Efficient Public Key Encryption Based on Ideal Lattices

Authors:
Damien Stehlé;Ron Steinfeld;Keisuke Tanaka;Keita Xagawa
Affiliations:
CNRS/Department of Mathematics and Statistics, University of Sydney, Australia NSW 2006 and Centre for Advanced Computing - Algorithms and Cryptography, Department of Computing, Macquarie Universi ...;Centre for Advanced Computing - Algorithms and Cryptography, Department of Computing, Macquarie University, Australia NSW 2109;Department of Mathematical and Computing Sciences, Tokyo Institute of Technology, Japan;Department of Mathematical and Computing Sciences, Tokyo Institute of Technology, Japan
Venue:
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Year:
2009

Citing 30
Cited 23

On Lova´sz' lattice reduction and the nearest lattice point problem

Combinatorica
How to prove yourself: practical solutions to identification and signature problems

Proceedings on Advances in cryptology---CRYPTO '86
A hierarchy of polynomial time lattice basis reduction algorithms

Theoretical Computer Science
Generating hard instances of lattice problems (extended abstract)

STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
A public-key cryptosystem with worst-case/average-case equivalence

STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
A sieve algorithm for the shortest lattice vector problem

STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Structured matrices and polynomials: unified superfast algorithms

Structured matrices and polynomials: unified superfast algorithms
Quantum computation and quantum information

Quantum computation and quantum information
Complexity of Lattice Problems

Complexity of Lattice Problems
Generating Hard Instances of the Short Basis Problem

ICAL '99 Proceedings of the 26th International Colloquium on Automata, Languages and Programming
Public-Key Cryptosystems from Lattice Reduction Problems

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem

ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Foundations of Cryptography: Volume 2, Basic Applications

Foundations of Cryptography: Volume 2, Basic Applications
On lattices, learning with errors, random linear codes, and cryptography

Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Worst-Case to Average-Case Reductions Based on Gaussian Measures

SIAM Journal on Computing
Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions

Computational Complexity
Lossy trapdoor functions and their applications

STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Trapdoors for hard lattices and new cryptographic constructions

STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Limits on the Hardness of Lattice Problems in lp Norms

Computational Complexity
A Framework for Efficient and Composable Oblivious Transfer

CRYPTO 2008 Proceedings of the 28th Annual conference on Cryptology: Advances in Cryptology
Concurrently Secure Identification Schemes Based on the Worst-Case Hardness of Lattice Problems

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Chosen-Ciphertext Security via Correlated Products

TCC '09 Proceedings of the 6th Theory of Cryptography Conference on Theory of Cryptography
Public-key cryptosystems from the worst-case shortest vector problem: extended abstract

Proceedings of the forty-first annual ACM symposium on Theory of computing
Towards practical lattice-based cryptography

Towards practical lattice-based cryptography
On lattices, learning with errors, random linear codes, and cryptography

Journal of the ACM (JACM)
On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Lattice-based identification schemes secure under active attacks

PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Asymptotically efficient lattice-based digital signatures

TCC'08 Proceedings of the 5th conference on Theory of cryptography
Generalized compact knapsacks are collision resistant

ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices

TCC'06 Proceedings of the Third conference on Theory of Cryptography

Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
An efficient and parallel Gaussian sampler for lattices

CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Accelerating lattice reduction with FPGAs

LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
Adaptively secure identity-based identification from lattices without random oracles

SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Making NTRU as secure as worst-case problems over ideal lattices

EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Homomorphic signatures for polynomial functions

EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
The geometry of lattice cryptography

Foundations of security analysis and design VI
Pseudorandom knapsacks and the sample complexity of LWE search-to-decision reductions

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Fully homomorphic encryption from ring-LWE and security for key dependent messages

CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
On ideal lattices and learning with errors over rings

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Bonsai trees, or how to delegate a lattice basis

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient lattice (H)IBE in the standard model

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Parallel shortest lattice vector enumeration on graphics cards

AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Strongly unforgeable signatures and hierarchical identity-based signatures from lattices without random oracles

PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Tightly-Secure signatures from lossy identification schemes

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Trapdoors for lattices: simpler, tighter, faster, smaller

EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
NTRUCCA: how to strengthen NTRUEncrypt to chosen-ciphertext security in the standard model

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Strongly secure authenticated key exchange from factoring, codes, and lattices

PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Practical lattice-based cryptography: a signature scheme for embedded systems

CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
A ciphertext policy attribute-based encryption scheme without pairings

Inscrypt'11 Proceedings of the 7th international conference on Information Security and Cryptology
A polynomial time algorithm for computing the HNF of a module over the integers of a number field

Proceedings of the 37th International Symposium on Symbolic and Algebraic Computation
Practical and post-quantum authenticated key exchange from one-way secure key encapsulation mechanism

Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
On Ideal Lattices and Learning with Errors over Rings

Journal of the ACM (JACM)

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe public key encryption schemes with security provably based on the worst case hardness of the approximate Shortest Vector Problem in some structured lattices, called ideal lattices. Under the assumption that the latter is exponentially hard to solve even with a quantum computer, we achieve CPA-security against subexponential attacks, with (quasi-)optimal asymptotic performance: if n is the security parameter, both keys are of bit-length ${\widetilde{O}}(n)$ and the amortized costs of both encryption and decryption are ${\widetilde{O}}(1)$ per message bit. Our construction adapts the trapdoor one-way function of Gentry et al. (STOC'08), based on the Learning With Errors problem, to structured lattices. Our main technical tools are an adaptation of Ajtai's trapdoor key generation algorithm (ICALP'99) and a re-interpretation of Regev's quantum reduction between the Bounded Distance Decoding problem and sampling short lattice vectors.