Gradual sub-lattice reduction and a new complexity for factoring polynomials

We present a lattice algorithm specifically designed for some classical applications of lattice reduction. The applications are for lattice bases with a generalized knapsack-type structure, where the target vectors are boundably short. For such applications, the complexity of the algorithm improves traditional lattice reduction by replacing some dependence on the bit-length of the input vectors by some dependence on the bound for the output vectors. If the bit-length of the target vectors is unrelated to the bit-length of the input, then our algorithm is only linear in the bit-length of the input entries, which is an improvement over the quadratic complexity floating-point LLL algorithms. To illustrate the usefulness of this algorithm we show that a direct application to factoring univariate polynomials over the integers leads to the first complexity bound improvement since 1984. A second application is algebraic number reconstruction, where a new complexity bound is obtained as well

Detecting Simultaneous Integer Relations for Several Real Vectors

An algorithm which either finds an nonzero integer vector ${\mathbf m}$ for given $t$ real $n$-dimensional vectors ${\mathbf x}_1,...,{\mathbf x}_t$ such that ${\mathbf x}_i^T{\mathbf m}=0$ or proves that no such integer vector with norm less than a given bound exists is presented in this paper. The cost of the algorithm is at most ${\mathcal O}(n^4 + n^3 \log \lambda(X))$ exact arithmetic operations in dimension $n$ and the least Euclidean norm $\lambda(X)$ of such integer vectors. It matches the best complexity upper bound known for this problem. Experimental data show that the algorithm is better than an already existing algorithm in the literature. In application, the algorithm is used to get a complete method for finding the minimal polynomial of an unknown complex algebraic number from its approximation, which runs even faster than the corresponding \emph{Maple} built-in function.Comment: 10 page

On The Applications of Lifting Techniques

Lifting techniques are some of the main tools in solving a variety of different computational problems related to the field of computer algebra. In this thesis, we will consider two fundamental problems in the fields of computational algebraic geometry and number theory, trying to find more efficient algorithms to solve such problems. The first problem, solving systems of polynomial equations, is one of the most fundamental problems in the field of computational algebraic geometry. In this thesis, We discuss how to solve bivariate polynomial systems over either k(T ) or Q using a combination of lifting and modular composition techniques. We will show that one can find an equiprojectable decomposition of a bivariate polynomial system in a better time complexity than the best known algorithms in the field, both in theory and practice. The second problem, polynomial factorization over number fields, is one of the oldest problems in number theory. It has lots of applications in many other related problems and there have been lots of attempts to solve the problem efficiently, at least, in practice. Finding p-adic factors of a univariate polynomial over a number field uses lifting techniques. Improving this step can reduce the total running time of the factorization in practice. We first introduce a multivariate version of the Belabas factorization algorithm over number fields. Then we will compare the running time complexity of the factorization problem using two different representations of a number field, univariate vs multivariate, and at the end as an application, we will show the improvement gained in computing the splitting fields of a univariate polynomial over rational field

LLL for ideal lattices re-evaluation of the security of Gentry-Halevi\u27s FHE scheme

The LLL algorithm, named after its inventors, Lenstra, Lenstra and Lovász, is one of themost popular lattice reduction algorithms in the literature. In this paper, we propose the first variant of LLL algorithm that is dedicated for ideal lattices, namely, the iLLL algorithm. Our iLLL algorithm takes advantage of the fact that within LLL procedures, previously reduced vectors can be re-used for further reductions. Using this method, we prove that the iLLL is at least as fast as the LLL algorithm, and it outputs a basis with the same quality. We also provide a heuristic approach that accelerates the re-use method. As a result, in practice, our algorithm can be approximately eight times faster than LLL algorithm for typical scenarios where lattice dimension is between 100 and 150. When applying our algorithm to the Gentry–Halevi’s fully homomorphic challenges, we are able to solve the toy challenge within 24 days using a 2.66GHz CPU, while with the classical LLL algorithm, it takes 32 days. Further, assuming a 4.0GHz CPU, we predict to reduce the basis in 15.7 years for the small challenges, while previous best prediction was 45 years

Studies on the Security of Selected Advanced Asymmetric Cryptographic Primitives

The main goal of asymmetric cryptography is to provide confidential communication, which allows two parties to communicate securely even in the presence of adversaries. Ever since its invention in the seventies, asymmetric cryptography has been improved and developed further, and a formal security framework has been established around it. This framework includes different security goals, attack models, and security notions. As progress was made in the field, more advanced asymmetric cryptographic primitives were proposed, with other properties in addition to confidentiality. These new primitives also have their own definitions and notions of security. This thesis consists of two parts, where the first relates to the security of fully homomorphic encryption and related primitives. The second part presents a novel cryptographic primitive, and defines what security goals the primitive should achieve. The first part of the thesis consists of Article I, II, and III, which all pertain to the security of homomorphic encryption schemes in one respect or another. Article I demonstrates that a particular fully homomorphic encryption scheme is insecure in the sense that an adversary with access only to the public material can recover the secret key. It is also shown that this insecurity mainly stems from the operations necessary to make the scheme fully homomorphic. Article II presents an adaptive key recovery attack on a leveled homomorphic encryption scheme. The scheme in question claimed to withstand precisely such attacks, and was the only scheme of its kind to do so at the time. This part of the thesis culminates with Article III, which is an overview article on the IND-CCA1 security of all acknowledged homomorphic encryption schemes. The second part of the thesis consists of Article IV, which presents Vetted Encryption (VE), a novel asymmetric cryptographic primitive. The primitive is designed to allow a recipient to vet who may send them messages, by setting up a public filter with a public verification key, and providing each vetted sender with their own encryption key. There are three different variants of VE, based on whether the sender is identifiable to the filter and/or the recipient. Security definitions, general constructions and comparisons to already existing cryptographic primitives are provided for all three variants.Doktorgradsavhandlin