Results 1  10
of
59
Fully homomorphic encryption with relatively small key and ciphertext sizes
 In Public Key Cryptography — PKC ’10, Springer LNCS 6056
, 2010
"... Abstract. We present a fully homomorphic encryption scheme which has both relatively small key and ciphertext size. Our construction follows that of Gentry by producing a fully homomorphic scheme from a “somewhat ” homomorphic scheme. For the somewhat homomorphic scheme the public and private keys c ..."
Abstract

Cited by 115 (9 self)
 Add to MetaCart
Abstract. We present a fully homomorphic encryption scheme which has both relatively small key and ciphertext size. Our construction follows that of Gentry by producing a fully homomorphic scheme from a “somewhat ” homomorphic scheme. For the somewhat homomorphic scheme the public and private keys consist of two large integers (one of which is shared by both the public and private key) and the ciphertext consists of one large integer. As such, our scheme has smaller message expansion and key size than Gentry’s original scheme. In addition, our proposal allows efficient fully homomorphic encryption over any field of characteristic two. 1
Advanced determinant calculus: a complement
 Linear Algebra Appl
"... Abstract. This is a complement to my previous article “Advanced Determinant Calculus ” (Séminaire Lotharingien Combin. 42 (1999), Article B42q, 67 pp.). In the present article, I share with the reader my experience of applying the methods described in the previous article in order to solve a particu ..."
Abstract

Cited by 92 (8 self)
 Add to MetaCart
Abstract. This is a complement to my previous article “Advanced Determinant Calculus ” (Séminaire Lotharingien Combin. 42 (1999), Article B42q, 67 pp.). In the present article, I share with the reader my experience of applying the methods described in the previous article in order to solve a particular problem from number theory (G. Almkvist, J. Petersson and the author, Experiment. Math. 12 (2003), 441– 456). Moreover, I add a list of determinant evaluations which I consider as interesting, which have been found since the appearance of the previous article, or which I failed to mention there, including several conjectures and open problems. 1.
Attacking the ChorRivest Cryptosystem by Improved Lattice Reduction
, 1995
"... We introduce algorithms for lattice basis reduction that are improvements of the famous L 3 algorithm. If a random L 3 reduced lattice basis b1 ; : : : ; bn is given such that the vector of reduced Gram Schmidt coefficients (f¯ i;j g 1 j ! i n) is uniformly distributed in [0; 1) ( n 2 ) ..."
Abstract

Cited by 72 (6 self)
 Add to MetaCart
(Show Context)
We introduce algorithms for lattice basis reduction that are improvements of the famous L 3 algorithm. If a random L 3 reduced lattice basis b1 ; : : : ; bn is given such that the vector of reduced Gram Schmidt coefficients (f¯ i;j g 1 j ! i n) is uniformly distributed in [0; 1) ( n 2 ) , then the pruned enumeration finds with positive probability a shortest lattice vector. We demonstrate the power of these algorithms by solving random subset sum problems of arbitrary density with 74 and 82 many weights, by breaking the ChorRivest cryptoscheme in dimensions 103 and 151 and by breaking Damgard's hash function.
Factoring Multivariate Polynomials via Partial Differential Equations
 Math. Comput
, 2000
"... A new method is presented for factorization of bivariate polynomials over any field of characteristic zero or of relatively large characteristic. It is based on a simple partial differential equation that gives a system of linear equations. Like Berlekamp's and Niederreiter's algorithms fo ..."
Abstract

Cited by 60 (9 self)
 Add to MetaCart
A new method is presented for factorization of bivariate polynomials over any field of characteristic zero or of relatively large characteristic. It is based on a simple partial differential equation that gives a system of linear equations. Like Berlekamp's and Niederreiter's algorithms for factoring univariate polynomials, the dimension of the solution space of the linear system is equal to the number of absolutely irreducible factors of the polynomial to be factored and any basis for the solution space gives a complete factorization by computing gcd's and by factoring univariate polynomials over the ground field. The new method finds absolute and rational factorizations simultaneously and is easy to implement for finite fields, local fields, number fields, and the complex number field. The theory of the new method allows an effective Hilbert irreducibility theorem, thus an efficient reduction of polynomials from multivariate to bivariate.
Algorithmic enumeration of ideal classes for quaternion orders
 SIAM J. Comput. (SICOMP
"... Abstract. We provide algorithms to count and enumerate representatives of the (right) ideal classes of an Eichler order in a quaternion algebra defined over a number field. We analyze the run time of these algorithms and consider several related problems, including the computation of twosided ideal ..."
Abstract

