Abstract
Lattices are regular arrangements of points in n-dimensional space, whose study appeared in the 19th century in both number theory and crystallography. Since the appearance of the celebrated Lenstra-Lenstra-Lovász lattice basis reduction algorithm twenty years ago, lattices have had surprising applications in cryptology. Until recently, the applications of lattices to cryptology were only negative, as lattices were used to break various cryptographic schemes. Paradoxically, several positive cryptographic applications of lattices have emerged in the past five years: there now exist public-key cryptosystems based on the hardness of lattice problems, and lattices play a crucial rôle in a few security proofs. We survey the main examples of the two faces of lattices in cryptology.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
L. M. Adleman. On breaking generalized knapsack publick key cryptosystems. In Proc. of 15th STOC, pages 402–412. ACM, 1983.
L. M. Adleman. Factoring and lattice reduction. Unpublished manuscript, 1995.
M. Ajtai. Generating hard instances of lattice problems. In Proc. of 28th STOC, pages 99–108. ACM, 1996. Available at [47] as TR96-007.
M. Ajtai. The shortest vector problem in L2 is NP-hard for randomized reductions. In Proc. of 30th STOC. ACM, 1998. Available at [47] as TR97-047.
M. Ajtai and C. Dwork. A public-key cryptosystem with worst-case/average-case equivalence. In Proc. of 29th STOC, pages 284–293. ACM, 1997. Available at [47] as TR96-065.
M. Ajtai, R. Kumar, and D. Sivakumar. A sieve algorithm for the shortest lattice vector problem. In Proc. 33rd STOC, pages 601–610. ACM, 2001.
S. Arora, L. Babai, J. Stern, and Z. Sweedyk. The hardness of approximate optima in lattices, codes, and systems of linear equations. Journal of Computer and System Sciences, 54(2):317–331, 1997.
L. Babai. On Lovász lattice reduction and the nearest lattice point problem. Combinatorica, 6:1–13, 1986.
W. Banaszczyk. New bounds in some transference theorems in the geometry of numbers. Mathematische Annalen, 296:625–635, 1993.
M. Bellare, S. Goldwasser, and D. Micciancio. ”Pseudo-random” number generation within cryptographic algorithms: The DSS case. In Proc. of Crypto’97, volume 1294 of LNCS. IACR, Springer-Verlag, 1997.
M. Bellare and P. Rogaway. Optimal asymmetric encryption. In Proc. of Euro-crypt’94, volume 950 of LNCS, pages 92–111. IACR, Springer-Verlag, 1995.
D. Bleichenbacher. On the security of the KMOV public key cryptosystem. In Proc. of Crypto’97, volume 1294 of LNCS, pages 235–248. IACR, Springer-Verlag, 1997.
D. Bleichenbacher and P. Q. Nguyen. Noisy polynomial interpolation and noisy Chinese remaindering. In Proc. of Eurocrypt’ 00, volume 1807 of LNCS. IACR, Springer-Verlag, 2000.
J. Blömer and J.-P. Seifert. On the complexity of computing short linearly independent vectors and short bases in a lattice. In Proc. of 31st STOC. ACM, 1999.
D. Boneh. The decision Diffie-Hellman problem. In Algorithmic Number Theory-Proc. of ANTS-III, volume 1423 of LNCS. Springer-Verlag, 1998.
D. Boneh. Twenty years of attacks on the RSA cryptosystem. Notices of the AMS, 46(2):203–213, 1999.
D. Boneh. Finding smooth integers in short intervals using CRT decoding. In Proc. of 32nd STOC. ACM, 2000.
D. Boneh. Simplified OAEP for the RSA and Rabin functions. In Proc. of Crypto 2001, LNCS. IACR, Springer-Verlag, 2001.
D. Boneh and G. Durfee. Cryptanalysis of RSA with private key d less than N0.292. In Proc. of Eurocrypt’99, volume 1592 of LNCS, pages 1–11. IACR, Springer-Verlag, 1999.
D. Boneh, G. Durfee, and Y. Frankel. An attack on RSA given a small fraction of the private key bits. In Proc. of Asiacrypt’98, volume 1514 of LNCS, pages 25–34. Springer-Verlag, 1998.
