Lattice reduction in cryptology: An update

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 1838, Issue , 2000, Pages 85-112

  Nguyen, Phong Q ^a   Stern, Jacques ^a  

^a ECOLE NORMALE SUPÉRIEURE   (France)

Author keywords

[No Author keywords available]

Indexed keywords

CRYPTOGRAPHY; NUMBER THEORY;

19TH CENTURY; CRYPTOLOGY; LATTICE REDUCTION; REDUCTION ALGORITHMS;

LATTICE THEORY;

EID: 33846870481     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/10722028_4     Document Type: Conference Paper

References (114)

1. L. M. Adleman. On breaking generalized knapsack publick key cryptosystems. In Proc.of15th STOC, pages 402-412, ACM, 1983.
2. L. M. Adleman. Factoring and lattice reduction. Unpublished manuscript, 1995.
3. M. Ajtai. Generating hard instances of lattice problems. In Proc. of 28th STOC, pages 99-108. ACM, 1996. Available at [39] at TR96-007.
4. 2 is NP-hard for randomized reductions. In Proc. of 30th STOC. ACM, 1998. Available at [39] as TR97-047.
5. M. Ajtai and C. Dwork. A public-key cryptosystem with worst-case/average-case equivalence. In Proc.of29th STOC, pages 284-293. ACM, 1997. Available at [39] at TR96-065.
6. S. Arora, L. Babai, J. Stern, and Z. Sweedyk. The hardness of approximate optima in lattices, codes, and systems of linear equations. Journal of Computer and System Sciences, 54(2): 317-331, 1997.
7. L. Babai. On Lovász lattice reduction and the nearest lattice point problem. Combinatorica, 6: 1-13, 1986.
8. M. Bellare, S. Goldwasser, and D. Micciancio. "Pseudo-random" number generation within cryptographic algorithms: The DSS case. In Proc. of Crypto '97, volume 1294 of LNCS. IACR, Springer-Verlag, 1997.
9. D. Bleichenbacher. On the security of the KMOV public key cryptosystem. In Proc. of Crypto’97, volume 1294 of LNCS. IACR, Springer-Verlag, 1997.
10. D. Bleichenbacher and P. Q. Nguyen. Noisy polynomial interpolation and noisy Chinese remaindering. In Proc. of Eurocrypt’2000, LNCS. IACR, Springer-Verlag, 2000.
11. J. Blömer and J.-P. Seifert. On the complexity of computing short linearly independent vectors and short bases in a lattice. In Proc. of 31st STOC. ACM, 1999.
12. D. Boneh. The decision Di e-Hellman problem. In Algorithmic Number Theory Proc. of ANTS-III, volume 1423 of LNCS. Springer-Verlag, 1998.
13. D. Boneh. Twenty years of attacks on the RSA cryptosystem. Notices of the AMS, 46(2): 203-213, 1999.
14. D. Boneh. Finding smooth integers in short intervals using CRT decoding. In Proc. of 32nd STOC. ACM, 2000.
15. 0.292. In Proc. of Eurocrypt '99, volume 1592 of LNCS, pages 1-11, IACR, Springer-Verlag, 1999.
16. D. Boneh, G. Durfee, and Y. Frankel. An attack on RSA given a small fraction of the private key bits. In Proc. of Asiacrypt '98, volume 1514 of LNCS, pages 25-34, Springer-Verlag, 1998.
17. rq for larger. In Proc. of Crypto’99, volume 1666 of LNCS. IACR, Springer-Verlag, 1999.
18. D. Boneh and R. Venkatesan. Hardness of computing the most significant bits of secret keys in di e-hellman and related schemes. In Proc. of Crypto’96, LNCS. IACR, Springer-Verlag, 1996.
19. D. Boneh and R. Venkatesan. Breaking RSA may not be equivalent to factoring. In Proc. of Eurocrypt '98, volume 1233 of LNCS. IACR, Springer-Verlag, 1998.
20. V. Boyko, M. Peinado, and R. Venkatesan. Speeding up discrete log and factoring based schemes via precomputations. In Proc. of Eurocrypt '98, volume 1403 of LNCS, pages 221-235, IACR, Springer-Verlag, 1998.