Cited by 28 (10 self)
 Add to MetaCart
(Show Context)
Abstract. We provide algorithms to count and enumerate representatives of the (right) ideal classes of an Eichler order in a quaternion algebra defined over a number field. We analyze the run time of these algorithms and consider several related problems, including the computation of twosided ideal classes, isomorphism classes of orders, connecting ideals for orders, and ideal principalization. We conclude by giving the complete list of definite Eichler orders with class number at most 2. Key words. quaternion algebras, maximal orders, ideal classes, number theory AMS subject classifications. 11R52 Since the very first calculations of Gauss for imaginary quadratic fields, the problem of computing the class group of a number field F has seen broad interest. Due to the evident close association between the class number and regulator (embodied in the Dirichlet class number formula), one often computes the class group and unit group in tandem as follows. Problem (ClassUnitGroup(ZF)). Given the ring of integers ZF of a number field F, compute the class group Cl ZF and unit group Z ∗ F.
Knapsack public key cryptosystems and diophantine approximation
 In CRYPTO
, 1983
"... This paper presents and analyzes cryptanalytic attacks on knapsack public key cryptosystems that are based on ideas from Diophantine approximation. Shamir’s attack on the basic MerkleHellman knapsack cryptosystem is shown to depend on the existence of ‘‘unusually good’ ’ simultaneous Diophantine ap ..."
Abstract

Cited by 20 (3 self)
 Add to MetaCart
(Show Context)
This paper presents and analyzes cryptanalytic attacks on knapsack public key cryptosystems that are based on ideas from Diophantine approximation. Shamir’s attack on the basic MerkleHellman knapsack cryptosystem is shown to depend on the existence of ‘‘unusually good’ ’ simultaneous Diophantine approximations to a vector constructed from the public key. This aspect of Shamir’s attack carries over to multiply iterated knapsack cryptosystems: there are ‘‘unusually good’ ’ simultaneous Diophantine approximations to an analogous vector constructed from the public key. These ‘‘unusually good’ ’ simultaneous Diophantine approximations can be used to break multiply iterated knapsack cryptosystems provided one can solve a certain nonlinear Diophantine approximation problem. This nonlinear problem is solved in the simplest case and then used to give a new cryptanalytic attack on doubly iterated knapsack cryptosystems. 1.
LowDimensional Lattices VI: Voronoi Reduction of ThreeDimensional Lattices
 Proc. Royal Soc. London 436A
, 1992
"... The aim of this paper is to describe how the Voronoi cell of a lattice changes as that lattice is continuously varied. The usual treatment is simplified by the introduction of new parameters called the vonorms and conorms of the lattice. The present paper deals with dimensions n 3; a sequel will tr ..."
Abstract

Cited by 20 (4 self)
 Add to MetaCart
(Show Context)
The aim of this paper is to describe how the Voronoi cell of a lattice changes as that lattice is continuously varied. The usual treatment is simplified by the introduction of new parameters called the vonorms and conorms of the lattice. The present paper deals with dimensions n 3; a sequel will treat fourdimensional lattices. An elegant algorithm is given for the Voronoi reduction of a threedimensional lattice, leading to a new proof of Voronoi's theorem that every lattice of dimension n 3 is of the first kind, and of Fedorov's classification of the threedimensional lattices into five types. There is a very simple formula for the determinant of a threedimensional lattice in terms of its conorms. 1. Introduction Our aim in this paper and its sequel is to describe how the Voronoi cell of a lattice changes as that lattice is continuously varied. We simplify the usual treatment by introducing new parameters which we call the vonorms and conorms of the lattice. The present paper studi...
An application of lattice basis reduction to polynomial identities for algebraic structures
, 2008
"... ..."
Flags and lattice basis reduction
 IN PROCEEDINGS OF THE THIRD EUROPEAN CONGRESS OF MATHEMATICS
, 2001
"... In this lecture we give a selfcontained introduction to the theory of lattices in Euclidean vector spaces. We reinterpret a large class of lattice basis reduction algorithms by using the concept of a “flag”. In our reformulation, lattice basis reduction algorithms are more appropriately called “f ..."
Abstract

Cited by 14 (0 self)
 Add to MetaCart
In this lecture we give a selfcontained introduction to the theory of lattices in Euclidean vector spaces. We reinterpret a large class of lattice basis reduction algorithms by using the concept of a “flag”. In our reformulation, lattice basis reduction algorithms are more appropriately called “flag reduction” algorithms. We address a problem that arises when one attempts to find a particularly good flag for a given lattice.