Cryptanalysis of the goldreich-goldwasser-halevi cryptosystem from crypto'97 (original) (raw)
Related papers
ILTRU: An NTRU-Like Public Key Cryptosystem Over Ideal Lattices
IACR Cryptol. ePrint Arch., 2015
In this paper we present a new NTRU-Like public key cryptosystem with security provably based on the worst case hardness of the approximate both Shortest Vector Problem (SVP) and Closest Vector Problem (CVP) in some structured lattices, called ideal lattices. We show how to modify the ETRU cryptosystem, an NTRU-Like public key cryptosystem based on the Eisenstein integers 3 [ ] where 3 is a primitive cube root of unity, to make it provably secure, under the assumed quantum hardness of standard worst-case lattice problems, restricted to a family of lattices related to some cyclotomic fields. The security then proves for our main system from the already proven hardness of the R-LWE and R-SIS problems. KeywordsLattice-based cryptography; Ideal lattices; ETRU; Provable security; Dedekind domain.
A Lattice Based Public Key Cryptosystem Using Polynomial Representations
2003
In Crypto 97, a public key cryptosystem based on the closest vector problem was suggested by Goldreich, Goldwasser and Halevi [4]. In this paper, we propose a public key cryptosystem applying representations of polynomials to the GGH encryption scheme. Its key size is much smaller than the GGH system so that it is a quite practical and efficient lattice based cryptosystem.
A Security Upgrade on the GGH Lattice-based Cryptosystem
Sains Malaysiana
Due to the Nguyen's attack, the Goldreich-Goldwasser-Halevi (GGH) encryption scheme, simply referred to as GGH cryptosystem, is considered broken. The GGH cryptosystem was initially addressed as the first practical latticebased cryptosystem. Once the cryptosystem is implemented in a lattice dimension of 300 and above, its inventors was conjectured that the cryptosystem is intractable. This conjecture was based on thorough security analyses on the cryptosystem against some powerful attacks. This conjecture became more concrete when all initial efforts for decrypting the published GGH Internet Challenges were failed. However, a novel strategy by the Nguyen's attack for simplifying the underlying Closest-Vector Problem (CVP) instance that arose from the cryptosystem, had successfully decrypted almost all the challenges and eventually made the cryptosystem being considered broken. Therefore, the Nguyen's attack is considered as a fatal attack on the GGH cryptosystem. In this paper, we proposed a countermeasure to combat the Nguyen's attack. By implementing the proposed countermeasure, we proved that the simplification of the underlying CVP instance could be prevented. We also proved that, the upgraded GGH cryptosystem remains practical where the decryption could be done without error. We are optimistic that, the upgraded GGH cryptosystem could make a remarkable return into the mainstream discussion of the lattice-based cryptography.
Lattice Based Tools in Cryptanalysis for Public Key Cryptography
International Journal of Network Security & Its Applications, 2012
Lattice reduction is a powerful concept for solving diverse problems involving point lattices. Lattice reduction has been successfully utilizing in Number Theory, Linear algebra and Cryptology. Not only the existence of lattice based cryptosystems of hard in nature, but also has vulnerabilities by lattice reduction techniques. In this survey paper, we are focusing on point lattices and then describing an introduction to the theoretical and practical aspects of lattice reduction. Finally, we describe the applications of lattice reduction in Number theory, Linear algebra.
A Theoretical Aspect of Lattice Based Cryptography
The gap factor γ of lattice problems (e.g., SVP, CVP, SIVP etc.) and sampling technique have an importance in lattice-based cryptography. In the ideal lattices, we introduce similar problems and expansion factor (like the gap factor in lattice problems). We also state some results related to ideal lattices.
Broadcast Attacks against Lattice-Based Cryptosystems
Lecture Notes in Computer Science, 2009
In 1988, Håstad proposed the classical broadcast attack against public key cryptosystems. The scenario of a broadcast attack is as follows. A single message is encrypted by the sender directed for several recipients who have different public keys. By observing the ciphertexts only, an attacker can derive the plaintext without requiring any knowledge of any recipient's secret key. Håstad's attack was demonstrated on the RSA algorithm, where low exponents are used. In this paper, we consider the broadcast attack in the lattice-based cryptography, which interestingly has never been studied in the literature. We present a general method to rewrite lattice problems that have the same solution in one unique easier problem. Our method is obtained by intersecting lattices to gather the required knowledge. These problems are used in lattice based cryptography and to model attack on knapsack cryptosystems. In this work, we are able to present some attacks against both lattice and knapsack cryptosystems. Our attacks are heuristics. Nonetheless, these attacks are practical and extremely efficient. Interestingly, the merit of our attacks is not achieved by exploring the weakness of the trapdoor as usually studied in the literature, but we merely concentrate on the problem itself. As a result, our attacks have many security implications on most of the lattice-based or knapsack cryptosystems.
Talk Post-Quantum Cryptography lattice-based cryptosystems (2011)
This short summary of lattice-based encryption methods is based on the book chapter [MR09]. It was presented in the seminar on modern cryptographic methods at the Mathematical Institute of the University Bonn from January 18th to January 28th in 2011. The authors would like to express their heartfelt thanks to Professor Nitin Saxena for organizing the seminar and being available for helpful advice, even on national holidays.
The closest vector problem in some lattices of type A
Lattice-based cryptographic constructions hold a great promise for postquantum cryptography, as they enjoy very strong security proofs based on worst-case hardness relatively efficient implementations, as well as great simplicity. LéoDucas and Wessel van Woerden in [5] proposed a polynomial algorithm allowing solving the Closest Vector Problem (CVP) in the tensor product of two lattices of type A. And as anopen problem, theses authors asked to extend this resolution in the case of three lattices and in the general case of k lattices of type A. Our goal is therefore to propose a solution of this problem. We use the associativity of the lattice of type A and the same techniques to solve this problem in the tensor product of three lattices of type A and even in the tensor product of a finite number of lattices of type A. So we will determine a polynomial algorithm to solve CVP in A n+1 ⊗ A m+1 ⊗A p+1 .
Cryptanalysis of a Public Key Cryptosystem Proposed at ACISP 2000
Lecture Notes in Computer Science, 2001
At ACISP 2000, Yoo et al proposed a fast public key cryptosystem using matrices over a ring. The authors claim that the security of their system is based on the RSA problem. In this paper we present a heuristic attack that enables us to recover the private key from the public key. In particular, we show that breaking the system can be reduced to finding a short vector in a lattice which can be achieved using the L 3-lattice reduction algorithm.