fmouhart/thesis
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

minor corrects

Browse Source
This commit is contained in:
Fabrice Mouhartem 2018-01-30 09:52:53 +01:00
parent 96bbdaf950
commit 5b963c690d
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sec-lattices.tex
View File

@ -5,8 +5,8 @@
During the last decade, lattice-based cryptography has emerged as a promising candidate for post-quantum cryptography.
For example, on the first round of the NIST post-quantum competition, there are 28 out of 82 submissions from lattice-based cryptography~\cite{NIS17}. Lattice-based cryptography takes advantage of a simple mathematical structure (the lattices) in order to provide beyond encryption and signature cryptography. For instance, fully homomorphic encryption~\cite{Gen09,GSW13} are only possible in the lattice-based world for now.
In the context of provable security, lattice assumptions benefits from a worst-case to average-case reduction~\cite{Reg05,GPV08,MP12}
have been extensively studied~\cite{ADRS15,HK17}
In the context of provable security, lattice assumptions benefits from a worst-case to average-case reduction~\cite{Reg05,GPV08,MP12}.
Worst-case lattice problems have been extensively studied in the last past years~\cite{ADRS15,HK17}.
\subsection{Lattices and Hard Lattice Problems}
\label{sse:lattice-problems}
@ -107,7 +107,7 @@ given a sufficiently short basis of the lattice.
\begin{lemma}[{\cite[Le.~2.3]{BLP+13}}]
\label{le:GPV}
There exists a $\PPT$ (probabilistic polynomial-time) algorithm $\GPVSample$ that takes as inputs a
basis~$\mathbf{B}$ of a lattice~$L \subseteq \ZZ^n$ and a
basis~$\mathbf{B}$ of a lattice~$\Lambda \subseteq \ZZ^n$ and a
rational~$\sigma \geq \|\widetilde{\mathbf{B}}\| \cdot \Omega(\sqrt{\log n})$,
and outputs vectors~$\mathbf{b} \in L$ with distribution~$D_{L,\sigma}$.
\end{lemma}
@ -128,7 +128,7 @@ to~$U(\ZZ_q^{n \times m})$, and~$\|\widetilde{\mathbf{T}_{\mathbf{A}}}\| \leq
\end{lemma}
\noindent Lemma~\ref{le:TrapGen} is often combined with the sampler from Lemma~\ref{le:GPV}. Micciancio and Peikert~\cite{MP12} proposed a more efficient
approach for this combined task, which should be preferred in practice but, for the sake of simplicity,
approach for this combined task, which is to be be preferred in practice but, for the sake of simplicity,
schemes are presented using~$\TrapGen$ in this thesis.
We also make use of an algorithm that extends a trapdoor for~$\mathbf{A} \in \ZZ_q^{n \times m}$ to a trapdoor of any~$\mathbf{B} \in \ZZ_q^{n \times m'}$ whose left~$n \times m$