Improving Lattice Based Cryptosystems Using the Hermite Normal Form

We describe a simple technique that can be used to substantially reduce the key and ciphertext size of various lattice based cryptosystems and trapdoor functions of the kind proposed by Goldreich, Goldwasser and Halevi (GGH). The improvement is significant both from the theoretical and practical point of view, reducing the size of both key and ciphertext by a factor n equal to the dimension of the lattice (i.e., several hundreds for typical values of the security parameter.) The efficiency improvement is obtained without decreasing the security of the functions: we formally prove that the new functions are at least as secure as the original ones, and possibly even better as the adversary gets less information in a strong information theoretical sense. The increased efficiency of the new cryptosystems allows the use of bigger values for the security parameter, making the functions secure against the best cryptanalytic attacks, while keeping the size of the key even below the smallest key size for which lattice cryptosystems were ever conjectured to be hard to break.

[1]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[2]  Tatsuaki Okamoto,et al.  How to Enhance the Security of Public-Key Encryption at Minimum Cost , 1999, Public Key Cryptography.

[3]  Claus-Peter Schnorr,et al.  Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems , 1991, FCT.

[4]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[5]  Jean-Pierre Seifert,et al.  Tensor-Based Trapdoors for CVP and Their Application to Public Key Cryptography , 1999, IMACC.

[6]  Jacques Stern,et al.  The hardness of approximate optima in lattices, codes, and systems of linear equations , 1993, Proceedings of 1993 IEEE 34th Annual Foundations of Computer Science.

[7]  Robert H. Deng,et al.  On the equivalence of McEliece's and Niederreiter's public-key cryptosystems , 1994, IEEE Trans. Inf. Theory.

[8]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[9]  David Pointcheval,et al.  REACT: Rapid Enhanced-Security Asymmetric Cryptosystem Transform , 2001, CT-RSA.

[10]  Colin Boyd,et al.  Cryptography and Coding , 1995, Lecture Notes in Computer Science.

[11]  Guy Kindler,et al.  Approximating CVP to Within Almost-Polynomial Factors is NP-Hard , 1998, Electron. Colloquium Comput. Complex..

[12]  V. Sidelnikov,et al.  On insecurity of cryptosystems based on generalized Reed-Solomon codes , 1992 .

[13]  Guy Kindler,et al.  Approximating CVP to Within Almost-Polynomial Factors is NP-Hard , 2003, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[14]  Jean-Jacques Quisquater,et al.  Advances in Cryptology — EUROCRYPT ’95 , 2001, Lecture Notes in Computer Science.

[15]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[16]  Daniele Micciancio,et al.  The hardness of the closest vector problem with preprocessing , 2001, IEEE Trans. Inf. Theory.

[17]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[18]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[19]  Daniel R. Simon,et al.  Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack , 1991, CRYPTO.

[20]  Phong Q. Nguyen Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97 , 1999, CRYPTO.

[21]  Brigitte Vallée,et al.  An Upper Bound on the Average Number of Iterations of the LLL Algorithm , 1994, Theor. Comput. Sci..

[22]  Mihir Bellare,et al.  Random oracles are practical: a paradigm for designing efficient protocols , 1993, CCS '93.

[23]  Robert J. McEliece,et al.  A public key cryptosystem based on algebraic coding theory , 1978 .

[24]  Anne Canteaut,et al.  Cryptanalysis of the Original McEliece Cryptosystem , 1998, ASIACRYPT.

[25]  Jin-Yi Cai,et al.  A Lattice-Based Public-Key Cryptosystem , 1998, Inf. Comput..

[26]  Andrew Chi-Chih Yao,et al.  Theory and Applications of Trapdoor Functions (Extended Abstract) , 1982, FOCS.

[27]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[28]  N. J. A. Sloane,et al.  Encrypting by Random Rotations , 1982, EUROCRYPT.

[29]  Philip N. Klein,et al.  Finding the closest lattice vector when it's unusually close , 2000, SODA '00.

[30]  Leonid A. Levin,et al.  A hard-core predicate for all one-way functions , 1989, STOC '89.

[31]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[32]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[33]  Bogdan Warinschi,et al.  A linear space algorithm for computing the hermite normal form , 2001, ISSAC '01.

[34]  David Chaum,et al.  Advances in Cryptology: Proceedings Of Crypto 83 , 2012 .

[35]  Andrew Chi-Chih Yao,et al.  Theory and application of trapdoor functions , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[36]  Claus-Peter Schnorr,et al.  Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction , 1995, EUROCRYPT.

[37]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[38]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.