Skip to main content
SpringerLink
Log in

Ideal-SVP is Hard for Small-Norm Uniform Prime Ideals

  • Conference paper
  • First Online:
Theory of Cryptography (TCC 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14372))

Included in the following conference series:

  • 235 Accesses

Abstract

The presumed hardness of the Shortest Vector Problem for ideal lattices (Ideal-SVP) has been a fruitful assumption to understand other assumptions on algebraic lattices and as a security foundation of cryptosystems. Gentry [CRYPTO’10] proved that Ideal-SVP enjoys a worst-case to average-case reduction, where the average-case distribution is the uniform distribution over the set of inverses of prime ideals of small algebraic norm (below \(d^{O(d)}\) for cyclotomic fields, where d refers to the field degree). De Boer et al. [CRYPTO’20] obtained another random self-reducibility result for an average-case distribution involving integral ideals of norm \(2^{O(d^2)}\).

In this work, we show that Ideal-SVP for the uniform distribution over inverses of small-norm prime ideals reduces to Ideal-SVP for the uniform distribution over small-norm prime ideals. Combined with Gentry’s reduction, this leads to a worst-case to average-case reduction for the uniform distribution over the set of small-norm prime ideals. Using the reduction from Pellet-Mary and Stehlé [ASIACRYPT’21], this notably leads to the first distribution over NTRU instances with a polynomial modulus whose hardness is supported by a worst-case lattice problem.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 69.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 89.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    For the sake of simplicity, we assume for the introduction that we are given a basis of the ring of integers \({\mathcal {O}_K}\) whose vectors have norms \(\le \varDelta _K^{O(1/d)}\cdot d^{O(1)}\).

  2. 2.

    The bound on the norm is obtained by combining Lemma 4.1 and Theorem 4.5 from [BDPW20].

  3. 3.

    A replete ideal is a subset of \(K_\mathbb {R}:= K \otimes _\mathbb {Q}\mathbb {R}\) of the form \(\alpha \cdot I\) where \(I \subseteq \mathcal {O}_K\) is an integral ideal of \(\mathcal {O}_K\) and \(\alpha \in K_\mathbb {R}^\times \) is invertible. More details can be found in the preliminaries.

  4. 4.

    The choice of 4A for the upper bound on the norm of the ideals is not a strict requirement of this theorem. We instantiated the theorem with this value in order to simplify its statement.

References

  1. Albrecht, M., Bai, S., Ducas, L.: A subfield lattice attack on overstretched NTRU assumptions. In: Robshaw, M., Katz, J. (eds.) CRYPTO 2016. LNCS, vol. 9814, pp. 153–178. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53018-4_6

    Chapter  Google Scholar 

  2. Babai, L.: On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica (1986)

    Google Scholar 

  3. de Boer, K., Ducas, L., Pellet-Mary, A., Wesolowski, B.: Random self-reducibility of ideal-SVP via Arakelov random walks. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 243–273. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_9

    Chapter  Google Scholar 

  4. Boudgoust, K., Gachon, E., Pellet-Mary, A.: Some easy instances of Ideal-SVP and implications on the partial Vandermonde knapsack problem. In: Dodis, Y., Shrimpton, T. (eds.) CRYPTO 2022, vol. 13508. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-15979-4_17

    Chapter  Google Scholar 

  5. Buchmann, J.A., Lenstra, H.W.: Computing maximal orders and factoring over \(\mathbb{Z} _p\). Preprint (1994)

    Google Scholar 

  6. de Boer, K.: Random Walks on Arakelov Class Groups. Ph.D. thesis, Leiden University (2022). Available on request from the author

    Google Scholar 

  7. Bach, E., Shallit, J.O.: Algorithmic Number Theory: Efficient Algorithms. MIT Press (1996)

    Google Scholar 

  8. Bhargava, M., Shankar, A., Taniguchi, T., Thorne, F., Tsimerman, J., Zhao, Y.: Bounds on 2-torsion in class groups of number fields and integral points on elliptic curves. J. AMS (2020)

    Google Scholar 

  9. Cramer, R., Ducas, L., Peikert, C., Regev, O.: Recovering short generators of principal ideals in cyclotomic rings. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9666, pp. 559–585. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49896-5_20

    Chapter  MATH  Google Scholar 

  10. Cramer, R., Ducas, L., Wesolowski, B.: Short stickelberger class relations and application to ideal-SVP. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 324–348. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_12

    Chapter  Google Scholar 

  11. Cheon, J.H., Jeong, J., Lee, C.: An algorithm for NTRU problems and cryptanalysis of the GGH multilinear map without a low-level encoding of zero. LMS J. Comput. Math. (2016)

    Google Scholar 

  12. Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, Cham (1996)

    Google Scholar 

  13. Felderhoff, J., Pellet-Mary, A., Stehlé, D.: On module unique-SVP and NTRU. In: Agrawal, S., Lin, D. (eds.) ASIACRYPT 2022. LNCS, vol. 13793, pp. 709–740. Springer, Cham (2022). https://doi.org/10.1007/978-3-031-22969-5_24

