124 research outputs found
On the hardness of the shortest vector problem
Thesis (Ph. D.)--Massachusetts Institute of Technology, Dept. of Electrical Engineering and Computer Science, 1998.Includes bibliographical references (p. 77-84).An n-dimensional lattice is the set of all integral linear combinations of n linearly independent vectors in Rm. One of the most studied algorithmic problems on lattices is the shortest vector problem (SVP): given a lattice, find the shortest non-zero vector in it. We prove that the shortest vector problem is NP-hard (for randomized reductions) to approximate within some constant factor greater than 1 in any 1, norm (p >\=1). In particular, we prove the NP-hardness of approximating SVP in the Euclidean norm 12 within any factor less than [square root of]2. The same NP-hardness results hold for deterministic non-uniform reductions. A deterministic uniform reduction is also given under a reasonable number theoretic conjecture concerning the distribution of smooth numbers. In proving the NP-hardness of SVP we develop a number of technical tools that might be of independent interest. In particular, a lattice packing is constructed with the property that the number of unit spheres contained in an n-dimensional ball of radius greater than 1 + [square root of] 2 grows exponentially in n, and a new constructive version of Sauer's lemma (a combinatorial result somehow related to the notion of VC-dimension) is presented, considerably simplifying all previously known constructions.by Daniele Micciancio.Ph.D
Embedded Lattice and Properties of Gram Matrix
In this article, we formalize in Mizar [14] the definition of embedding of lattice and its properties. We formally define an inner product on an embedded module. We also formalize properties of Gram matrix. We formally prove that an inverse of Gram matrix for a rational lattice exists. Lattice of â€-module is necessary for lattice problems, LLL (Lenstra, Lenstra and LovĂĄsz) base reduction algorithm [16] and cryptographic systems with lattice [17].Futa Yuichi - Tokyo University of Technology, Tokyo, JapanShidama Yasunari - Shinshu University, Nagano, JapanGrzegorz Bancerek. Cardinal numbers. Formalized Mathematics, 1(2):377-382, 1990.Grzegorz Bancerek. Cardinal arithmetics. Formalized Mathematics, 1(3):543-547, 1990.Grzegorz Bancerek. The fundamental properties of natural numbers. Formalized Mathematics, 1(1):41-46, 1990.Grzegorz Bancerek and Krzysztof Hryniewiecki. Segments of natural numbers and finite sequences. Formalized Mathematics, 1(1):107-114, 1990.CzesĆaw Bylinski. Finite sequences and tuples of elements of a non-empty sets. Formalized Mathematics, 1(3):529-536, 1990.CzesĆaw ByliĆski. Functions and their basic properties. Formalized Mathematics, 1(1): 55-65, 1990.CzesĆaw ByliĆski. Functions from a set to a set. Formalized Mathematics, 1(1):153-164, 1990.CzesĆaw ByliĆski. Some basic properties of sets. Formalized Mathematics, 1(1):47-53, 1990.Yuichi Futa and Yasunari Shidama. Lattice of Z-module. Formalized Mathematics, 24 (1):49-68, 2016. doi: 10.1515/forma-2016-0005.Yuichi Futa and Yasunari Shidama. Divisible Z-modules. Formalized Mathematics, 24 (1):37-47, 2016. doi: 10.1515/forma-2016-0004.Yuichi Futa, Hiroyuki Okazaki, and Yasunari Shidama. Z-modules. Formalized Mathe matics, 20(1):47-59, 2012. doi: 10.2478/v10037-012-0007-z.Yuichi Futa, Hiroyuki Okazaki, and Yasunari Shidama. Quotient module of â€-module. Formalized Mathematics, 20(3):205-214, 2012.Yuichi Futa, Hiroyuki Okazaki, and Yasunari Shidama. Matrix of â€-module. Formalized Mathematics, 23(1):29-49, 2015.Adam Grabowski, Artur KorniĆowicz, and Adam Naumowicz. Four decades of Mizar. Journal of Automated Reasoning, 55(3):191-198, 2015.Eugeniusz Kusak, Wojciech Leonczuk, and MichaĆ Muzalewski. Abelian groups, fields and vector spaces. Formalized Mathematics, 1(2):335-342, 1990.A. K. Lenstra, H. W. Lenstra Jr., and L. LovÂŽasz. Factoring polynomials with rational coefficients. Mathematische Annalen, 261(4):515-534, 1982.Daniele Micciancio and Shafi Goldwasser. Complexity of lattice problems: a cryptographic perspective. The International Series in Engineering and Computer Science, 2002.MichaĆ Muzalewski. Construction of rings and left-, right-, and bi-modules over a ring. Formalized Mathematics, 2(1):3-11, 1991.Karol Pak. Basic properties of the rank of matrices over a field. Formalized Mathematics, 15(4):199-211, 2007.Karol Pak and Andrzej Trybulec. Laplace expansion. Formalized Mathematics, 15(3): 143-150, 2007.Nobuyuki Tamura and Yatsuka Nakamura. Determinant and inverse of matrices of real elements. Formalized Mathematics, 15(3):127-136, 2007.Andrzej Trybulec. Binary operations applied to functions. Formalized Mathematics, 1 (2):329-334, 1990.Wojciech A. Trybulec. Non-contiguous substrings and one-to-one finite sequences. Formalized Mathematics, 1(3):569-573, 1990.Wojciech A. Trybulec. Vectors in real linear space. Formalized Mathematics, 1(2):291-296, 1990.Wojciech A. Trybulec. Subspaces and cosets of subspaces in vector space. Formalized Mathematics, 1(5):865-870, 1990.Wojciech A. Trybulec. Linear combinations in vector space. Formalized Mathematics, 1 (5):877-882, 1990.Wojciech A. Trybulec. Basis of vector space. Formalized Mathematics, 1(5):883-885, 1990.Zinaida Trybulec. Properties of subsets. Formalized Mathematics, 1(1):67-71, 1990.Edmund Woronowicz. Relations and their basic properties. Formalized Mathematics, 1 (1):73-83, 1990
