Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Random oracles are practical: a paradigm for designing efficient protocols
CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
A public-key cryptosystem with worst-case/average-case equivalence
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
The random oracle methodology, revisited (preliminary version)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Polynomial-time quantum algorithms for Pell's equation and the principal ideal problem
STOC '02 Proceedings of the thiry-fourth annual ACM symposium on Theory of computing
The Shortest Vector in a Lattice is Hard to Approximate to within Some Constant
SIAM Journal on Computing
SIAM Journal on Computing
Quantum Computation and Lattice Problems
FOCS '02 Proceedings of the 43rd Symposium on Foundations of Computer Science
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
Reaction Attacks against several Public-Key Cryptosystems
ICICS '99 Proceedings of the Second International Conference on Information and Communication Security
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Eliminating Decryption Errors in the Ajtai-Dwork Cryptosystem
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of the Chor-Rivest Cryptosystem
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of the Ajtai-Dwork Cryptosystem
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Chosen-Ciphertext Security for Any One-Way Cryptosystem
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
New lattice based cryptographic constructions
Proceedings of the thirty-fifth annual ACM symposium on Theory of computing
Non-Malleable Non-Interactive Zero Knowledge and Adaptive Chosen-Ciphertext Security
FOCS '99 Proceedings of the 40th Annual Symposium on Foundations of Computer Science
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
DIGITALIZED SIGNATURES AND PUBLIC-KEY FUNCTIONS AS INTRACTABLE AS FACTORIZATION
Hardness of Approximating the Shortest Vector Problem in High Lp Norms
FOCS '03 Proceedings of the 44th Annual IEEE Symposium on Foundations of Computer Science
Multiple non-interactive zero knowledge proofs based on a single random string
SFCS '90 Proceedings of the 31st Annual Symposium on Foundations of Computer Science
Algorithms for quantum computation: discrete logarithms and factoring
SFCS '94 Proceedings of the 35th Annual Symposium on Foundations of Computer Science
A simpler construction of CCA2-secure public-key encryption under general assumptions
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
New directions in cryptography
IEEE Transactions on Information Theory
Hiding information and signatures in trapdoor knapsacks
IEEE Transactions on Information Theory
| Hi-index | 5.23 |
Modern cryptography is based on various building blocks such as one way functions with or without trapdoors, pseudo-random functions, one way permutations with or without trapdoors, etc. In a quantum world some of the main candidates for these building blocks are broken. For instance, the security of the most popular public-key cryptosystem-RSA-is related to the difficulty of factoring large numbers, and is broken (in principle) by a quantum computer. We investigate some of the remaining candidates, and discuss the resulting ''Post-Quantum Cryptography'' (namely, the resulting ''modern cryptography in a quantum environment''). About half a decade ago Ajtai and Dwork (and later on, also Goldreich, Goldwasser and Halevi) proposed a public key cryptosystem that has a proven security under a plausible complexity assumption. The plausible assumption is that the so-called unique shortest vector problem (u-SVP) is hard on the worst case. This problem is potentially still hard also in a quantum environment. Recently, Regev introduced a new (and much simpler) public key cryptosystem, based on the same u-SVP hardness assumption, but with improved parameters. In this paper we present chosen ciphertext attacks (CCA) against all three cryptosystems. Our attack shows that these cryptosystems are totally insecure against CCA, because the private keys can be recovered in polynomial time. We then discuss the possibility of making public key encryption (PKE) secure against CCA, without adding stronger assumptions than the assumption that u-SVP is hard. We conclude that the current understanding of modern cryptography in a quantum environment can only suggest CCA-secure interactive-PKE, which is obviously weaker than CCA-secure PKE. Finally, we discuss the relation of our attack to the reaction attack of Hall, Goldberg and Schneier, which we only recently became aware of.