Results 1  10
of
12
The Two Faces of Lattices in Cryptology
 In Cryptography and Lattices, International Conference (CaLC 2001), volume 2146 of LNCS
, 2001
"... ..."
The shortest vector in a lattice is hard to approximate to within some constant
 in Proc. 39th Symposium on Foundations of Computer Science
, 1998
"... Abstract. We show that approximating the shortest vector problem (in any ℓp norm) to within any constant factor less than p √ 2 is hardfor NP under reverse unfaithful random reductions with inverse polynomial error probability. In particular, approximating the shortest vector problem is not in RP (r ..."
Abstract

Cited by 51 (4 self)
 Add to MetaCart
Abstract. We show that approximating the shortest vector problem (in any ℓp norm) to within any constant factor less than p √ 2 is hardfor NP under reverse unfaithful random reductions with inverse polynomial error probability. In particular, approximating the shortest vector problem is not in RP (random polynomial time), unless NP equals RP. We also prove a proper NPhardness result (i.e., hardness under deterministic manyone reductions) under a reasonable number theoretic conjecture on the distribution of squarefree smooth numbers. As part of our proof, we give an alternative construction of Ajtai’s constructive variant of Sauer’s lemma that greatly simplifies Ajtai’s original proof. Key words. NPhardness, shortest vector problem, point lattices, geometry of numbers, sphere packing
Lattice Reduction in Cryptology: An Update
 Lect. Notes in Comp. Sci
, 2000
"... Lattices are regular arrangements of points in space, whose study appeared in the 19th century in both number theory and crystallography. ..."
Abstract

Cited by 36 (7 self)
 Add to MetaCart
Lattices are regular arrangements of points in space, whose study appeared in the 19th century in both number theory and crystallography.
Security of the most significant bits of the Shamir message passing scheme
 MATH. COMP
, 2000
"... Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a “hidden ” element α of a finite field Fp of p elements from rather short strings of the most significant bits of the remainder modulo p of αt for several values of t selected uniformly at random from F ∗ p.Unfor ..."
Abstract

Cited by 19 (13 self)
 Add to MetaCart
Boneh and Venkatesan have recently proposed a polynomial time algorithm for recovering a “hidden ” element α of a finite field Fp of p elements from rather short strings of the most significant bits of the remainder modulo p of αt for several values of t selected uniformly at random from F ∗ p.Unfortunately the applications to the computational security of most significant bits of private keys of some finite field exponentiation based cryptosystems given by Boneh and Venkatesan are not quite correct. For the DiffieHellman cryptosystem the result of Boneh and Venkatesan has been corrected and generalized in our recent paper. Here a similar analysis is given for the Shamir message passing scheme. The results depend on some bounds of exponential sums.
Sparse polynomial approximation in finite fields
 in Proceedings of the thirtythird annual ACM symposium on Theory of computing, ser. STOC ’01
"... ..."
Hidden number problem with hidden multipliers, timedrelease crypto and noisy exponentiation
 Math. Comp
"... Abstract. We consider a generalisation of the hidden number problem recently introduced by Boneh and Venkatesan. The initial problem can be stated as follows: recover a number a ∈ Fp such that for many known random t ∈ Fp approximations to the values of ⌊at ⌋ p areknown. Herewestudyaversionof the pr ..."
Abstract

Cited by 10 (4 self)
 Add to MetaCart
Abstract. We consider a generalisation of the hidden number problem recently introduced by Boneh and Venkatesan. The initial problem can be stated as follows: recover a number a ∈ Fp such that for many known random t ∈ Fp approximations to the values of ⌊at ⌋ p areknown. Herewestudyaversionof the problem where the “multipliers ” t are not known but rather certain approximations to them are given. We present a probabilistic polynomial time solution when the error is small enough, and we show that the problem cannot be solved if the error is sufficiently large. We apply the result to the bit security of “timedrelease crypto ” introduced by Rivest, Shamir and Wagner, to noisy exponentiation blackboxes and to the bit security of the “inverse” exponentiation. We also show that it implies a certain bit security result for Weil pairing on elliptic curves. 1.
Guest Column: Complexity of SVP  A reader's digest
, 2001
"... We present highlevel technical summaries of five recent results on the computational complexity of the shortest lattice vector problem. ..."
Abstract
 Add to MetaCart
We present highlevel technical summaries of five recent results on the computational complexity of the shortest lattice vector problem.