When quoting this document, please refer to the following
URN: urn:nbn:de:0030-drops-18922
Go to the corresponding Portal

Peikert, Chris

Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem

08491.PeikertChris.Paper.1892.pdf (0.3 MB)


We construct public-key cryptosystems that are secure assuming the *worst-case* hardness of approximating the shortest vector problem on lattices. Prior cryptosystems with worst-case connections (e.g., the Ajtai-Dwork system) were based either on a *special case* of the shortest vector problem, or on the conjectured hardness of lattice problems for *quantum* algorithms. Our main technical innovation is a reduction from certain variants of the shortest vector problem to corresponding versions of the "learning with errors" (LWE) problem; previously, only a quantum reduction of this kind was known. In addition, we construct new cryptosystems based on LWE, including a very natural chosen ciphertext-secure system that has a much simpler description and tighter underlying worst-case approximation factor than prior constructions. (Duration: 30 minutes, on or before Wednesday.)

BibTeX - Entry

  author =	{Chris Peikert},
  title =	{Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem},
  booktitle =	{Theoretical Foundations of Practical Information Security},
  year =	{2009},
  editor =	{Ran Canetti and Shafi Goldwasser and G{\"u}nter M{\"u}ller and Rainer Steinwandt},
  number =	{08491},
  series =	{Dagstuhl Seminar Proceedings},
  ISSN =	{1862-4405},
  publisher =	{Schloss Dagstuhl - Leibniz-Zentrum fuer Informatik, Germany},
  address =	{Dagstuhl, Germany},
  URL =		{},
  annote =	{Keywords: Lattice-based cryptography, learning with errors, quantum computation}

Keywords: Lattice-based cryptography, learning with errors, quantum computation
Seminar: 08491 - Theoretical Foundations of Practical Information Security
Issue Date: 2009
Date of publication: 27.02.2009

DROPS-Home | Fulltext Search | Imprint | Privacy Published by LZI