D. Micciancio. Lattice based cryptography: A global improvement. Technical report, Theory of Cryptography Library, 1999. Report 99-05.  Home/Search   Document Details and Download   Summary   Related Articles   Check

....on the complexity of lattice problems, which are nicely surveyed by Cai [30, 31] Those complexity results opened the door to positive applications in cryptology. Indeed, several cryptographic schemes based on the hardness of lattice problems were proposed shortly after Ajtai s discoveries (see [5, 61, 69, 32, 99, 50]) Some have been broken, while others seem to resist state of the art attacks, for now. Those schemes attracted interest for at least two reasons: on the one hand, there are very few public key cryptosystems based on problems different from integer factorization or the discrete logarithm problem, ....

....for the decryption process to succeed. Improvements. In the original scheme, the public matrix B is the multiplication of the secret matrix by sufficiently many unimodular matrices. This means that without appropriate precaution, the public matrix may be as large as O(n log n) bits. Micciancio [99, 101] therefore suggested to define instead B as the Hermite normal form (HNF) of R. Recall that the HNF of an integer square matrix R in row notation is the unique lower triangular matrix with coefficients in N such that: the rows span the same lattice as R, and any entry below the diagonal is ....

[Article contains additional citation context not shown here]

D. Micciancio. Lattice based cryptography: A global improvement. Technical report, Theory of Cryptography Library, 1999. Report 99-05.

....on the complexity of lattice problems, which are nicely surveyed by Cai [24, 25] Those complexity results opened the door to positive applications in cryptology. Indeed, several cryptographic schemes based on the hardness of lattice problems were proposed shortly after Ajtai s discoveries (see [5, 49, 56, 26, 83, 41]) Some have been broken, while others seem to resist state of the art attacks, for now. Those schemes attracted interest for at least two reasons: on the one hand, there are very few public key cryptosystems based on problems different from integer factorization or the discrete logarithm problem, ....

....the decryption process to succeed. Improvements. In the original scheme, the public matrix B is the multiplication of the secret matrix by sufficiently many unimodular matrices. This means that without appropriate precaution, the public matrix can be as large as O(n log n) bits. Micciancio [83] therefore suggested to define instead B as the Hermite normal form (HNF) of R. Recall that the HNF of an integer square matrix R in row notation is the unique lower triangular matrix with coefficients in N such that: the rows span the same lattice as R, and any entry below the diagonal is ....

[Article contains additional citation context not shown here]

D. Micciancio. Lattice based cryptography: A global improvement. Technical report, Theory of Cryptography Library, 1999. Report 99-05.

....on the complexity of lattice problems, which are nicely surveyed by Cai [24, 25] Those complexity results opened the door to positive applications in cryptology. Indeed, several cryptographic schemes based on the hardness of lattice problems were proposed shortly after Ajtai s discoveries (see [5, 49, 56, 26, 83, 41]) Some have been broken, while others seem to resist state of the art attacks, for now. Those schemes attracted interest for at least two reasons: on the one hand, there are very few public key cryptosystems based on problems different from integer factorization or the discrete logarithm problem, ....

....decryption process to succeed. Improvements. In the original scheme, the public matrix B is the multiplication of the secret matrix by sufficiently many unimodular matrices. This means that without appropriate precaution, the public matrix can be as large as O(n 3 log n) bits. 7 Micciancio [83] therefore suggested to define instead B as the Hermite normal form (HNF) of R. Recall that the HNF of an integer square matrix R in row notation is the unique lower triangular matrix with coefficients in N such that: the rows span the same lattice as R, and any entry below the diagonal is ....

[Article contains additional citation context not shown here]

D. Micciancio. Lattice based cryptography: A global improvement. Technical report, Theory of Cryptography Library, 1999. Report 99-05.

....y one must nd the point in the lattice L closest to the target y. Lattices are used in coding theory for ecient signaling over band limited channels and vector quantization (see [1] for an overview) and more recently they have been used in cryptography to design encryption functions [2] 3] [4], 5] In these applications, the lattice L usually represents the code or encryption function, while the target y is the received message. In this context the closest vector problem corresponds to the decoding or decryption process. Notice that the lattice L is usually xed, and it is known long ....

Daniele Micciancio, \Lattice based cryptography: a global improvement," IACR Cryptology ePrint Archive [On-line], Report

....that is useful in many applications. For example, the HNF is used in the solution of systems of linear Diophantine equations [8] algorithmic problems in lattices [10] integer programming [13] and loop optimization techniques [17] Recently, one more application of the HNF has been suggested [16]: the use of HNF to improve the security and efficiency of lattice based cryptosystems. Lattice problems have attracted considerable interest in the design of public key cryptosystems because of the surprising average case worst case connection discovered by Ajtai in 1996 [1] Despite their ....

....in 1996 [1] Despite their theoretical appeal, the applicability of lattice based cryptosystems has been greatly reduced by the large size of their public keys. For example, the cryptosystems proposed in [9, 6] require public keys of several megabytes in size in order to be practically secure. In [16] it is demonstrated that the HNF can be used to substantially reduce the public key size of lattice based cryptosystems while preserving the security level. For example the public keys suggested in [9] can be reduced from several megabytes to few hundred kilobytes. Unfortunately, the best current ....

D. Micciancio. Lattice based cryptography: A global improvement. (Theory of Cryuptography Library Report 99-05). Available at http://philby.ucsd.edu/cryptolib.

Online articles have much greater impact   More about CiteSeer.IST   Add search form to your site   Submit documents   Feedback  

CiteSeer.IST - Copyright Penn State and NEC