2006 Fiscal Year Final Research Report Summary
Research on the Applications of Short Vector Problem and Lattice Algorithms on Public Key
| Project/Area Number |
16500009
|
|---|
| Research Category |
Grant-in-Aid for Scientific Research (C)
|
| Allocation Type | Single-year Grants |
|---|
| Section | 一般 |
|---|
| Research Field |
Fundamental theory of informatics
|
|---|
| Research Institution | The University of Electro-Communications |
|---|
Principal Investigator |
OHTA Kazuo The University of Electro-Communications, Department of Information and Communication Engineering, Professor, 電気通信学部, 教授 (80333491)
|
|---|
| Co-Investigator(Kenkyū-buntansha) |
KIDA Masanari The University of Electro-Communications, Department of Mathematics, Associate Professor, 電気通信学部, 助教授 (20272057)
KUNIHIRO Noboru The University of Electro-Communications, Department of Information and Communication Engineering, Associate Professor, 電気通信学部, 助教授 (60345436)
KANAYAMA Naoki University of Tsukuba, Faculty of System Information Engineering, Research Staff of Industry- Academia-Government Collaboration, Research Staff of Industry- Academia- Government Collaboration, システム情報工学研究科, 研究員 (70339696)
|
|---|
| Project Period (FY) |
2004 – 2006
|
| Keywords | Lattice / LLL algorithm / Coppersmith method / Knapsack's cryptosystem |
|---|
| Research Abstract |
・We propose a new method for solving the shortest vector problem (SVP) by combing classical and quantum computations.
・We propose an algorithm of factoring any integer N which has k different prime factors with the same bit-length, when ( 1/(k+2) + ε/(k(k-1)) ) log(N) high-order bits of each prime factor are given, based on a new lattice-based algorithm of solving any k-variate polynomial equation over Z
・For RSA, May showed the deterministic polynomial time equivalence of computing d to factoring N (=pq). On the other hand, Takagi showed a variant of RSA such that the decryption algorithm is faster than the standard RSA, where N=p^rq while ed= 1 mod (pΓ/1)(qΓ1). We show that the deterministic polynomial time equivalence also holds in this variant.
・Many knapsack cryptosystems are vulnerable to low density attack. However, there are several proposed schemes which are strong to this attack. The density of these schemes becomes high by reducing the Hamming weight of a message. In Asiacrypt 2005, Nguyen and Stern introduced pseudo-density and showed that if the pseudo-density is low enough, the knapsack scheme can be broken by a single call of SVP oracle. However, the relation between the density and the pseudo-density was not clear. Our research's motivation is to investigate the relation between this two notions of density. Our research resulted a new notion of density, which naturally includes the previous two density. By this new notion of density we can show and describe the necessary condition for a knapsack scheme to be secure.
|
