Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem
نویسنده
چکیده
We construct public-key cryptosystems that are secure assuming the worst-case hardness of approximating the length of a shortest nonzero vector in an n-dimensional lattice to within a small poly(n) factor. Prior cryptosystems with worst-case connections were based either on the shortest vector problem for a special class of lattices (Ajtai and Dwork, STOC 1997; Regev, J. ACM 2004), or on the conjectured hardness of lattice problems for quantum algorithms (Regev, STOC 2005). Our main technical innovation is a reduction from certain variants of the shortest vector problem to corresponding versions of the “learning with errors” (LWE) problem; previously, only a quantum reduction of this kind was known. In addition, we construct new cryptosystems based on the search version of LWE, including a very natural chosen ciphertext-secure system that has a much simpler description and tighter underlying worst-case approximation factor than prior constructions.
منابع مشابه
The First and Fourth Public-Key Cryptosystems with Worst-Case/Average-Case Equivalence
We describe a public-key cryptosystem with worst-case/average case equivalence. The cryptosystem has an amortized plaintext to ciphertext expansion of O(n), relies on the hardness of the Õ(n)-unique shortest vector problem for lattices, and requires a public key of size at most O(n) bits. The new cryptosystem generalizes a conceptually simple modification of the “Ajtai-Dwork” cryptosystem. We p...
متن کاملQTRU: quaternionic version of the NTRU public-key cryptosystems
In this paper we will construct a lattice-based public-key cryptosystem using non-commutative quaternion algebra, and since its lattice does not fully fit within Circular and Convolutional Modular Lattice (CCML), we prove it is arguably more secure than the existing lattice-based cryptosystems such as NTRU. As in NTRU, the proposed public-key cryptosystem relies for its inherent securi...
متن کاملThe nc-Unique Shortest Vector Problem is Hard
The unique Shortest Vector Problem (uSVP) gained prominence because it was the problem upon which the first provably-secure lattice-based cryptosystems were built. But it was an open problem as to whether uSVP was as hard as the standard, more general, version of the shortest vector problem. We show that there is a reduction from the approximate decision version of the shortest vector problem (...
متن کاملOn Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem
We prove the equivalence, up to a small polynomial approximation factor √ n/ log n, of the lattice problems uSVP (unique Shortest Vector Problem), BDD (Bounded Distance Decoding) and GapSVP (the decision version of the Shortest Vector Problem). This resolves a long-standing open problem about the relationship between uSVP and the more standard GapSVP, as well the BDD problem commonly used in co...
متن کاملComputing shortest lattice vectors on special hardware
The shortest vector problem (SVP) in lattices is related to problems in combinatorial optimization, algorithmic number theory, communication theory, and cryptography. In 1996, Ajtai published his breakthrough idea how to create lattice-based oneway functions based on the worst-case hardness of an approximate version of SVP. Worst-case hardness is one of the outstanding properties of all modern ...
متن کامل