P. Q. Nguyen and J. Stern. The Two Faces of Lattices in Cryptology. In Cryptography and Lattices, volume 2146 of LNCS, pages 146--180, Berlin, 2001. Springer-Verlag. Home/Search Document Details and Download
Summary Related Articles Check |
This paper is cited in the following contexts:
Noisy Chinese Remaindering in the Lee Norm - Shparlinski, Steinfeld (2002) (Correct)
....Euclidean norm #v# among all lattice vectors. The shortest vector problem generally refers to the Euclidean norm, but of course, other norms are possible as well. Although the shortest vector problem appears to be NP hard various approximate polynomial time algorithms can be designed, see [12, 17, 18] for references. In this paper we actually need to solve a variation of SVP called the closest vector problem (CVP) given a basis of a lattice L in IR and a target vector t , find a lattice vector v which is closest in the Euclidean metric to t. Fortunately, Kannan [13] has shown how ....
P. Q. Nguyen and J. Stern, `The two faces of lattices in cryptology', 180.
On the Insecurity of Some Server-Aided RSA Protocol - Nguyen, Shparlinski Self-citation (Nguyen) (Correct)
....small private exponent, in which the best attack known [3] fails if the private exponent is small modulo both p 1 and q 1. 2.3 Lattices Our attacks are based on lattice basis reduction, a familiar tool in public key cryptanalysis. We give a brief overview of lattice theory (see the survey [14] for a list of references) In this paper, we call a lattice any subgroup of (Z , in the literature, these are called integer lattices. For any set of vectors b 1 , b d we define the set of all integral linear combinations: L(b 1 , b d ) n i b i : n i . ....
....is always less than # dvol(L) 1 d d denoting the lattice dimension. In usual lattices, one does not expect the norm of a shortest lattice vector to be much less than this upper bound. Many attacks in public key cryptanalysis work by reduction to SVP, or to approximating SVP (see the survey [14]) The shortest vector problem was recently shown to be NP hard under randomized reductions [1] and therefore, it is now widely believed that there is no polynomial time algorithm to solve SVP. However, there exist polynomial time algorithms which can provably approximate SVP. The first algorithm ....
P. Q. Nguyen and J. Stern, `The two faces of lattices in cryptology', Proc. CALC '01 , Lect. Notes in Comp. Sci., Vol.2146, Springer-Verlag, Berlin, 2001, 146--180.
The Hardness of Hensel Lifting: The Case of RSA and.. - Catalano, Nguyen, Stern (2002) (6 citations) Self-citation (Nguyen Stern) (Correct)
....with N , we derive z 0 = z mod N . Taking equation (1) modulo N , we obtain: ar j (1 z 0 N) mod N ) 2) where only r and are unknowns both in f1; N Gamma 1g. To complete the proof, we solve this linear congruence by a lattice reduction argument (see for instance the survey [10] for references on lattice theory) Consider indeed the following set L = f(R; U) 2 Z : aR j U(1 z 0 N) mod N )g: Since L is a subgroup of Z , L is a lattice, whose dimension is obviously equal to two. The vector (r; belongs to L and to [1; N Gamma 1] Therefore L [1; N ....
P. Q. Nguyen and J. Stern. The two faces of lattices in cryptology. In Proc. of CALC '01, volume 2146 of LNCS, Springer-Verlag, 2001.
The Insecurity of the Elliptic Curve Digital Signature.. - Nguyen, Shparlinski (2000) (2 citations) Self-citation (Nguyen) (Correct)
.... lattice reduction, it is interesting to know how it is a#ected if ideal lattice reduction is available, due to the well known experimental fact that lattice basis reduction algorithms behave much better than theoretically guaranteed, despite NP hardness results for most lattice problems (see [24, 25]) Nguyen and Shparlinski [23] have obtained the following: LEMMA 2. Let # 0 be fixed. For a prime q, define # = 1 #, and d = 8 3 # 1 log q . Let T be a f(q) homogeneously distributed modulo q sequence of integer numbers, where f(q) is any function with f(q) # 0 as q # #. There ....
P. Q. Nguyen and J. Stern. The two faces of lattices in cryptology. In Proc. Workshop on Cryptography and Lattices (CALC '01), volume 2146 of LNCS. Springer-Verlag, 2001.
On the Provable Security of an Efficient RSA-Based.. - Steinfeld, Pieprzyk.. (2006) (Correct)
No context found.
P. Q. Nguyen and J. Stern. The Two Faces of Lattices in Cryptology. In Cryptography and Lattices, volume 2146 of LNCS, pages 146--180, Berlin, 2001. Springer-Verlag.
One-Time HNP or Attacks on a Flawed El Gamal Revisited - Rosa (2005) (Correct)
No context found.
Nguyen, P.-Q., and Stern, J.: The Two Faces of Lattices in Cryptology, in Proc. of Cryptography and Lattices -- CALC'01, pp. 146-180, Springer-Verlag, 2001.
Generalized Compact Knapsacks, Cyclic Lattices, and Efficient.. - Micciancio (2004) (Correct)
No context found.
P. Nguyen and J. Stern. The two faces of lattices in cryptology. In J. Silverman, editor, Cryptography and lattices conference { CaLC 2001.
Cryptanalysis of RSA Using Algebraic and Lattice Methods - Durfee (2002) (Correct)
No context found.
P. Nguyen and J. Stern. The Two Faces of Lattices in Cryptology. In proceedings Cryptography and Lattices Conference, Lecture Notes in Computer Science, vol. 2146, Springer-Verlag, 2001.
Analysis and Improvements of NTRU Encryption Paddings - Nguyen, Pointcheval (2002) (5 citations) (Correct)
No context found.
P. Q. Nguyen and J. Stern. The Two Faces of Lattices in Cryptology. In Proc. of CALC '01, LNCS 2146. Springer-Verlag, 2001.
Playing "Hide-and-Seek" in Finite Fields: The Hidden Number.. - Shparlinski (2002) (Correct)
No context found.
P. Q. Nguyen and J. Stern, `The two faces of lattices in cryptology', Lect. Notes in Comp. Sci., Springer-Verlag, Berlin, 2146 (2001), 146--180.
Online articles have much greater impact More about CiteSeer.IST Add search form to your site Submit documents Feedback
CiteSeer.IST - Copyright Penn State and NEC