Access the full text.
Sign up today, get DeepDyve free for 14 days.
D. Boneh, Craig Gentry, Michael Hamburg (2007)
Space-Efficient Identity Based EncryptionWithout Pairings48th Annual IEEE Symposium on Foundations of Computer Science (FOCS'07)
J. Coron (2000)
On the Exact Security of Full Domain Hash
We conclude that S outputs a valid collision in f a with probability negligibly close to
Jin-Yi Cai, A. Nerurkar (1997)
An improved worst-case to average-case connection for lattice problemsProceedings 38th Annual Symposium on Foundations of Computer Science
Akinori Kawachi, Keisuke Tanaka, Keita Xagawa (2007)
Multi-bit Cryptosystems Based on Lattice Problems
Daniele Micciancio (2002)
Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functionscomputational complexity, 16
O. Regev (2005)
On lattices, learning with errors, random linear codes, and cryptography
D. Boneh, M. Franklin (2001)
Identity-Based Encryption from the Weil PairingSIAM J. Comput., 32
Phong Nguyen, O. Regev (2009)
Learning a Parallelepiped: Cryptanalysis of GGH and NTRU SignaturesJournal of Cryptology, 22
Yi-Kai Liu, Vadim Lyubashevsky, Daniele Micciancio (2006)
On Bounded Distance Decoding for General Lattices
Brent Waters (2005)
Efficient Identity-Based Encryption Without Random Oracles
M. Ajtai (1999)
Generating Hard Instances of the Short Basis Problem
Daniele Micciancio, O. Regev (2004)
Worst-case to average-case reductions based on Gaussian measures45th Annual IEEE Symposium on Foundations of Computer Science
M. Naor, M. Yung (1989)
Universal one-way hash functions and their cryptographic applications
P. Klein (2000)
Finding the closest lattice vector when it's unusually close
A. Juels, Stephen Weis (2005)
Authenticating Pervasive Devices with Human Protocols
A. Shamir (1984)
Identity-Based Cryptosystems and Signature Schemes
O. Regev (2003)
New lattice based cryptographic constructionsArXiv, cs.CR/0309051
W. Diffie, M. Hellman (1976)
New Directions in CryptographyDemocratizing Cryptography
Daniele Micciancio, S. Goldwasser (2002)
Complexity of lattice problems - a cryptographic perspective, 671
D. Aharonov, O. Regev (2005)
Lattice problems in NP ∩ coNPJ. ACM, 52
J. Coron (2002)
Optimal Security Proofs for PSS and Other Signature SchemesIACR Cryptol. ePrint Arch., 2001
Chris Peikert, V. Vaikuntanathan, Brent Waters (2008)
A Framework for Efficient and Composable Oblivious TransferIACR Cryptol. ePrint Arch., 2007
M. Bellare, P. Rogaway (1993)
Random oracles are practical: a paradigm for designing efficient protocols
R. Cramer, V. Shoup (2000)
Signature schemes based on the strong RSA assumptionACM Trans. Inf. Syst. Secur., 3
Jonathan Katz, Nan Wang (2003)
Efficiency improvements for signature schemes with tight security reductions
Oded Goldreich, S. Goldwasser, S. Halevi (1996)
Collision-Free Hashing from Lattice ProblemsElectron. Colloquium Comput. Complex., TR96
L. Babai (1986)
On Lovász’ lattice reduction and the nearest lattice point problemCombinatorica, 6
Avrim Blum, A. Kalai, H. Wasserman (2000)
Noise-tolerant learning, the parity problem, and the statistical query modelJ. ACM, 50
Chris Peikert, Alon Rosen (2007)
Lattices that admit logarithmic worst-case to average-case connection factorsElectron. Colloquium Comput. Complex., TR06
A. Fiat, A. Shamir (1986)
How to Prove Yourself: Practical Solutions to Identification and Signature Problems
Chris Peikert (2007)
Limits on the Hardness of Lattice Problems in ell _p Norms
J. Hoffstein, Nick Howgrave-Graham, J. Pipher, Joseph Silverman, William Whyte (2003)
NTRUSIGN: Digital Signatures Using the NTRU Lattice
Chris Peikert, Alon Rosen (2006)
Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic LatticesElectron. Colloquium Comput. Complex., TR05
M. Bellare, P. Rogaway (1996)
The Exact Security of Digital Signatures - HOw to Sign with RSA and Rabin
S. Goldwasser, S. Micali, R. Rivest (1988)
A Digital Signature Scheme Secure Against Adaptive Chosen-Message AttacksSIAM J. Comput., 17
R. Rivest, A. Shamir, L. Adleman (1978)
A method for obtaining digital signatures and public-key cryptosystemsCommun. ACM, 21
Michel Abdalla, M. Bellare, D. Catalano, Eike Kiltz, Tadayoshi Kohno, T. Lange, J. Malone-Lee, G. Neven, Pascal Paillier, Haixia Shi (2005)
Searchable Encryption Revisited: Consistency Properties, Relation to Anonymous IBE, and ExtensionsJournal of Cryptology, 21
C. Schnorr (1987)
A Hierarchy of Polynomial Time Lattice Basis Reduction AlgorithmsTheor. Comput. Sci., 53
