Public-key cryptosystems from lattice reduction problems

  • Oded Goldreich
  • Shafi Goldwasser
  • Shai Halevi
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1294)


We present a new proposal for a trapdoor one-way function, from which we derive public-key encryption and digital signatures. The security of the new construction is based on the conjectured computational difficulty of lattice-reduction problems, providing a possible alternative to existing public-key encryption algorithms and digital signatures such as RSA and DSS.


Public-Key Cryptosystems Lattice Reduction Problems 


  1. 1.
    M. Ajtai. Generating hard instances of lattice problems. In Proceedings of the 28th Annual ACM Symposium on Theory of Computing, pages 99–108, 1996.Google Scholar
  2. 2.
    M. Ajtai and C. Dwork. A Public-Key Cryptosystem with Worst-Case/Average-Case Equivalence, In 29th ACM Symposium on Theory of Computing, pages 284–293, 1997.Google Scholar
  3. 3.
    S. Arora, L. Babai, J. Stern, and Z. Sweedyk. The hardness of approximate optimia in lattices, codes, and systems of linear equations. In Journal of Computer and System Sciences, 54(2), pages 317–331, 1997.zbMATHCrossRefMathSciNetGoogle Scholar
  4. 4.
    L. Babai, On Lovász lattice reduction and the nearest lattice point problem, in Combinatorica, vol. 6, 1986, pp. 1–13.zbMATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    M. Blum and S. Goldwasser. An Efficient Probabilistic Public-Key Encryption Scheme which Hides All Partial Information, in Proceedings of CRYPTO '84, Springer-Verlag, 1985, pp. 289–299.Google Scholar
  6. 6.
    P. van Emde Boas, Another NP-complete problem and the complexity of computing short vectors in a lattice. Reprot 81-04, Mathematische Instituut, University of Amsterdam, 1981.Google Scholar
  7. 7.
    Digital Signature Standard (DSS). FIPS PUB 186, 1994.Google Scholar
  8. 8.
    W. Diffie and M.E. Hellman. New Directions In Cryptography. IEEE Transactions on Information Theory, Vol IT-22, 1976, pp. 644–654.CrossRefMathSciNetGoogle Scholar
  9. 9.
    T. El-Gamal. A Public Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Trans. Information Theory, vol. 31, 1985, pp. 469–472zbMATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    O. Goldreich, S. Goldwasser and S. Halevi Collision-Free Hashing from Lattice Problems. Theory of Cryptography Library: Record 96-09. Available from Scholar
  11. 11.
    O. Goldreich, S. Goldwasser and S. Halevi Public-Key Cryptosystems from Lattice Reductions Problems. ECCC Report TR96-056. Available from Scholar
  12. 12.
    O. Goldreich and L.A. Levin A Hard-Core Predicate for All One-Way Functions Proceedings of the 21st ACM Symposium on Theory of Computing, 1989, pp. 25–32Google Scholar
  13. 13.
    S. Goldwasser and S. Micali, Probabilistic Encryption. Journal of Computer and System Sciences, Vol. 28, 1984, pp. 270–299.zbMATHCrossRefMathSciNetGoogle Scholar
  14. 14.
    S. Goldwasser, S. Micali and R.L. Rivest. A Digital Signature Scheme Secure Against Adaptive Chosen Message Attack. SIAM Journal on Computing, Vol. 17, no. 2, 1988, pp. 281–308.zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    R. Kannan. Algorithmic Geometry of Numbers. in Annual Review of Computer Science, vol. 2, 1987, Annual Reviews Inc.Google Scholar
  16. 16.
    The LiDIA project software-package and user-manual. Available from http: // Scholar
  17. 17.
    A.K. Lenstra, H.W. Lenstra, L. Lovász. Factoring polynomials with rational coefficients. Mathematische Annalen 261, 515–534 (1982).zbMATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    R.J. McEliece, A Public-Key Cryptosystem Based on Algebraic Coding Theory. DSN Progress Report 42-44, Jet Propulsion LaboratoryGoogle Scholar
  19. 19.
    M.O. Rabin, Digital Signatures and Public-Key Functions as Intractable as Factorization. Technical Report MIT/LCS/TR-212, M.I.T., 1978.Google Scholar
  20. 20.
    R.L. Rivest, A. Shamir and L. Adleman. A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM, Vol. 21, 1978, pp. 120–126.zbMATHCrossRefMathSciNetGoogle Scholar
  21. 21.
    C.P. Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. in Theoretical Computer Science, vol. 53, 1987, pp. 201–224zbMATHCrossRefMathSciNetGoogle Scholar
  22. 22.
    C.P. Schnorr and H.H. Horner, Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction, in Proceedings of EUROCRYPT '95, Louis C. Guillou and Jean-Jacques Quisquater, editors. Lecture Notes in Computer Science, volume 921, Springer-Verlag, 1995. pp. 1–12Google Scholar

Copyright information

© Springer-Verlag 1997

Authors and Affiliations

  • Oded Goldreich
    • 1
    • 2
  • Shafi Goldwasser
    • 1
    • 2
  • Shai Halevi
    • 1
    • 2
  1. 1.Weizmann Institute of ScienceIsrael
  2. 2.Laboratory for Computer ScienceMITIsrael

Personalised recommendations