D. Boneh, G. Durfee, and N. A. Howgrave-Graham. Factoring n = p r q for large r. In Proc. of Crypto’99, volume 1666 of LNCS. IACR, Springer-Verlag, 1999.
D. Boneh, A. Joux, and P. Q. Nguyen. Why textbook ElGamal and RSA encryption are insecure. In Proc. of Asiacrypt’ 00, volume 1976 of LNCS. IACR, Springer-Verlag, 2000.
D. Boneh and I. E. Shparlinski. Hard core bits for the elliptic curve Diffie-Hellman secret. In Proc. of Crypto 2001, LNCS. IACR, Springer-Verlag, 2001.
D. Boneh and R. Venkatesan. Hardness of computing the most significant bits of secret keys in Diffie-Hellman and related schemes. In Proc. of Crypto’96, LNCS. IACR, Springer-Verlag, 1996.
D. Boneh and R. Venkatesan. Breaking RSA may not be equivalent to factoring. In Proc. of Eurocrypt’98, volume 1233 of LNCS, pages 59–71. Springer-Verlag, 1998.
V. Boyko, M. Peinado, and R. Venkatesan. Speeding up discrete log and factoring based schemes via precomputations. In Proc. of Eurocrypt’98, volume 1403 of LNCS, pages 221–235. IACR, Springer-Verlag, 1998.
E. F. Brickell. Solving low density knapsacks. In Proc. of Crypto’ 83. Plenum Press, 1984.
E. F. Brickell. Breaking iterated knapsacks. In Proc. of Crypto’ 84, volume 196 of LNCS. Springer-Verlag, 1985.
E. F. Brickell and A. M. Odlyzko. Cryptanalysis: A survey of recent results. In G. J. Simmons, editor, Contemporary Cryptology, pages 501–540. IEEE Press, 1991.
J.-Y. Cai. Some recent progress on the complexity of lattice problems. In Proc. of FCRC, 1999. Available at [47] as TR99-006.
J.-Y. Cai. The complexity of some lattice problems. In Proc. of ANTS-IV, volume 1838 of LNCS. Springer-Verlag, 2000.
J.-Y. Cai and T. W. Cusick. A lattice-based public-key cryptosystem. Information and Computation, 151:17–31, 1999.
J.-Y. Cai and A. P. Nerurkar. An improved worst-case to average-case connection for lattice problems. In Proc. of 38th FOCS, pages 468–477. IEEE, 1997.
S. Cavallar, B. Dodson, A. K. Lenstra, W. Lioen, P. L. Montgomery, B. Murphy, H. te Riele, K. Aardal, J. Gilchrist, G. Guillerm, P. Leyland, J. Marchand, F. Morain, A. Muffett, C. Putnam, and P. Zimmermann. Factorization of 512-bit RSA key using the number field sieve. In Proc. of Eurocrypt’ 00, volume 1807 of LNCS. IACR, Springer-Verlag, 2000.
B. Chor and R.L. Rivest. A knapsack-type public key cryptosystem based on arithmetic in finite fields. IEEE Trans. Inform. Theory, 34, 1988.
H. Cohen. A Course in Computational Algebraic Number Theory. Springer-Verlag, 1995. Second edition.
J.H. Conway and N.J.A. Sloane. Sphere Packings, Lattices and Groups. Springer-Verlag, 1998. Third edition.
D. Coppersmith. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. of Cryptology, 10(4):233–260, 1997. Revised version of two articles from Eurocrypt’96.
D. Coppersmith. Finding small solutions to small degree polynomials. In Proc. of CALC 2001, LNCS. Springer-Verlag, 2001.
D. Coppersmith and A. Shamir. Lattice attacks on NTRU. In Proc. of Eurocrypt’ 97, LNCS. IACR, Springer-Verlag, 1997.
M.J. Coster, A. Joux, B.A. LaMacchia, A.M. Odlyzko, C.-P. Schnorr, and J. Stern. Improved low-density subset sum algorithms. Comput. Complexity, 2:111–128, 1992.
C. Coupé, P. Q. Nguyen, and J. Stern. The effectiveness of lattice attacks against low-exponent RSA. In Proc. of PKC’98, volume 1431 of LNCS. Springer-Verlag, 1999.
