With the development of the quantum computers, researchers discover that the large integer factorization and the discrete logarithm problems can be solved in ploynomial time by quantum computers. The cryptosystems based on those two hardness problems are not secure in the quantum environment. Thus it is very meaningful to study the secure cryptosystems in the quantum world. As an important postquantum cryptography, lattice public key cryptography has some good cryptographic properties. It obtained the breakthrough and many important achievements in recent years. However, the study is in its preliminary stages. Compared with the cryptosystem based on the large integer factorization and the discrete logarithm problems, it is still not mature and there are many problems need to be studied hard. In this paper, the lattice public key cryptography has been analyzed and explored thoroughly, and the author obtains main results as follows:1. Using the first identity based encryption scheme over lattices, we contruct a certificateless encryption scheme. Compared with the schemes based on large integer factorization and discrete logarithm problems, the most operations are matrixvector multiplication and inner product in our scheme, the computation complexity is lower than them, and it is secure in quantum environment.2. Using the lattice signature without trapdoors and transmission technology with matrix with small norm and based on the hardness of Small Integer SolutionSIS problem, we construct an efficient proxy signature scheme. The transmission technology with matrix with small norm is used to control the dimension of proxy signature secret key such that its dimension is smaller than that of original signature secret key. Compared with the schemes based on bonsai tree or lattice basis delegation in fixed dimension, the size of proxy resignature key and proxy signature is reduced.3. For the proxy insecurity of the resignature schemes based on large integer factorization and discrete logarithm problem in the quantum environment, we present the proxy resignature scheme that can resist the quantum attack. Using Xagawaâ€™s proxy reencryption technology and lattice signatures without trapdoors technology, we construct the first latticebased proxy resignature scheme. The security of this scheme is based on the hardness of Small Integer SolutionSIS problem. The results of the proof and efficiency analysis show that this scheme has the properties of bidirectional, multiuse, optimal key and transparent. Compared with previous schemes relied on other hardness assumptions, it has the advantage of low asymptotic computational complexity. Finally, we extend the scheme to the identitybased proxy resignature scheme.4. Using the preimage sampleable algorithm, we construct the first multiuse unidirectional proxy resignature scheme based on lattices. We solve the first open problem and the verification cost problem in the second open problem that put forword by Libert and Vergnaud in CCS 2008. Its security based on the hardness of the Small Integer Solution (SIS) problem. The verification cost does not grow with the number of translations and the size of signatures grows linearly with the number of translations in this scheme.5. Using the preimage sampleable technology and lattice basis delegation in fixed dimension technology and based on the hardness of Small Integer SolutionSIS problem, we construct the first identitybased proxy resignature scheme on lattices. This scheme has the properties of unidirectional, multiuse and so on. Compared with previous schemes had the same properties, it has the advantage of low verification cost and low asymptotic computational complexity.6. Using the preimage sampleable technology, we construct the first multiuse unidirectional proxy reencryption scheme on lattices. The generation of the proxy reencryption key does not interact between the two users such that the scheme can be against collusion attack. It is proved to be CPA secure in the standard model based on the Learning With Errors (LWE) assumption. Finally, we extend the basis construction to obtain an identitybased proxy reencryption.
