skip to main content
article

New lattice-based cryptographic constructions

Published: 01 November 2004 Publication History

Abstract

We introduce the use of Fourier analysis on lattices as an integral part of a lattice-based construction. The tools we develop provide an elegant description of certain Gaussian distributions around lattice points. Our results include two cryptographic constructions that are based on the worst-case hardness of the unique shortest vector problem. The main result is a new public key cryptosystem whose security guarantee is considerably stronger than previous results (O(n1.5) instead of O(n7)). This provides the first alternative to Ajtai and Dwork's original 1996 cryptosystem. Our second result is a family of collision resistant hash functions with an improved security guarantee in terms of the unique shortest vector problem. Surprisingly, both results are derived from one theorem that presents two indistinguishable distributions on the segment [0, 1). It seems that this theorem can have further applications; as an example, we use it to solve an open problem in quantum computation related to the dihedral hidden subgroup problem.

References

[1]
Ajtai, M. 1996. Generating hard instances of lattice problems. In ECCCTR: Electronic Colloquium on Computational Complexity, technical reports.]]
[2]
Ajtai, M., and Dwork, C. 1997. A public-key cryptosystem with worst-case/average-case equivalence. In Proceedings of the 29th ACM Symposium on Theory of Computing. ACM, New York, 284--293.]]
[3]
Banaszczyk, W. 1993. New bounds in some transference theorems in the geometry of numbers. Math. Annal. 296, 4, 625--635.]]
[4]
Cai, J.-Y. 1999. Applications of a new transference theorem to Ajtai's connection factor. In Proceedings of the 14th IEEE Conference on Computational Complexity. IEEE Computer Society Press, Los Alamitos, Calif., pp. 205--214.]]
[5]
Cai, J.-Y., and Nerurkar, A. P. 1997. An improved worst-case to average-case connection for lattice problems (extended abstract). In Proceedings of the 38th IEEE Symposium on Foundations of Computer Science. IEEE Computer Society Press, Los Alamitos, Calif., pp. 468--477.]]
[6]
Ebeling, W. 2002. Lattices and codes, Advanced Lectures in Mathematics. Friedr. Vieweg & Sohn, Braunschweig. Revised edition. (A course partially based on lectures by F. Hirzebruch.)]]
[7]
Ettinger, M., and Høyer, P. 2000. On quantum algorithms for noncommutative hidden subgroups. Adv. in Appl. Math. 25, 3, 239--251.]]
[8]
Friedl, K., Ivanyos, G., Magniez, F., Santha, M., and Sen, P. 2003. Hidden translation and orbit coset in quantum computing. In Proceedings of the 35th ACM Symposium on Theory of Computing. ACM, New York, 1--9.]]
[9]
Goldreich, O., Goldwasser, S., and Halevi, S. 1996. Collision-free hashing from lattice problems. In ECCCTR: Electronic Colloquium on Computational Complexity (technical reports).]]
[10]
Goldreich, O., Goldwasser, S., and Halevi, S. 1997a. Eliminating decryption errors in the Ajtai-Dwork cryptosystem. In Advances in Cryptology. Lecture Notes in Computer Science, vol. 1294. Springer-Verlag, New York, pp. 105--111.]]
[11]
Goldreich, O., Goldwasser, S., and Halevi, S. 1997b. Public-key cryptosystems from lattice reduction problems. In Advances in Cryptology. Lecture Notes in Computer Science, vol. 1294. Springer-Verlag, New York, pp. 112--131.]]
[12]
Goldreich, O., Micciancio, D., Safra, S., and Seifert, J.-P. 1999. Approximating shortest lattice vectors is not harder than approximating closest lattice vectors. Inf. Proc. Lett. 71, 2, 55--61.]]
[13]
