My weekly progress on the thesis I was working the first time

1. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Progress: Week 1
Masum Billal
26 January, 2014

2. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Groups
A group, G is a set with four properties along with an
operation +. This operation + works on two elements of G and
returns a result.
Closure: If a, b are two elements of G, then the result of
the operation a + b must be in G as well. And we will say
that, the set G is closed under the operation +.
Associativity: If a, b, c ∈ G, then a + (b + c) = (a + b) + c.
Identity: There must be an element e ∈ G so that a + e = a
i.e. it doesn’t change the result even after the operation.
Inverse: For any a ∈ G, there must be a b ∈ G so that,
a + b = e. This b is called the inverse of a.

3. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Examples
We agree to denote a group G associated with the operation +
shortly as (G, +).
Example
Z is a group under addition. In (Z, +), 0 is the identity element
and for a ∈ Z, −a is the inverse of a.
Example
(R − {0}, ∗) is a group where ∗ is the usual multiplication
operation. And in this case, 1 is the multiplicative identity,
since for a ̸= 0, a ·
1
a
= 1.

4. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Lattices And Basis
A Lattice, informally is a set of points, one of which is origin
and the set looks the same from every side. For a set of points
L to be a lattice, it needs to maintain two conditions:
1. (L, +) is a group where + means vector addition.
2. Every point in L is the center of a ball which doesn’t
contain any other point P ∈ L.

5. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Continued...
Now, a set of vectors b1, b2, ..., bn can span a lattice L. This set
of vectors is called the basis of L. Alternatively, B can be
represented as a of m × n matrix with bi in columns. And n is
called the rank of B. If B is a basis of L, then the lattice L
contains all points generated by the linear combinations of B i.e.
L = {B · X : X ∈ Z} =
∞∑
i=1
bixi
where X is a matrix of integers, xi ∈ Z. The lattice generated
by B is denoted by L(B).

6. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Full Rank Basis, Example Of Basis
Definition
A basis B is a full rank basis if n = m i.e. it has dimension as
much as the number of points.
Example
B = ((0, 1), (1, 0)) is a basis of Z2. It is also an example of full
rank lattice. Note that, ((1, 1), (2, 0) is not a basis of Z2. it
generates coordinates of even numbers.

7. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Equivalent Basis
Definition
A matrix M is called unimodular if det(M) = 1. Two basis B
and B′ are equal i.e. L(B) = L(B′) if B = B′U for some
unimodular matrix U.
Alternatively, two basis B and B′ are equivalent if and only if
one can be obtained from another only using the following
operations on columns.
1. bi ← bi + kbj
2. bi ↔ −bi
3. bi ← bj.

8. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
An Encryption Scheme Using Lattices: GGH
Encryption
The GoldreichGoldwasserHalevi (GGH) lattice-based
cryptosystem is an asymmetric cryptosystem based on lattices.
There is also a GGH signature scheme. The
GoldreichGoldwasserHalevi (GGH) cryptosystem makes use of
the fact that the closest vector problem can be a hard problem.

9. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Operation
GGH involves a private key and a public key. The private key is
a basis B of a lattice L with good properties (such as short
nearly orthogonal vectors) and a unimodular matrix U. The
public key is another basis of the lattice L of the form
B′ = BU. For some chosen M, the message space consists of
the vector (λ1, λ2, ..., λn) in the range −M < λi < M.

10. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Encryption
Given a message m = (λ1, λ2, ..., λn), error e, and a public key
B′ compute
v =
∑
λib′
i
In matrix notation this is
v = mB′
Remember m consists of integer values, and b′
i is a lattice
point, so v is also a lattice point. The ciphertext is then
c = v + e = mB′
+ e

11. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Decryption
To decrypt the cyphertext one computes
c · B−1
= (mB′
+ e)B−1
= mUBB−1
+ eB−1
The Babai rounding technique will be used to remove the term
eB−1 as long as it is small enough. Finally
m = m.UU−1
to get the messagetext.

12. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Security Of The Scheme
in 1999 Nguyen showed at the Crypto conference that the GGH
encryption scheme has a flaw in the design of the schemes. He
showed that every ciphertext reveals information about the
plaintext and that the problem of decryption could be turned
into a special closest vector problem much easier to solve than
the general CVP.