Results 1  10
of
17
Publickey cryptosystems based on composite degree residuosity classes
 IN ADVANCES IN CRYPTOLOGY — EUROCRYPT 1999
, 1999
"... Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to publickey cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic pr ..."
Abstract

Cited by 614 (6 self)
 Add to MetaCart
Abstract. This paper investigates a novel computational problem, namely the Composite Residuosity Class Problem, and its applications to publickey cryptography. We propose a new trapdoor mechanism and derive from this technique three encryption schemes: a trapdoor permutation and two homomorphic probabilistic encryption schemes computationally comparable to RSA. Our cryptosystems, based on usual modular arithmetics, are provably secure under appropriate assumptions in the standard model. 1
Latticebased Cryptography
, 2008
"... In this chapter we describe some of the recent progress in latticebased cryptography. Latticebased cryptographic constructions hold a great promise for postquantum cryptography, as they enjoy very strong security proofs based on worstcase hardness, relatively efficient implementations, as well a ..."
Abstract

Cited by 36 (5 self)
 Add to MetaCart
In this chapter we describe some of the recent progress in latticebased cryptography. Latticebased cryptographic constructions hold a great promise for postquantum cryptography, as they enjoy very strong security proofs based on worstcase hardness, relatively efficient implementations, as well as great simplicity. In addition, latticebased cryptography is believed to be secure against quantum computers. Our focus here
Improved Analysis of Kannan’s Shortest Lattice Vector Algorithm
 In Proceedings of Crypto 2007
, 2007
"... Abstract. The security of latticebased cryptosystems such as NTRU, GGH and AjtaiDwork essentially relies upon the intractability of computing a shortest nonzero lattice vector and a closest lattice vector to a given target vector in high dimensions. The best algorithms for these tasks are due to ..."
Abstract

Cited by 23 (6 self)
 Add to MetaCart
Abstract. The security of latticebased cryptosystems such as NTRU, GGH and AjtaiDwork essentially relies upon the intractability of computing a shortest nonzero lattice vector and a closest lattice vector to a given target vector in high dimensions. The best algorithms for these tasks are due to Kannan, and, though remarkably simple, their complexity estimates have not been improved since over twenty years. Kannan’s algorithm for solving the shortest vector problem (SVP) is in particular crucial in Schnorr’s celebrated block reduction algorithm, on which rely the best known generic attacks against the latticebased encryption schemes mentioned above. In this paper we improve the complexity upperbounds of Kannan’s algorithms. The analysis provides new insight on the practical cost of solving SVP, and helps progressing towards providing meaningful keysizes. 1
Tensorbased Trapdoors for CVP and their Application to Public Key Cryptography
, 2000
"... . We propose two trapdoors for the ClosestVectorProblem in lattices (CVP) related to the lattice tensor product. Using these trapdoors we set up a latticebased cryptosystem which resembles to the McEliece scheme. 1 Keywords. Public Key Cryptosystem, Closest Vector Problem, Lattice Reduction ..."
Abstract

Cited by 10 (0 self)
 Add to MetaCart
. We propose two trapdoors for the ClosestVectorProblem in lattices (CVP) related to the lattice tensor product. Using these trapdoors we set up a latticebased cryptosystem which resembles to the McEliece scheme. 1 Keywords. Public Key Cryptosystem, Closest Vector Problem, Lattice Reduction, Trapdoor, McEliece 1 Introduction Since the invention of public key cryptography in 1976 by Di#e and Hellman [DH76] security of most cryptosystems is based on the (assumed) hardness of factoring or computing discrete logarithms. Only a few schemes based on other problems remain unbroken. Among which there is the McEliece scheme [St95] based on the computational di#culty of decoding a random code. It is still a challenge to develop new public key cryptosystem originating from the hardness of non numbertheoretic problems. In a pioneer work Ajtai [A96] constructed an e#ciently computable function which is hard to invert on the average if the underlying lattice problem is intractable in th...
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC '97
, 1998
"... At SAC '97, Itoh, Okamoto and Mambo presented a fast public key cryptosystem. After analyzing several attacks including latticereduction attacks, they claimed that its security was high, although the cryptosystem had some resemblances with the former knapsack cryptosystems, since decryption could be ..."
Abstract