W. Diffie and M. E. Hellman. New directions in cryptography. IEEE Trans. Inform. Theory, IT-22:644–654, Nov 1976.
I. Dinur. Approximating SVP∞ to within almost-polynomial factors is NP-hard. Available at [47] as TR99-016.
I. Dinur, G. Kindler, and S. Safra. Approximating CVP to within almost-polynomial factors is NP-hard. In Proc. of 39th FOCS, pages 99–109. IEEE, 1998. Available at [47] as TR98-048.
G. Durfee and P. Q. Nguyen. Cryptanalysis of the RSA schemes with short secret exponent from Asiacrypt’99. In Proc. of Asiacrypt’ 00, volume 1976 of LNCS. IACR, Springer-Verlag, 2000.
ECCC. http://www.eccc.uni-trier.de/eccc/. The Electronic Colloquium on Computational Complexity.
E. El Mahassni, P. Q. Nguyen, and I. E. Shparlinski. The insecurity of Nyberg-Rueppel and other DSA-like signature schemes with partially known nonces. In Proc. of CALC 2001, LNCS. Springer-Verlag, 2001.
P. van Emde Boas. Another NP-complete problem and the complexity of computing short vectors in a lattice. Technical report, Mathematische Instituut, University of Amsterdam, 1981. Report 81-04. Available at http://turing.wins.uva.nl/~peter/.
R. Fischlin and J.-P. Seifert. Tensor-based trapdoors for CVP and their application to public key cryptography. In IMA Conference on Cryptography and Coding, LNCS. Springer-Verlag, 1999.
A. M. Frieze. On the Lagarias-Odlyzko algorithm for the subset sum problem. SI AM J. Comput, 15(2):536–539, 1986.
A. M. Frieze, J. Håstad, R. Kannan, J. C. Lagarias, and A. Shamir. Reconstructing truncated integer variables satisfying linear congruences. SI AM J. Comput., 17(2):262–280, 1988. Special issue on cryptography.
E. Fujisaki, T. Okamoto, D. Pointcheval, and J. Stern. RSA-OAEP is secure under the RSA assumption. In Proc. of Crypto 2001, LNCS. IACR, Springer-Verlag, 2001.
M. L. Furst and R. Kannan. Succinct certificates for almost all subset sum problems. SIAM J. Comput, 18(3):550–558, 1989.
C.F. Gauss. Disquisitiones Arithmeticæ, Leipzig, 1801.
C. Gentry. Key recovery and message attacks on NTRU-composite. In Proc. of Eurocrypt 2001, volume 2045 of LNCS. IACR, Springer-Verlag, 2001.
M. Girault and J.-F. Misarsky. Cryptanalysis of countermeasures proposed for repairing ISO 9796-1. In Proc. of Eurocrypt’ w00, volume 1807 of LNCS. IACR, Springer-Verlag, 2000.
O. Goldreich and S. Goldwasser. On the limits of non-approximability of lattice problems. In Proc. of 30th STOC. ACM, 1998. Available at [47] as TR97-031.
O. Goldreich, S. Goldwasser, and S. Halevi. Challenges for the GGH cryptosystem. Available at http://theory.lcs.mit.edu/ shaih/challenge.html.
O. Goldreich, S. Goldwasser, and S. Halevi. Eliminating decryption errors in the Ajtai-Dwork cryptosystem. In Proc. of Crypto’97, volume 1294 of LNCS, pages 105–111. IACR, Springer-Verlag, 1997. Available at [47] as TR97-018.
O. Goldreich, S. Goldwasser, and S. Halevi. Public-key cryptosystems from lattice reduction problems. In Proc. of Crypto’97, volume 1294 of LNCS, pages 112–131. IACR, Springer-Verlag, 1997. Available at [47] as TR96-056.
O. Goldreich, D. Micciancio, S. Safra, and J.-P. Seifert. Approximating shortest lattice vectors is not harder than approximating closest lattice vectors, 1999. Available at [47] as TR99-002.
M. I. González Vasco and I. E. Shparlinski. On the security of Diffie-Hellman bits. In K.-Y. Lam, I. E. Shparlinski, H. Wang, and C. Xing, editors, Proc. Workshop on Cryptography and Comp. Number Theory (CCNT’99). Birkhauser, 2000.
