Cryptography in a post-quantum world

Abstract

Lattice-based hard problems are a leading candidate for implementation in future public key cryptographic schemes due to their conjectured quantum resilience. Lattice-based problems offer certain advantages over non-lattice-based cryptosystems, such as a relatively short key length [3] and versatility, since lattice cryptosystems can offer both encryption schemes (to securely transmit data from sender to receiver) and signature schemes (used for a receiver to verify that information actually originated from the claimed sender) [2]. Notably they are also the only known class of problems which give rise to fully homomorphic encryption schemes, in which computations can be securely performed on encrypted data [1]. Many of the 2017 submissions to the NIST Post-Quantum Cryptography challenge are based on lattice problems [4].Some lattice cryptosystems, most notably the ring-LWE [7] scheme proposed in 2013, rely on solving a hard problem over a subclass of lattices known as ideal lattices. However, it is currently unknown whether the additional algebraic structure found in ideal lattices make them less secure for cryptographic purposes, although it is widely conjectured that the ideal case is as secure as the general case [1].In this poster presentation, we give an overview of past attempts to approach a lattice hard problem known as the shortest vector problem (SVP) in a class of ideal lattices generated using the cyclotomic integers, which is a type of mathematical object known as a ring. The cyclotomic integers have a lot of algebraic structure, and some researchers have speculated that this structure could potentially make these lattices less secure [6]. The discovery that the ideal-lattice based cryptosystem Soliloquy is not quantum-secure [5] has motivated cryptographers to examine the feasibility of using new types of rings to generate lattices, such as the variant of the crytosystem NTRU proposed in [6]. This poster will include our preliminary results on the security of the SVP in ideal lattices generated in a ring which has been previously unstudied and discuss the practically of using the ring in place of the cyclotomic integers in some lattice cryptosystems.