21. E. F. Brickell. Solving low density knapsacks. In Proc. of Crypto '83. Plenum Press, 1984.
22. E. F. Brickell. Breaking iterated knapsacks. In Proc. of Crypto '84, volume 196 of LNCS. Springer-Verlag, 1985.
23. E. F. Brickell and A. M. Odlyzko. Cryptanalysis: A survey of recent results. In Contemporary Cryptology, pages 501-540, IEEE Press, 1991.
24. J.-Y. Cai. Some recent progress on the complexity of lattice problems. In Proc. of FCRC, 1999. Available at [39] as TR99-006.
25. J.-Y. Cai. The complexity of some lattice problems. In Proc. of ANTS-IV, LNCS. Springer-Verlag, 2000. In these proceedings.
26. J.-Y. Cai and T. W. Cusick. A lattice-based public-key cryptosystem. Information and Computation, 151: 17-31, 1999.
27. J.-Y. Cai and A. P. Nerurkar. An improved worst-case to average-case connection for lattice problems. In Proc.of38th FOCS, pages 468-477, IEEE, 1997.
28. S. Cavallar, B. Dodson, A. K. Lenstra, W. Lioen, P. L. Montgomery, B. Murphy, H. te Riele, K. Aardal, J. Gilchrist, G. Guillerm, P. Leyland, J. Marchand, F. Morain, A. Muett, C. Putnam, C. Putnam, and P. Zimmermann. Factorization of 512-bit RSA key using the number field sieve. In Proc. of Eurocrypt’2000, LNCS. IACR, Springer-Verlag, 2000. Factorization announced in August, 1999.
29. B. Chor and R.L. Rivest. A knapsack-type public key cryptosystem based on arithmetic in finite fields. IEEE Trans. Inform. Theory, 34, 1988.
30. H. Cohen. A Course in Computational Algebraic Number Theory. Springer-Verlag, 1995. Second edition.
31. J.H. Conway and N.J.A. Sloane. Sphere Packings, Lattices and Groups. Springer-Verlag, 1998. Third edition.
32. D. Coppersmith. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. of Cryptology, 10(4): 233-260, 1997. Revised version of two articles of Eurocrypt '96.
33. D. Coppersmith and A. Shamir. Lattice attacks on NTRU. In Proc. of Eurocrypt '97, LNCS. IACR, Springer-Verlag, 1997.
34. M.J. Coster, A. Joux, B.A. LaMacchia, A.M. Odlyzko, C.-P. Schnorr, and J. Stern. Improved low-density subset sum algorithms. Comput. Complexity, 2: 111-128, 1992.
35. C. Coupé, P. Nguyen, and J. Stern. The effectiveness of lattice attacks against low-exponent RSA. In Proc. of PKC’99, volume 1431 of LNCS. Springer-Verlag, 1999.
36. W. Die and M. E. Hellman. New directions in cryptography. IEEE Trans. Inform. Theory, IT-22: 644-654, Nov 1976.
37. 1 to within almost-polynomial factors is NP-hard. Available at [39] at TR99-016.
38. I. Dinur, G. Kindler, and S. Safra. Approximating CVP to within almost-polynomial factors is NP-hard. In Proc. of 39th FOCS, pages 99-109. IEEE, 1998. Available at [39] at TR98-048.
39. ECCC. http://www.eccc.uni-trier.de/eccc/. The Electronic Colloquium on Computational Complexity.
40. P. van Emde Boas. Another NP-complete problem and the complexity of computing short vectors in a lattice. Technical report, Mathematisch Instituut, University of Amsterdam, 1981. Report 81-04. Available at http://turing.wins.uva.nl/~peter/.
41. R. Fischlin and J.-P. Seifert. Tensor-based trapdoors for CVP and their application to public key cryptography. In Cryptography and Coding, volume 1746 of LNCS, pages 244-257, Springer-Verlag, 1999.
42. A. M. Frieze. On the lagarias-odlyzko algorithm for the subset sum problem. SIAM J. Comput, 15(2): 536-539, 1986.
43. M. L. Furst and R. Kannan. Succinct certificates for almost all subset sum problems. SIAM J. Comput, 18(3): 550-558, 1989.
44. C.F. Gauss. Disquisitiones Arithmetic. Leipzig, 1801.