Lattice of â€-module
In this article, we formalize the definition of lattice of â€-module and its properties in the Mizar system [5].We formally prove that scalar products in lattices are bilinear forms over the field of real numbers â. We also formalize the definitions of positive definite and integral lattices and their properties. Lattice of â€-module is necessary for lattice problems, LLL (Lenstra, Lenstra and LovĂĄsz) base reduction algorithm [14], and cryptographic systems with lattices [15] and coding theory [9].Futa Yuichi - Japan Advanced Institute of Science and Technology Ishikawa, JapanShidama Yasunari - Shinshu University Nagano, JapanGrzegorz Bancerek. Cardinal arithmetics. Formalized Mathematics, 1(3):543-547, 1990.Grzegorz Bancerek. Curried and uncurried functions. Formalized Mathematics, 1(3): 537-541, 1990.Grzegorz Bancerek. The fundamental properties of natural numbers. Formalized Mathematics, 1(1):41-46, 1990.Grzegorz Bancerek and Krzysztof Hryniewiecki. Segments of natural numbers and finite sequences. Formalized Mathematics, 1(1):107-114, 1990.Grzegorz Bancerek, CzesĆaw ByliĆski, Adam Grabowski, Artur KorniĆowicz, Roman Matuszewski, Adam Naumowicz, Karol PÄ
k, and Josef Urban. Mizar: State-of-the-art and beyond. In Manfred Kerber, Jacques Carette, Cezary Kaliszyk, Florian Rabe, and Volker Sorge, editors, Intelligent Computer Mathematics, volume 9150 of Lecture Notes in Computer Science, pages 261-279. Springer International Publishing, 2015. ISBN 978-3-319-20614-1. doi:10.1007/978-3-319-20615-8 17.CzesĆaw ByliĆski. Finite sequences and tuples of elements of a non-empty sets. Formalized Mathematics, 1(3):529-536, 1990.CzesĆaw ByliĆski. Functions and their basic properties. Formalized Mathematics, 1(1): 55-65, 1990.CzesĆaw ByliĆski. Some basic properties of sets. Formalized Mathematics, 1(1):47-53, 1990.Wolfgang Ebeling. Lattices and Codes. Advanced Lectures in Mathematics. Springer Fachmedien Wiesbaden, 2013.Yuichi Futa, Hiroyuki Okazaki, and Yasunari Shidama. â€-modules. Formalized Mathematics, 20(1):47-59, 2012. doi:10.2478/v10037-012-0007-z.Yuichi Futa, Hiroyuki Okazaki, and Yasunari Shidama. Quotient module of â€-module. Formalized Mathematics, 20(3):205-214, 2012. doi:10.2478/v10037-012-0024-y.Yuichi Futa, Hiroyuki Okazaki, Kazuhisa Nakasho, and Yasunari Shidama. Torsion â€-module and torsion-free â€-module. Formalized Mathematics, 22(4):277-289, 2014. doi:10.2478/forma-2014-0028.Yuichi Futa, Hiroyuki Okazaki, and Yasunari Shidama. Matrix of â€-module. Formalized Mathematics, 23(1):29-49, 2015. doi:10.2478/forma-2015-0003.A. K. Lenstra, H. W. Lenstra Jr., and L. LovĂĄsz. Factoring polynomials with rational coefficients. Mathematische Annalen, 261(4), 1982.Daniele Micciancio and Shafi Goldwasser. Complexity of lattice problems: A cryptographic perspective. The International Series in Engineering and Computer Science, 2002.Andrzej Trybulec. Binary operations applied to functions. Formalized Mathematics, 1 (2):329-334, 1990.Wojciech A. Trybulec. Vectors in real linear space. Formalized Mathematics, 1(2):291-296, 1990
Asymptotically Efficient Lattice-Based Digital Signatures
We present a general framework that converts certain types of linear collision-resistant hash
functions into one-time signatures. Our generic construction can be instantiated based on both
general and ideal (e.g. cyclic) lattices, and the resulting signature schemes are provably secure
based on the worst-case hardness of approximating the shortest vector (and other standard
lattice problems) in the corresponding class of lattices to within a polynomial factor. When
instantiated with ideal lattices, the time complexity of the signing and verification algorithms,
as well as key and signature size is almost linear (up to poly-logarithmic factors) in the dimension
n of the underlying lattice. Since no sub-exponential (in n) time algorithm is known to solve
lattice problems in the worst case, even when restricted to ideal lattices, our construction gives
a digital signature scheme with an essentially optimal performance/security trade-off
