Access the full text.
Sign up today, get DeepDyve free for 14 days.
Dimitar Jetchev, B. Wesolowski (2015)
On Graphs of Isogenies of Principally Polarizable Abelian Surfaces and the Discrete Logarithm ProblemArXiv, abs/1506.00522
今井 浩 (2004)
20世紀の名著名論:Peter Shor : Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer, 45
D. Stehlé, Ron Steinfeld, Keisuke Tanaka, Keita Xagawa (2009)
Efficient Public Key Encryption Based on Ideal Lattices
Daniele Micciancio (2002)
Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functionscomputational complexity, 16
R. Kučera (1992)
On bases of the Stickelberger ideal and of the group of circular units of a cyclotomic fieldJournal of Number Theory, 40
O. Regev (2005)
On lattices, learning with errors, random linear codes, and cryptography
J. Buhler
Heuristics for class numbers of prime-power real cyclotomic fields
Thomas Espitau, Pierre-Alain Fouque, Alexandre Gélin, P. Kirchner (2016)
Computing generator in cyclotomic integer ringsIACR Cryptol. ePrint Arch., 2016
Marina Daecher (2016)
Introduction To Cyclotomic Fields
P. Shor (1995)
Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum ComputerSIAM Rev., 41
John Miller (2014)
Real cyclotomic fields of prime conductor and their class numbersMath. Comput., 84
Vadim Lyubashevsky, Daniele Micciancio (2006)
Generalized compact knapsacks are collision resistantProceedings of the International Colloquium on Automata
Adeline Langlois, D. Stehlé, Ron Steinfeld (2014)
GGHLite: More Efficient Multilinear Maps from Ideal Lattices
M. Ajtai (1999)
Generating Hard Instances of the Short Basis Problem
Nigel P. Smart, Frederik Vercauteren (2010)
Fully homomorphic encryption with relatively small key and ciphertext sizesProceedings of the International Workshop on Public Key Cryptography. Springer
Jean-François Biasse, Thomas Espitau, Pierre-Alain Fouque, Alexandre Gélin, P. Kirchner (2017)
Computing Generator in Cyclotomic Integer Rings - A Subfield Algorithm for the Principal Ideal Problem in L|Δ𝕂|(½) and Application to the Cryptanalysis of a FHE Scheme
R. Cramer, L. Ducas, Chris Peikert, O. Regev (2016)
Recovering Short Generators of Principal Ideals in Cyclotomic Rings
Patrick Holzer, T. Wunderer (2017)
Recovering Short Generators of Principal Fractional Ideals in Cyclotomic Fields of Conductor pα qβIACR Cryptol. ePrint Arch., 2017
P. Campbell, Michael Groves, Dan Shepherd
Soliloquy: a Cautionary Tale
Koen de Boer, Léo Ducas, Serge Fehr (2020)
On the quantum complexity of the continuous hidden subgroup problemProceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer
N. Smart, F. Vercauteren (2010)
Fully Homomorphic Encryption with Relatively Small Key and Ciphertext SizesIACR Cryptol. ePrint Arch., 2009
Chris Peikert, Alon Rosen (2006)
Efficient collision-resistant hashing from worst-case assumptions on cyclic latticesProceedings of the Theory of Cryptography Conference (TCC’06)
Vadim Lyubashevsky, Chris Peikert, O. Regev (2010)
On Ideal Lattices and Learning with Errors over RingsIACR Cryptol. ePrint Arch., 2012
Jean-François Biasse (2018)
Approximate short vectors in ideal lattices of Q(ζpe) with precomputation of the class groupSelected Areas in Cryptography -- SAC 2017. Lecture Notes in Computer Science, 10719
Peter W. Shor (1997)
Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computerSIAM J. Comput., 26
Sanjam Garg, Craig Gentry, S. Halevi (2013)
Candidate Multilinear Maps from Ideal Lattices
René Schoof (2003)
Class numbers of real cyclotomic fields of prime conductorMath. Comput., 72
R. Cramer, L. Ducas, B. Wesolowski (2016)
Short Stickelberger Class Relations and Application to Ideal-SVP
Koen Boer, L. Ducas, S. Fehr (2020)
On the Quantum Complexity of the Continuous Hidden Subgroup ProblemAdvances in Cryptology – EUROCRYPT 2020, 12106
Changmin Lee, Alice Pellet-Mary, D. Stehlé, Alexandre Wallet (2019)
An LLL Algorithm for Module Lattices
C. Adams, J. Camenisch (2017)
Selected Areas in Cryptography – SAC 2017, 10719
L. Babai (1986)
On Lovász’ lattice reduction and the nearest lattice point problemCombinatorica, 6
Vadim Lyubashevsky, Chris Peikert, Oded Regev (2013)
On ideal lattices and learning with errors over ringsJ. ACM, 60
David Jao, S. Miller, R. Venkatesan (2008)
Expander graphs based on GRH with an application to elliptic curve cryptographyJournal of Number Theory, 129
C. Schnorr, M. Euchner (1991)
Lattice basis reduction: Improved practical algorithms and solving subset sum problemsMathematical Programming, 66
Chris Peikert, Alon Rosen (2006)
Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic LatticesElectron. Colloquium Comput. Complex., TR05
E. Friedman (1989)
Analytic formulas for the regulator of a number fieldInventiones mathematicae, 98
