Lattices and cryptography: An overview

  • Jacques Stern
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 1431)


We briefly discuss the history of lattices and cryptography during the last fifteen years.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [ABSS97]
    S. Arora, L. Babai, J. Stern, and Z. Sweedyk. The hardness of approximate optima in lattices, codes, and systems of linear equations. Journal of Computer and System Sciences, 54(2):317–331, 1997.CrossRefMathSciNetMATHGoogle Scholar
  2. [AD97]
    M. Ajtai and C. Dwork. A public-key cryptosystem with worst-case/average-case equivalence. In Proc. 29th ACM Symposium on Theory of Computing, pages 284–293, 1997.Google Scholar
  3. [Adl83]
    L. M. Adleman. On breaking generalized knapsack public key cryptosystems. In Proc. 15th ACM Symposium on Theory of Computing, pages 402–412, 1983.Google Scholar
  4. [Ajt96]
    M. Ajtai. Generating hard instances of lattice problems. In Proc. 28th ACM Symposium on Theory of Computing, pages 99–108, 1996.Google Scholar
  5. [Ajt97]
    M. Ajtai. The shortest vector problem in L 2 is NP-hard for randomized reductions. Unpublished manuscript, May 1997.Google Scholar
  6. [Bab86]
    L. Babai. On Lovász lattice reduction and the nearest lattice point problem. Combinatorial, 6:1–13, 1986.MATHMathSciNetGoogle Scholar
  7. [Boa81]
    P. van Emde Boas. Another NP-complete problem and the complexity of computing short vectors in a lattice. Technical report, Mathematische Institute, University of Amsterdam, 1981. Report 81-04.Google Scholar
  8. [Bri84]
    E. F. Brickell. Solving low density knapsacks. In D. C. Chaum, editor, Proceedings of CRYPTO 83, pages 25–37. Plenum Press, New York, 1984.Google Scholar
  9. [Bri85]
    E. F. Brickell. Breaking iterated knapsacks. In G. R. Blakley and D. C. Chaum, editors, Proceedings CRYPTO'84, pages 342–358. Springer, 1985. Lecture Notes in Computer Science No. 196.Google Scholar
  10. [CJL+92]
    M. J. Coster, A. Joux, B. A. LaMacchia, A. Odlyzko, C.-P. Schnorr, and J. Stern. Improved low-density subset sum algorithms. Computational Complexity, 2:11–28, 1992.CrossRefMathSciNetGoogle Scholar
  11. [CJS91]
    Y. M. Chee, A. Joux, and J. Stern. The cryptanalysis of a new public-key cryptosystem based on modular knapsacks. In J. Feigenbaum, editor, Advances in Cryptology: Proceedings of Crypto'91, volume 576 of LNCS, pages 204–212. Springer-Verlag, 1991.Google Scholar
  12. [CN97]
    J.-Y. Cai and A. P. Nerurkar. An improved worst-case to average-case connection for lattice problems. In Proc. 38th IEEE Conference on Foundations of Computer Science, pages 468–477, 1997.Google Scholar
  13. [Cop96]
    D. Coppersmith. Finding a small root of a univariate modular equation. In U. Maurer, editor, Proceedings of EUROCRYPT'96, pages 155–165. Springer, 1996. Lecture Notes in Computer Science No. 1070.Google Scholar
  14. [CS97]
    D. Coppersmith and A. Shamir. Lattice attacks on NTRU. In W. Fumy, editor, Proceedings of EUROCRYPT 97, pages 52–61. Springer, 1997. Lecture Notes in Computer Science No. 1233.Google Scholar
  15. [FHK+88]
    A. M. Frieze, J. Hastad, R. Kannan, J. C. Lagarias, and A. Shamir. Reconstructing truncated integer variables satisfying linear congruences. SIAM J. Computing, 17(2):262–280, April 1988.CrossRefMathSciNetMATHGoogle Scholar
  16. [Gau01]
    C.F. Gauss. Disquisitiones arithmeticae. Leipzig, 1801.Google Scholar
  17. [GG]
    O. Goldreich and S. Goldwasser. On the limits of non-approximability of lattice problems. Preprint. Revision of ECCC Report TR97-031, Oct 16, 1997. Can be found at Scholar
  18. [GGH97]
    O. Goldreich, S. Goldwasser, and S. Halevy. Public-key cryptography from lattice reduction problems. In Proc. CRYPTO'97, volume 1294 of LNCS, pages 112–131, 1997.Google Scholar
