With the development of the quantum computers, researchers discover that the large integer factorization and the discrete logarithm problems can be solved in ploynomial time by quantum computers. The cryptosystems based on those two hardness problems are not secure in the quantum environment. Thus it is very meaningful to study the secure cryptosystems in the quantum world. As an important post-quantum cryptography, lattice public key cryptography has some good cryptographic properties. It obtained the breakthrough and many important achievements in recent years. However, the study is in its preliminary stages. Compared with the cryptosystem based on the large integer factorization and the discrete logarithm problems, it is still not mature and there are many problems need to be studied hard. In this paper, the lattice public key cryptography has been analyzed and explored thoroughly, and the author obtains main results as follows:1. Using the first identity based encryption scheme over lattices, we contruct a certificateless encryption scheme. Compared with the schemes based on large integer factorization and discrete logarithm problems, the most operations are matrix-vector multiplication and inner product in our scheme, the computation complexity is lower than them, and it is secure in quantum environment.2. Using the lattice signature without trapdoors and transmission technology with matrix with small norm and based on the hardness of Small Integer Solution-SIS problem, we construct an efficient proxy signature scheme. The transmission technology with matrix with small norm is used to control the dimension of proxy signature secret key such that its dimension is smaller than that of original signature secret key. Compared with the schemes based on bonsai tree or lattice basis delegation in fixed dimension, the size of proxy re-signature key and proxy signature is reduced.3. For the proxy insecurity of the re-signature schemes based on large integer factorization and discrete logarithm problem in the quantum environment, we present the proxy re-signature scheme that can resist the quantum attack. Using Xagawa’s proxy re-encryption technology and lattice signatures without trapdoors technology, we construct the first lattice-based proxy re-signature scheme. The security of this scheme is based on the hardness of Small Integer Solution-SIS problem. The results of the proof and efficiency analysis show that this scheme has the properties of bidirectional, multi-use, optimal key and transparent. Compared with previous schemes relied on other hardness assumptions, it has the advantage of low asymptotic computational complexity. Finally, we extend the scheme to the identity-based proxy re-signature scheme.4. Using the preimage sampleable algorithm, we construct the first multi-use unidirectional proxy re-signature scheme based on lattices. We solve the first open problem and the verification cost problem in the second open problem that put forword by Libert and Vergnaud in CCS 2008. Its security based on the hardness of the Small Integer Solution (SIS) problem. The verification cost does not grow with the number of translations and the size of signatures grows linearly with the number of translations in this scheme.5. Using the preimage sampleable technology and lattice basis delegation in fixed dimension technology and based on the hardness of Small Integer Solution-SIS problem, we construct the first identity-based proxy re-signature scheme on lattices. This scheme has the properties of unidirectional, multi-use and so on. Compared with previous schemes had the same properties, it has the advantage of low verification cost and low asymptotic computational complexity.6. Using the preimage sampleable technology, we construct the first multi-use unidirectional proxy re-encryption scheme on lattices. The generation of the proxy re-encryption key does not interact between the two users such that the scheme can be against collusion attack. It is proved to be CPA secure in the standard model based on the Learning With Errors (LWE) assumption. Finally, we extend the basis construction to obtain an identity-based proxy re-encryption. |