45. M. Girault and J.-F. Misarsky. Cryptanalysis of countermeasures proposed for repairing ISO 9796-1. In Proc. of Eurocrypt’2000, LNCS. IACR, Springer-Verlag, 2000.
46. O. Goldreich and S. Goldwasser. On the limits of non-approximability of lattice problems. In Proc.of30th STOC. ACM, 1998. Available at [39] as TR97-031.
47. O. Goldreich, S. Goldwasser, and S. Halevi. Challenges for the GGH cryptosystem. Available at http://theory.lcs.mit.edu/~shaih/challenge.html.
48. O. Goldreich, S. Goldwasser, and S. Halevi. Eliminating decryption errors in the Ajtai-Dwork cryptosystem. In Proc. of Crypto’97, volume 1294 of LNCS, pages 105-111. IACR, Springer-Verlag, 1997. Available at [39] as TR97-018.
49. O. Goldreich, S. Goldwasser, and S. Halevi. Public-key cryptosystems from lattice reduction problems. In Proc. of Crypto '97, volume 1294 of LNCS, pages 112-131. IACR, Springer-Verlag, 1997. Available at [39] as TR96-056.
50. O. Goldreich, D. Micciancio, S. Safra, and J.-P. Seifert. Approximating shortest lattice vectors is not harder than approximating closest lattice vectors. Available at [39] at TR99-002.
51. M. I. González Vasco and I. E. Shparlinski. On the security of Di e-Hellman bits. In K.-Y. Lam, I. E. Shparlinski, H. Wang, and C. Xing, editors, Proc. Workshop on Cryptography and Comp. Number Theory (CCNT’99). Birkhauser, 2000.
52. M. Grötschel, L. Lovász, and A. Schrijver. Geometric Algorithms and Combinatorial Optimization. Springer-Verlag, 1993.
53. M. Gruber and C. G. Lekkerkerker. Geometry of Numbers. North-Holland, 1987.
54. J. Håstad. Solving simultaneous modular equations of low degree. SIAM J. Comput., 17(2): 336-341, April 1988. Early version in Proc. of Crypto '85.
55. C. Hermite. Extraits de lettres de M. Hermite à M. Jacobi sur di érents objets de la théorie des nombres, deuxième lettre. J. Reine Angew. Math., 40: 279-290, 1850. Also in the first volume of Hermite’s complete works (Gauthier-Villars).
56. J. Hoffstein, J. Pipher, and J.H. Silverman. NTRU: a ring based public key cryptosystem. In Proc. of ANTS III, volume 1423 of LNCS, pages 267-288. Springer-Verlag, 1998. Additional information at http://www.ntru.com.
57. N. A. Howgrave-Graham. Finding small roots of univariate modular equations revisited. In Cryptography and Coding, volume 1355 of LNCS, pages 131-142, Springer-Verlag, 1997.
58. N. A. Howgrave-Graham. Computational Mathematics Inspired by RSA. PhD thesis, University of Bath, 1998.
59. N. A. Howgrave-Graham and N. P. Smart. Lattice attacks on digital signature schemes. Technical report, HP Labs, 1999. HPL-1999-90.
60. É. Jaulmes and A. Joux. A chosen ciphertext attack on NTRU. Preprint, 2000.
61. A. Joux and J. Stern. Lattice reduction: A toolbox for the cryptanalyst. J. of Cryptology, 11: 161-185, 1998.
62. C. S. Jutla. On finding small solutions of modular multivariate polynomial equations. In Proc. of Eurocrypt '98, volume 1403 of LNCS, pages 158-170, IACR, Springer-Verlag, 1998.
63. R. Kannan. Improved algorithms for integer programming and related lattice problems. In Proc.of15th STOC, pages 193-206, ACM, 1983.
64. R. Kannan. Algorithmic geometry of numbers. Annual review of computer science, 2: 231-267, 1987.
65. R. Kannan. Minkowski’s convex body theorem and integer programming. Math. Oper. Res., 12(3): 415-440, 1987.
66. P. Klein. Finding the closest lattice vector when it’s unusually close. In Proc. of SODA '2000. ACM-SIAM, 2000.
