Search CORE

2 research outputs found

Random Self-reducibility of Ideal-SVP via Arakelov Random Walks

Author: A Deitmar
A Pellet-Mary
C Gentry
C Lee
C Peikert
D Jao
D Micciancio
D Micciancio
D Stehlé
E Bach
E Dobrowolski
H Iwaniec
H Minkowski
J Neukirch
J von zur Gathen
J-F Biasse
J-F Biasse
JC Miller
L Ducas
M Ajtai
O Regev
R Cramer
R Cramer
S Louboutin
T Miyake
V Kessler
V Lyubashevsky
V Lyubashevsky
V Shoup
W Banaszczyk
Publication venue: 'Springer Science and Business Media LLC'
Publication date: 01/01/2020
Field of study

Fixing a number field, the space of all ideal lattices, up to isometry, is naturally an Abelian group, called the Arakelov class group. This fact, well known to number theorists, has so far not been explicitly used in the literature on lattice-based cryptography. Remarkably, the Arakelov class group is a combination of two groups that have already led to significant cryptanalytic advances: the class group and the unit torus. In the present article, we show that the Arakelov class group has more to offer. We start with the development of a new versatile tool: we prove that, subject to the Riemann Hypothesis for Hecke L-functions, certain random walks on the Arakelov class group have a rapid mixing property. We then exploit this result to relate the average-case and the worst-case of the Shortest Vector Problem in ideal lattices. Our reduction appears particularly sharp: for Hermite-SVP in ideal lattices of certain cyclotomic number fields, it loses no more than

\tilde O(\sqrt{n})

factor on the Hermite approximation factor. Furthermore, we suggest that this rapid-mixing theorem should find other applications in cryptography and in algorithmic number theory

Crossref

CWI's Institutional Repository

INRIA a CCSD electronic archive server

Cryptology ePrint Archive

Oskar Bordeaux

Ideal-SVP is Hard for Small-Norm Uniform Prime Ideals

Author: Alice Pellet-Mary
Benjamin Wesolowski
Damien Stehlé
Joël Felderhoff
Publication venue: International Association for Cryptologic Research (IACR)
Publication date: 13/09/2023
Field of study

The presumed hardness of the Shortest Vector Problem for ideal lattices (Ideal-SVP) has been a fruitful assumption to understand other assumptions on algebraic lattices and as a security foundation of cryptosystems. Gentry [CRYPTO\u2710] proved that Ideal-SVP enjoys a worst-case to average-case reduction, where the average-case distribution is the uniform distribution over the set of inverses of prime ideals of small algebraic norm (below

d^{O(d)}

for cyclotomic fields, here

d

refers to the field degree). De Boer et al. [CRYPTO\u2720] obtained another random self-reducibility result for an average-case distribution involving integral ideals of norm

2^{O(d^2)}

. In this work, we show that Ideal-SVP for the uniform distribution over inverses of small-norm prime ideals reduces to Ideal-SVP for the uniform distribution over small-norm prime ideals. Combined with Gentry\u27s reduction, this leads to a worst-case to average-case reduction for the uniform distribution over the set of \emph{small-norm prime ideals}. Using the reduction from Pellet-Mary and Stehl\\u27e [ASIACRYPT\u2721], this notably leads to the first distribution over NTRU instances with a polynomial modulus whose hardness is supported by a worst-case lattice problem

Cryptology ePrint Archive