Generating hard instances of lattice problems (extended abstract)
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Lattice Reduction by Random Sampling and Birthday Methods
STACS '03 Proceedings of the 20th Annual Symposium on Theoretical Aspects of Computer Science
On lattices, learning with errors, random linear codes, and cryptography
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Trapdoors for hard lattices and new cryptographic constructions
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Chosen-Prefix Collisions for MD5 and Colliding X.509 Certificates for Different Identities
EUROCRYPT '07 Proceedings of the 26th annual international conference on Advances in Cryptology
SWIFFT: A Modest Proposal for FFT Hashing
Fast Software Encryption
Explicit Hard Instances of the Shortest Vector Problem
PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A hybrid lattice-reduction and meet-in-the-middle attack against NTRU
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Collisions for 70-step SHA-1: on the full cost of collision search
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Asymptotically efficient lattice-based digital signatures
TCC'08 Proceedings of the 5th conference on Theory of cryptography
Generalized compact knapsacks are collision resistant
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
Practical lattice basis sampling reduction
ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
Efficient collision-resistant hashing from worst-case assumptions on cyclic lattices
TCC'06 Proceedings of the Third conference on Theory of Cryptography
Interpreting hash function security proofs
ProvSec'10 Proceedings of the 4th international conference on Provable security
Random sampling for short lattice vectors on graphics cards
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Towards efficient arithmetic for lattice-based cryptography on reconfigurable hardware
LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
| Hi-index | 0.00 |
The SWIFFT compression functions, proposed by Lyubashevsky et al. at FSE 2008, are very efficient instantiations of generalized compact knapsacks for a specific set of parameters. They have the property that, asymptotically, finding collisions for a randomly chosen compression function implies being able to solve computationally hard ideal lattice problems in the worst-case.We present three results. First, we present new average-case problems, which may be used for all lattice schemes whose security is proven with the worst-case to average-case reduction in either general or ideal lattices. The new average-case problems require less description bits, resulting in improved keysize and speed for these schemes. Second, we propose a parameter generation algorithm for SWIFFT where the main parameter n can be any integer in the image of Euler's totient function, and not necessarily a power of 2 as before. Third, we give experimental evidence that finding pseudo-collisions for SWIFFT is as hard as breaking a 68-bit symmetric cipher according to the well-known heuristic by Lenstra and Verheul. We also recommend conservative parameters corresponding to a 127-bit symmetric cipher.