M. Grötschel, L. Lovász, and A. Schrijver. Geometric Algorithms and Combinatorial Optimization. Springer-Verlag, 1993.
M. Gruber and C. G. Lekkerkerker. Geometry of Numbers. North-Holland, 1987.
J. Håstad. Solving simultaneous modular equations of low degree. SIAM J. Comput., 17(2):336–341, April 1988. Preliminary version in Proc. of Crypto’ 85.
B. Helfrich. Algorithms to construct Minkowski reduced and Hermite reduced bases. Theoretical Computer Science, 41:125–139, 1985.
C. Hermite. Extraits de lettres de M. Hermite à M. Jacobi sur différents objets de la théorie des nombres, deuxième lettre. J. Reine Angew. Math., 40:279–290, 1850. Also available in the first volume of Hermite’s complete works, published by Gauthier-Villars.
J. Hoffstein, J. Pipher, and J.H. Silverman. NTRU: a ring based public key cryptosystem. In Proc. of ANTS III, volume 1423 of LNCS, pages 267–288. Springer-Verlag, 1998. Additional information at http://www.ntru.com.
N. A. Howgrave-Graham. Finding small roots of univariate modular equations revisited. In Cryptography and Coding, volume 1355 of LNCS, pages 131–142. Springer-Verlag, 1997.
N. A. Howgrave-Graham. Computational Mathematics Inspired by RSA. PhD thesis, University of Bath, 1998.
N. A. Howgrave-Graham. Approximate integer common divisors. In Proc. of CALC 2001, LNCS. Springer-Verlag, 2001.
N. A. Howgrave-Graham and N. P. Smart. Lattice attacks on digital signature schemes. Technical report, HP Labs, 1999. HPL-1999-90. To appear in Designs, Codes and Cryptography.
E. Jaulmes and A. Joux. A chosen ciphertext attack on NTRU. In Proc. of Crypto 2000, volume 1880 of LNCS. IACR, Springer-Verlag, 2000.
A. Joux and J. Stern. Lattice reduction: A toolbox for the cryptanalyst. J. of Cryptology, 11:161–185, 1998.
C. S. Jutla. On finding small solutions of modular multivariate polynomial equations. In Proc. of Eurocrypt’98, volume 1403 of LNCS, pages 158–170. IACR, Springer-Verlag, 1998.
R. Kannan. Improved algorithms for integer programming and related lattice problems. In Proc. of 15th STOC, pages 193–206. ACM, 1983.
R. Kannan. Algorithmic geometry of numbers. Annual review of computer science, 2:231–267, 1987.
R. Kannan. Minkowski’s convex body theorem and integer programming. Math. Oper. Res., 12(3):415–440, 1987.
P. Klein. Finding the closest lattice vector when it’s unusually close. In Proc. of SODA’ 00. ACM-SIAM, 2000.
S. V. Konyagin and T. Seger. On polynomial congruences. Mathematical Notes, 55(6):596–600, 1994.
A. Korkine and G. Zolotareff. Sur les formes quadratiques positives ternaires. Math. Ann., 5:581–583, 1872.
A. Korkine and G. Zolotareff. Sur les formes quadratiques. Math. Ann., 6:336–389, 1873.
J. C. Lagarias. Point lattices. In R. Graham, M. Grötschel, and L. Lovász, editors, Handbook of Combinatorics, volume 1, chapter 19. Elsevier, 1995.
J. C. Lagarias and A. M. Odlyzko. Solving low-density subset sum problems. Journal of the Association for Computing Machinery, January 1985.
L. Lagrange. Recherches d’arithm’etique. Nouv. Mém. Acad., 1773.
A. K. Lenstra and H. W. Lenstra, Jr. The Development of the Number Field Sieve, volume 1554 of Lecture Notes in Mathematics. Springer-Verlag, 1993.
A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovász. Factoring polynomials with rational coefficients. Mathematische Ann., 261:513–534, 1982.
H. W. Lenstra, Jr. Integer programming with a fixed number of variables. Technical report, Mathematisch Instituut, Universiteit van Amsterdam, April 1981. Report 81-03.
H. W. Lenstra, Jr. Integer programming with a fixed number of variables. Math. Oper. Res., 8(4):538–548, 1983.
L. Lovász. An Algorithmic Theory of Numbers, Graphs and Convexity, volume 50. SIAM Publications, 1986. CBMS-NSF Regional Conference Series in Applied Mathematics.
