Results 1 
3 of
3
A Decade of Lattice Cryptography
, 2016
"... Latticebased cryptography is the use of conjectured hard problems on point lattices in Rn as the foundation for secure cryptographic constructions. Attractive features of lattice cryptography include: apparent resistance to quantum attacks (in contrast with most numbertheoretic cryptography), hig ..."
Abstract

Cited by 1 (0 self)
 Add to MetaCart
(Show Context)
Latticebased cryptography is the use of conjectured hard problems on point lattices in Rn as the foundation for secure cryptographic constructions. Attractive features of lattice cryptography include: apparent resistance to quantum attacks (in contrast with most numbertheoretic cryptography), high asymptotic efficiency and parallelism, security under worstcase intractability assumptions, and solutions to longstanding open problems in cryptography. This work surveys most of the major developments in lattice cryptography over the past ten years. The main focus is on the foundational short integer solution (SIS) and learning with errors (LWE) problems (and their more efficient ringbased variants), their provable hardness assuming the worstcase intractability of
Fast Fourier Orthogonalization (and Applications to LatticeBased Cryptography)
"... Abstract. The classical Fast Fourier Transform (FFT) allows to compute in quasilinear time the product of two polynomials, in the circular convolution ring R[x]/(xd − 1) — a task that naively requires quadratic time. Equivalently, it allows to accelerate matrixvector products when the matrix is ..."
Abstract
 Add to MetaCart
Abstract. The classical Fast Fourier Transform (FFT) allows to compute in quasilinear time the product of two polynomials, in the circular convolution ring R[x]/(xd − 1) — a task that naively requires quadratic time. Equivalently, it allows to accelerate matrixvector products when the matrix is circulant. In this work, we discover that the ideas of the FFT can be applied to speed up the orthogonalization process of a circulant matrix. We show that, when n is composite, it is possible to proceed to the orthogonalization in an inductive way, leading to a structured GramSchmidt decomposition. In turn, this structured GramSchmidt decomposition accelerates a cornerstone lattice algorithm: the Nearest Plane algorithm. The results easily extend to cyclotomic rings, and can be adapted to Gaussian Samplers. This finds applications in latticebased cryptography, improving the performances of trapdoor functions.
Λ◦λ: A Functional Library for Lattice Cryptography
, 2015
"... This work describes the design and implementation of Λ◦λ, a generalpurpose software library for lattice cryptography, written in the functional and strongly typed language Haskell. In comparison with several prior implementations of latticebased cryptographic schemes, Λ◦λ has several novel and dis ..."
Abstract
 Add to MetaCart
This work describes the design and implementation of Λ◦λ, a generalpurpose software library for lattice cryptography, written in the functional and strongly typed language Haskell. In comparison with several prior implementations of latticebased cryptographic schemes, Λ◦λ has several novel and distinguishing features, which include: • Generality and modularity: Λ◦λ defines simple but general interfaces for the lattice cryptography “toolbox, ” allowing for a wide variety of cryptographic schemes to be expressed very naturally and concisely. For example, we implement an advanced fully homomorphic encryption (FHE) scheme in as few as 2–5 lines of code per feature, via code that very closely matches the scheme’s mathematical definition. • Parallelism: Λ◦λ automatically exploits multicore parallelism, achieving nearly linear speedups per core. It also allows for the use of other parallel “backends ” (e.g., based on GPUs or other specialized hardware), with no changes to application code. • Theory affinity: Λ◦λ is designed from the groundup around the specialized ring representations, fast algorithms, and worstcase hardness proofs that have been developed for the RingLWE problem