论文信息 - SOLILOQUY: A CAUTIONARY TALE

SOLILOQUY: A CAUTIONARY TALE

The Soliloquy primitive, first proposed by the third author in 2007, is based on cyclic lattices. It has very good efficiency properties, both in terms of public key size and the speed of encryption and decryption. There are straightforward techniques for turning Soliloquy into a key exchange or other public-key protocols. Despite these properties, we abandoned research on Soliloquy after developing (2010 to 2013) a reasonably efficient quantum attack on the primitive. A similar quantum algorithm has been recently published in some highly insightful independent work by Eisenträger, Hallgren, Kitaev, and Song [2]. However, their paper concentrates on computing unit groups of arbitrary degree number fields whereas we will show how to apply the approach to the special case of Soliloquy.

P. Campbell | Michael Groves

[1] J. Buchmann. A subexponential algorithm for the determination of class groups and regulators of algebraic number fields , 1990 .

[2] Christoph Thiel. On the complexity of some problems in algorithmic algebraic number theory , 1995 .

[3] Oded Goldreich,et al. Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[4] Michael Szydlo,et al. A method to solve cyclotomic norm equations f * f , 2004 .

[5] Sean Hallgren,et al. Fast quantum algorithms for computing the unit group and class group of a number field , 2005, STOC '05.

[6] Sean Hallgren. Polynomial-time quantum algorithms for Pell's equation and the principal ideal problem , 2007, JACM.

[7] Frederik Vercauteren,et al. Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes , 2010, Public Key Cryptography.

[8] Craig Gentry,et al. Implementing Gentry's Fully-Homomorphic Encryption Scheme , 2011, EUROCRYPT.

[9] Chris Peikert,et al. A Toolkit for Ring-LWE Cryptography , 2013, IACR Cryptol. ePrint Arch..

[10] Fang Song,et al. A quantum algorithm for computing the unit group of an arbitrary degree number field , 2014, STOC.