Skip to main content
SpringerLink
Log in

Reductions from Module Lattices to Free Module Lattices, and Application to Dequantizing Module-LLL

  • Conference paper
  • First Online:
Advances in Cryptology – CRYPTO 2023 (CRYPTO 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14085))

Included in the following conference series:

  • 937 Accesses

Abstract

In this article, we give evidence that free modules (i.e., modules which admit a basis) are no weaker than arbitrary modules, when it comes to solving cryptographic algorithmic problems (and when the rank of the module is at least 2). More precisely, we show that for three algorithmic problems used in cryptography, namely the shortest vector problem, the Hermite shortest vector problem and a variant of the closest vector problem, there is a reduction from solving the problem in any module of rank \(n \ge 2\) to solving the problem in any free module of the same rank n. As an application, we show that this can be used to dequantize the LLL algorithm for module lattices presented by Lee et al. (Asiacrypt 2019).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 99.00
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 129.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://csrc.nist.gov/projects/post-quantum-cryptography.

  2. 2.

    In the case of ideals for instance, we know that the proportion of principal ideals among all ideals is equal to \(1/h_K\), where \(h_K\) is a quantity called the class number of the field K. When K is a cyclotomic field, it is known that \(h_K\) grows more than exponentially in the degree d of the number field (see, e.g., [Was97, Proposition 11.15]).

  3. 3.

    Recall that in this article, modules are always included in \(K^m\) for some \(m > 0\).

  4. 4.

    Recall that the standard CVP problem asks, given as input a target \(\textbf{t}\), to find a point \(\textbf{s}\) of the lattice \(\mathcal L\) such that \(\Vert \textbf{t}- \textbf{s}\Vert \le \gamma \cdot \textrm{dist}(\textbf{t},\mathcal L)\), for some approximation factor \(\gamma \).

  5. 5.

    That is, an algorithm whose output is always correct, but whose running time is a random variable.

  6. 6.

    In this article, when we say that M is a module, we always mean an \(\mathcal {O}_K\)-module included in \(K^m\) for some \(m > 0\).

  7. 7.

    Those are usually simply called “bases”, by opposition to the pseudo-bases. But we prefer to add the adjective “free” in this work, to make the distinction even clearer.

  8. 8.

    The other problems will not be used for ideal lattices, so we do not give them a special name.

References

  1. Biasse, J.F., Fieker, C.: Subexponential class group and unit group computation in large degree number fields. LMS J. Comput. Math. 17(A), 385–403 (2014)

    Google Scholar 

  2. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: (Leveled) fully homomorphic encryption without bootstrapping. ACM Trans. Comput. Theory (TOCT) 6(3), 1–36 (2014)

    Article  MathSciNet  MATH  Google Scholar 

  3. Bley, W., Hofmann, T., Johnston, H.: Computation of lattice isomorphisms and the integral matrix similarity problem. In: Forum of Mathematics, Sigma, vol. 10, p. e87. Cambridge University Press, Cambridge (2022)

    Google Scholar 

  4. de Boer, K.: Random walks on Arakelov class groups. PhD thesis, Leiden University (2022)

    Google Scholar 

  5. Biasse, J.F., Song, F.: Efficient quantum algorithms for computing class groups and solving the principal ideal problem in arbitrary degree number fields. In: Proceedings of the Twenty-Seventh Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 893–902. SIAM (2016)

    Google Scholar 

  6. Bhargava, M., Shankar, A., Taniguchi, T., Thorne, F., Tsimerman, J., Zhao, Y.: Bounds on 2-torsion in class groups of number fields and integral points on elliptic curves. J. Am. Math. Soc. 33(4), 1087–1099 (2020)

    Article  MathSciNet  MATH  Google Scholar 

  7. Cramer, R., Ducas, L., Peikert, C., Regev, O.: Recovering short generators of principal ideals in cyclotomic rings. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 559–585. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_20

    Chapter  MATH  Google Scholar 

  8. Cramer, R., Ducas, L., Wesolowski, B.: Short Stickelberger class relations and application to ideal-SVP. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 324–348. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_12

    Chapter  Google Scholar 

  9. Cohen, H.: Advanced Topics in Computational Number Theory, vol. 193. Springer, Heidelberg (2012). https://doi.org/10.1007/978-1-4419-8489-0

    Book  Google Scholar 

  10. De Micheli, G., Micciancio, D.: A fully classical LLL algorithm for modules. Cryptology ePrint Archive (2022)

    Google Scholar 

  11. Felderhoff, J., Pellet-Mary, A., Stehlé, D.: On module unique-SVP and NTRU. In: Advances in Cryptology-ASIACRYPT 2022: 28th International Conference on the Theory and Application of Cryptology and Information Security, Taipei, Taiwan, 5–9 December 2022, Proceedings, Part III, pp. 709–740. Springer, Heidelberg (2022)

