Hilbert functions and the Buchberger algorithm
Journal of Symbolic Computation
Journal of Symbolic Computation
Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Public-Key Cryptosystems from Lattice Reduction Problems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Improving Lattice Based Cryptosystems Using the Hermite Normal Form
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Gröbner bases for public key cryptography
Proceedings of the twenty-first international symposium on Symbolic and algebraic computation
Post Quantum Cryptography
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
A fully homomorphic cryptosystem with approximate perfect secrecy
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Hi-index | 0.00 |
Using Grobner bases for the construction of public key cryptosystems has been often attempted, but has always failed. We review the reason for these failures, and show that only ideals generated by binomials may give a successful cryptosystem. As a consequence, we concentrate on binomial ideals that correspond to Euclidean lattices. We show how to build a cryptosystem based on lattice ideals and their Grobner bases, and, after breaking a simple variant, we construct a more elaborate one. In this variant the trapdoor information consists in a ''small'' change of coordinates that allows one to recover a ''fat'' Grobner basis. While finding a change of coordinates giving a fat Grobner basis is a relatively easy problem, finding a small one seems to be a hard optimization problem. This paper develops the details and proofs related to computer algebra, the cryptographic details related to security, the comparison with other lattice cryptosystems and discusses the implementation.