Summary: We describe public key encryption schemes with security provably based on the worst case hardness of the approximate shortest vector problem in some structured lattices, called ideal lattices. Under the assumption that the latter is exponentially hard to solve even with a quantum computer, we achieve CPA-security against subexponential attacks, with (quasi-) optimal asymptotic performance: if \(n\) is the security parameter, both keys are of bit-length \({\widetilde{O}}(n)\) and the amortized costs of both encryption and decryption are \({\widetilde{O}}(1)\) per message bit. Our construction adapts the trapdoor one-way function of C. Gentry et al. [in: Proceedings of the 40th annual ACM symposium on theory of computing 2008, STOC 2008. New York, NY: ACM Press. 197–206 (2008; Zbl 1231.68124)], based on the learning with errors problem, to structured lattices. Our main technical tools are an adaptation of M. Ajtai’s trapdoor key generation algorithm [Lect. Notes Comput. Sci. 1644, 01–09 (1999; Zbl 0987.94021)] and a re-interpretation of Regev’s quantum reduction between the bounded distance decoding problem and sampling short lattice vectors.
For the entire collection see [Zbl 1177.94014].