Skip to main content
SpringerLink
Log in

Lattice-Based Cryptography: A Survey

  • Published:
Chinese Annals of Mathematics, Series B Aims and scope Submit manuscript

Abstract

Most of current public key cryptosystems would be vulnerable to the attacks of the future quantum computers. Post-quantum cryptography offers mathematical methods to secure information and communications against such attacks, and therefore has been receiving a significant amount of attention in recent years. Lattice-based cryptography, built on the mathematical hard problems in (high-dimensional) lattice theory, is a promising post-quantum cryptography family due to its excellent efficiency, moderate size and strong security. This survey aims to give a general overview on lattice-based cryptography. To this end, the authors begin with the introduction of the underlying mathematical lattice problems. Then they introduce the fundamental cryptanalytic algorithms and the design theory of lattice-based cryptography.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Ajtai, M., Generating hard instances of lattice problems (Extended Abstract), 28th Annual ACM Symposium on Theory of Computing, ACM Press, New York, 1996, 99–108.

    MATH  Google Scholar 

  2. Ajtai, M., The shortest vector problem in L2 is NP-hard for randomized reductions (Extended Abstract), 30th Annual ACM Symposium on Theory of Computing, ACM Press, 1998, 10–19.

  3. Ajtai, M., Kumar, R. and Sivakumar, D., A sieve algorithm for the shortest lattice vector problem, 33rd Annual ACM Symposium on Theory of Computing, ACM Press, New York, 2001, 601–610.

    MATH  Google Scholar 

  4. Applebaum, B., Cash, D., Peikert, C. and Sahai, A., Fast cryptographic primitives and circular-secure encryption based on hard learning problems, Shai Halevi editor, Advances in Cryptology - CRYPTO 2009, Lecture Notes in Computer Science, 5677, Springer-Verlag, Heidelberg, 2009, 595–618.

    MATH  Google Scholar 

  5. Becker, A., Ducas, L., Gama, N. and Laarhoven, T., New directions in nearest neighbor searching with applications to lattice sieving, Robert Krauthgamer, editor, 27th Annual ACM-SIAM Symposium on Discrete Algorithms, ACM-SIAM, New York, 2016, 10–24.

  6. Bernstein, D., Brumley, B. B., Chen M.-S., et al., NTRU Prime, Technical report, National Institute of Standards and Technology, 2020, https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions.

  7. Chen, C., Danba, O., Hoffstein, J., et al., NTRU, Technical report, National Institute of Standards and Technology, 2020, https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions.

  8. Chen, Y. M. and Nguyen, P. Q., BKZ 2.0: Better lattice security estimates, Dong Hoon Lee and Xiaoyun Wang, editors, Advances in Crytology–ASIACRYPT 2011, Lecture Note in Computer Science, 7073, Springer-Verlag, Heidelberg, 2011, 1–20.

    Google Scholar 

  9. Cohn, H., Kumar, A., Miller, S., et al., Universal optimality of the E8 and Leech lattices and interpolation formulas, Annals of Mathematics, 196(3), 2022, 983–1082.

    Article  MathSciNet  MATH  Google Scholar 

  10. Cramer, R., Ducas, L. and Wesolowski, B., Short stickelberger class relations and application to ideal-SVP, Jean-ébastien Coron and Jesper Buus Nielsen, editors, Advances in Cryptology–EUROCRYPT 2017, Part I, Lecture Notes in Computer Science, 10210, Springer-Verlag, Heidelberg, 2017, 324–348.

  11. Ding, D., Zhu, G. Z. and Wang, X. Y., A genetic algorithm for searching the shortest lattice vector of SVP challenge, Proceedings of the 2015 Annual Conference on Genetic and Evolutionary Computation, 2015, 823–830.

  12. Ducas, L., Lyubashevsky, V. and Prest, T., Efficient identity-based encryption over NTRU lattices, Palash Sarkar and Tetsu Iwata, editors, Advances in Cryptology–ASIACRYPT 2014, Part II, Lecture Notes in Computer Science, 8874, Springer-Verlag, Heidelberg, 2014, 22–41.

  13. Ducas, L. and Nguyen, P. Q., Learning a zonotope and more: Cryptanalysis of NTRUSign countermeasures, Xiaoyun Wang and Kazue Sako, editors, Advances in Crytology–ASIACRYPT 2012, Lecture Notes in Computer Science, 7658, Springer-Verlag, Heidelberg, 2012, 433–450.

