phong Q. Nguyen}, booktitle={ACM Symposium on Applied Computing}, year={2001} }

Lattices are regular arrangements of points in n-dimensional space, whose study appeared in the 19th century in both number theory and crystallography. Since the appearance of the celebrated Lenstra-Lenstra-Lovasz lattice basis reduction algorithm twenty years ago, lattices have had surprising applications in cryptology. Until recently, the applications of lattices to cryptology were only negative, as lattices were used to break various cryptographic schemes. Paradoxically, several positive…

## 274 Citations

### A Decade of Lattice Cryptography

- Computer Science, MathematicsFound. Trends Theor. Comput. Sci.
- 2016

This work surveys most of the major developments in lattice cryptography over the past ten years, focusing on the foundational short integer solution SIS and learning with errors LWE problems and their more efficient ring-based variants, their provable hardness assuming the worst-case intractability of standard lattice problems, and their many cryptographic applications.

### Euclidean lattices: algorithms and cryptography

- Computer Science, Mathematics
- 2011

This study on how to efficiently solve algorithmic problems on lattices is completed by a constructive application exploiting their apparent hardness, including the NTRU encryption function.

### Identifying Ideal Lattices

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

It is shown that randomly generated lattices are practically never ideal, and an indication that lattice problems in ideal lattices do not represent the general case is given by providing a distinguisher, which decides in time O(n) whether a given basis of rank n spans an ideal lattice or not.

### Lattice-Based Cryptography

- Computer Science, MathematicsEncyclopedia of Cryptography and Security
- 2011

This chapter describes some of the recent progress in lattice-based cryptography, which holds a great promise for post-quantum cryptography, as they enjoy very strong security proofs based on worst-case hardness, relatively efficient implementations, as well as great simplicity.

### Design and Implementation of Lattice-Based Cryptography

- Computer Science, Mathematics
- 2014

A lattice-based digital signature, two fully homomorphic encryption schemes and cryptographic multilinear maps are designed and implemented and a non interactive key exchange between more than three parties has been realized for the first time.

### Gröbner bases for public key cryptography

- Computer Science, MathematicsISSAC '08
- 2008

Two lattice-based cryptosystems are proposed that will show the usefulness of multivariate polynomial algebra and Grobner bases in the construction of public key cryptosSystems and improves a cryptos system that only has heuristic and challenged evidence of security.

### A survey of approaches to the shortest vector problem on lattices: the LLL algorithm and beyond

- Computer Science
- 2011

This work focuses on the presentation of the famous Lenstra-Lenstra-Lovász algorithm, and several of the most crucial improvements which have been made since its discovery.

### Efficient lattice-based signature scheme

- Computer Science, MathematicsInt. J. Appl. Cryptogr.
- 2008

A novel method of reducing a vector under the l∞-norm is presented and a digital signature scheme based on it is proposed, that trades the security level, speed and space.

### Computing shortest lattice vectors on special hardware

- Computer Science, Mathematics
- 2011

A variant of the sieving algorithm to solve the shortest vector problem in ideal lattices, the most important type of lattices in cryptography, is presented, allowing us to find shortest vectors faster than in regular lattices.

## References

SHOWING 1-10 OF 152 REFERENCES

### Lattice Reduction in Cryptology: An Update

- Mathematics, Computer ScienceANTS
- 2000

This paper surveys some applications of lattices to cryptology and focuses on recent developments of lattice reduction both in cryptography and cryptanalysis, which followed seminal works of Ajtai and Coppersmith.

### Lattice Reduction: A Toolbox for the Cryptanalyst

- Mathematics, Computer ScienceJournal of Cryptology
- 1998

The aim of this paper is to explain what can be achieved by lattice reduction algorithms, even without understanding the actual mechanisms involved, in the cryptanalytic attack of various systems.

### A Lattice-Based Public-Key Cryptosystem

- Computer Science, MathematicsInf. Comput.
- 1998

A public-key cryptosystem based on similar ideas, but with much less data expansion is presented, which is provably secure unless the worst case of a version of the SVP can be solved in probabilistic polynomial time.

### Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction

- Computer Science, MathematicsEUROCRYPT
- 1995

Algorithms for lattice basis reduction that are improvements of the famous L3-algorithm are introduced that solve random subset sum problems of arbitrary density with 74 and 82 many weights and by breaking Damgard's hash function.

### Improving Lattice Based Cryptosystems Using the Hermite Normal Form

- Computer Science, MathematicsCaLC
- 2001

The increased efficiency of the new cryptosystems allows the use of bigger values for the security parameter, making the functions secure against the best cryptanalytic attacks, while keeping the size of the key even below the smallest key size for which lattice cryptos system were ever conjectured to be hard to break.

### The Effectiveness of Lattice Attacks Against Low-Exponent RSA

- Computer SciencePublic Key Cryptography
- 1999

Extensive experiments with Coppersmith's lattice reduction method are presented, and various trade-offs together with practical improvements are discussed, indicating that one should be very cautious when using the low-exponent RSA encryption scheme, or one should use larger exponents.

### Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97

- Computer Science, MathematicsCRYPTO
- 1999

It is shown that there is a major flaw in the design of the Goldreich, Goldwasser and Halevi public-key cryptosystem, and it is concluded that the scheme cannot provide sufficient security without being impractical.

### The Dark Side of the Hidden Number Problem: Lattice Attacks on DSA

- Computer Science, Mathematics
- 2001

The hidden number problem is an idealized version of the problem which HowgraveGraham and Smart recently tried to solve heuristically in their (lattice-based) attacks on DSA and related signature schemes: given a few bits of the random nonces k used in sufficiently many DSA signatures, recover the secret key.

### On breaking generalized knapsack public key cryptosystems

- Computer Science, MathematicsSTOC
- 1983

In this paper new methods, generalizing those of Shamir, are presented for attacking generalizations of the basic system. It is shown how these methods may be applied to the Graham-Shamir public-key…

### Approximate Integer Common Divisors

- Computer Science, MathematicsCaLC
- 2001

As an application of the partial approximate common divisor algorithm, it is shown that a cryptosystem proposed by Okamoto actually leaks the private information directly from the public information in polynomial time.