Short Stickelberger Class Relations and Application to Ideal-SVP

نویسندگان

  • Ronald Cramer
  • Léo Ducas
  • Benjamin Wesolowski
چکیده

The worst-case hardness of finding short vectors in ideals of cyclotomic number fields (Ideal-SVP) is a central matter in lattice based cryptography. Assuming the worst-case hardness of Ideal-SVP allows to prove the Ring-LWE and Ring-SIS assumptions, and therefore to prove the security of numerous cryptographic schemes and protocols — including key-exchange, digital signatures, public-key encryption and fully-homomorphic encryption. A series of recent works has shown that Principal Ideal-SVP is not always as hard as finding short vectors in general lattices, and some schemes were broken using quantum algorithms — the Soliloquy encryption scheme, Smart-Vercauteren fully homomorphic encryption scheme from PKC 2010, and Gentry-Garg-Halevi cryptographic multilinear-maps from Eurocrypt 2013. Those broken schemes were using a special class of principal ideals, but these works also showed how to solve SVP for principal ideals in the worst-case in quantum polynomial time for an approximation factor of exp(Õ( √ n)). This exposed an unexpected hardness gap between general lattices and some structured ones, and called into question the hardness of various problems over structured lattices, such as Ideal-SVP and RingLWE. In this work, we generalize the previous result to general ideals. Precisely, we show how to solve the close principal multiple problem (CPM) by exploiting the classical theorem that the class-group is annihilated by the (Galois-module action of) the so-called Stickelberger ideal. Under some plausible number-theoretical hypothesis, our approach provides a close principal multiple in quantum polynomial time. Combined with the previous results, this solves Ideal-SVP in the worst case in quantum polynomial time for an approximation factor of exp(Õ( √ n)). Although it does not seem that the security of Ring-LWE based cryptosystems is directly affected, we contribute novel ideas to the cryptanalysis of schemes based on structured lattices. Moreover, our result shows a deepening of the gap between general lattices and structured ones.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

The fractional Galois ideal for arbitrary order of vanishing

We propose a candidate, which we call the fractional Galois ideal after Snaith’s fractional ideal, for replacing the classical Stickelberger ideal associated to an abelian extension of number fields. The Stickelberger ideal can be seen as gathering information about those L-functions of the extension which are non-zero at the special point s = 0, and was conjectured by Brumer to give annihilato...

متن کامل

2 00 8 The canonical fractional Galois ideal at s = 0

The Stickelberger elements attached to an abelian extension of number fields conjecturally participate, under certain conditions, in annihilator relations involving higher algebraic K-groups. In [13], Snaith introduces canonical Galois modules hoped to appear in annihilator relations generalising and improving those involving Stickelberger elements. In this paper we study the first of these mod...

متن کامل

Hilbert-Speiser number fields and Stickelberger ideals

Let p be a prime number. We say that a number field F satisfies the condition (H ′ pn) when any abelian extension N/F of exponent dividing p has a normal integral basis with respect to the ring of p-integers. We also say that F satisfies (H ′ p∞) when it satisfies (H ′ pn) for all n ≥ 1. It is known that the rationals Q satisfy (H ′ p∞) for all prime numbers p. In this paper, we give a simple c...

متن کامل

On the Structure of Ideal Class Groups of CM - Fields dedicated to Professor K . Kato on his 50 th birthday

For a CM-field K which is abelian over a totally real number field k and a prime number p, we show that the structure of the χ-component AχK of the p-component of the class group of K is determined by Stickelberger elements (zeta values) (of fields containing K) for an odd character χ of Gal(K/k) satisfying certain conditions. This is a generalization of a theorem of Kolyvagin and Rubin. We def...

متن کامل

On the Structure of Ideal Class Groups of CM - Fields

For a CM-field K which is abelian over a totally real number field k and a prime number p, we show that the structure of the χ-component AχK of the p-component of the class group ofK is determined by Stickelberger elements (zeta values) (of fields containing K) for an odd character χ of Gal(K/k) satisfying certain conditions. This is a generalization of a theorem of Kolyvagin and Rubin. We defi...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2016  شماره 

صفحات  -

تاریخ انتشار 2016