minor corrects
This commit is contained in:
parent
96bbdaf950
commit
5b963c690d
@ -5,8 +5,8 @@
|
||||
During the last decade, lattice-based cryptography has emerged as a promising candidate for post-quantum cryptography.
|
||||
For example, on the first round of the NIST post-quantum competition, there are 28 out of 82 submissions from lattice-based cryptography~\cite{NIS17}. Lattice-based cryptography takes advantage of a simple mathematical structure (the lattices) in order to provide beyond encryption and signature cryptography. For instance, fully homomorphic encryption~\cite{Gen09,GSW13} are only possible in the lattice-based world for now.
|
||||
|
||||
In the context of provable security, lattice assumptions benefits from a worst-case to average-case reduction~\cite{Reg05,GPV08,MP12}
|
||||
have been extensively studied~\cite{ADRS15,HK17}
|
||||
In the context of provable security, lattice assumptions benefits from a worst-case to average-case reduction~\cite{Reg05,GPV08,MP12}.
|
||||
Worst-case lattice problems have been extensively studied in the last past years~\cite{ADRS15,HK17}.
|
||||
|
||||
\subsection{Lattices and Hard Lattice Problems}
|
||||
\label{sse:lattice-problems}
|
||||
@ -107,7 +107,7 @@ given a sufficiently short basis of the lattice.
|
||||
\begin{lemma}[{\cite[Le.~2.3]{BLP+13}}]
|
||||
\label{le:GPV}
|
||||
There exists a $\PPT$ (probabilistic polynomial-time) algorithm $\GPVSample$ that takes as inputs a
|
||||
basis~$\mathbf{B}$ of a lattice~$L \subseteq \ZZ^n$ and a
|
||||
basis~$\mathbf{B}$ of a lattice~$\Lambda \subseteq \ZZ^n$ and a
|
||||
rational~$\sigma \geq \|\widetilde{\mathbf{B}}\| \cdot \Omega(\sqrt{\log n})$,
|
||||
and outputs vectors~$\mathbf{b} \in L$ with distribution~$D_{L,\sigma}$.
|
||||
\end{lemma}
|
||||
@ -128,7 +128,7 @@ to~$U(\ZZ_q^{n \times m})$, and~$\|\widetilde{\mathbf{T}_{\mathbf{A}}}\| \leq
|
||||
\end{lemma}
|
||||
|
||||
\noindent Lemma~\ref{le:TrapGen} is often combined with the sampler from Lemma~\ref{le:GPV}. Micciancio and Peikert~\cite{MP12} proposed a more efficient
|
||||
approach for this combined task, which should be preferred in practice but, for the sake of simplicity,
|
||||
approach for this combined task, which is to be be preferred in practice but, for the sake of simplicity,
|
||||
schemes are presented using~$\TrapGen$ in this thesis.
|
||||
|
||||
We also make use of an algorithm that extends a trapdoor for~$\mathbf{A} \in \ZZ_q^{n \times m}$ to a trapdoor of any~$\mathbf{B} \in \ZZ_q^{n \times m'}$ whose left~$n \times m$
|
||||
|
Loading…
Reference in New Issue
Block a user