  14. Espitau, T., Fouque, P.-A., Gérard, F., et al., Mitaka: A simpler, parallelizable, maskable variant of falcon, Orr Dunkelman and Stefan Dziembowski, editors, Advances in Cryptology–EUROCRYPT 2022, Part III, Lecture Notes in Computer Science, 13277, Springer-Verlag, Heidelberg, 2022, 222–253.

  15. Felderhoff, J., Pellet-Mary, A. and Stehlé, D., On module unique-SVP and NTRU, Shweta Agrawal and Dongdai Lin, editors, Advances in Cryptology–EUROCRYPT 2022, Part III, Lecture Notes in Computer Science, 13793, Springer-Verlag, Heidelberg, 2022, 709–740.

  16. Fouque, P.-A., Kirchner, P., Pornin, T. and Yu, Y., BAT: Small and fast KEM over NTRU lattices, IACR Transactions on Cry ptographic Hardware and Embedded Systems, 2022(2), 2022, 240–265.

    Article  Google Scholar 

  17. Fujisaki, E. and Okamoto, T., How to enhance the security of public-key encryption at minimum cost, Hideki Imai and Yuliang Zheng, editors, PKC’99: 2nd International Workshop on Theory and Practice in Public Key Cryptography, Lecture Notes in Computer Science, 1560, Springer-Verlag, Heidelberg, 1999, 53–68.

  18. Gama, N., Nguyen, P. Q. and Regev, O., Lattice enumeration using extreme pruning, Henri Gilbert, editor, Advances in Cryptology–EUROCRYPT 2010, Lecture Notes in Computer Science, 6110, Springer-Verlag, Heidelberg, 2010, 257–278.

  19. Garg, S., Gentry, C., Halevi, S., et al., Candidate indistinguishability obfuscation and functional encryption for all circuits, 54th Annual Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, CA, 2013, 40–49.

    MATH  Google Scholar 

  20. Gentry, C., Fully homomorphic encryption using ideal lattices, Michael Mitzenmacher, editor, 41st Annual ACM Symposium on Theory of Computing, ACM Press, New York, 2009, 169–178.

  21. Gentry, C., Peikert, C. and Vaikuntanathan, V., Trapdoors for hard lattices and new cryptographic constructions, Richard E. Ladner and Cynthia Dwork, editors, 40th Annual ACM Symposium on Theory of Computing, ACM Press, New York, 2008, 197–206.

  22. Goldreich, O., Goldwasser, S. and Halevi, S., Public-Key cryptosystems from lattice reduction problems, Burton S. Kaliski Jr., editor, Advances in Cryptology–CRYPTO’97, Lecture Notes in Computer Science, 1294, Springer-Verlag, Heidelberg, 1997, 112–131.

  23. Gorbunov, S., Vaikuntanathan, V. and Wee, H., Attribute-based encryption for circuits, Dan Boneh, Tim Roughgarden, and Joan Feigenbaum, editors, 45th Annual ACM Symposium on Theory of Computing, ACM Press, New York, 2013, 545–554.

  24. Hoffstein, J., Howgrave-Graham, N., Pipher, J., et al., NTRUSIGN: Digital signatures using the NTRU lattice, Marc Joye, editor, Topics in Cryptology–CT-RSA 2003, Lecture Notes in Computer Science, 2612, Springer-Verlag, Heidelberg, 2003, 122–140.

  25. Hoffstein, J., Pipher, J. and Silverman, J. H., NTRU: A ring-based public key cryptosyst, ANTS 1998, Lecture Notes in Comput. Sci, 1423, Springer-Verlag, Berlin, 1998, 267–288.

    MATH  Google Scholar 

  26. Kannan, R., Improved algorithms for integer programming and related lattice problems, 15th Annual ACM Symposium on Theory of Computing, ACM Press, 1983, 193–206.

    Google Scholar 

  27. Langlois, A. and Stehlé, D., Worst-case to average-case reductions for module lattices, Des. Codes Cryptogr., 75(3), 2015, 565–599.

    Article  MathSciNet  MATH  Google Scholar 

  28. Lenstra, A. K., Lenstra, H. W. and Lovász, L., Factoring polynomials with rational coefficients, Mathematische Annalen, 261(4), 1982, 515–534.

    Article  MathSciNet  MATH  Google Scholar 

  29. Lindner, R. and Peikert, C., Better key sizes (and attacks) for LWE-based encryption, Aggelos Kiayias, editor, Topics in Cryptology–CT-RSA 2011, Lecture Notes in Computer Scinece, 6558, Springer-Verlag, Heidelberg, 2011, 319–339.

