Cryptanalysis of the goldreich-goldwasser-halevi cryptosystem from crypto'97 (original) (raw)
ILTRU: An NTRU-Like Public Key Cryptosystem Over Ideal Lattices
IACR Cryptol. ePrint Arch., 2015
In this paper we present a new NTRU-Like public key cryptosystem with security provably based on the worst case hardness of the approximate both Shortest Vector Problem (SVP) and Closest Vector Problem (CVP) in some structured lattices, called ideal lattices. We show how to modify the ETRU cryptosystem, an NTRU-Like public key cryptosystem based on the Eisenstein integers 3 [ ] where 3 is a primitive cube root of unity, to make it provably secure, under the assumed quantum hardness of standard worst-case lattice problems, restricted to a family of lattices related to some cyclotomic fields. The security then proves for our main system from the already proven hardness of the R-LWE and R-SIS problems. KeywordsLattice-based cryptography; Ideal lattices; ETRU; Provable security; Dedekind domain.
A Lattice Based Public Key Cryptosystem Using Polynomial Representations
2003
In Crypto 97, a public key cryptosystem based on the closest vector problem was suggested by Goldreich, Goldwasser and Halevi [4]. In this paper, we propose a public key cryptosystem applying representations of polynomials to the GGH encryption scheme. Its key size is much smaller than the GGH system so that it is a quite practical and efficient lattice based cryptosystem.
A Security Upgrade on the GGH Lattice-based Cryptosystem
Sains Malaysiana
Due to the Nguyen's attack, the Goldreich-Goldwasser-Halevi (GGH) encryption scheme, simply referred to as GGH cryptosystem, is considered broken. The GGH cryptosystem was initially addressed as the first practical latticebased cryptosystem. Once the cryptosystem is implemented in a lattice dimension of 300 and above, its inventors was conjectured that the cryptosystem is intractable. This conjecture was based on thorough security analyses on the cryptosystem against some powerful attacks. This conjecture became more concrete when all initial efforts for decrypting the published GGH Internet Challenges were failed. However, a novel strategy by the Nguyen's attack for simplifying the underlying Closest-Vector Problem (CVP) instance that arose from the cryptosystem, had successfully decrypted almost all the challenges and eventually made the cryptosystem being considered broken. Therefore, the Nguyen's attack is considered as a fatal attack on the GGH cryptosystem. In this paper, we proposed a countermeasure to combat the Nguyen's attack. By implementing the proposed countermeasure, we proved that the simplification of the underlying CVP instance could be prevented. We also proved that, the upgraded GGH cryptosystem remains practical where the decryption could be done without error. We are optimistic that, the upgraded GGH cryptosystem could make a remarkable return into the mainstream discussion of the lattice-based cryptography.
Lattice Based Tools in Cryptanalysis for Public Key Cryptography
International Journal of Network Security & Its Applications, 2012
Lattice reduction is a powerful concept for solving diverse problems involving point lattices. Lattice reduction has been successfully utilizing in Number Theory, Linear algebra and Cryptology. Not only the existence of lattice based cryptosystems of hard in nature, but also has vulnerabilities by lattice reduction techniques. In this survey paper, we are focusing on point lattices and then describing an introduction to the theoretical and practical aspects of lattice reduction. Finally, we describe the applications of lattice reduction in Number theory, Linear algebra.
A Theoretical Aspect of Lattice Based Cryptography
The gap factor γ of lattice problems (e.g., SVP, CVP, SIVP etc.) and sampling technique have an importance in lattice-based cryptography. In the ideal lattices, we introduce similar problems and expansion factor (like the gap factor in lattice problems). We also state some results related to ideal lattices.
Broadcast Attacks against Lattice-Based Cryptosystems
Lecture Notes in Computer Science, 2009
In 1988, Håstad proposed the classical broadcast attack against public key cryptosystems. The scenario of a broadcast attack is as follows. A single message is encrypted by the sender directed for several recipients who have different public keys. By observing the ciphertexts only, an attacker can derive the plaintext without requiring any knowledge of any recipient's secret key. Håstad's attack was demonstrated on the RSA algorithm, where low exponents are used. In this paper, we consider the broadcast attack in the lattice-based cryptography, which interestingly has never been studied in the literature. We present a general method to rewrite lattice problems that have the same solution in one unique easier problem. Our method is obtained by intersecting lattices to gather the required knowledge. These problems are used in lattice based cryptography and to model attack on knapsack cryptosystems. In this work, we are able to present some attacks against both lattice and knapsack cryptosystems. Our attacks are heuristics. Nonetheless, these attacks are practical and extremely efficient. Interestingly, the merit of our attacks is not achieved by exploring the weakness of the trapdoor as usually studied in the literature, but we merely concentrate on the problem itself. As a result, our attacks have many security implications on most of the lattice-based or knapsack cryptosystems.