J. Martinet. Les Réseaux Parfaits des Espaces Euclidiens. Éditions Masson, 1996. English translation to appear at Springer-Verlag.
J. E. Mazo and A. M. Odlyzko. Lattice points in high-dimensional spheres. Monatsh. Math., 110:47–61, 1990.
R.J. McEliece. A public-key cryptosystem based on algebraic number theory. Technical report, Jet Propulsion Laboratory, 1978. DSN Progress Report 42-44.
A. Menezes, P. Van Oorschot, and S. Vanstone. Handbook of Applied Cryptography. CRC Press, 1997.
R. Merkle and M. Hellman. Hiding information and signatures in trapdoor knapsacks. IEEE Trans. Inform. Theory, IT-24:525–530, September 1978.
D. Micciancio. On the Hardness of the Shortest Vector Problem. PhD thesis, Massachusetts Institute of Technology, 1998.
D. Micciancio. The shortest vector problem is NP-hard to approximate within some constant. In Proc. of 39th FOCS. IEEE, 1998. Available at [47] as TR98-016.
D. Micciancio. Lattice based cryptography: A global improvement. Technical report, Theory of Cryptography Library, 1999. Report 99-05.
D. Micciancio. The hardness of the closest vector problem with preprocessing. IEEE Trans. Inform. Theory, 47(3):1212–1215, 2001.
D. Micciancio. Improving lattice-based cryptosystems using the Hermite normal form. In Proc. of CALC 2001, LNCS. Springer-Verlag, 2001.
J. Milnor and D. Husemoller. Symmetric Bilinear Forms. Springer-Verlag, 1973.
H. Minkowski. Geometrie der Zahlen. Teubner-Verlag, Leipzig, 1896.
J.-F. Misarsky. A multiplicative attack using LLL algorithm on RSA signatures with redundancy. In Proc. of Crypto’97, volume 1294 of LNCS, pages 221–234. IACR, Springer-Verlag, 1997.
P. L. Montgomery. Square roots of products of algebraic numbers. In Walter Gautschi, editor, Mathematics of Computation 1943-1993: a Half-Century of Computational Mathematics, Proc. of Symposia in Applied Mathematics, pages 567–571. American Mathematical Society, 1994.
National Institute of Standards and Technology (NIST). FIPS Publication 186: Digital Signature Standard, May 1994.
P. Q. Nguyen. A Montgomery-like square root for the number field sieve. In Algorithmic Number Theory-Proc. of ANTS-III, volume 1423 of LNCS. Springer-Verlag, 1998.
P. Q. Nguyen. Cryptanalysis of the Goldreich-Goldwasser-Halevi cryptosystem from Crypto’97. In Proc. of Crypto’99, volume 1666 of LNCS, pages 288–304. IACR, Springer-Verlag, 1999.
P. Q. Nguyen. La Géométrie des Nombres en Cryptologie. PhD thesis, Université Paris 7, November 1999. Available at http://www.di.ens.fr/~pnguyen/.
P. Q. Nguyen. The dark side of the hidden number problem: Lattice attacks on DSA. In K.-Y. Lam, I. E. Shparlinski, H. Wang, and C. Xing, editors, Proc. Workshop on Cryptography and Comp. Number Theory (CCNT’99). Birkhauser, 2000.
P. Q. Nguyen and I. E. Shparlinski. The insecurity of the Digital Signature Algorithm with partially known nonces. J. of Cryptology, 2001. To appear.
P. Q. Nguyen and I. E. Shparlinski. The insecurity of the elliptic curve Digital Signature Algorithm with partially known nonces. Preprint, 2001.
P. Q. Nguyen and J. Stern. Merkle-Hellman revisited: a cryptanalysis of the Qu-Vanstone cryptosystem based on group factorizations. In Proc. of Crypto’97, volume 1294 of LNCS, pages 198–212. IACR, Springer-Verlag, 1997.
P. Q. Nguyen and J. Stern. Cryptanalysis of a fast public key cryptosystem presented at SAC’ 97. In Selected Areas in Cryptography-Proc. of SAC’98, volume 1556 of LNCS. Springer-Verlag, 1998.