  30. Lyubashevsky, V., Fiat-Shamir with aborts: Applications to lattice and factoring-based signatures, Mitsuru Matsui, editor, Advances in Cryptology–ASIACRYPT 2009, Lecture Notes in Computer Science, 5912, Springer-Verlag, Heidelberg, 2009, 598–616.

  31. Lyubashevsky, V., Lattice signatures without trapdoors, David Pointcheval and Thomas Johansson, editors, Advances in Cryptology–EUROCRYPT 2012, Lecture Notes in Computer Scinece, 7237, Springer-Verlag, Heidelberg, 2012, 738–755.

  32. Lyubashevsky, V., Ducas, L. and Kiltz, E., CRYSTALS-DILITHIUM, Technical report, National Institute of Standards and Technology, 2020, https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions.

  33. Lyubashevsky, V., Peikert, C. and Regev, O., On ideal lattices and learning with errors over rings, Henri Gilbert, editor, Advances in Cryptology–EUROCRYPT 2010, Lecture Notes in Computer Scinece, 6110, Springer-Verlag, Heidelberg, 2010, 1–23.

  34. Naehrig, M., Alkim, E. and Bos, J., et al., FrodoKEM, Technical report, National Institute of Standards and Technology, 2020, https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions.

  35. Nguyen, P. Q. and Regev, O., Learning a parallelepiped: Cryptanalysis of GGH and NTRU signatures, Serge Vaudenay, editor, Advances in Cryptology–EUROCRYPT 2006, Lecture Notes in Computer Science, 4004, Springer-Verlag, Heidelberg, 2006, 271–288.

  36. Nguyen, P. Q. and Vidick, T., Sieve algorithms for the shortest vector problem are practical, Journal of Mathematical Cryptology, 2(2), 2008, 181–207.

    Article  MathSciNet  MATH  Google Scholar 

  37. Pellet-Mary, A., Hanrot, G. and Stehlé, D., Approx-SVP in Ideal Lattices with Pre-processing, Yuval Ishai and Vincent Rijmen, editors, Advances in Cryptology–EUROCRYPT 2019, Part II, Lecture Notes in Computer Science, 11477, Springer-Verlag, Heidelberg, 2019, 685–716.

  38. Pellet-Mary, A. and Stehlé, D., On the hardness of the NTRU problem, Mehdi Tibouchi and Huaxiong Wang, editors, Advances in Cryptology - ASIACRYPT 2021, Part I, Lecture Notes in Computer Science, Springer-Verlag, Heidelberg, 2021, 13090, 3–35.

  39. Pohst, M., On the computation of lattice vectors of minimal length, successive minima and reduced bases with applications, ACM Sigsam Bulletin, 15(1), 1981, 37–44.

    Article  MATH  Google Scholar 

  40. Prest, T., Fouque, P.-A., Hoffstein, J., et al., FALCON, Technical report, National Institute of Standards and Technology, 2020, https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions.

  41. Regev, O., On lattices, learning with errors, random linear codes, and cryptography, Harold N. Gabow and Ronald Fagin, editors, 37th Annual ACM Symposium on Theory of Computing, ACM Press, New York, 2005, 84–93.

  42. Schnorr, C.-P., Efficient identification and signatures for smart cards, Gilles Brassard, editor, Advances in Cryptology–CRYPTO’89, Lecture Notes in Computer Science, 435, Springer-Verlag, Heidelberg, 1990, 239–252.

  43. Schnorr, C.-P. and Euchner, M., Lattice basis reduction: Improved practical algorithms and solving subset sum problems, Math. Program., 66, 1994, 181–199.

    Article  MathSciNet  MATH  Google Scholar 

  44. Schnorr, C.-P. and Hörner, H. H., Attacking the Chor-Rivest cryptosystem by improved lattice reduction, Louis C. Guillou and Jean-Jacques Quisquarter, editors, Advances in Cryptology–EUROCRYPT’95, Lecture Notes in Computer Science, 921, Springer-Verlag, Heidelberg, 1995, 1–12.

  45. Schwabe, P., Avanzi, R., Bos, J., et al., CRYSTALS-KYBER, Thchnical report, National Institute of Standards and Technology, 2020, https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization/round-3-submissions.

  46. Shor, P. W., Algorithms for quantum computation: Discrete logarithms and factoring, 35th Annual Symposium on Foundations of Computer Science, IEEE Computer Society Press, Los Alamitos, CA, 1994, 124–134.

