Skip to main content
SpringerLink
Log in

The Two Faces of Lattices in Cryptology

  • Conference paper
  • First Online:
Cryptography and Lattices (CaLC 2001)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2146))

Included in the following conference series:

Abstract

Lattices are regular arrangements of points in n-dimensional space, whose study appeared in the 19th century in both number theory and crystallography. Since the appearance of the celebrated Lenstra-Lenstra-Lovász lattice basis reduction algorithm twenty years ago, lattices have had surprising applications in cryptology. Until recently, the applications of lattices to cryptology were only negative, as lattices were used to break various cryptographic schemes. Paradoxically, several positive cryptographic applications of lattices have emerged in the past five years: there now exist public-key cryptosystems based on the hardness of lattice problems, and lattices play a crucial rôle in a few security proofs. We survey the main examples of the two faces of lattices in cryptology.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. L. M. Adleman. On breaking generalized knapsack publick key cryptosystems. In Proc. of 15th STOC, pages 402–412. ACM, 1983.

    Google Scholar 

  2. L. M. Adleman. Factoring and lattice reduction. Unpublished manuscript, 1995.

    Google Scholar 

  3. M. Ajtai. Generating hard instances of lattice problems. In Proc. of 28th STOC, pages 99–108. ACM, 1996. Available at [47] as TR96-007.

    Google Scholar 

  4. M. Ajtai. The shortest vector problem in L2 is NP-hard for randomized reductions. In Proc. of 30th STOC. ACM, 1998. Available at [47] as TR97-047.

    Google Scholar 

  5. M. Ajtai and C. Dwork. A public-key cryptosystem with worst-case/average-case equivalence. In Proc. of 29th STOC, pages 284–293. ACM, 1997. Available at [47] as TR96-065.

    Google Scholar 

  6. M. Ajtai, R. Kumar, and D. Sivakumar. A sieve algorithm for the shortest lattice vector problem. In Proc. 33rd STOC, pages 601–610. ACM, 2001.

    Google Scholar 

  7. S. Arora, L. Babai, J. Stern, and Z. Sweedyk. The hardness of approximate optima in lattices, codes, and systems of linear equations. Journal of Computer and System Sciences, 54(2):317–331, 1997.

    Article  MATH  MathSciNet  Google Scholar 

  8. L. Babai. On Lovász lattice reduction and the nearest lattice point problem. Combinatorica, 6:1–13, 1986.

    Article  MATH  MathSciNet  Google Scholar 

  9. W. Banaszczyk. New bounds in some transference theorems in the geometry of numbers. Mathematische Annalen, 296:625–635, 1993.

    Article  MATH  MathSciNet  Google Scholar 

  10. M. Bellare, S. Goldwasser, and D. Micciancio. ”Pseudo-random” number generation within cryptographic algorithms: The DSS case. In Proc. of Crypto’97, volume 1294 of LNCS. IACR, Springer-Verlag, 1997.

    Google Scholar 

  11. M. Bellare and P. Rogaway. Optimal asymmetric encryption. In Proc. of Euro-crypt’94, volume 950 of LNCS, pages 92–111. IACR, Springer-Verlag, 1995.

    Google Scholar 

  12. D. Bleichenbacher. On the security of the KMOV public key cryptosystem. In Proc. of Crypto’97, volume 1294 of LNCS, pages 235–248. IACR, Springer-Verlag, 1997.

    Google Scholar 

  13. D. Bleichenbacher and P. Q. Nguyen. Noisy polynomial interpolation and noisy Chinese remaindering. In Proc. of Eurocrypt’ 00, volume 1807 of LNCS. IACR, Springer-Verlag, 2000.

    Google Scholar 

  14. J. Blömer and J.-P. Seifert. On the complexity of computing short linearly independent vectors and short bases in a lattice. In Proc. of 31st STOC. ACM, 1999.

    Google Scholar 

  15. D. Boneh. The decision Diffie-Hellman problem. In Algorithmic Number Theory-Proc. of ANTS-III, volume 1423 of LNCS. Springer-Verlag, 1998.

    Google Scholar 

  16. D. Boneh. Twenty years of attacks on the RSA cryptosystem. Notices of the AMS, 46(2):203–213, 1999.

    MATH  MathSciNet  Google Scholar 

  17. D. Boneh. Finding smooth integers in short intervals using CRT decoding. In Proc. of 32nd STOC. ACM, 2000.

    Google Scholar 

  18. D. Boneh. Simplified OAEP for the RSA and Rabin functions. In Proc. of Crypto 2001, LNCS. IACR, Springer-Verlag, 2001.