67. A. Korkine and G. Zolotare. Surles formes quadratiques positives ternaires. Math. Ann., 5: 581-583, 1872.
68. A. Korkine and G. Zolotare. Surles formes quadratiques. Math. Ann., 6: 336-389, 1873.
69. J. C. Lagarias. Point lattices. In R. Graham, M. Grötschel, and L. Lovász, editors, Handbook of Combinatorics, volume 1, chapter 19. Elsevier, 1995.
70. J. C. Lagarias and A. M. Odlyzko. Solving low-density subset sum problems. Journal of the Association for Computing Machinery, January 1985.
71. L. Lagrange. Recherches d’arithmétique. Nouv. M em. Acad., 1773.
72. A. K. Lenstra and H. W. Lenstra, Jr. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, 1993.
73. A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovász. Factoring polynomials with rational coefficients. Mathematische Ann., 261: 513-534, 1982.
74. H. W. Lenstra, Jr. Integer programming with a fixed number of variables. Math. Oper. Res., 8(4): 538-548, 1983.
75. L. Lovász. An Algorithmic Theory of Numbers, Graphs and Convexity, volume 50. SIAM, 1986. CBMS-NSF Regional Conference Series in Applied Mathematics.
76. J. Martinet. Les R eseaux Parfaits des Espaces Euclidiens. Éditions Masson, 1996. English translation to appear at Springer-Verlag.
77. J. E. Mazo and A. M. Odlyzko. Lattice points in high-dimensional spheres. Monatsh. Math., 110: 47-61, 1990.
78. R.J. McEliece. A public-key cryptosystem based on algebraic number theory. Technical report, Jet Propulsion Laboratory, 1978. DSN Progress Report 42-44.
79. A. Menezes, P. Van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.
80. R. Merkle and M. Hellman. Hiding information and signatures in trapdoor knapsacks. IEEE Trans. Inform. Theory, IT-24: 525-530, September 1978.
81. D. Micciancio. On the Hardness of the Shortest Vector Problem. PhD thesis, Massachusetts Institute of Technology, 1998.
82. D. Micciancio. The shortest vector problem is NP-hard to approximate within some constant. In Proc. of 39th FOCS. IEEE, 1998. Available at [39] at TR98-016.
83. D. Micciancio. Lattice based cryptography: A global improvement. Technical report, Theory of Cryptography Library, 1999. Report 99-05.
84. J. Milnor and D. Husemoller. Symmetric Bilinear Forms. Springer-Verlag, 1973.
85. H. Minkowski. Geometrie der Zahlen. Teubner-Verlag, Leipzig, 1896.
86. J.-F. Misarsky. A multiplicative attack using LLL algorithm on RSA signatures with redundancy. In Proc. of Crypto '97, volume 1294 of LNCS, pages 221-234, IACR, Springer-Verlag, 1997.
87. P. L. Montgomery. Square roots of products of algebraic numbers. In Walter Gautschi, editor, Mathematics of Computation 1943-1993: a Half-Century of Computational Mathematics, Proc. of Symposia in Applied Mathematics, pages 567-571, American Mathematical Society, 1994.
88. National Institute of Standards and Technology (NIST). FIPS Publication 186: Digital Signature Standard, May 1994.
89. P. Nguyen. A Montgomery-like square root for the number field sieve. In Proc. of ANTS-III, volume 1423 of LNCS. Springer-Verlag, 1998.
90. P. Nguyen. Cryptanalysis of the Goldreich-Goldwasser-Halevi cryptosystem from Crypto '97. In Proc. of Crypto’99, volume 1666 of LNCS, pages 288-304, IACR, Springer-Verlag, 1999.
91. P. Nguyen and J. Stern. Merkle-Hellman revisited: a cryptanalysis of the QuVanstone cryptosystem based on group factorizations. In Proc. of Crypto '97, volume 1294 of LNCS, pages 198-212, IACR, Springer-Verlag, 1997.
