How is GGH's bad basis public key safe from gram–schmidt orthogonalization?

Tarick Welling

5/31/23, 1:47 PM

I'm reading about lattice based cryptography. In my reading I read of gram–schmidt orthogonalization. Which allows for turning a bad basis into a good basis, or at least an orthogonal one.

Now I'm reading that in the GGH encryption scheme a good basis is used as private key and a bad basis is used as public key.

However my thought is that if the public key is known we can apply gram-schmidt orthogonalization to this bad basis to form a better one which would allow us to find the point that is being transferred.

How can this be safe? What am I missing in my thoughts?

It seems like that the problem is that with gram-schmidt we are having a $O(n!)$ computation because we need to do $n-1$ projections for every added dimensions. And as $O(n!)$ is worse than $O(2^n)$ we are still not in polynomial time with regards to our computation.

0 + 0

public-key

lattice-crypto

Chris Peikert

5/31/23, 7:40 PM

The output of the GSO process is a set of orthogonal vectors, but they are typically not a *lattice basis*. When applied to a “bad” basis, the orthogonalized vectors typically have rapidly decreasing lengths. This prevents them from successfully recovering the nearest lattice point to the ciphertext point.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: How is GGH's bad basis public key safe from gram–schmidt orthogonalization?

TH: คีย์สาธารณะที่มีพื้นฐานไม่ดีของ GGH จะปลอดภัยจากการปรับมุมฉากด้วยแกรมมาได้อย่างไร

RO: Cum este protejată cheia publică de bază proastă a lui GGH de ortogonalizarea gramâschmidt?

RU: Как открытый ключ GGH с плохой базой защищен от ортогонализации Грама-Шмидта?

VI: Khóa công khai cơ sở xấu của GGH được an toàn như thế nào trước quá trình trực giao hóa gramâschmidt?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.