  19. [GM97]
    M. Girault and J.-F. Misarsky. Selective forgeries of RSA signatures using redundancy. In W. Fumy, editor, Proceedings of EUROCRYPT 97, volume 1233 of Lecture Notes in Computer Science, pages 495–507. Springer-Verlag, 1997.Google Scholar
  20. [Her50]
    C. Hermite. Extraits de lettres de M. Hermite à M. Jacobi sur différents objets de la théorie des nombres, deuxième lettre. J. Reine Angew. Math, 40:279–290, 1850.Google Scholar
  21. [JS91]
    A. Joux and J. Stern. Cryptanalysis of another knapsack cryptosystem. In Advances in Cryptology: Proceedings of AsiaCrypt'91, volume 739 of Lecture Notes in Computer Science, pages 470–476. Springer-Verlag, 1991.Google Scholar
  22. [KZ73]
    A. Korkine and G. Zolotarev. Sur les formes quadratiques. Math. Ann., 6:336–389, 1873.CrossRefGoogle Scholar
  23. [Lag73]
    L. Lagrange. Recherches d'arithmétique, pages 265–312. Nouv. Mém. Acad., Berlin, 1773.Google Scholar
  24. [Len83]
    H. W. Lenstra. Integer programming with a fixed number of variables. Math. Oper. Res., 8:538–548, 1983.MATHMathSciNetCrossRefGoogle Scholar
  25. [LLL82]
    A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovász, Factoring polynomials with rational coefficients. Methematische Ann., 261:513–534, 1982.Google Scholar
  26. [LO85]
    J. C. Lagarias and A. M. Odlyzko. Solving low-density subset sum problems. J. ACM, 32:229–246, 1985. Preliminary version in Proc. 24th IEEE Foundations Computer Science Symposium, 1–10, 1983.CrossRefMathSciNetMATHGoogle Scholar
  27. [MH78]
    R. Merkle and M. Hellman. Hiding information and signatures in trapdoor knapsacks. IEEE Trans. Inform. Theory, IT-24:525–530, September 1978.CrossRefGoogle Scholar
  28. [Min10]
    H. Minkowski. Geometrie der Zahlen. Teubner, Leipzig, 1910.MATHGoogle Scholar
  29. [Mis97]
    J.-F. Misarsky. A multiplicative attack using LLL algorithm on RSA signatures with redundancy. In B. J. Kaliski, editor, Proceedings CRYPTO 97, volume 1294 of Lecture Notes in Computer Science, pages 221–234. Springer-Verlag, 1997.Google Scholar
  30. [NS]
    P. Nguyen and J. Stern. A converse to the Ajtai-Dwork security result and its cryptographic implications. submitted.Google Scholar
  31. [Sch87]
    C.-P. Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical Computer Science, 53:201–224, 1987.MATHCrossRefMathSciNetGoogle Scholar
  32. [Sch88]
    C.-P. Schnorr. A more efficient algorithm for lattice basis reduction. J. Algorithms, 9:47–62, 1988.MATHCrossRefMathSciNetGoogle Scholar
  33. [Sha82]
    A. Shamir. A polynomial-time algorithm for breaking the basic Merkle-Hellman cryptosystem. In Proceedings of the 23rd IEEE Symposium on Foundations of Computer Science, pages 145–152. IEEE, 1982.Google Scholar
  34. [ST90]
    J. Stern and P. Toffin. Cryptanalysis of a public-key cryptosystem based on approximations by rational numbers. In Advances in Cryptology: Proceedings of Eurocrypt'90, volume 473 of Lecture Notes in Comp Sci, pages 313–317. Springer-Verlag, 1990.Google Scholar
  35. [Ste87]
    J. Stern. Secret linear congruential generators are not cryptographically secure. In Proceedings of the 28th IEEE Symposium on Foundations of Computer Science, pages 421–426. IEEE, 1987.Google Scholar
  36. [VGT88]
    B. Vallée, M. Girault, and P. Toffin. How to gues ℓ-th root modulo n by reducing lattice bases. In proceedings of AAECC-6, volume 357 of Lecture Notes in Computer Science, pages 427–442. Springer-Verlag, 1988.Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 1998

Authors and Affiliations

  • Jacques Stern
    • 1
  1. 1.Laboratoire d'informatiqueEcole Normale SupieureParis Cedex 05

Personalised recommendations