    Google Scholar 

  19. D. Boneh and G. Durfee. Cryptanalysis of RSA with private key d less than N0.292. In Proc. of Eurocrypt’99, volume 1592 of LNCS, pages 1–11. IACR, Springer-Verlag, 1999.

    Google Scholar 

  20. D. Boneh, G. Durfee, and Y. Frankel. An attack on RSA given a small fraction of the private key bits. In Proc. of Asiacrypt’98, volume 1514 of LNCS, pages 25–34. Springer-Verlag, 1998.

    Google Scholar 

  21. D. Boneh, G. Durfee, and N. A. Howgrave-Graham. Factoring n = p r q for large r. In Proc. of Crypto’99, volume 1666 of LNCS. IACR, Springer-Verlag, 1999.

    Google Scholar 

  22. D. Boneh, A. Joux, and P. Q. Nguyen. Why textbook ElGamal and RSA encryption are insecure. In Proc. of Asiacrypt’ 00, volume 1976 of LNCS. IACR, Springer-Verlag, 2000.

    Google Scholar 

  23. D. Boneh and I. E. Shparlinski. Hard core bits for the elliptic curve Diffie-Hellman secret. In Proc. of Crypto 2001, LNCS. IACR, Springer-Verlag, 2001.

    Google Scholar 

  24. D. Boneh and R. Venkatesan. Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In Proc. of Crypto’96, LNCS. IACR, Springer-Verlag, 1996.

    Google Scholar 

  25. D. Boneh and R. Venkatesan. Breaking RSA may not be equivalent to factoring. In Proc. of Eurocrypt’98, volume 1233 of LNCS, pages 59–71. Springer-Verlag, 1998.

    Google Scholar 

  26. V. Boyko, M. Peinado, and R. Venkatesan. Speeding up discrete log and factoring based schemes via precomputations. In Proc. of Eurocrypt’98, volume 1403 of LNCS, pages 221–235. IACR, Springer-Verlag, 1998.

    Google Scholar 

  27. E. F. Brickell. Solving low density knapsacks. In Proc. of Crypto’ 83. Plenum Press, 1984.

    Google Scholar 

  28. E. F. Brickell. Breaking iterated knapsacks. In Proc. of Crypto’ 84, volume 196 of LNCS. Springer-Verlag, 1985.

    Google Scholar 

  29. E. F. Brickell and A. M. Odlyzko. Cryptanalysis: A survey of recent results. In G. J. Simmons, editor, Contemporary Cryptology, pages 501–540. IEEE Press, 1991.

    Google Scholar 

  30. J.-Y. Cai. Some recent progress on the complexity of lattice problems. In Proc. of FCRC, 1999. Available at [47] as TR99-006.

    Google Scholar 

  31. J.-Y. Cai. The complexity of some lattice problems. In Proc. of ANTS-IV, volume 1838 of LNCS. Springer-Verlag, 2000.

    Google Scholar 

  32. J.-Y. Cai and T. W. Cusick. A lattice-based public-key cryptosystem. Information and Computation, 151:17–31, 1999.

    Article  MATH  MathSciNet  Google Scholar 

  33. J.-Y. Cai and A. P. Nerurkar. An improved worst-case to average-case connection for lattice problems. In Proc. of 38th FOCS, pages 468–477. IEEE, 1997.

    Google Scholar 

  34. S. Cavallar, B. Dodson, A. K. Lenstra, W. Lioen, P. L. Montgomery, B. Murphy, H. te Riele, K. Aardal, J. Gilchrist, G. Guillerm, P. Leyland, J. Marchand, F. Morain, A. Muffett, C. Putnam, and P. Zimmermann. Factorization of 512-bit RSA key using the number field sieve. In Proc. of Eurocrypt’ 00, volume 1807 of LNCS. IACR, Springer-Verlag, 2000.

    Google Scholar 

  35. B. Chor and R.L. Rivest. A knapsack-type public key cryptosystem based on arithmetic in finite fields. IEEE Trans. Inform. Theory, 34, 1988.