Chris Peikert, Brent Waters (2008)
Lossy trapdoor functions and their applicationsProceedings of the fortieth annual ACM symposium on Theory of computing
M. Ajtai, Ravi Kumar, D. Sivakumar (2001)
A sieve algorithm for the shortest lattice vector problem
Oded Goldreich, S. Goldwasser, S. Halevi (1996)
Public-Key Cryptosystems from Lattice Reduction ProblemsElectron. Colloquium Comput. Complex., TR96
M. Ajtai, C. Dwork (1997)
A public-key cryptosystem with worst-case/average-case equivalenceElectron. Colloquium Comput. Complex., TR96
Vadim Lyubashevsky, Daniele Micciancio (2006)
Generalized Compact Knapsacks Are Collision ResistantElectron. Colloquium Comput. Complex., TR05
M. Bellare, S. Micali (1992)
How to sign given any trapdoor permutationJ. ACM, 39
R. Gennaro, S. Halevi, T. Rabin (1999)
Secure Hash-and-Sign Signatures Without the Random OracleIACR Cryptol. ePrint Arch., 1999
Daniele Micciancio, S. Vadhan (2003)
Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More
Lecture notes on lattices in computer science
Daniele Micciancio, S. Goldwasser (2002)
Complexity of lattice problems
Y. Dodis, L. Reyzin (2002)
On the Power of Claw-Free PermutationsIACR Cryptol. ePrint Arch., 2002
A. Lenstra, H. Lenstra, L. Lovász (1982)
Factoring polynomials with rational coefficientsMathematische Annalen, 261
D. Aharonov, O. Regev (2003)
A lattice problem in quantum NP44th Annual IEEE Symposium on Foundations of Computer Science, 2003. Proceedings.
Nicholas Hopper, M. Blum (2001)
Secure Human Identification Protocols
Chris Peikert (2008)
Limits on the Hardness of Lattice Problems in ℓp Normscomputational complexity, 17
Phong Nguyen, Thomas Vidick (2008)
Sieve algorithms for the shortest vector problem are practical, 2
D. Bernstein (2008)
Proving Tight Security for Rabin-Williams Signatures
If A made a signature query on m * , it received back the signature σ m * . Because (m * , σ * ) is considered a forgery
D. Boneh, Xavier Boyen (2004)
Efficient Selective-ID Secure Identity Based Encryption Without Random Oracles
Clifford Cocks (2001)
An Identity Based Encryption Scheme Based on Quadratic Residues
Jin-Yi Cai (1998)
A Relation of Primal-Dual Lattices and the Complexity of Shortest Lattice Vector ProblemTheor. Comput. Sci., 207
John Rompel (1990)
One-way functions are necessary and sufficient for secure signatures
Daniele Micciancio (2003)
Almost Perfect Lattices, the Covering Radius Problem, and Applications to Ajtai's Connection FactorElectron. Colloquium Comput. Complex., TR03
W. Banaszczyk (1995)
Inequalities for convex bodies and polar reciprocal lattices inRnDiscrete & Computational Geometry, 13
M. Ajtai (1996)
Generating hard instances of lattice problems (extended abstract)
S. Goldwasser, S. Micali (1984)
Probabilistic EncryptionJ. Comput. Syst. Sci., 28
W. Banaszczyk (1993)
New bounds in some transference theorems in the geometry of numbersMathematische Annalen, 296
Trapdoors for Hard Lattices and New Cryptographic Constructions (Extended Abstract) Craig Gentry Stanford University Chris Peikert cpeikert@alum.mit.edu 1. SRI International Vinod Vaikuntanathan ¡ vinodv@mit.edu MIT cgentry@cs.stanford.edu ABSTRACT INTRODUCTION We show how to construct a variety of trapdoor cryptographic tools assuming the worst-case hardness of standard lattice problems (such as approximating the length of the shortest nonzero vector to within certain polynomial factors). Our contributions include a new notion of trapdoor function with preimage sampling, simple and e cient hashand-sign digital signature schemes, and identity-based encryption. A core technical component of our constructions is an ef cient algorithm that, given a basis of an arbitrary lattice, samples lattice points from a discrete Gaussian probability distribution whose standard deviation is essentially the length of the longest Gram-Schmidt vector of the basis. A crucial security property is that the output distribution of the algorithm is oblivious to the particular geometry of the given basis. Categories and Subject Descriptors F.2.2 [Nonnumerical Algorithms and Problems]: Computations on discrete structures General Terms Theory, Algorithms Keywords Lattice-based cryptography, trapdoor functions Supported by the Herbert Kunzel Stanford Graduate Fellowship. This material is based upon work supported by the National Science Foundation under Grants
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.