92. P. Nguyen and J. Stern. Cryptanalysis of a fast public key cryptosystem presented at SAC '97. In Selected Areas in Cryptography - Proc. of SAC '98, volume 1556 of LNCS. Springer-Verlag, 1998.
93. P. Nguyen and J. Stern. Cryptanalysis of the Ajtai-Dwork cryptosystem. In Proc. of Crypto '98, volume 1462 of LNCS, pages 223-242, IACR, Springer-Verlag, 1998.
94. P. Nguyen and J. Stern. The Béguin-Quisquater server-aided RSA protocol from Crypto '95 is not secure. In Proc. of Asiacrypt '98, volume 1514 of LNCS, pages 372-379, Springer-Verlag, 1998.
95. P. Nguyen and J. Stern. The hardness of the hidden subset sum problem and its cryptographic implications. In Proc. of Crypto '99, volume 1666 of LNCS, pages 31-46, IACR, Springer-Verlag, 1999.
96. P. Nguyen and J. Stern. The orthogonal lattice: A new tool for the cryptanalyst. Manuscript submitted to J. of Cryptology, 2000.
97. P. Q. Nguyen. La G eom etrie des Nombres en Cryptologie. PhD thesis, Université Paris 7, November 1999. Available at http://www.di.ens.fr/~pnguyen/.
98. P. Q. Nguyen. The dark side of the hidden number problem: Lattice attacks on DSA. In K.-Y. Lam, I. E. Shparlinski, H. Wang, and C. Xing, editors, Proc. Workshop on Cryptography and Comp. Number Theory (CCNT’99). Birkhauser, 2000.
99. A. M. Odlyzko. The rise and fall of knapsack cryptosystems. In Cryptology and Computational Number Theory, volume 42 of Proc. of Symposia in Applied Mathematics, pages 75-88. A.M.S., 1990.
100. R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Comm. of the ACM, 21(2): 120-126, 1978.
101. C. P. Schnorr. A hierarchy of polynomial lattice basis reduction algorithms. Theoretical Computer Science, 53: 201-224, 1987.
102. C. P. Schnorr. A more efficient algorithm for lattice basis reduction. J. of algorithms, 9(1): 47-62, 1988.
103. C. P. Schnorr. Factoring integers and computing discrete logarithms via diophantine approximation. In Proc. of Eurocrypt '91, volume 547 of LNCS, pages 171-181. IACR, Springer-Verlag, 1991.
104. C. P. Schnorr and M. Euchner. Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Programming, 66: 181-199, 1994.
105. C. P. Schnorr and H. H. Hörner. Attacking the Chor-Rivest cryptosystem by improved lattice reduction. In Proc. of Eurocrypt '95, volume 921 of LNCS, pages 1-12. IACR, Springer-Verlag, 1995.
106. A. Shamir. A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem. In Proc.of23rd FOCS, pages 145-152. IEEE, 1982.
107. V. Shoup. Number Theory C++ Library (NTL) version 3.9. Available at http://www.shoup.net/ntl/.
108. C. L. Siegel. Lectures on the Geometry of Numbers. Springer-Verlag, 1989.
109. B. Vallée. La réduction des réseaux: autour de l’algorithme de Lenstra, Lenstra, Lovász. RAIRO Inform. Th eor. Appl., 23(3): 345-376, 1989. English translation in CWI Quaterly, 3(2): 95-120, 1990.
110. B. Vallée, M. Girault, and P. Ton. How to guess l-th roots modulo n by reducing lattice bases. In Proc. of AAEEC-6, volume 357 of LNCS, pages 427-442. Springer-Verlag, 1988.
111. S. A. Vanstone and R. J. Zuccherato. Short RSA keys and their generation. J. of Cryptology, 8(2): 101-114, 1995.
112. S. Vaudenay. Cryptanalysis of the Chor-Rivest cryptosystem. In Proc. of Crypto '98, volume 1462 of LNCS. Springer-Verlag, 1998. Appeared first at the "rump session" of Crypto '97.
113. E. R. Verheul. Certificates of recoverability with scalable recovery agent security. In Proc. of PKC '2000, LNCS. Springer-Verlag, 2000.
114. M. Wiener. Cryptanalysis of short RSA secret exponents. IEEE Trans. Inform. Theory, 36(3): 553-558, 1990.