    Google Scholar 

  36. H. Cohen. A Course in Computational Algebraic Number Theory. Springer-Verlag, 1995. Second edition.

    Google Scholar 

  37. J.H. Conway and N.J.A. Sloane. Sphere Packings, Lattices and Groups. Springer-Verlag, 1998. Third edition.

    Google Scholar 

  38. D. Coppersmith. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. of Cryptology, 10(4):233–260, 1997. Revised version of two articles from Eurocrypt’96.

    Article  MATH  MathSciNet  Google Scholar 

  39. D. Coppersmith. Finding small solutions to small degree polynomials. In Proc. of CALC 2001, LNCS. Springer-Verlag, 2001.

    Google Scholar 

  40. D. Coppersmith and A. Shamir. Lattice attacks on NTRU. In Proc. of Eurocrypt’ 97, LNCS. IACR, Springer-Verlag, 1997.

    Google Scholar 

  41. M.J. Coster, A. Joux, B.A. LaMacchia, A.M. Odlyzko, C.-P. Schnorr, and J. Stern. Improved low-density subset sum algorithms. Comput. Complexity, 2:111–128, 1992.

    Article  MATH  MathSciNet  Google Scholar 

  42. C. Coupé, P. Q. Nguyen, and J. Stern. The effectiveness of lattice attacks against low-exponent RSA. In Proc. of PKC’98, volume 1431 of LNCS. Springer-Verlag, 1999.

    Google Scholar 

  43. W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Trans. Inform. Theory, IT-22:644–654, Nov 1976.

    Google Scholar 

  44. I. Dinur. Approximating SVP∞ to within almost-polynomial factors is NP-hard. Available at [47] as TR99-016.

    Google Scholar 

  45. I. Dinur, G. Kindler, and S. Safra. Approximating CVP to within almost-polynomial factors is NP-hard. In Proc. of 39th FOCS, pages 99–109. IEEE, 1998. Available at [47] as TR98-048.

    Google Scholar 

  46. G. Durfee and P. Q. Nguyen. Cryptanalysis of the RSA schemes with short secret exponent from Asiacrypt’99. In Proc. of Asiacrypt’ 00, volume 1976 of LNCS. IACR, Springer-Verlag, 2000.

    Google Scholar 

  47. ECCC. http://www.eccc.uni-trier.de/eccc/. The Electronic Colloquium on Computational Complexity.

  48. E. El Mahassni, P. Q. Nguyen, and I. E. Shparlinski. The insecurity of Nyberg-Rueppel and other DSA-like signature schemes with partially known nonces. In Proc. of CALC 2001, LNCS. Springer-Verlag, 2001.

    Google Scholar 

  49. P. van Emde Boas. Another NP-complete problem and the complexity of computing short vectors in a lattice. Technical report, Mathematische Instituut, University of Amsterdam, 1981. Report 81-04. Available at http://turing.wins.uva.nl/~peter/.

  50. R. Fischlin and J.-P. Seifert. Tensor-based trapdoors for CVP and their application to public key cryptography. In IMA Conference on Cryptography and Coding, LNCS. Springer-Verlag, 1999.

    Google Scholar 

  51. A. M. Frieze. On the Lagarias-Odlyzko algorithm for the subset sum problem. SI AM J. Comput, 15(2):536–539, 1986.

    Article  MATH  MathSciNet  Google Scholar 

  52. A. M. Frieze, J. Håstad, R. Kannan, J. C. Lagarias, and A. Shamir. Reconstructing truncated integer variables satisfying linear congruences. SI AM J. Comput., 17(2):262–280, 1988. Special issue on cryptography.

    Article  MATH  Google Scholar 

  53. E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is secure under the RSA assumption. In Proc. of Crypto 2001, LNCS. IACR, Springer-Verlag, 2001.

    Google Scholar 

  54. M. L. Furst and R. Kannan. Succinct certificates for almost all subset sum problems. SIAM J. Comput, 18(3):550–558, 1989.

    Article  MATH  MathSciNet  Google Scholar 

  55. C.F. Gauss. Disquisitiones Arithmeticæ, Leipzig, 1801.

    Google Scholar 

  56. C. Gentry. Key recovery and message attacks on NTRU-composite. In Proc. of Eurocrypt 2001, volume 2045 of LNCS. IACR, Springer-Verlag, 2001.

    Google Scholar 

  57. M. Girault and J.-F. Misarsky. Cryptanalysis of countermeasures proposed for repairing ISO 9796-1. In Proc. of Eurocrypt’ w00, volume 1807 of LNCS. IACR, Springer-Verlag, 2000.

