2. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Groups
A group, G is a set with four properties along with an
operation +. This operation + works on two elements of G and
returns a result.
Closure: If a, b are two elements of G, then the result of
the operation a + b must be in G as well. And we will say
that, the set G is closed under the operation +.
Associativity: If a, b, c ∈ G, then a + (b + c) = (a + b) + c.
Identity: There must be an element e ∈ G so that a + e = a
i.e. it doesn’t change the result even after the operation.
Inverse: For any a ∈ G, there must be a b ∈ G so that,
a + b = e. This b is called the inverse of a.
3. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Examples
We agree to denote a group G associated with the operation +
shortly as (G, +).
Example
Z is a group under addition. In (Z, +), 0 is the identity element
and for a ∈ Z, −a is the inverse of a.
Example
(R − {0}, ∗) is a group where ∗ is the usual multiplication
operation. And in this case, 1 is the multiplicative identity,
since for a ̸= 0, a ·
1
a
= 1.
4. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Lattices And Basis
A Lattice, informally is a set of points, one of which is origin
and the set looks the same from every side. For a set of points
L to be a lattice, it needs to maintain two conditions:
1. (L, +) is a group where + means vector addition.
2. Every point in L is the center of a ball which doesn’t
contain any other point P ∈ L.
5. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Continued...
Now, a set of vectors b1, b2, ..., bn can span a lattice L. This set
of vectors is called the basis of L. Alternatively, B can be
represented as a of m × n matrix with bi in columns. And n is
called the rank of B. If B is a basis of L, then the lattice L
contains all points generated by the linear combinations of B i.e.
L = {B · X : X ∈ Z} =
∞∑
i=1
bixi
where X is a matrix of integers, xi ∈ Z. The lattice generated
by B is denoted by L(B).
6. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Full Rank Basis, Example Of Basis
Definition
A basis B is a full rank basis if n = m i.e. it has dimension as
much as the number of points.
Example
B = ((0, 1), (1, 0)) is a basis of Z2. It is also an example of full
rank lattice. Note that, ((1, 1), (2, 0) is not a basis of Z2. it
generates coordinates of even numbers.
8. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
An Encryption Scheme Using Lattices: GGH
Encryption
The GoldreichGoldwasserHalevi (GGH) lattice-based
cryptosystem is an asymmetric cryptosystem based on lattices.
There is also a GGH signature scheme. The
GoldreichGoldwasserHalevi (GGH) cryptosystem makes use of
the fact that the closest vector problem can be a hard problem.
9. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Operation
GGH involves a private key and a public key. The private key is
a basis B of a lattice L with good properties (such as short
nearly orthogonal vectors) and a unimodular matrix U. The
public key is another basis of the lattice L of the form
B′ = BU. For some chosen M, the message space consists of
the vector (λ1, λ2, ..., λn) in the range −M < λi < M.
12. .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
Security Of The Scheme
in 1999 Nguyen showed at the Crypto conference that the GGH
encryption scheme has a flaw in the design of the schemes. He
showed that every ciphertext reveals information about the
plaintext and that the problem of decryption could be turned
into a special closest vector problem much easier to solve than
the general CVP.