Andreas Steiger (2009)
Catalan ’ s Conjecture
Alice Pellet-Mary, G. Hanrot, D. Stehlé (2019)
Approx-SVP in Ideal Lattices with Pre-processingIACR Cryptol. ePrint Arch., 2019
Patrick Holzer, Thomas Wunderer, Johannes A. Buchmann (2017)
Recovering short generators of principal fractional ideals in cyclotomic fields of conductor pα qβProceedings of the International Conference on Cryptology. Springer
Jens-Dietrich Bauch, D. Bernstein, Henry Valence, T. Lange, C. Vredendaal (2017)
Short Generators Without Quantum Computers: The Case of Multiquadratics
C. Schnorr (1987)
A Hierarchy of Polynomial Time Lattice Basis Reduction AlgorithmsTheor. Comput. Sci., 53
W. Sinnott (1978)
On the Stickelberger ideal and the circular units of a cyclotomic fieldAnnals of Mathematics, 108
Jean-François Biasse, F. Song (2016)
Efficient quantum algorithms for computing class groups and solving the principal ideal problem in arbitrary degree number fields
R. Schoof (1998)
Minus class groups of the fields of the l-th roots of unityMath. Comput., 67
B. Wesolowski (2018)
Arithmetic and geometric structures in cryptography
Jean-François Biasse, C. Fieker (2014)
Subexponential class group and unit group computation in large degree number fieldsLms Journal of Computation and Mathematics, 17
Alice Pellet-Mary, Guillaume Hanrot, Damien Stehlé (2019)
Approx-SVP in ideal lattices with pre-processingProceedings of the International Conference on the Theory and Applications of Cryptographic Techniques. Springer
Vadim Lyubashevsky, Daniele Micciancio (2006)
Generalized Compact Knapsacks Are Collision ResistantElectron. Colloquium Comput. Complex., TR05
G. Rekaya, J. Belfiore, E. Viterbo (2004)
A Very Efficient Lattice Reduction Tool on Fast Fading Channels
E. Bach (1990)
Explicit bounds for primality testing and related problemsMathematics of Computation, 55
B. Wesolowski (2018)
Generating subgroups of ray class groups with small prime idealsThe Open Book Series
A. Lenstra, H. Lenstra, L. Lovász (1982)
Factoring polynomials with rational coefficientsMathematische Annalen, 261
Chris Peikert, O. Regev, Noah Stephens-Davidowitz (2017)
Pseudorandomness of ring-LWE for any ring and modulusProceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing
Kirsten Eisenträger, Sean Hallgren (2010)
Algorithms for ray class groups and Hilbert class fields
L. Ducas, Maxime Plançon, B. Wesolowski (2019)
On the Shortness of Vectors to be found by the Ideal-SVP Quantum Algorithm
Kirsten Eisenträger, Sean Hallgren, A. Kitaev, F. Song (2014)
A quantum algorithm for computing the unit group of an arbitrary degree number fieldProceedings of the forty-sixth annual ACM symposium on Theory of computing
A. Weil (1974)
Sommes de Jacobi et caractères de Hecke
In this article, we study the geometry of units and ideals of cyclotomic rings and derive an algorithm to find a mildly short vector in any given cyclotomic ideal lattice in quantum polynomial time, under some plausible number-theoretic assumptions. More precisely, given an ideal lattice of the cyclotomic ring of conductor m, the algorithm finds an approximation of the shortest vector by a factor exp (Õ(√ m)). This result exposes an unexpected hardness gap between these structured lattices and general lattices: The best known polynomial time generic lattice algorithms can only reach an approximation factor exp (Õ(m)). Following a recent series of attacks, these results call into question the hardness of various problems over structured lattices, such as Ideal-SVP and Ring-LWE, upon which relies the security of a number of cryptographic schemes. NOTE. This article is an extended version of a conference paper [11]. The results are generalized to arbitrary cyclotomic fields. In particular, we also extend some results of Reference [10] to arbitrary cyclotomic fields. In addition, we prove the numerical stability of the method of Reference [10]. These extended results appeared in the Ph.D. dissertation of the third author [46].
Journal of the ACM (JACM) – Association for Computing Machinery
Published: Jan 6, 2021
Keywords: Shortest vector problem
Read and print from thousands of top scholarly journals.
Already have an account? Log in
Bookmark this article. You can see your Bookmarks on your DeepDyve Library.
To save an article, log in first, or sign up for a DeepDyve account if you don’t already have one.
Copy and paste the desired citation format or use the link below to download a file formatted for EndNote
Access the full text.
Sign up today, get DeepDyve free for 14 days.
All DeepDyve websites use cookies to improve your online experience. They were placed on your computer when you launched this website. You can change your cookie settings through your browser.