Talk Post-Quantum Cryptography lattice-based cryptosystems (2011)
This short summary of lattice-based encryption methods is based on the book chapter [MR09]. It was presented in the seminar on modern cryptographic methods at the Mathematical Institute of the University Bonn from January 18th to January 28th in 2011. The authors would like to express their heartfelt thanks to Professor Nitin Saxena for organizing the seminar and being available for helpful advice, even on national holidays.
The closest vector problem in some lattices of type A
Lattice-based cryptographic constructions hold a great promise for postquantum cryptography, as they enjoy very strong security proofs based on worst-case hardness relatively efficient implementations, as well as great simplicity. LéoDucas and Wessel van Woerden in [5] proposed a polynomial algorithm allowing solving the Closest Vector Problem (CVP) in the tensor product of two lattices of type A. And as anopen problem, theses authors asked to extend this resolution in the case of three lattices and in the general case of k lattices of type A. Our goal is therefore to propose a solution of this problem. We use the associativity of the lattice of type A and the same techniques to solve this problem in the tensor product of three lattices of type A and even in the tensor product of a finite number of lattices of type A. So we will determine a polynomial algorithm to solve CVP in A n+1 ⊗ A m+1 ⊗A p+1 .
Cryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000
Lecture Notes in Computer Science, 2001
At ACISP 2000, Yoo et al proposed a fast public key cryptosystem using matrices over a ring. The authors claim that the security of their system is based on the RSA problem. In this paper we present a heuristic attack that enables us to recover the private key from the public key. In particular, we show that breaking the system can be reduced to finding a short vector in a lattice which can be achieved using the L 3-lattice reduction algorithm.
Lattice-based Key Sharing Schemes - A Survey
IACR Cryptol. ePrint Arch., 2020
Public key cryptography is an indispensable component used in almost all of our present day digital infrastructure. However, most if not all of it is predominantly built upon hardness guarantees of number theoretic problems that can be broken by large scale quantum computers in the future. Sensing the imminent threat from continued advances in quantum computing, NIST has recently initiated a global level standardization process for quantum resistant public-key cryptographic primitives such as public key encryption, digital signatures and key encapsulation mechanisms. While the process received proposals from various categories of post-quantum cryptography, lattice-based cryptography features most prominently among all the submissions. Lattice-based cryptography offers a very attractive alternative to traditional public-key cryptography mainly due to the variety of lattice-based schemes offering varying flavors of security and efficiency guarantees. In this paper, we survey the evolu...
Cryptanalysis of the Ajtai-Dwork Cryptosystem
1998
Recently, Ajtai discovered a fascinating connection between the worst-case complexity and the average-case complexity of some wellknown lattice problems. Later, Ajtai and Dwork proposed a cryptosystem inspired by Ajtai's work, provably secure if a particular lattice problem is difficult in the worst-case. We present a heuristic attack (to recover the private key) against this celebrated cryptosystem. Experiments with this attack suggest that in order to be secure, implementations of the Ajtai-Dwork cryptosystem would require very large keys, making it impractical in a real-life environment. We also adopt a theoretical point of view: we show that there is a converse to the Ajtai-Dwork security result, by reducing the question of distinguishing encryptions of one from encryptions of zero to approximating some lattice problems. In particular, this settles the open question regarding the NP-hardness of the Ajtai-Dwork cryptosystem: from a recent result of Goldreich and Goldwasser, our result shows that breaking the Ajtai-Dwork cryptosystem is not NP-hard, assuming the polynomial-time hierarchy does not collapse.
Practical Lattice-Based Cryptography: NTRUEncrypt and NTRUSign
Information Security and Cryptography, 2009
We provide a brief history and overview of lattice based cryptography and cryptanalysis: shortest vector problems, closest vector problems, subset sum problem and knapsack systems, GGH, Ajtai-Dwork and NTRU. A detailed discussion of the algorithms NTRUEncrypt and NTRUSign follows. These algorithms have attractive operating speed and keysize and are based on hard problems that are seemingly intractable. We discuss the state of current knowledge about the security of both algorithms and identify areas for further research.
