Lattices and Cryptography

The security of all of the public key cryptosystems that we have previously studied has been based, either directly or indirectly, on either the difficulty of factoring large numbers or the difficulty of finding discrete logarithms in a finite group. In this chapter we investigate a new type of hard problem arising in the theory of lattices that can be used as the basis for a public key cryptosystem. Lattice-based cryptosystems offer several potential advantages over earlier systems, including faster encryption/decryption and so-called quantum resistance. The latter means that at present there are no known quantum algorithms to rapidly solve hard lattice problems; see Sect. 8.11. Further, we will see that the theory of lattices has applications in cryptography beyond simply providing a new source of hard problems.

[1]  Phong Q. Nguyen Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97 , 1999, CRYPTO.

[2]  William Whyte,et al.  Performance Improvements and a Baseline Parameter Generation Algorithm for NTRUSign , 2005, IACR Cryptol. ePrint Arch..

[3]  Miklós Ajtai,et al.  The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract) , 1998, STOC '98.

[4]  Phong Q. Nguyen,et al.  Learning a Parallelepiped: Cryptanalysis of GGH and NTRU Signatures , 2009, Journal of Cryptology.

[5]  Lars V. Ahlfors An introduction to the theory of analytic functions of one complex variable , 1978 .

[6]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[7]  Don Coppersmith,et al.  Finding Small Solutions to Small Degree Polynomials , 2001, CaLC.

[8]  Vadim Lyubashevsky,et al.  Lattice Signatures Without Trapdoors , 2012, IACR Cryptol. ePrint Arch..

[9]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[10]  Claus-Peter Schnorr,et al.  Lattice basis reduction: Improved practical algorithms and solving subset sum problems , 1991, FCT.

[11]  Daniele Micciancio,et al.  Improving Lattice Based Cryptosystems Using the Hermite Normal Form , 2001, CaLC.

[12]  Vadim Lyubashevsky,et al.  Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures , 2009, ASIACRYPT.

[13]  Jeffrey C. Lagarias,et al.  Korkin-Zolotarev bases and successive minima of a lattice and its reciprocal lattice , 1990, Comb..

[14]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[15]  Léo Ducas,et al.  Learning a Zonotope and More: Cryptanalysis of NTRUSign Countermeasures , 2012, ASIACRYPT.

[16]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.

[17]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 2000, IEEE Trans. Inf. Theory.

[18]  Shafi Goldwasser,et al.  Complexity of lattice problems - a cryptographic perspective , 2002, The Kluwer international series in engineering and computer science.

[19]  William Whyte,et al.  Transcript Secure Signatures Based on Modular Lattices , 2014, PQCrypto.

[20]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[21]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[22]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[23]  Jacques Stern,et al.  Cryptanalysis of the Ajtai-Dwork Cryptosystem , 1998, CRYPTO.

[24]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[25]  Vadim Lyubashevsky,et al.  Lattice-Based Identification Schemes Secure Under Active Attacks , 2008, Public Key Cryptography.

[26]  Nick Howgrave-Graham,et al.  Approximate Integer Common Divisors , 2001, CaLC.

[27]  Claus-Peter Schnorr,et al.  Fast LLL-type lattice reduction , 2006, Inf. Comput..

[28]  Andrew Odlyzko,et al.  The Rise and Fall of Knapsack Cryptosystems , 1998 .

[29]  Jean-Pierre Seifert,et al.  Approximating Shortest Lattice Vectors is Not Harder Than Approximating Closest Lattice Vectors , 1999, Electron. Colloquium Comput. Complex..

[30]  Claus-Peter Schnorr,et al.  Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction , 1995, EUROCRYPT.

[31]  William Whyte,et al.  NTRUSIGN: Digital Signatures Using the NTRU Lattice , 2003, CT-RSA.

[32]  Carl Ludwig Siegel,et al.  A Mean Value Theorem in Geometry of Numbers , 1945 .

[33]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[34]  Martin E. Hellman,et al.  Hiding information and signatures in trapdoor knapsacks , 1978, IEEE Trans. Inf. Theory.