Grigni, M., Schulman, L. J., Vazirani, M., and Vazirani, U. V. 2001. Quantum mechanical algorithms for the non-Abelian hidden subgroup problem. In Proceedings of the 33rd ACM Symposium on Theory of Computing. ACM, New York, 68--74.]]
[14]
Hallgren, S., Russell, A., and Ta-Shma, A. 2000. Normal subgroup reconstruction and quantum computation using group representations. In Proceedings of the 32nd ACM Symposium on Theory of Computing. ACM, New York, 627--635.]]
[15]
Hoffstein, J., Pipher, J., and Silverman, J. H. 1998. NTRU: A ring-based public key cryptosystem. In Algorithmic Number Theory. Lecture Notes in Computer Science, vol. 1423. Springer-Verlag, New York, pp. 267--288.]]
[16]
Impagliazzo, R., and Naor, M. 1996. Efficient cryptographic schemes provably as secure as subset sum. J. Crypt. 9, 4, 199--216.]]
[17]
Johannes, K., Uwe, S., and Jacobo, T. 1993. The graph isomorphism problem: Its structural complexity. Birkhäuser Boston Inc., Boston, Mass.]]
[18]
Kuperberg, G. 2003. A subexponential-time quantum algorithm for the dihedral hidden subgroup problem. In quant-ph/0302112, http://xxx.lanl.gov.]]
[19]
Lenstra, A. K., Lenstra, Jr., H. W., and Lovász, L. 1982. Factoring polynomials with rational coefficients. Math. Ann. 261, 4, 515--534.]]
[20]
Micciancio, D. 2001. Improving lattice based cryptosystems using the hermite normal form. In Cryptography and Lattices Conference (CaLC) (Providence, R. I., Mar.). Lecture Notes in Computer Science, vol. 2146, Springer-Verlag, New York, pp. 126--145.]]
[21]
Micciancio, D. 2002a. Generalized compact knapsacks, cyclic lattices, and efficient one-way functions from worst-case complexity assumptions. In Proceedings of the 43rd IEEE Symposium on Foundations of Computer Science (Vancouver, B. C. Canada, Nov.). IEEE Computer Society Press, Los Alamitos, Calif.]]
[22]
Micciancio, D. 2002b. Improved cryptographic hash functions with worst-case/average-case connection. In Proceedings of the 34th ACM Symposium on Theory of Computing (Montreal, Ont., Canada). ACM, New York, 609--618.]]
[23]
Micciancio, D., and Goldwasser, S. 2002. Complexity of Lattice Problems: A Cryptographic Perspective. The Kluwer International Series in Engineering and Computer Science, vol. 671. Kluwer, Boston, Mass.]]
[24]
Micciancio, D., and Regev, O. 2004. Worst-case to average-case reductions based on Gaussian measures. In Proceedings of the 45th Annual IEEE Symposium on Foundations of Computer Science. IEEE Computer Society Press, Los Alamitos, Calif., pp. 372--381.]]
[25]
Regev, O. 2002. Quantum computation and lattice problems. In Proceedings of the 43rd IEEE Symposium on Foundations of Computer Science (Vancouver, B.C., Canada. Nov.). IEEE Computer Society Press, Los Alamitos, Calif.]]
[26]
Rötteler, M., and Beth, T. 1998. Polynomial-time solution to the hidden subgroup problem for a class of non-Abelian groups. In quant-ph/9812070, http://xxx.lanl.gov.]]
[27]
Shor, P. W. 1997. Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26, 5, 1484--1509.]]
[28]
Štefankovič, D. 2003 Fourier transforms in computer science. Master's Thesis TR-2002-03. Dept. Comput. Sci., University of Chicago, Chicago, Ill.]]

Cited By

View all
  • (2025)Lattice-Based CryptographyEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_417(1400-1403)Online publication date: 8-Jan-2025
  • (2024)Lattice-Based Threshold Secret Sharing Scheme and Its Applications: A SurveyElectronics10.3390/electronics1302028713:2(287)Online publication date: 8-Jan-2024
  • (2024)A Quantum-Resistant Identity Authentication and Key Agreement Scheme for UAV Networks Based on Kyber AlgorithmDrones10.3390/drones80803598:8(359)Online publication date: 30-Jul-2024
  • Show More Cited By