    Google Scholar 

  47. Stehlé, D. and Steinfeld, R., Making NTRU as secure as worst-case problems over ideal lattices, Kenneth G. Paterson, editor, Advances in Cryptology–EUROCRYPT 2011, Lecture Notes in Computer Science, 6632, Springer-Verlag, Heidelberg, 2011, 27–47.

  48. Stehlé, D., Steinfeld, R., Tanaka, K. and Xagawa, K., Efficient public key encryption based on ideal lattices, Mirsuru Matsui, editor, Advances in Cryptology–ASIACRYPT 2009, Lecture Notes in Computer Science, 5912, Springer-Verlag, Heidelberg, 2009, 617–635.

  49. van Emde Boas, P., Another NP-complete problem and the complexity of computing short vectors in a lattice, Tecnical Report, Department of Mathmatics, University of Amsterdam, 1981.

  50. Viazovska, M. S., The sphere packing problem in dimension 8, Annals of mathematics (2), 185(3), 2017, 991–1015.

  51. Wang, X. Y., Liu, M. J., Tian, C. L. and Bi, J. G., Improved Nguyen-Vidick heuristic sieve algorithm for shortest vector problem (Keynote Talk), Bruce S. N. Cheung, Lucas Chi Kwong Hui, Ravi S. Sandhu, and Duncan S. Wong, editors, ASIACCS 11: 6th ACM Symposium on Information, Computer and Communications Security, ACM Press, 2011, 1–9.

  52. Xu, G. W. and Wang, X. Y., Computational aspects of lattices and their cryptographic applications, Science China [Ser A], 50(2020), 2020, 1417–1436 (in Chinese).

    MATH  Google Scholar 

  53. Yu, Y. and Ducas, L., Learning strikes again: The case of the DRS signature scheme, Thomas Peyrin and Steven Galbraith, editors, Advances in Cryptology–ASIACRYPT 2018, Part II, Lecture Notes in Computer Science, 11273, Springer-Verlag, Heidelberg, 2018, 525–543.

  54. Yu, Y., Jia, H. W., Li, L. B., et al., HuFu, Technical report, National Institute of Standards and Technology, 2023, https://csrc.nist.gov/Projects/pqc-dig-sig/round-1-additional-signatures.

  55. Yu, Y., Jia, H. W., and Wang, X. Y., Compact lattice gadget and its applications to hash-and-sign signatures, CRYPTO 2023, 2023, 390–420.

  56. Yu, Y. Xu, G. W., Wang, X. Y., Provably secure NTRU instances over prime cyclotomic rings, Serge Fehr, editor, PKC 2017: 20th International Conference on Theory and Practice of Public Key Cryptography, Part I, Lecture Notes in Computer Scienece, 10174, Springer-Verlag, Heidelberg, 2017, 409–434.

  57. Zheng, Z. X., Wang, A. Y., Fan, H. N., et al., Scloud: Public key encryption and key encapsulation mechanism based on learning with errors, IACR Cryptol. ePrint Arch., 2020, 95.

  58. Zheng, Z. X., Wang, X. Y., Xu, G. W. and Yu, Y., Orthogonalized lattice enumeration for solving SVP, Sci. China Inf. Sci., 61(3), 2018, 32115:1–32115:15.

    Article  MathSciNet  Google Scholar 

  59. Zong, C. M., What is the leech lattice?, Notices of the AMS, 60(9), 2013, 1168–1169.

    MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Advanced Study, Tsinghua University, Beijing, 100084, China

    Xiaoyun Wang & Yang Yu

  2. School of Cyber Science and Technology, Shandong University, Qingdao, Shandong, 266237, China

    Guangwu Xu

Authors
  1. Xiaoyun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Guangwu Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yang Yu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Xiaoyun Wang or Guangwu Xu.

Ethics declarations

Conflicts of interest The authors declare no conflicts of interest.

Additional information

This work was supported by the National Key Research and Development Program of China (No. 2018YFA0704701), the National Natural Science Foundation of China (Nos. 12271306, 62102216, 12226006), the Major Program of Guangdong Basic and Applied Research (No. 2019B030302008), the Major Scientific and Technological Innovation Project of Shandong Province (No. 2019JZZY010133) and Shandong Key Research and Development Program (No. 2020ZLYS09).

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Wang, X., Xu, G. & Yu, Y. Lattice-Based Cryptography: A Survey. Chin. Ann. Math. Ser. B 44, 945–960 (2023). https://doi.org/10.1007/s11401-023-0053-6

Download citation

  • Received:

  • Revised:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11401-023-0053-6

Keywords

2000 MR Subject Classification

Search

Navigation