    Google Scholar 

  58. O. Goldreich and S. Goldwasser. On the limits of non-approximability of lattice problems. In Proc. of 30th STOC. ACM, 1998. Available at [47] as TR97-031.

    Google Scholar 

  59. O. Goldreich, S. Goldwasser, and S. Halevi. Challenges for the GGH cryptosystem. Available at http://theory.lcs.mit.edu/ shaih/challenge.html.

  60. O. Goldreich, S. Goldwasser, and S. Halevi. Eliminating decryption errors in the Ajtai-Dwork cryptosystem. In Proc. of Crypto’97, volume 1294 of LNCS, pages 105–111. IACR, Springer-Verlag, 1997. Available at [47] as TR97-018.

    Google Scholar 

  61. O. Goldreich, S. Goldwasser, and S. Halevi. Public-key cryptosystems from lattice reduction problems. In Proc. of Crypto’97, volume 1294 of LNCS, pages 112–131. IACR, Springer-Verlag, 1997. Available at [47] as TR96-056.

    Google Scholar 

  62. O. Goldreich, D. Micciancio, S. Safra, and J.-P. Seifert. Approximating shortest lattice vectors is not harder than approximating closest lattice vectors, 1999. Available at [47] as TR99-002.

    Google Scholar 

  63. M. I. González Vasco and I. E. Shparlinski. On the security of Diffie-Hellman bits. In K.-Y. Lam, I. E. Shparlinski, H. Wang, and C. Xing, editors, Proc. Workshop on Cryptography and Comp. Number Theory (CCNT’99). Birkhauser, 2000.

    Google Scholar 

  64. M. Grötschel, L. Lovász, and A. Schrijver. Geometric Algorithms and Combinatorial Optimization. Springer-Verlag, 1993.

    Google Scholar 

  65. M. Gruber and C. G. Lekkerkerker. Geometry of Numbers. North-Holland, 1987.

    Google Scholar 

  66. J. Håstad. Solving simultaneous modular equations of low degree. SIAM J. Comput., 17(2):336–341, April 1988. Preliminary version in Proc. of Crypto’ 85.

    Google Scholar 

  67. B. Helfrich. Algorithms to construct Minkowski reduced and Hermite reduced bases. Theoretical Computer Science, 41:125–139, 1985.

    Article  MATH  MathSciNet  Google Scholar 

  68. C. Hermite. Extraits de lettres de M. Hermite à M. Jacobi sur différents objets de la théorie des nombres, deuxième lettre. J. Reine Angew. Math., 40:279–290, 1850. Also available in the first volume of Hermite’s complete works, published by Gauthier-Villars.

    Google Scholar 

  69. J. Hoffstein, J. Pipher, and J.H. Silverman. NTRU: a ring based public key cryptosystem. In Proc. of ANTS III, volume 1423 of LNCS, pages 267–288. Springer-Verlag, 1998. Additional information at http://www.ntru.com.

    Google Scholar 

  70. N. A. Howgrave-Graham. Finding small roots of univariate modular equations revisited. In Cryptography and Coding, volume 1355 of LNCS, pages 131–142. Springer-Verlag, 1997.

    Chapter  Google Scholar 

  71. N. A. Howgrave-Graham. Computational Mathematics Inspired by RSA. PhD thesis, University of Bath, 1998.

    Google Scholar 

  72. N. A. Howgrave-Graham. Approximate integer common divisors. In Proc. of CALC 2001, LNCS. Springer-Verlag, 2001.

    Google Scholar 

  73. N. A. Howgrave-Graham and N. P. Smart. Lattice attacks on digital signature schemes. Technical report, HP Labs, 1999. HPL-1999-90. To appear in Designs, Codes and Cryptography.

    Google Scholar 

  74. E. Jaulmes and A. Joux. A chosen ciphertext attack on NTRU. In Proc. of Crypto 2000, volume 1880 of LNCS. IACR, Springer-Verlag, 2000.

    Google Scholar 

  75. A. Joux and J. Stern. Lattice reduction: A toolbox for the cryptanalyst. J. of Cryptology, 11:161–185, 1998.

    Article  MATH  MathSciNet  Google Scholar 

  76. C. S. Jutla. On finding small solutions of modular multivariate polynomial equations. In Proc. of Eurocrypt’98, volume 1403 of LNCS, pages 158–170. IACR, Springer-Verlag, 1998.

