On Analysis of Recovering Short Generator Problems via Upper and Lower Bounds of Dirichlet L-functions: Part 2

  • Shinya OkumuraEmail author
Part of the Mathematics for Industry book series (MFI, volume 29)


In recent years, some fully homomorphic encryption schemes and cryptographic multilinear maps have been constructed by using short generators and ideal lattices arising from \(2^k\)th cyclotomic fields. Moreover, these systems are expected to have resistance to the attacks by quantum computers. The security of some of such cryptosystems depends on the principal ideal problem (PIP) and the recovering short generator problem (RSGP). Biasse and Song showed a quantum algorithm solving PIP on arbitrary number fields in polynomial time under GRH. On the other hand, Campbell et al. explain an algorithm solving RSGP on \(2^k\)th cyclotomic fields. Their algorithm is analyzed independently by Cramer, Ducas, Peikert and Regev/Okumura, Sugiyama, Yasuda and Takagi. Their analyses suggest that RSGP on \(2^k\)th cyclotomic fields is solved easily for practical parameters, and that cryptosystems of which the security is based on PIP and RSGP may not be post-quantum cryptosystems. Important tools in their analyses are upper and lower bounds of special values of Dirichlet L-functions at 1. In this paper, we give a survey on their analyses and explain some cryptographic and number theoretic open problems on RSGP.


Post-quantum cryptography Recovering short generator problem Cyclotomic fields Dirichlet L-functions 


  1. 1.
    L. Babai, On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986) (Preliminary version in STACS 1985)Google Scholar
  2. 2.
    D. Bernstein, A subfield-logarithm attack against ideal lattices (2014),
  3. 3.
    J.-F. Biasse, F. Song, Efficient quantum algorithms for computing class groups and solving the principal ideal problem in arbitrary degree number fields, in Proceedings of the Twenty-Seventh Annual ACM-SIAM Symposium on Discrete Algorithms, SODA ’16 (2016), pp. 893–902Google Scholar
  4. 4.
    D. Boneh, A. Silverberg, Applications of multilinear forms to cryptography, in Contemporary Mathematics, vol. 324 (American Mathematical Society, Providence, 2003), pp. 71–90Google Scholar
  5. 5.
    W. Bosma, J. Cannon, C. Playoust, The Magma algebra system. I. The user language. J. Symb. Comput. 24(3–4), 235–265 (1997)CrossRefzbMATHMathSciNetGoogle Scholar
  6. 6.
    P. Campbell, M. Groves, D. Shepherd, Soliloquy: a cautionary tale, in ETSI 2nd Quantum-Safe Crypto Workshop (2014)Google Scholar
  7. 7.
    J.W. Cooley, J.W. Tukey, An algorithm for the machine calculation of complex Fourier series. Math. Comput. 19, 297–301 (1965)CrossRefzbMATHMathSciNetGoogle Scholar
  8. 8.
    R. Cramer, L. Ducas, C. Peikert, O. Regev, Recovering short generators of principal ideals in cyclotomic rings, in EUROCRYPT 2016. LNCS, vol. 9666 (Springer, Berlin, 2016), pp. 559–585Google Scholar
  9. 9.
    S.S. Eddin, D.J. Platt, Explicit upper bounds for \(|L(1, \chi )|\) when \(\chi (3)=0\). Colloq. Math. 133(1), 23–34 (2013)CrossRefzbMATHMathSciNetGoogle Scholar
  10. 10.
    T. Espitau, P.-A. Fouque, A. Gélin, P. Kirchner, Computing generator in cyclotomic integer rings, in IACR Cryptology ePrint Archive, 2016/957 (2016)Google Scholar
  11. 11.
    S. Garg, C. Gentry, S. Halevi, Candidate multilinear maps from ideal lattices, in EUROCRYPT 2013. LNCS, vol. 7881 (Springer, Berlin, 2013), pp. 1–17Google Scholar
  12. 12.
    C. Gentry, Fully homomorphic encryption using ideal lattices, in Proceedings STOC 2009 (ACM, 2009), pp. 169–178Google Scholar
  13. 13.
    J. Hoffstein, J. Pipher, J.H. Silverman, NTRU: a ring-based public key cryptosystem, in Proceedings of ANTS-III. Lecture Notes in Computer Science, vol. 1423 (1998), pp. 267–288Google Scholar
  14. 14.
    E. Landau, Über Dirichletsche Reihen mit komplexen Charakteren. Journal für die reine und angewandte Mathematik 157, 26–32 (1927)zbMATHMathSciNetGoogle Scholar
  15. 15.
    A. Langlois, D. Stehlé, R. Steinfeld, GGHLite: more efficient multilinear maps from ideal lattices, in EUROCRYPT 2014. LNCS, vol. 8441 (Springer, Berlin, 2014), pp. 239–256Google Scholar
  16. 16.
    S. Louboutin, Majorations explicites de \(|L(1, \chi )|\) (quatrième partie). C. R. Acad. Sci. Paris 334, 625–628 (2002)CrossRefzbMATHGoogle Scholar
  17. 17.
    S. Louboutin, An explicit lower bound on moduli of Dirichlet \(L\)-functions at \(s=1\). J. Ramanujan Math. Soc. 30(1), 101–113 (2015)zbMATHMathSciNetGoogle Scholar
  18. 18.
    V. Lyubashevsky, C. Peikert, O. Regev, On ideal lattices and learning with errors over rings. J. ACM 60(3), 43 (2013)Google Scholar
  19. 19.
    V. Lyubashevsky, C. Peikert, O. Regev, A toolkit for ring-LWE cryptography, in IACR Cryptology ePrint Archive, 2013/293 (2013)Google Scholar
  20. 20.
    J. Neukirch, in Algebraic Number Theory. Grundlehren der mathematischen Wissenschaften, vol. 322 (Springer, Berlin, 1999)Google Scholar
  21. 21.
    S. Okumura, S. Sugiyama, M. Yasuda, T. Takagi, Security analysis of cryptosystems using short generators over ideal lattices, in IACR Cryptology ePrint Archive, 2015/1004 (2015)Google Scholar
  22. 22.
    S. Okumura, M. Yasuda, T. Takagi, An improvement on the recovering short generator attack over ideal lattices and its countermeasure, Preprint (2016)Google Scholar
  23. 23.
    O. Ramaré, Approximate formulae for \(L(1, \chi )\). Acta Arith. 100, 245–266 (2001)CrossRefzbMATHMathSciNetGoogle Scholar
  24. 24.
    O. Regev, On lattices, learning with errors, random linear codes, and cryptography, in Proceedings of the Thirty-seventh Annual ACM Symposium on Theory of Computing, STOC ’05 (2005), pp. 84–93Google Scholar
  25. 25.
    N.P. Smart, F. Vercauteren, Fully homomorphic encryption with relatively small key and ciphertext sizes, in Public Key Cryptography-PKC 2010. LNCS, vol. 6056 (Springer, Berlin, 2010), pp. 420–443Google Scholar
  26. 26.
    S. Sugiyama, On analysis of recovering short generator problems via upper and lower bounds of Dirichlet \(L\)-functions: part 1 (in this proceeding)Google Scholar
  27. 27.
    L. Washington, Introduction to Cyclotomic Fields, 2nd edn. Graduate Texts in Mathematics, vol. 83 (Springer, New York, 1997)Google Scholar

Copyright information

© Springer Nature Singapore Pte Ltd. 2018

Authors and Affiliations

  1. 1.Information Security LaboratoryInstitute of Systems, Information Technologies and NanotechnologiesSawara-ku, FukuokaJapan

Personalised recommendations