Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Recovering short generators via negative moments of Dirichlet $L$-functions

Iu-Iong Ng, Yuichiro Toma

Abstract

In 2016, Cramer, Ducas, Peikert and, Regev proposed an efficient algorithm for recovering short generators of principal ideals in $q$-th cyclotomic fields with $q$ being a prime power. In this paper, we improve their analysis of the dual basis of the log-cyclotomic-unit lattice under the Generalised Riemann Hypothesis and in the case that $q$ is a prime number by the negative square moment of Dirichlet $L$-functions at $s=1$. As an implication, we obtain a better lower bound on the success probability for the algorithm in this special case. In order to prove our main result, we also give an analysis of the behaviour of negative $2k$-th moments of Dirichlet $L$-functions at $s=1$.

Recovering short generators via negative moments of Dirichlet $L$-functions

Abstract

In 2016, Cramer, Ducas, Peikert and, Regev proposed an efficient algorithm for recovering short generators of principal ideals in -th cyclotomic fields with being a prime power. In this paper, we improve their analysis of the dual basis of the log-cyclotomic-unit lattice under the Generalised Riemann Hypothesis and in the case that is a prime number by the negative square moment of Dirichlet -functions at . As an implication, we obtain a better lower bound on the success probability for the algorithm in this special case. In order to prove our main result, we also give an analysis of the behaviour of negative -th moments of Dirichlet -functions at .
Paper Structure (16 sections, 12 theorems, 51 equations)

This paper contains 16 sections, 12 theorems, 51 equations.

Table of Contents

  1. Introduction
  2. Lattice-based cryptosystems
  3. Our contributions
  4. Preliminaries
  5. Ideal lattices and lattice problems
  6. Ideal lattices
  7. Bounded-distance decoding (BDD)
  8. Shortest generator problem (SGP)
  9. Cyclotomic units and Dirichlet $L$-functions
  10. Cyclotomic units
  11. Dirichlet $L$-function
  12. Prior works
  13. Asymptotic norm of dual basis vectors
  14. Higher success probability for prime $q$
  15. Negative moments of $L$-functions
  16. ...and 1 more sections

Key Result

Theorem 2.1

Let $\mathcal{L}\subset\mathbb{R}^n$ be a lattice with a basis $\mathbf{B}$, and let $\mathbf{t}=\mathbf{v}+\mathbf{e}\in\mathbb{R}^n$ for some $\mathbf{v}\in\mathcal{L}$, $\mathbf{e}\in\mathbb{R}^n$. If $\langle\mathbf{b}_j^{\vee},\mathbf{e}\rangle\in [-\frac{1}{2},\frac{1}{2})$ for all $j$, then o

Theorems & Definitions (16)

  • Theorem 2.1: CDPR15
  • Theorem 2.2: CDPR15
  • Theorem 2.3: CDPR15
  • Lemma 2.4: CDPR15
  • Theorem 3.1
  • Corollary 4.1
  • Corollary 4.2
  • proof : Proof of Corollary \ref{['cor:algo']}
  • Theorem 5.1
  • Lemma 5.2
  • ...and 6 more