    Google Scholar 

  77. R. Kannan. Improved algorithms for integer programming and related lattice problems. In Proc. of 15th STOC, pages 193–206. ACM, 1983.

    Google Scholar 

  78. R. Kannan. Algorithmic geometry of numbers. Annual review of computer science, 2:231–267, 1987.

    Article  MathSciNet  Google Scholar 

  79. R. Kannan. Minkowski’s convex body theorem and integer programming. Math. Oper. Res., 12(3):415–440, 1987.

    MATH  MathSciNet  Google Scholar 

  80. P. Klein. Finding the closest lattice vector when it’s unusually close. In Proc. of SODA’ 00. ACM-SIAM, 2000.

    Google Scholar 

  81. S. V. Konyagin and T. Seger. On polynomial congruences. Mathematical Notes, 55(6):596–600, 1994.

    Article  MathSciNet  Google Scholar 

  82. A. Korkine and G. Zolotareff. Sur les formes quadratiques positives ternaires. Math. Ann., 5:581–583, 1872.

    Article  MathSciNet  Google Scholar 

  83. A. Korkine and G. Zolotareff. Sur les formes quadratiques. Math. Ann., 6:336–389, 1873.

    Article  MathSciNet  Google Scholar 

  84. J. C. Lagarias. Point lattices. In R. Graham, M. Grötschel, and L. Lovász, editors, Handbook of Combinatorics, volume 1, chapter 19. Elsevier, 1995.

    Google Scholar 

  85. J. C. Lagarias and A. M. Odlyzko. Solving low-density subset sum problems. Journal of the Association for Computing Machinery, January 1985.

    Google Scholar 

  86. L. Lagrange. Recherches d’arithm’etique. Nouv. Mém. Acad., 1773.

    Google Scholar 

  87. A. K. Lenstra and H. W. Lenstra, Jr. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, 1993.

    Google Scholar 

  88. A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovász. Factoring polynomials with rational coefficients. Mathematische Ann., 261:513–534, 1982.

    Google Scholar 

  89. H. W. Lenstra, Jr. Integer programming with a fixed number of variables. Technical report, Mathematisch Instituut, Universiteit van Amsterdam, April 1981. Report 81-03.

    Google Scholar 

  90. H. W. Lenstra, Jr. Integer programming with a fixed number of variables. Math. Oper. Res., 8(4):538–548, 1983.

    Article  MATH  MathSciNet  Google Scholar 

  91. L. Lovász. An Algorithmic Theory of Numbers, Graphs and Convexity, volume 50. SIAM Publications, 1986. CBMS-NSF Regional Conference Series in Applied Mathematics.

    Google Scholar 

  92. J. Martinet. Les Réseaux Parfaits des Espaces Euclidiens. Éditions Masson, 1996. English translation to appear at Springer-Verlag.

    Google Scholar 

  93. J. E. Mazo and A. M. Odlyzko. Lattice points in high-dimensional spheres. Monatsh. Math., 110:47–61, 1990.

    Article  MATH  MathSciNet  Google Scholar 

  94. R.J. McEliece. A public-key cryptosystem based on algebraic number theory. Technical report, Jet Propulsion Laboratory, 1978. DSN Progress Report 42-44.

    Google Scholar 

  95. A. Menezes, P. Van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.

    Google Scholar 

  96. R. Merkle and M. Hellman. Hiding information and signatures in trapdoor knapsacks. IEEE Trans. Inform. Theory, IT-24:525–530, September 1978.

    Google Scholar 

  97. D. Micciancio. On the Hardness of the Shortest Vector Problem. PhD thesis, Massachusetts Institute of Technology, 1998.

    Google Scholar 

  98. D. Micciancio. The shortest vector problem is NP-hard to approximate within some constant. In Proc. of 39th FOCS. IEEE, 1998. Available at [47] as TR98-016.

    Google Scholar 

  99. D. Micciancio. Lattice based cryptography: A global improvement. Technical report, Theory of Cryptography Library, 1999. Report 99-05.

    Google Scholar 

  100. D. Micciancio. The hardness of the closest vector problem with preprocessing. IEEE Trans. Inform. Theory, 47(3):1212–1215, 2001.