Gaussian Sampling over the Integers: Efficient, Generic, Constant-Time
Sampling integers with Gaussian distribution is a fundamental problem that arises in almost every application of lattice cryptography, and it can be both time consuming and challenging to implement. Most previous work has focused on the optimization and implementation of integer Gaussian sampling in the context of specific applications, with fixed sets of parameters. We present new algorithms for discrete Gaussian sampling that are both generic (application independent), efficient, and more easily implemented in constant time without incurring a substantial slow-down, making them more resilient to side-channel (e.g., timing) attacks. As an additional contribution, we present new analytical techniques that can be used to simplify the precision/security evaluation of floating point cryptographic algorithms, and an experimental comparison of our algorithms with previous algorithms from the literature
Fast Lattice Point Enumeration with Minimal Overhead
Enumeration algorithms are the best currently known methods to solve lattice problems, both in theory (within the class of polynomial space algorithms), and in practice (where they are routinely used to evaluate the concrete security of lattice cryptography). However, there is an uncomfortable gap between our theoretical understanding and practical performance of lattice point enumeration algorithms.
The algorithms typically used in practice have worst-case asymptotic running time , but perform extremely well in practice, at least for all values of the lattice dimension for which experimentation is feasible. At the same time, theoretical algorithms
(Kannan, Mathematics of Operation Research 12(3):415-440, 1987) are asymptotically superior (achieving running time), but they are never used in practice because they incur a substantial overhead that makes them uncompetitive for all reasonable values of the lattice dimension . This gap is especially troublesome when algorithms are run in practice to evaluate the concrete security of a cryptosystem, and then experimental results are extrapolated to much larger dimension where solving lattice problems is computationally infeasible.
We introduce a new class of (polynomial space) lattice enumeration algorithms that simultaneously achieve asymptotic efficiency (meeting the theoretical time bound) and practicality, matching or surpassing the performance of practical algorithms already in moderately low dimension. Key technical contributions that allow us to achieve this result are a new analysis technique that allows us to greatly reduce the number of recursive calls performed during preprocessing (from super exponential in to single exponential, or even polynomial in ), a new enumeration technique that can be directly applied to projected lattice (basis) vectors, without the need to remove linear dependencies, and a modified block basis reduction method with fast (logarithmic) convergence properties. The last technique is used to obtain a new SVP enumeration procedure with running time, matching (even in the constant in the exponent) the optimal worst-case analysis (Hanrot and Stehlë, CRYPTO 2007)
of Kannan\u27s theoretical algorithm, but with far superior performance
in practice.
We complement our theoretical analysis with a comprehensive set of experiments that not only support our practicality claims, but also allow to estimate the cross-over point between different versions of enumeration algorithms, as well as asymptotically faster (but not quite practical) algorithms running in single exponential time and space
Symbolic security of garbled circuits
We present the first computationally sound symbolic analysis of Yao\u27s
garbled circuit construction for secure two party computation.
Our results include an extension of the symbolic language for cryptographic
expressions from previous work on computationally sound symbolic analysis,
and a soundness theorem for this extended language.
We then demonstrate how the extended language can be used to
formally specify not only the garbled circuit construction, but also
the formal (symbolic) simulator required by the definition of security.
The correctness of the simulation is proved in a purely syntactical way,
within the symbolic model of cryptography, and then translated into a concrete
computational indistinguishability statement via our general computational
soundness theorem.
We also implement our symbolic security framework and the garbling scheme
in Haskell, and our experiment shows that the symbolic analysis performs well
and can be done within several seconds even for large circuits that are useful
for real world applications
- âŠ