On the Shortness of Vectors to be found by the Ideal-SVP Quantum Algorithm

The hardness of finding short vectors in ideals of cyclotomic number fields (hereafter, Ideal-SVP) can serve as a worst-case assumption for numerous efficient cryptosystems, via the average-case problems Ring-SIS and Ring-LWE. For a while, it could be assumed the Ideal-SVP problem was as hard as the analog problem for general lattices (SVP), even when considering quantum algorithms.

[1]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[2]  Daniel Dadush,et al.  Short Paths on the Voronoi Graph and Closest Vector Problem with Preprocessing , 2014, SODA.

[3]  N C Ankeny,et al.  The Class Number of the Cyclotomic Field. , 1949, Proceedings of the National Academy of Sciences of the United States of America.

[4]  Shai Halevi,et al.  Bootstrapping for HElib , 2015, EUROCRYPT.

[5]  Benjamin Wesolowski,et al.  Horizontal isogeny graphs of ordinary abelian varieties and the discrete logarithm problem , 2015, IACR Cryptol. ePrint Arch..

[6]  Ronald Cramer,et al.  Recovering Short Generators of Principal Ideals in Cyclotomic Rings , 2016, EUROCRYPT.

[7]  Daniele Micciancio,et al.  A Deterministic Single Exponential Time Algorithm for Most Lattice Problems Based on Voronoi Cell Computations , 2013, SIAM J. Comput..

[8]  RegevOded,et al.  On Ideal Lattices and Learning with Errors over Rings , 2013 .

[9]  Ron Steinfeld,et al.  Efficient Public Key Encryption Based on Ideal Lattices , 2009, ASIACRYPT.

[10]  W. Sinnott,et al.  On the Stickelberger ideal and the circular units of a cyclotomic field , 1978 .

[11]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[12]  E. Landau,et al.  Über Dirichletsche Reihen mit komplexen Charakteren. , 2022 .

[13]  Benjamin Wesolowski Arithmetic and geometric structures in cryptography , 2018 .

[14]  Carl Pomerance,et al.  On the distribution of amicable numbers. , 1977 .

[15]  W. Sinnott,et al.  On the Stickelberger ideal and the circular units of an abelian field , 1980 .

[16]  Damien Stehlé,et al.  LLL on the Average , 2006, ANTS.

[17]  Kousha Etessami,et al.  Recursive Markov chains, stochastic grammars, and monotone systems of nonlinear equations , 2005, JACM.

[18]  Ron Steinfeld,et al.  Making NTRU as Secure as Worst-Case Problems over Ideal Lattices , 2011, EUROCRYPT.

[19]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[20]  Léo Ducas,et al.  Advances on quantum cryptanalysis of ideal lattices , 2017 .

[21]  Daniele Micciancio Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions , 2007, computational complexity.

[22]  L. Washington Introduction to Cyclotomic Fields , 1982 .

[23]  Chris Peikert,et al.  Pseudorandomness of ring-LWE for any ring and modulus , 2017, STOC.

[24]  Tanja Lange,et al.  NTRU Prime: Reducing Attack Surface at Low Cost , 2017, SAC.

[25]  René Schoof,et al.  Catalan's Conjecture , 2008 .

[26]  Fang Song,et al.  Efficient quantum algorithms for computing class groups and solving the principal ideal problem in arbitrary degree number fields , 2016, SODA.

[27]  Fang Song,et al.  A quantum algorithm for computing the unit group of an arbitrary degree number field , 2014, STOC.

[28]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[29]  Thijs Laarhoven,et al.  Finding Closest Lattice Vectors Using Approximate Voronoi Cells , 2019, PQCrypto.

[30]  Carl Pomerance,et al.  On the distribution of amicable numbers. II. , 1977 .

[31]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[32]  René Schoof,et al.  Minus class groups of the fields of the l-th roots of unity , 1998, Math. Comput..

[33]  René Schoof,et al.  Class numbers of real cyclotomic fields of prime conductor , 2003, Math. Comput..

[34]  H. Lenstra Euclid's Algorithm in Cyclotomic Fields , 1975 .

[35]  Ronald Cramer,et al.  Short Stickelberger Class Relations and Application to Ideal-SVP , 2016, EUROCRYPT.

[36]  Frederik Vercauteren,et al.  Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[37]  Miklós Ajtai,et al.  Generating Hard Instances of the Short Basis Problem , 1999, ICALP.

[38]  Phong Q. Nguyen,et al.  BKZ 2.0: Better Lattice Security Estimates , 2011, ASIACRYPT.

[39]  P. Campbell,et al.  SOLILOQUY: A CAUTIONARY TALE , 2014 .

[40]  Noah Stephens-Davidowitz A time-distance trade-off for GDD with preprocessing: instantiating the DLW heuristic , 2019, Computational Complexity Conference.

[41]  Fernando Virdia,et al.  Estimate all the {LWE, NTRU} schemes! , 2018, IACR Cryptol. ePrint Arch..

[42]  Martin R. Albrecht,et al.  The General Sieve Kernel and New Records in Lattice Reduction , 2019, IACR Cryptol. ePrint Arch..

[43]  Damien Stehlé,et al.  Approx-SVP in Ideal Lattices with Pre-processing , 2019, IACR Cryptol. ePrint Arch..