Cryptography and Lattices

ThesearetheproceedingsofCaLC2001,the?rstconferencedevotedtocr- tographyandlattices. Wehavelongbelievedthattheimportanceoflattices andlatticereductionincryptography,bothforcryptographicconstructionand cryptographicanalysis,meritsagatheringdevotedtothistopic. Theenthusiastic responsethatwereceivedfromtheprogramcommittee,theinvitedspeakers,the manypeoplewhosubmittedpapers,andthe90registeredparticipantsamply con?rmedthewidespreadinterestinlatticesandtheircryptographicappli- tions. WethankeveryonewhoseinvolvementmadeCaLCsuchasuccessfulevent; inparticularwethankNatalieJohnson,LarryLarrivee,DoreenPappas,andthe BrownUniversityMathematicsDepartmentfortheirassistanceandsupport. March2001 Je?reyHo?stein,JillPipher,JosephSilverman VI Preface Organization CaLC2001wasorganizedbytheDepartmentofMathematicsatBrownUniv- sity. Theprogramchairsexpresstheirthankstotheprogramcommiteeandthe additionalexternalrefereesfortheirhelpinselectingthepapersforCaLC2001. TheprogramchairswouldalsoliketothankNTRUCryptosystemsforproviding ?nancialsupportfortheconference. Program Commitee DonCoppersmith IBMResearch Je?reyHo?stein(co-chair), BrownUniversityandNTRUCryptosystems ArjenLenstra Citibank,USA PhongNguyen ENS AndrewOdlyzko AT&TLabsResearch JosephH. Silverman(co-chair), BrownUniversityandNTRUCryptosystems External Referees AliAkhavi,GlennDurfee,NickHowgrave-Graham,DanieleMicciancio Sponsoring Institutions NTRUCryptosystems,Inc. ,Burlington,MA Table of Contents An Overveiw of the Sieve Algorithm forthe Shortest Lattice Vector Problem 1 Miklos Ajtai, Ravi Kumar, and Dandapani Sivakumar Low Secret Exponent RSA Revisited ::::::::::::::::::::::::::::::::: 4 Johannes Bl omer and Alexander May Finding Small Solutions to Small Degree Polynomials::::::::::::::::::: 20 Don Coppersmith Fast Reduction of Ternary Quadratic Forms::::::::::::::::::::::::::: 32 Friedrich Eisenbrand and Gunt er Rote Factoring Polynomialsand 0-1 Vectors:::::::::::::::::::::::::::::::: 45 Mark van Hoeij Approximate Integer Common Divisors::::::::::::::::::::::::::::::: 51 Nick Howgrave-Graham Segment LLL-Reduction of Lattice Bases ::::::::::::::::::::::::::::: 67 Henrik Koy and Claus Peter Schnorr Segment LLL-Reduction with Floating Point Orthogonalization:::::::::: 81 Henrik Koy and Claus Peter Schnorr TheInsecurity ofNyberg-Rueppel andOther DSA-LikeSignatureSchemes with Partially Known Nonces:::::::::::::::::::::::::::::::::::::::: 97 Edwin El Mahassni, Phong Q. Nguyen, and Igor E. Shparlinski Dimension Reduction Methods for Convolution Modular Lattices :::::::: 110 Alexander May and Joseph H. Silverman Improving Lattice Based Cryptosystems Using the Hermite Normal Form : 126 Daniele Micciancio The Two Faces of Lattices in Cryptology:::::::::::::::::::::::::::::: 146 Phong Q.