    Article  MATH  MathSciNet  Google Scholar 

  101. D. Micciancio. Improving lattice-based cryptosystems using the Hermite normal form. In Proc. of CALC 2001, LNCS. Springer-Verlag, 2001.

    Google Scholar 

  102. J. Milnor and D. Husemoller. Symmetric Bilinear Forms. Springer-Verlag, 1973.

    Google Scholar 

  103. H. Minkowski. Geometrie der Zahlen. Teubner-Verlag, Leipzig, 1896.

    Google Scholar 

  104. J.-F. Misarsky. A multiplicative attack using LLL algorithm on RSA signatures with redundancy. In Proc. of Crypto’97, volume 1294 of LNCS, pages 221–234. IACR, Springer-Verlag, 1997.

    Google Scholar 

  105. P. L. Montgomery. Square roots of products of algebraic numbers. In Walter Gautschi, editor, Mathematics of Computation 1943-1993: a Half-Century of Computational Mathematics, Proc. of Symposia in Applied Mathematics, pages 567–571. American Mathematical Society, 1994.

    Google Scholar 

  106. National Institute of Standards and Technology (NIST). FIPS Publication 186: Digital Signature Standard, May 1994.

    Google Scholar 

  107. P. Q. Nguyen. A Montgomery-like square root for the number field sieve. In Algorithmic Number Theory-Proc. of ANTS-III, volume 1423 of LNCS. Springer-Verlag, 1998.

    Chapter  Google Scholar 

  108. P. Q. Nguyen. Cryptanalysis of the Goldreich-Goldwasser-Halevi cryptosystem from Crypto’97. In Proc. of Crypto’99, volume 1666 of LNCS, pages 288–304. IACR, Springer-Verlag, 1999.

    Google Scholar 

  109. P. Q. Nguyen. La Géométrie des Nombres en Cryptologie. PhD thesis, Université Paris 7, November 1999. Available at http://www.di.ens.fr/~pnguyen/.

  110. P. Q. Nguyen. The dark side of the hidden number problem: Lattice attacks on DSA. In K.-Y. Lam, I. E. Shparlinski, H. Wang, and C. Xing, editors, Proc. Workshop on Cryptography and Comp. Number Theory (CCNT’99). Birkhauser, 2000.

    Google Scholar 

  111. P. Q. Nguyen and I. E. Shparlinski. The insecurity of the Digital Signature Algorithm with partially known nonces. J. of Cryptology, 2001. To appear.

    Google Scholar 

  112. P. Q. Nguyen and I. E. Shparlinski. The insecurity of the elliptic curve Digital Signature Algorithm with partially known nonces. Preprint, 2001.

    Google Scholar 

  113. P. Q. Nguyen and J. Stern. Merkle-Hellman revisited: a cryptanalysis of the Qu-Vanstone cryptosystem based on group factorizations. In Proc. of Crypto’97, volume 1294 of LNCS, pages 198–212. IACR, Springer-Verlag, 1997.

    Google Scholar 

  114. P. Q. Nguyen and J. Stern. Cryptanalysis of a fast public key cryptosystem presented at SAC’ 97. In Selected Areas in Cryptography-Proc. of SAC’98, volume 1556 of LNCS. Springer-Verlag, 1998.

    Google Scholar 

  115. P. Q. Nguyen and J. Stern. Cryptanalysis of the Ajtai-Dwork cryptosystem. In Proc. of Crypto’98, volume 1462 of LNCS, pages 223–242. IACR, Springer-Verlag, 1998.

    Google Scholar 

  116. P. Q. Nguyen and J. Stern. The Béguin-Quisquater server-aided RSA protocol from Crypto’ 95 is not secure. In Proc. of Asiacrypt’98, volume 1514 of LNCS, pages 372–379. Springer-Verlag, 1998.

    Google Scholar 

  117. P. Q. Nguyen and J. Stern. The hardness of the hidden subset sum problem and its cryptographic implications. In Proc. of Crypto’ 99, volume 1666 of LNCS, pages 31–46. IACR, Springer-Verlag, 1999.

    Google Scholar 

  118. P. Q. Nguyen and J. Stern. Lattice reduction in cryptology: An update. In Proc. of ANTS-IV, volume 1838 of LNCS. Springer-Verlag, 2000.