    Chapter  Google Scholar 

  14. Gentry, C.: A Fully Homomorphic Encryption Scheme. Ph.D. thesis, Stanford University (2009)

    Google Scholar 

  15. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: STOC (2009)

    Google Scholar 

  16. Gentry, C.: Toward basing fully homomorphic encryption on worst-case hardness. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 116–137. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-14623-7_7

    Chapter  Google Scholar 

  17. Kirchner, P., Fouque, P.-A.: revisiting lattice attacks on overstretched NTRU parameters. In: Coron, J.-S., Nielsen, J.B. (eds.) EUROCRYPT 2017. LNCS, vol. 10210, pp. 3–26. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-56620-7_1

    Chapter  Google Scholar 

  18. Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: ICALP (2006)

    Google Scholar 

  19. Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_1

    Chapter  Google Scholar 

  20. Micciancio, D., Goldwasser, S.: Complexity of Lattice Problems: A Cryptographic Perspective. Springer, New York (2002). https://doi.org/10.1007/978-1-4615-0897-7

    Book  MATH  Google Scholar 

  21. Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions from worst-case complexity assumptions. In: FOCS (2002)

    Google Scholar 

  22. Neukirch, J.: Algebraic Number Theory. Springer (2013)

    Google Scholar 

  23. Pellet-Mary, A., Hanrot, G., Stehlé, D.: Approx-SVP in ideal lattices with pre-processing. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 685–716. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_24

    Chapter  MATH  Google Scholar 

  24. Porter, C., Mendelsohn, A., Ling, C.: Subfield algorithms for Ideal- and Module-SVP based on the decomposition group. IACR Cryptol. ePrint Arch. (2021)

    Google Scholar 

  25. Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: TCC (2006)

    Google Scholar 

  26. Peikert, C., Regev, O., Stephens-Davidowitz, N.: Pseudorandomness of ring-LWE for any ring and modulus. In: STOC (2017)

    Google Scholar 

  27. Pellet-Mary, A., Stehlé, D.: On the hardness of the NTRU problem. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13090, pp. 3–35. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92062-3_1

    Chapter  Google Scholar 

  28. Pan, Y., Xu, J., Wadleigh, N., Cheng, Q.: On the ideal shortest vector problem over random rational primes. In: Canteaut, A., Standaert, F.-X. (eds.) EUROCRYPT 2021. LNCS, vol. 12696, pp. 559–583. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-77870-5_20

    Chapter  Google Scholar 

  29. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC (2005)

    Google Scholar 

  30. Shor, P.W.: Algorithms for quantum computation: discrete logarithms and factoring. In: FOCS (1994)

    Google Scholar 

  31. Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-10366-7_36

    Chapter  Google Scholar 

  32. Weber, H.: Lehrbuch der algebra, vol. ii. Vieweg und Sohn, Braunschweig (1908)

    Google Scholar 

Download references

Acknowledgments

The authors thank Koen de Boer, Guillaume Hanrot, Aurel Page and Noah Stephens-Davidowitz for helpful discussions. Joël Felderhoff is funded by the Direction Générale de l’Armement (Pôle de Recherche CYBER). The authors were supported by the CHARM ANR-NSF grant (ANR-21-CE94-0003) and by the PEPR quantique France 2030 programme (ANR-22-PETQ-0008).

Author information

Authors and Affiliations

  1. Inria Lyon, Lyon, France, ENS de Lyon and LIP, UMR 5668, Lyon, France

    Joël Felderhoff

  2. Univ. Bordeaux, CNRS, Inria, Bordeaux INP, IMB, Talence, France

    Alice Pellet-Mary

  3. ENS de Lyon and CryptoLab, Inc., Lyon, France

    Damien Stehlé

  4. ENS de Lyon, CNRS, UMPA, UMR 5669, Lyon, France

    Benjamin Wesolowski

Authors
  1. Joël Felderhoff
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Alice Pellet-Mary
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Damien Stehlé
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Benjamin Wesolowski
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Joël Felderhoff .

Editor information

Editors and Affiliations

  1. Apple, Cupertino, CA, USA

    Guy Rothblum

  2. NTT Research, Sunnyvale, CA, USA

    Hoeteck Wee

Rights and permissions

Reprints and permissions

Copyright information

© 2023 International Association for Cryptologic Research

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Felderhoff, J., Pellet-Mary, A., Stehlé, D., Wesolowski, B. (2023). Ideal-SVP is Hard for Small-Norm Uniform Prime Ideals. In: Rothblum, G., Wee, H. (eds) Theory of Cryptography. TCC 2023. Lecture Notes in Computer Science, vol 14372. Springer, Cham. https://doi.org/10.1007/978-3-031-48624-1_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-48624-1_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-48623-4

  • Online ISBN: 978-3-031-48624-1

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

Search

Navigation