Cited by 7 (5 self)
 Add to MetaCart
At SAC '97, Itoh, Okamoto and Mambo presented a fast public key cryptosystem. After analyzing several attacks including latticereduction attacks, they claimed that its security was high, although the cryptosystem had some resemblances with the former knapsack cryptosystems, since decryption could be viewed as a multiplicative knapsack problem. In this paper, we show how to recover the private key from a fraction of the public key in less than 10 minutes for the suggested choice of parameters. The attack is based on a systematic use of the notion of the orthogonal lattice which we introduced as a cryptographic tool at Crypto '97. This notion allows us to attack the linearity hidden in the scheme.
Accelerating lattice reduction with FPGAs
 IN PROCEEDINGS OF THE FIRST INTERNATIONAL CONFERENCE ON PROGRESS IN CRYPTOLOGY: CRYPTOLOGY AND INFORMATION SECURITY IN LATIN
, 2010
"... We describe an FPGA accelerator for the Kannan–Fincke– Pohst enumeration algorithm (KFP) solving the Shortest Lattice Vector Problem (SVP). This is the first FPGA implementation of KFP specifically targeting cryptographically relevant dimensions. In order to optimize this implementation, we theoreti ..."
Abstract

Cited by 4 (2 self)
 Add to MetaCart
We describe an FPGA accelerator for the Kannan–Fincke– Pohst enumeration algorithm (KFP) solving the Shortest Lattice Vector Problem (SVP). This is the first FPGA implementation of KFP specifically targeting cryptographically relevant dimensions. In order to optimize this implementation, we theoretically and experimentally study several facets of KFP, including its efficient parallelization and its underlying arithmetic. Our FPGA accelerator can be used for both solving standalone instances of SVP (within a hybrid CPU–FPGA compound) or myriads of smaller dimensional SVP instances arising in a BKZtype algorithm. For devices of comparable costs, our FPGA implementation is faster than a multicore CPU implementation by a factor around 2.12.
Cryptographic functions from worstcase complexity assumptions
, 2007
"... Lattice problems have been suggested as a potential source of computational hardness to beused in the construction of cryptographic functions that are provably hard to break. A remarkable feature of latticebased cryptographic functions is that they can be proved secure (that is,hard to break on t ..."
Abstract

Cited by 3 (1 self)
 Add to MetaCart
Lattice problems have been suggested as a potential source of computational hardness to beused in the construction of cryptographic functions that are provably hard to break. A remarkable feature of latticebased cryptographic functions is that they can be proved secure (that is,hard to break on the average) based on the assumption that the underlying lattice problems are computationally hard in the worstcase. In this paper we give a survey of the constructions andproof techniques used in this area, explain the importance of basing cryptographic functions on the worstcase complexity of lattice problems, and discuss how this affects the traditionalapproach to cryptanalysis based on random challenges.
Survey of Computational Assumptions Used in Cryptography Broken or Not by Shor's Algorithm
, 2001
"... We survey the computational assumptions of various cryptographic schemes, and discuss the security threat posed by Shor's quantum algorithm. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We survey the computational assumptions of various cryptographic schemes, and discuss the security threat posed by Shor's quantum algorithm.
Another Look at "Provable Security". II
, 2006
"... We discuss the question of how to interpret reduction arguments in cryptography. We give some examples to show the subtlety and difficulty of this question. ..."
Abstract

Cited by 2 (0 self)
 Add to MetaCart
We discuss the question of how to interpret reduction arguments in cryptography. We give some examples to show the subtlety and difficulty of this question.
Cryptanalysis of the CaiCusick Latticebased Publickey
"... In 1998, Cai and Cusick proposed a latticebased publickey cryptosystem based on the similar ideas of the AjtaiDwork cryptosystem, but with much less data expansion. However, they didn’t give any security proof. In our paper, we present an efficient ciphertextonly attack which runs in polynomial ..."
Abstract

Cited by 2 (1 self)
 Add to MetaCart
In 1998, Cai and Cusick proposed a latticebased publickey cryptosystem based on the similar ideas of the AjtaiDwork cryptosystem, but with much less data expansion. However, they didn’t give any security proof. In our paper, we present an efficient ciphertextonly attack which runs in polynomial time against the cryptosystem to recover the message, so the CaiCusick latticebased publickey cryptosystem is not secure. We also present two chosenciphertext attacks to get a similar private key which acts as the real private key. Keywords: lattice, CaiCusick Cryptosystem, GramSchmidt orthogonalization, ciphertextonly attack, chosenciphertext attack