Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem

Author Chris Peikert

Thumbnail PDF


  • Filesize: 334 kB
  • 23 pages

Document Identifiers

Author Details

Chris Peikert

Cite AsGet BibTex

Chris Peikert. Public-Key Cryptosystems from the Worst-Case Shortest Vector Problem. In Theoretical Foundations of Practical Information Security. Dagstuhl Seminar Proceedings, Volume 8491, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2009)


We construct public-key cryptosystems that are secure assuming the *worst-case* hardness of approximating the shortest vector problem on lattices. Prior cryptosystems with worst-case connections (e.g., the Ajtai-Dwork system) were based either on a *special case* of the shortest vector problem, or on the conjectured hardness of lattice problems for *quantum* algorithms. Our main technical innovation is a reduction from certain variants of the shortest vector problem to corresponding versions of the "learning with errors" (LWE) problem; previously, only a quantum reduction of this kind was known. In addition, we construct new cryptosystems based on LWE, including a very natural chosen ciphertext-secure system that has a much simpler description and tighter underlying worst-case approximation factor than prior constructions. (Duration: 30 minutes, on or before Wednesday.)
  • Lattice-based cryptography
  • learning with errors
  • quantum computation


  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    PDF Downloads