Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97
نویسنده
چکیده
Recent results of Ajtai on the hardness of lattice problems have inspired several cryptographic protocols. At Crypto ’97, Goldreich, Goldwasser and Halevi proposed a public-key cryptosystem based on the closest vector problem in a lattice, which is known to be NP-hard. We show that there is a major flaw in the design of the scheme which has two implications: any ciphertext leaks information on the plaintext, and the problem of decrypting ciphertexts can be reduced to a special closest vector problem which is much easier than the general problem. As an application, we solved four out of the five numerical challenges proposed on the Internet by the authors of the cryptosystem. At least two of those four challenges were conjectured to be intractable. We discuss ways to prevent the flaw, but conclude that, even modified, the scheme cannot provide sufficient security without being impractical.
منابع مشابه
A Lattice Based Public Key Cryptosystem Using Polynomial Representations
In Crypto 97, a public key cryptosystem based on the closest vector problem was suggested by Goldreich, Goldwasser and Halevi [4]. In this paper, we propose a public key cryptosystem applying representations of polynomials to the GGH encryption scheme. Its key size is much smaller than the GGH system so that it is a quite practical and efficient lattice based cryptosystem.
متن کاملChosen Message Attack Against Goldreich-Goldwasser-Halevi's Signature Scheme from Crypto'97
The Goldreich-Goldwasser-Halevi(GGH)’s signature scheme from Crypto ’99 is cryptanalyzed, which is based on the well-known lattice problem. We mount a chosen message attack on the signature scheme, and show the signature scheme is vulnerable to the attack. We collects n lattice points that are linearly independent each other, and constructs a new basis that generates a sub-lattice of the origin...
متن کاملA Digital Signature Scheme based on CVP
In Crypto 1997, Goldreich, Goldwasser and Halevi (GGH) proposed a lattice analogue of McEliece public key cryptosystem, which security is related to the hardness of approximating the closest vector problem (CVP) in a lattice. Furthermore, they also described how to use the same principle of their encryption scheme to provide a signature scheme. Practically, this cryptosystem uses the euclidean ...
متن کاملPublic-Key Cryptosystems from Lattice Reduction Problems
We present a new proposal for a trapdoor one-way function, from which we derive public-key encryption and digital signatures. The security of the new construction is based on the conjectured computational difficulty of lattice-reduction problems, providing a possible alternative to existing public-key encryption algorithms and digital signatures such as RSA and DSS. Keywards; Public-Key Cryptos...
متن کاملEliminating Decryption Errors in the Ajtai-Dwork Cryptosystem
Following Ajtai’s lcad, Ajtai and Dwork have recently introduced a public-key encryption scheme which is secure under the assumption that a certain computational problem on lattices is hard on the worst-case. Their encryption method m a y cause decryption errors, though with small probability (i.e., inversely proportional to the security parameter). In this paper we modify the encryption method...
متن کامل