TY - JOUR
T1 - Security analysis of cryptosystems using short generators over ideal lattices
AU - Okumura, Shinya
AU - Sugiyama, Shingo
AU - Yasuda, Masaya
AU - Takagi, Tsuyoshi
N1 - Funding Information:
Acknowledgements We would like to thank the authors in [16] for some comments. This work was supported by JST CREST Grant Number JPMJCR14D6, Japan.
Publisher Copyright:
© 2018, The Author(s).
PY - 2018/7/1
Y1 - 2018/7/1
N2 - In this paper, we analyze the security of cryptosystems using short generators over ideal lattices. Our approach is based on a recent work by Cramer et al. on analysis of the recovering short generators problem on q-th cyclotomic fields with prime powers q. In their analysis, implicit lower bounds of the special values of Dirichlet L-functions at 1 are essentially used for estimating some sizes of the dual bases of the log-unit lattices of the q-th cyclotomic fields. Our contribution is to improve Cramer et al.’s analysis by giving explicit lower and upper bounds of the special values of Dirichlet L-functions at 1. Our improvement allows one to analyze the RSG attack not only asymptotically but also explicitly for fixed practical parameters. Moreover, we give experimental evidence that recovering short generators over 2 k-th cyclotomic fields for k≥ 10 is succeeded with high probability.
AB - In this paper, we analyze the security of cryptosystems using short generators over ideal lattices. Our approach is based on a recent work by Cramer et al. on analysis of the recovering short generators problem on q-th cyclotomic fields with prime powers q. In their analysis, implicit lower bounds of the special values of Dirichlet L-functions at 1 are essentially used for estimating some sizes of the dual bases of the log-unit lattices of the q-th cyclotomic fields. Our contribution is to improve Cramer et al.’s analysis by giving explicit lower and upper bounds of the special values of Dirichlet L-functions at 1. Our improvement allows one to analyze the RSG attack not only asymptotically but also explicitly for fixed practical parameters. Moreover, we give experimental evidence that recovering short generators over 2 k-th cyclotomic fields for k≥ 10 is succeeded with high probability.
UR - http://www.scopus.com/inward/record.url?scp=85047143262&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85047143262&partnerID=8YFLogxK
U2 - 10.1007/s13160-018-0306-z
DO - 10.1007/s13160-018-0306-z
M3 - Article
AN - SCOPUS:85047143262
SN - 0916-7005
VL - 35
SP - 739
EP - 771
JO - Japan Journal of Industrial and Applied Mathematics
JF - Japan Journal of Industrial and Applied Mathematics
IS - 2
ER -