Index Terms

  1. New lattice-based cryptographic constructions

    Recommendations

    Reviews

    Attila Pethö

    For a constant c , the n c unique shortest vector problem ( n c-uSVP) is defined as follows: we are asked to find the shortest nonzero vector in an n -dimensional lattice, with the promise that it is shorter by a factor of n c than all other nonparallel vectors. Ajtai and Dwork [1] presented a public key cryptosystem based on the worst-case hardness of O ( n 8)-uSVP. The main result of this paper is a new public key cryptosystem whose security is based on O ( n {1.5})-uSVP. This is a major improvement to the cryptosystem of Ajtai and Dwork. Its description is surprisingly simple, in that it essentially consists only of numbers modulo some large number N . In addition to the result, the method of the proof is very interesting; it is a reduction from the O ( n {1.5})-uSVP to the problem of distinguishing between two types of distributions on the segment [0,1). The main tool of the reduction is Fourier analysis on lattices. The second result is the construction of a family of collision resistant hash functions, whose security is again based on the worst-case hardness of O ( n {1.5})-uSVP. The third result, which is proven by the new method, is related to the dihedral hidden subgroup problem, which is a central problem in quantum computation. Online Computing Reviews Service

    Access critical reviews of Computing literature here

    Become a reviewer for Computing Reviews.

    Comments

    Information & Contributors

    Information

    Published In

    cover image Journal of the ACM
    Journal of the ACM  Volume 51, Issue 6
    November 2004
    191 pages
    ISSN:0004-5411
    EISSN:1557-735X
    DOI:10.1145/1039488
    Issue’s Table of Contents

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 01 November 2004
    Published in JACM Volume 51, Issue 6

    Permissions

    Request permissions for this article.

    Check for updates

    Author Tags

    1. Lattice
    2. average-case hardness
    3. cryptography
    4. public key encryption
    5. quantum computing

    Qualifiers

    • Article

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • Downloads (Last 12 months)95
    • Downloads (Last 6 weeks)8
    Reflects downloads up to 13 Jan 2025

    Other Metrics

    Citations

    Cited By

    View all
    • (2025)Lattice-Based CryptographyEncyclopedia of Cryptography, Security and Privacy10.1007/978-3-030-71522-9_417(1400-1403)Online publication date: 8-Jan-2025
    • (2024)Lattice-Based Threshold Secret Sharing Scheme and Its Applications: A SurveyElectronics10.3390/electronics1302028713:2(287)Online publication date: 8-Jan-2024
    • (2024)A Quantum-Resistant Identity Authentication and Key Agreement Scheme for UAV Networks Based on Kyber AlgorithmDrones10.3390/drones80803598:8(359)Online publication date: 30-Jul-2024
    • (2024)Lattice-Based Post-Quantum Public Key Encryption Scheme Using ElGamal’s PrinciplesCryptography10.3390/cryptography80300318:3(31)Online publication date: 8-Jul-2024
    • (2024)Protecting Instant Messaging Notifications against Physical Attacks: A Novel Instant Messaging Notification Protocol Based on Signal ProtocolApplied Sciences10.3390/app1414634814:14(6348)Online publication date: 21-Jul-2024
    • (2024)Fine-grained hardness of the unique shortest vector problem in latticesSCIENTIA SINICA Informationis10.1360/SSI-2024-014554:12(2727)Online publication date: 22-Nov-2024
    • (2024)Private detection of relatives in forensic genomics using homomorphic encryptionBMC Medical Genomics10.1186/s12920-024-02037-917:1Online publication date: 19-Nov-2024
    • (2024)Scabbard: An Exploratory Study on Hardware Aware Design Choices of Learning with Rounding-based Key Encapsulation MechanismsACM Transactions on Embedded Computing Systems10.1145/369620824:1(1-40)Online publication date: 20-Sep-2024
    • (2024)Identity-Based Encryption With Disjunctive, Conjunctive and Range Keyword Search From LatticesIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.345964619(8644-8657)Online publication date: 1-Jan-2024
    • (2024)A Fast RLWE-Based IPFE Library and its Application to Privacy-Preserving Biometric AuthenticationIEEE Transactions on Emerging Topics in Computing10.1109/TETC.2023.326800312:1(344-356)Online publication date: Jan-2024
    • Show More Cited By

    View Options

    Login options

    Full Access

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    Media

    Figures

    Other

    Tables

    Share

    Share

    Share this Publication link

    Share on social media