    Google Scholar 

  119. A. M. Odlyzko. The rise and fall of knapsack cryptosystems. In Cryptology and Computational Number Theory, volume 42 of Proc. of Symposia in Applied Mathematics, pages 75–88. A.M.S., 1990.

    Google Scholar 

  120. R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.

    Article  MATH  MathSciNet  Google Scholar 

  121. C. P. Schnorr. A hierarchy of polynomial lattice basis reduction algorithms. Theoretical Computer Science, 53:201–224, 1987.

    Article  MATH  MathSciNet  Google Scholar 

  122. C. P. Schnorr. A more efficient algorithm for lattice basis reduction. J. of algorithms, 9(1):47–62, 1988.

    Article  MATH  MathSciNet  Google Scholar 

  123. C. P. Schnorr. Factoring integers and computing discrete logarithms via diophantine approximation. In Proc. of Eurocrypt’91, volume 547 of LNCS, pages 171–181. IACR, Springer-Verlag, 1991.

    Google Scholar 

  124. C. P. Schnorr and M. Euchner. Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Programming, 66:181–199, 1994.

    Article  MathSciNet  Google Scholar 

  125. C. P. Schnorr and H. H. Hörner. Attacking the Chor-Rivest cryptosystem by improved lattice reduction. In Proc. of Eurocrypt’95, volume 921 of LNCS, pages 1–12. IACR, Springer-Verlag, 1995.

    Google Scholar 

  126. A. Shamir. A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem. In Proc. of 23rd FOCS, pages 145–152. IEEE, 1982.

    Google Scholar 

  127. V. Shoup. Number Theory C++ Library (NTL) version 3.6. Available at http://www.shoup.net/ntl/

  128. V. Shoup. OAEP reconsidered. In Proc. of Crypto 2001, LNCS. IACR, Springer-Verlag, 2001.

    Google Scholar 

  129. I. E. Shparlinski. On the generalized hidden number problem and bit security of XTR. In Proc. of 14th Symp. on Appl. Algebra, Algebraic Algorithms, and Error-Correcting Codes, LNCS. Springer-Verlag, 2001.

    Google Scholar 

  130. I. E. Shparlinski. Sparse polynomial approximation in finite fields. In Proc. 33rd STOC. ACM, 2001.

    Google Scholar 

  131. C. L. Siegel. Lectures on the Geometry of Numbers. Springer-Verlag, 1989.

    Google Scholar 

  132. B. Vallée. La réduction des réseaux. autour de l’algorithme de Lenstra, Lenstra, Lovász. RAIRO Inform. Théor. Appl, 23(3):345–376, 1989.

    MathSciNet  MATH  Google Scholar 

  133. B. Vallée, M. Girault, and P. Toffin. How to guess l-th roots modulo n by reducing lattice bases. In Proc. of AAEEC-6, volume 357 of LNCS, pages 427–442. Springer-Verlag, 1988.

    Google Scholar 

  134. S. A. Vanstone and R. J. Zuccherato. Short RSA keys and their generation. J. of Cryptology, 8(2):101–114, 1995.

    MATH  Google Scholar 

  135. S. Vaudenay. Cryptanalysis of the Chor-Rivest cryptosystem. In Proc. of Crypto’98, volume 1462 of LNCS. IACR, Springer-Verlag, 1998.

    Google Scholar 

  136. E. R. Verheul. Certificates of recoverability with scalable recovery agent security. In Proc. ofPKC’00, LNCS. Springer-Verlag, 2000.

    Google Scholar 

  137. M. Wiener. Cryptanalysis of short RSA secret exponents. IEEE Trans. Inform. Theory, 36(3):553–558, 1990.

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Département d’Informatique, École Normale Supérieure, 45 rue d’Ulm, 75005, Paris, France

    Phong Q. Nguyen & Jacques Stern

Authors
  1. Phong Q. Nguyen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jacques Stern
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Mathematics Department, Brown University, Box 1917, Providence, RI, 02912, USA

    Joseph H. Silverman

Rights and permissions

Reprints and permissions

Copyright information

© 2001 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Nguyen, P.Q., Stern, J. (2001). The Two Faces of Lattices in Cryptology. In: Silverman, J.H. (eds) Cryptography and Lattices. CaLC 2001. Lecture Notes in Computer Science, vol 2146. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44670-2_12

Download citation

  • DOI: https://doi.org/10.1007/3-540-44670-2_12

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-42488-8

  • Online ISBN: 978-3-540-44670-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation