Multi-bit Cryptosystems Based on Lattice Problems

We propose multi-bit versions of several single-bit cryptosystems based on lattice problems, the error-free version of the Ajtai-Dwork cryptosystem by Goldreich, Goldwasser, and Halevi [CRYPTO '97], the Regev cryptosystems [JACM 2004 and STOC 2005], and the Ajtai cryptosystem [STOC 2005]. We develop a universal technique derived from a general structure behind them for constructing their multi-bit versions without increase in the size of ciphertexts. By evaluating the trade-off between the decryption errors and the hardness of underlying lattice problems, it is shown that our multi-bit versions encrypt O(log n)-bit plaintexts into ciphertexts of the same length as the original ones with reasonable sacrifices of the hardness of the underlying lattice problems. Our technique also reveals an algebraic property, named pseudohomomorphism, of the lattice-based cryptosystems.

[1]  Martin Grötschel,et al.  Geometric Algorithms and Combinatorial Optimization , 1988, Algorithms and Combinatorics.

[2]  Seong-Hun Paeng,et al.  A Lattice Based Public Key Cryptosystem Using Polynomial Representations , 2003, Public Key Cryptography.

[3]  Daniele Micciancio,et al.  Improving Lattice Based Cryptosystems Using the Hermite Normal Form , 2001, CaLC.

[4]  Doerte K. Rappe Homomorphic cryptosystems and their applications , 2005, IACR Cryptol. ePrint Arch..

[5]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.

[6]  Shafi Goldwasser,et al.  Proof of Plaintext Knowledge for the Ajtai-Dwork Cryptosystem , 2005, TCC.

[7]  Mårten Trolin,et al.  The Shortest Vector Problem in Lattices with Many Cycles , 2001, CaLC.

[8]  Joseph H. Silverman,et al.  Cryptography and Lattices , 2001, Lecture Notes in Computer Science.

[9]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[10]  Miklós Ajtai,et al.  The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract) , 1998, STOC '98.

[11]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[12]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[13]  Jin-Yi Cai,et al.  A Lattice-Based Public-Key Cryptosystem , 1998, Inf. Comput..

[14]  Shafi Goldwasser,et al.  Complexity of lattice problems , 2002 .

[15]  Oded Goldreich,et al.  On the Limits of Nonapproximability of Lattice Problems , 2000, J. Comput. Syst. Sci..

[16]  David Pointcheval,et al.  The Impact of Decryption Failures on the Security of NTRU Encryption , 2003, CRYPTO.

[17]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[18]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[19]  Oded Goldreich,et al.  Eliminating Decryption Errors in the Ajtai-Dwork Cryptosystem , 1997, Electron. Colloquium Comput. Complex..

[20]  Jeffrey C. Lagarias,et al.  The computational complexity of simultaneous Diophantine approximation problems , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[21]  Jacques Stern,et al.  Cryptanalysis of the Ajtai-Dwork Cryptosystem , 1998, CRYPTO.

[22]  Daniele Micciancio,et al.  Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[23]  Moti Yung,et al.  Advances in Cryptology — CRYPTO 2002 , 2002, Lecture Notes in Computer Science.

[24]  Felix Schlenk,et al.  Proof of Theorem 3 , 2005 .

[25]  Oded Regev,et al.  New lattice based cryptographic constructions , 2003, STOC '03.

[26]  Subhash Khot,et al.  Hardness of approximating the shortest vector problem in lattices , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[27]  David Pointcheval,et al.  Analysis and Improvements of NTRU Encryption Paddings , 2002, CRYPTO.

[28]  Chris Peikert,et al.  Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices , 2006, TCC.

[29]  Miklós Ajtai,et al.  Representing hard lattices with O(n log n) bits , 2005, STOC '05.

[30]  Dan Boneh,et al.  Advances in Cryptology - CRYPTO 2003 , 2003, Lecture Notes in Computer Science.

[31]  Jin-Yi Cai,et al.  A Relation of Primal-Dual Lattices and the Complexity of Shortest Lattice Vector Problem , 1998, Theor. Comput. Sci..

[32]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[33]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[34]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[35]  Craig Gentry Key Recovery and Message Attacks on NTRU-Composite , 2001, EUROCRYPT.

[36]  Hugo Krawczyk,et al.  Advances in Cryptology - CRYPTO '98 , 1998 .

[37]  Phong Q. Nguyen Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97 , 1999, CRYPTO.

[38]  Ravi Kumar,et al.  On the unique shortest lattice vector problem , 2001, Theor. Comput. Sci..

[39]  Dorit Aharonov,et al.  Lattice problems in NP ∩ coNP , 2005, JACM.

[40]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[41]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[42]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[43]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[44]  Jin-Yi Cai,et al.  A new transference theorem in the geometry of numbers and new bounds for Ajtai's connection factor , 2003, Discret. Appl. Math..