    Google Scholar 

  12. Fieker, C., Stehlé, D.: Short bases of lattices over number fields. In: Hanrot, G., Morain, F., Thomé, E. (eds.) ANTS 2010. LNCS, vol. 6197, pp. 157–173. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14518-6_15

    Chapter  MATH  Google Scholar 

  13. Gentry, C.: A fully homomorphic encryption scheme. PhD thesis, Stanford University (2009)

    Google Scholar 

  14. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proceedings of the Forty-First Annual ACM Symposium on Theory of Computing, pp. 169–178 (2009)

    Google Scholar 

  15. Garg, S., Gentry, C., Halevi, S., Raykova, M., Sahai, A., Waters, B.: Candidate indistinguishability obfuscation and functional encryption for all circuits. SIAM J. Comput. 45(3), 882–929 (2016)

    Article  MathSciNet  MATH  Google Scholar 

  16. Hoppe, A.: Normal forms over Dedekind domain, efficient implementation in the computer algebra system KANT. PhD thesis, TU Berlin (1998)

    Google Scholar 

  17. Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868

    Chapter  Google Scholar 

  18. Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 144–155. Springer, Heidelberg (2006). https://doi.org/10.1007/11787006_13

    Chapter  Google Scholar 

  19. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. J. ACM (JACM) 60(6), 1–35 (2013)

    Article  MathSciNet  MATH  Google Scholar 

  20. Lee, C., Pellet-Mary, A., Stehlé, D., Wallet, A.: An LLL algorithm for module lattices. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11922, pp. 59–90. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34621-8_3

    Chapter  Google Scholar 

  21. Langlois, A., Stehlé, D.: Worst-case to average-case reductions for module lattices. Des. Codes Cryptogr. 75(3), 565–599 (2015)

    Article  MathSciNet  MATH  Google Scholar 

  22. Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145–166. Springer, Heidelberg (2006). https://doi.org/10.1007/11681878_8

    Chapter  Google Scholar 

  23. Pellet-Mary, A., Stehlé, D.: On the hardness of the NTRU problem. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13090, pp. 3–35. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92062-3_1

    Chapter  Google Scholar 

  24. Pellet-Mary, A., Tran, N.: Reductions from module lattices to free module lattices (2023). https://hal.science/hal-04119912/document

  25. Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_36

    Chapter  Google Scholar 

  26. Stephens-Davidowitz, N.: Dimension-preserving reductions between lattice problems (2015). http://noahsd.com/latticeproblems.pdf

  27. Washington, L.C.: Introduction to Cyclotomic Fields, vol. 83, p. 104. Springer, Heidelberg (1997). https://doi.org/10.1007/978-1-4612-1934-7

Download references

Acknowledgements

Gabrielle De Micheli is supported in part by the Swiss National Science Foundation Early Postdoc.Mobility fellowship. Daniele Micciancio is supported by the NSF Award 1936703, Samsung and Intel. Alice Pellet-Mary is supported by the CHARM ANR-NSF grant (ANR-21-CE94-0003) and by the PEPR quantique France 2030 programme managed by the ANR (ANR-22-PETQ-0008 PQ-TLS). Nam Tran is supported by CSIRO Data61 PhD Scholarship and CSIRO Data61 Top-up Scholarship. This work was done when Nam Tran was a Master student in the University of Limoges (France) and doing his internship at Institute of Mathematics of Bordeaux (IMB, France), founded by IMB.

Author information

Authors and Affiliations

  1. University of California, San Diego, USA

    Gabrielle De Micheli & Daniele Micciancio

  2. Univ. Bordeaux, CNRS, INRIA, Bordeaux INP, IMB, Talence, France

    Alice Pellet-Mary

  3. Institute of Cybersecurity and Cryptology, School of Computing and Information Technology, University of Wollongong, Wollongong, Australia

    Nam Tran

  4. CSIRO Data61, Eveleigh, Australia

    Nam Tran

Authors
  1. Gabrielle De Micheli
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Daniele Micciancio
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alice Pellet-Mary
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Nam Tran
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nam Tran .

Editor information

Editors and Affiliations

  1. Rambus Inc., San Jose, CA, USA

    Helena Handschuh

  2. Brown University, Providence, RI, USA

    Anna Lysyanskaya

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

De Micheli, G., Micciancio, D., Pellet-Mary, A., Tran, N. (2023). Reductions from Module Lattices to Free Module Lattices, and Application to Dequantizing Module-LLL. In: Handschuh, H., Lysyanskaya, A. (eds) Advances in Cryptology – CRYPTO 2023. CRYPTO 2023. Lecture Notes in Computer Science, vol 14085. Springer, Cham. https://doi.org/10.1007/978-3-031-38554-4_27

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-38554-4_27

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-38553-7

  • Online ISBN: 978-3-031-38554-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation