IEEE P1363.1 Draft 10: Draft Standard for Public Key Cryptographic Techniques Based on Hard Problems over Lattices

This document is an unapproved draft of a proposed IEEE Standard. As such, this document is subject to 11 change. USE AT YOUR OWN RISK! Because this is an un approved draft, this document must not be 12 utilized for any conformance/compliance purposes. P ermission is hereby granted for IEEE Standards 13 Committee participants to reproduce this document f or purposes of international standardization 14 consideration. Prior to adoption of this document, i whole or in part, by another standards developme nt 15 organization, permission must first be obtained fro m the IEEE Standards Activities Department 16 (stds.ipr@ieee.org). Other entities seeking permiss ion to reproduce this document, in whole or in part , must 17 also obtain permission from the IEEE Standards Acti vities Department. 18

[1]  William Whyte,et al.  Modified Parameter Attacks: Practical Attacks against CCA2 Secure Cryptosystems and Countermeasures , 2004, IACR Cryptol. ePrint Arch..

[2]  J. Silverman Invertibility in Truncated Polynomial Rings , 1998 .

[3]  Nick Howgrave-Graham,et al.  A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU , 2007, CRYPTO.

[4]  Phong Q. Nguyen Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97 , 1999, CRYPTO.

[5]  Victor Shoup,et al.  A Proposal for an ISO Standard for Public Key Encryption , 2001, IACR Cryptol. ePrint Arch..

[6]  Daesung Kwon,et al.  Chosen-Ciphertext Attacks on Optimized NTRU , 2002 .

[7]  John Proos Imperfect Decryption and an Attack on the NTRU Encryption Scheme , 2003, IACR Cryptol. ePrint Arch..

[8]  Daniele Micciancio,et al.  The shortest vector in a lattice is hard to approximate to within some constant , 1998, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[9]  Philip N. Klein,et al.  Finding the closest lattice vector when it's unusually close , 2000, SODA '00.

[10]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[11]  Arjen K. Lenstra,et al.  Selecting Cryptographic Key Sizes , 2000, Journal of Cryptology.

[12]  Claus-Peter Schnorr,et al.  Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction , 1995, EUROCRYPT.

[13]  Jean-Pierre Seifert,et al.  Approximating Shortest Lattice Vectors is Not Harder Than Approximating Closest Lattice Vectors , 1999, Electron. Colloquium Comput. Complex..

[14]  Craig Gentry Key Recovery and Message Attacks on NTRU-Composite , 2001, EUROCRYPT.

[15]  Claus-Peter Schnorr,et al.  Segment LLL-Reduction of Lattice Bases , 2001, CaLC.

[16]  F. Thorne,et al.  Geometry of Numbers , 2017, Algebraic Number Theory.

[17]  Jeffrey C. Lagarias,et al.  Korkin-Zolotarev bases and successive minima of a lattice and its reciprocal lattice , 1990, Comb..

[18]  Joseph H. Silverman,et al.  Dimension Reduction Methods for Convolution Modular Lattices , 2001, CaLC.

[19]  O. Goldreich Public-key cryptography from lattice reduction problems , 1997, CRYPTO 1997.

[20]  William Whyte,et al.  Timing Attacks on NTRUEncrypt Via Variation in the Number of Hash Calls , 2007, CT-RSA.

[21]  Jacques Stern,et al.  Lattice Reduction in Cryptology: An Update , 2000, ANTS.

[22]  Jean-Pierre Seifert,et al.  On the complexity of computing short linearly independent vectors and short bases in a lattice , 1999, STOC '99.

[23]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[24]  Igor E. Shparlinski,et al.  On the Bit Security of NTRUEncrypt , 2003, Public Key Cryptography.

[25]  Johan Håstad,et al.  Solving Simultaneous Modular Equations of Low Degree , 1988, SIAM J. Comput..

[26]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[27]  Gilles Villard,et al.  Parallel gcd and Lattice Basis Reduction , 1992, CONPAR.

[28]  Ari Renvall,et al.  A wrap error attack against NTRUEncrypt , 2006, Discret. Appl. Math..

[29]  Damien Stehlé,et al.  Floating-Point LLL Revisited , 2005, EUROCRYPT.

[30]  Christoph Ludwig,et al.  A Faster Lattice Reduction Method Using Quantum Search , 2003, ISAAC.

[31]  Antoine Joux,et al.  A Chosen-Ciphertext Attack against NTRU , 2000, CRYPTO.

[32]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.

[33]  Jin-Yi Cai,et al.  The Complexity of Some Lattice Problems , 2000, ANTS.

[34]  Guy Kindler,et al.  Approximating CVP to Within Almost-Polynomial Factors is NP-Hard , 2003, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[35]  Johannes A. Buchmann,et al.  Practical Lattice Basis Sampling Reduction , 2006, ANTS.

[36]  Jin-Yi Cai,et al.  A Lattice-Based Public-Key Cryptosystem , 1998, Inf. Comput..

[37]  Ravi Kumar,et al.  A sieve algorithm for the shortest lattice vector problem , 2001, STOC '01.

[38]  Lothar Thiele,et al.  Complexity Analysis of a Parallel Lattice Basis Reduction Algorithm , 1998, SIAM J. Comput..

[39]  Ravi Kannan,et al.  Minkowski's Convex Body Theorem and Integer Programming , 1987, Math. Oper. Res..

[40]  Claus-Peter Schnorr,et al.  Lattice Reduction by Random Sampling and Birthday Methods , 2003, STACS.

[41]  Yang Cui,et al.  Relations Among Notions of Security for Identity Based Encryption Schemes , 2005, LATIN.

[42]  Antoine Joux,et al.  Lattice Reduction: A Toolbox for the Cryptanalyst , 1998, Journal of Cryptology.

[43]  Oded Goldreich,et al.  On the limits of non-approximability of lattice problems , 1998, STOC '98.

[44]  Jin-Yi Cai,et al.  An improved worst-case to average-case connection for lattice problems , 1997, Proceedings 38th Annual Symposium on Foundations of Computer Science.

[45]  Gilles Villard,et al.  Parallel lattice basis reduction , 1992, ISSAC '92.

[46]  Oded Regev,et al.  Quantum computation and lattice problems , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[47]  Claus-Peter Schnorr,et al.  Segment LLL-Reduction with Floating Point Orthogonalization , 2001, CaLC.

[48]  R. Lathe Phd by thesis , 1988, Nature.

[49]  Ravi Kannan,et al.  Improved algorithms for integer programming and related lattice problems , 1983, STOC.

[50]  Jin-Yi Cai,et al.  Some recent progress on the complexity of lattice problems , 1999, Proceedings. Fourteenth Annual IEEE Conference on Computational Complexity (Formerly: Structure in Complexity Theory Conference) (Cat.No.99CB36317).

[51]  M. Ajtai The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract) , 1998, STOC '98.

[52]  David Pointcheval,et al.  Analysis and Improvements of NTRU Encryption Paddings , 2002, CRYPTO.