P. Q. Nguyen and J. Stern. Cryptanalysis of the Ajtai-Dwork cryptosystem. In Proc. of Crypto’98, volume 1462 of LNCS, pages 223–242. IACR, Springer-Verlag, 1998.
P. Q. Nguyen and J. Stern. The Béguin-Quisquater server-aided RSA protocol from Crypto’ 95 is not secure. In Proc. of Asiacrypt’98, volume 1514 of LNCS, pages 372–379. Springer-Verlag, 1998.
P. Q. Nguyen and J. Stern. The hardness of the hidden subset sum problem and its cryptographic implications. In Proc. of Crypto’ 99, volume 1666 of LNCS, pages 31–46. IACR, Springer-Verlag, 1999.
P. Q. Nguyen and J. Stern. Lattice reduction in cryptology: An update. In Proc. of ANTS-IV, volume 1838 of LNCS. Springer-Verlag, 2000.
A. M. Odlyzko. The rise and fall of knapsack cryptosystems. In Cryptology and Computational Number Theory, volume 42 of Proc. of Symposia in Applied Mathematics, pages 75–88. A.M.S., 1990.
R. L. Rivest, A. Shamir, and L. M. Adleman. A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.
C. P. Schnorr. A hierarchy of polynomial lattice basis reduction algorithms. Theoretical Computer Science, 53:201–224, 1987.
C. P. Schnorr. A more efficient algorithm for lattice basis reduction. J. of algorithms, 9(1):47–62, 1988.
C. P. Schnorr. Factoring integers and computing discrete logarithms via diophantine approximation. In Proc. of Eurocrypt’91, volume 547 of LNCS, pages 171–181. IACR, Springer-Verlag, 1991.
C. P. Schnorr and M. Euchner. Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Programming, 66:181–199, 1994.
C. P. Schnorr and H. H. Hörner. Attacking the Chor-Rivest cryptosystem by improved lattice reduction. In Proc. of Eurocrypt’95, volume 921 of LNCS, pages 1–12. IACR, Springer-Verlag, 1995.
A. Shamir. A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem. In Proc. of 23rd FOCS, pages 145–152. IEEE, 1982.
V. Shoup. Number Theory C++ Library (NTL) version 3.6. Available at http://www.shoup.net/ntl/
V. Shoup. OAEP reconsidered. In Proc. of Crypto 2001, LNCS. IACR, Springer-Verlag, 2001.
I. E. Shparlinski. On the generalized hidden number problem and bit security of XTR. In Proc. of 14th Symp. on Appl. Algebra, Algebraic Algorithms, and Error-Correcting Codes, LNCS. Springer-Verlag, 2001.
I. E. Shparlinski. Sparse polynomial approximation in finite fields. In Proc. 33rd STOC. ACM, 2001.
C. L. Siegel. Lectures on the Geometry of Numbers. Springer-Verlag, 1989.
B. Vallée. La réduction des réseaux. autour de l’algorithme de Lenstra, Lenstra, Lovász. RAIRO Inform. Théor. Appl, 23(3):345–376, 1989.
B. Vallée, M. Girault, and P. Toffin. How to guess l-th roots modulo n by reducing lattice bases. In Proc. of AAEEC-6, volume 357 of LNCS, pages 427–442. Springer-Verlag, 1988.
S. A. Vanstone and R. J. Zuccherato. Short RSA keys and their generation. J. of Cryptology, 8(2):101–114, 1995.
S. Vaudenay. Cryptanalysis of the Chor-Rivest cryptosystem. In Proc. of Crypto’98, volume 1462 of LNCS. IACR, Springer-Verlag, 1998.
E. R. Verheul. Certificates of recoverability with scalable recovery agent security. In Proc. ofPKC’00, LNCS. Springer-Verlag, 2000.
M. Wiener. Cryptanalysis of short RSA secret exponents. IEEE Trans. Inform. Theory, 36(3):553–558, 1990.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2001 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nguyen, P.Q., Stern, J. (2001). The Two Faces of Lattices in Cryptology. In: Silverman, J.H. (eds) Cryptography and Lattices. CaLC 2001. Lecture Notes in Computer Science, vol 2146. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44670-2_12
Download citation
DOI: https://doi.org/10.1007/3-540-44670-2_12
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-42488-8
Online ISBN: 978-3-540-44670-5
eBook Packages: Springer Book Archive