International Association for Cryptologic Research (IACR)
Abstract
In this paper, we analyze the security of cryptosystems using
short generators over ideal lattices such as candidate multilinear maps
by Garg, Gentry and Halevi and fully homomorphic encryption by Smart
and Vercauteren. Our approach is based on a recent work by Cramer,
Ducas, Peikert and Regev on analysis of recovering a short generator of
an ideal in the q-th cyclotomic field for a prime power q.
In their analysis, implicit lower bounds of the special values of Dirichlet L-functions at 1 are essentially used for estimating some sizes of the dual basis in the log-unit lattice of
the q-th cyclotomic field.
Our main contribution is to improve Cramer et al.\u27s analysis by giving
explicit lower and upper bounds of the special values of
Dirichlet L-functions at 1 for any non-trivial even Dirichlet characters modulo q.
Moreover, we give various experimental evidence that recovering short
generators of principle ideals in 2k-th cyclotomic fields
for k≥10 is succeeded with high probability.
As a consequence, our analysis suggests that the security of the above cryptosystems based on the difficulty of recovering a short generator
is reduced to solving the principal ideal problem under the number theoretical conjecture so-called Weber\u27s class number problem