Lattice-based public key encryption with equality test in standard model, revisited
ArXiv, 2020
Public key encryption with equality test (PKEET) allows testing whether two ciphertexts are generated by the same message or not. PKEET is a potential candidate for many practical applications like efficient data management on encrypted databases. Potential applicability of PKEET leads to intensive research from its first instantiation by Yang et al. (CT-RSA 2010). Most of the followup constructions are secure in the random oracle model. Moreover, the security of all the concrete constructions is based on number-theoretic hardness assumptions which are vulnerable in the post-quantum era. Recently, Lee et al. (ePrint 2016) proposed a generic construction of PKEET schemes in the standard model and hence it is possible to yield the first instantiation of PKEET schemes based on lattices. Their method is to use a 222-level hierarchical identity-based encryption (HIBE) scheme together with a one-time signature scheme. In this paper, we propose, for the first time, a direct construction of...
Efficient lattice-based signature scheme
International Journal of Applied Cryptography, 2008
In Crypto 1997, Goldreich, Goldwasser and Halevi (GGH) proposed a lattice analogue of McEliece public key cryptosystem, in which security is related to the hardness of approximating the Closest Vector Problem in a lattice. Furthermore, they also described how to use the same principle of their encryption scheme to provide a signature scheme. Practically, this cryptosystem uses the Euclidean norm, l 2 -norm, which has been used in many algorithms based on lattice theory. Nonetheless, many drawbacks have been studied and these could lead to cryptanalysis of the scheme. In this article, we present a novel method of reducing a vector under the l -norm and propose a digital signature scheme based on it. Our scheme takes advantage of the l -norm to increase the resistance of the GGH scheme and to decrease the signature length. Furthermore, after some other improvements, we obtain a very efficient signature scheme, that trades the security level, speed and space.
Lattices in Quantum-ERA Cryptography
International Journal of Research Publication and Reviews, 2023
The use of Mathematic in cryptography can result a safe encryption scheme. Lattices have emerged as a powerful mathematical tool in the field of cryptography, offering a diverse set of applications ranging from encryption to secure multi-party computation. This research paper provides a comprehensive review of the role of lattices in cryptography, covering both theoretical foundations and practical implementations. The paper begins by introducing the basic concepts of lattices and their relevance in cryptographic protocols. Subsequently, it explores key cryptographic primitives based on lattice problems, such as lattice-based encryption schemes, digital signatures, and fully homomorphic encryption. The paper also proposes a new lattice based cryptographic scheme.
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC ’97
Lecture Notes in Computer Science, 1999
At SAC '97, Itoh, Okamoto and Mambo presented a fast public key cryptosystem. After analyzing several attacks including latticereduction attacks, they claimed that its security was high, although the cryptosystem had some resemblances with the former knapsack cryptosystems, since decryption could be viewed as a multiplicative knapsack problem. In this paper, we show how to recover the private key from a fraction of the public key in less than 10 minutes for the suggested choice of parameters. The attack is based on a systematic use of the notion of the orthogonal lattice which we introduced as a cryptographic tool at Crypto '97. This notion allows us to attack the linearity hidden in the scheme.
Network Security Cryptographic Protocols and Lattice Problems
In this Research investigation we présent new results in two areas-Cryptographic protocols and Lattice Problems. We introduce a new Protocolfor electronic cash which is exclusively designed to fonction on hardware with limited computing power. The approche has provable Security properties and low coputational requiremnts, but it still gives a fair amount of privacy. Major feature of the system is that there is no master secret that could be used for counterfeiting money if stolen. In this Research content we introduce the notion of hierarchial group signatures. In Merchant transactional process the signer that is as similar as a leaf of the sub tree of a group manager, the group manager learns which of its children that manages the signer. We introduced few practical conditions that are suitable for the new notion and construct a scheme that is provably secure given the existence of a family of trapdoor permutations. We also present a construction whcih is relatively practical, and prove its security in the rand om oracle model under the strong RSA assumtion and the DDH assumption. We déterminea simple and efficient system for electronic cash withprobable Security properties. The system relies on symmetric encryption technlogies rather than asymmetric.
Advances in Cryptology — CRYPTO '97, 1997
Cryptosystems based on the knapsack problem were among the first public key systems to be invented and for a while were considered quite promising. Basically all knapsack cryptosystems that have been proposed so far have been broken, mainly by means of lattice reduction techniques. However, a few knapsack-like cryptosystems have withstood cryptanalysis, among which the Chor-Rivest scheme [2] even if this is debatable (see [16]), and the Qu-Vanstone scheme proposed at the Dagstuhl'93 workshop [13] and published in [14]. The Qu-Vanstone scheme is a public key scheme based on group factorizations in the additive group of integers modulo n that generalizes Merkle-Hellman cryptosystems. In this paper, we present a novel use of lattice reduction, which is of independent interest, exploiting in a systematic manner the notion of an orthogonal lattice. Using the new technique, we successfully attack the Qu-Vanstone cryptosystem. Namely, we show how to recover the private key from the public key. The attack is based on a careful study of the so-called Merkle-Hellman transformation.