Abstract
Gentry proposed a fully homomorphic public key encryption scheme that uses ideal lattices. He based the security of his scheme on the hardness of two problems: an average-case decision problem over ideal lattices, and the sparse (or “low-weight”) subset sum problem (SSSP).
We provide a key generation algorithm for Gentry’s scheme that generates ideal lattices according to a “nice” average-case distribution. Then, we prove a worst-case / average-case connection that bases Gentry’s scheme (in part) on the quantum hardness of the shortest independent vector problem (SIVP) over ideal lattices in the worst-case. (We cannot remove the need to assume that the SSSP is hard.) Our worst-case / average-case connection is the first where the average-case lattice is an ideal lattice, which seems to be necessary to support the security of Gentry’s scheme.
Chapter PDF
References
Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: STOC 1996, pp. 99–108 (1996)
Ajtai, M.: Generating hard instances of the short basis problem. In: Wiedermann, J., Van Emde Boas, P., Nielsen, M. (eds.) ICALP 1999. LNCS, vol. 1644, pp. 1–9. Springer, Heidelberg (1999)
Ajtai, M., Dwork, C.: A public key cryptosystem with worst-case / average-case equivalence. In: STOC 1997, pp. 284–293 (1997)
Alwen, J., Peikert, C.: Generating Shorter Bases for Hard Random Lattices. In: STACS 2009, pp. 75–86 (2009)
Bach, E., Shallit, J.: Algorithmic Number Theory, vol. 1 (1996)
Banaszczyk, W.: New bounds in some transference theorems in the geometry of numbers. Mathematische Annalen 296(4), 625–635 (1993)
Boyen, X.: Of Lettuces of Lattices: a Framework for Short Signatures and IBE with Full Security. PKC 2010 (to appear 2010)
Cai, J.-Y., Nerurkar, A.P.: An Improved Worst-Case to Average-Case Connection for Lattice Problems (extended abstract). In: FOCS 1997, pp. 468–477. IEEE, Los Alamitos (1997)
Cash, D., Hofheinz, D., Kiltz, E., Peikert, C.: Bonsai Trees, or How to Delegate a Lattice Basis. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 523–552. Springer, Heidelberg (2010)
Gentry, C.: Fully Homomorphic Encryption Using Ideal Lattices. In: STOC 2009, pp. 169–178 (2009)
Gentry, C.: A Fully Homomorphic Encryption Scheme. Ph.D. thesis, Stanford University (2009), http://crypto.stanford.edu/craig
Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for Hard Lattices and New Cryptographic Constructions. In: STOC 2008, pp. 197–206 (2008)
Kalai, A.: Generating Random Factored Numbers. Easily. J. Cryptology 16(4), 287–289 (2003); Preliminary version in SODA 2002 (2002)
Kaltofen, E., Shoup, V.: Subquadratic-time factoring of polynomials over finite fields. In: STOC 1995, pp. 398–406. ACM, New York (1995)
Landau, E.: Neuer Beweis des Primzahlsatzes und Beweis des Primidealsatzes. Mathematische Annalen 56, 645–670
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)
Lyubashevsky, V., Micciancio, D.: Generalized compact knapsacks are collision resistant. In: Bugliesi, M., Preneel, B., Sassone, V., Wegener, I. (eds.) ICALP 2006. LNCS, vol. 4052, pp. 144–155. Springer, Heidelberg (2006)
Lyubashevky, V., Micciancio, D.: Asymptotically efficient lattice-based digital signatures. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 37–54. Springer, Heidelberg (2008)
Lyubashevky, V., Micciancio, D.: On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 577–594. Springer, Heidelberg (2009)
Lyubashevky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010)
Micciancio, D.: Improving Lattice Based Cryptosystems Using the Hermite Normal Form. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 126–145. Springer, Heidelberg (2001)
Micciancio, D.: Improved cryptographic hash functions with worst-case / average-case connection. In: STOC 2002, pp. 609–618 (2002); Full version: Almost perfect lattices, the covering radius problem, and applications to Ajtai’s connection factor. SIAM Journal on Computing, 34(1):118–169 (2004)
Micciancio, D.: Generalized compact knapsacks, cyclic lattices, and efficient one-way functions from worst-case complexity assumptions. In: FOCS 2002, pp. 356–365 (2002)
Micciancio, D., Regev, O.: Worst-Case to Average-Case Reductions Based on Gaussian Measures. In: FOCS 2004, pp. 372–381 (2004); Full version: SIAM J. Comput., 37(1), 267–302 (2007)
Nguyen, P.Q., Stern, J.: Adapting Density Attacks to Low-Weight Knapsacks. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 41–58. Springer, Heidelberg (2005)
Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: STOC 2009, pp. 333–342. ACM, New York (2009)
Peikert, C., Rosen, A.: Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices. In: Halevi, S., Rabin, T. (eds.) TCC 2006. LNCS, vol. 3876, pp. 145–166. Springer, Heidelberg (2006)
Peikert, C., Rosen, A.: Lattices that Admit Logarithmic Worst-Case to Average-Case Connection Factors. In: Proc. of STOC 2007, pp. 478–487 (2007)
Regev, O.: New lattice-based cryptographic constructions. Journal of the ACM 51(6), 899–942 (2004); Extended abstract in STOC 2003 (2003)
Regev, O.: On Lattices, Learning with Errors, Random Linear Codes, and Cryptography. In: Proc. of STOC 2005, pp. 84–93 (2005)
Rivest, R., Adleman, L., Dertouzos, M.: On data banks and privacy homomorphisms. In: Foundations of Secure Computation, pp. 169–180 (1978)
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM Journal on Computing 26(5), 1484–1509 (1997); Extended abstract in FOCS 1994 (1994)
Stevenhagen, P.: The Arithmetic of Number Rings. In: Algorithmic Number Theory, vol. 44. MSRI Publications (2008); See also Stevenhagen’s course notes Number Rings
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gentry, C. (2010). Toward Basing Fully Homomorphic Encryption on Worst-Case Hardness. In: Rabin, T. (eds) Advances in Cryptology – CRYPTO 2010. CRYPTO 2010. Lecture Notes in Computer Science, vol 6223. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14623-7_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-14623-7_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14622-0
Online ISBN: 978-3-642-14623-7
eBook Packages: Computer ScienceComputer Science (R0)