Some Mathematical Problems Behind Lattice-Based Cryptography

In 1994, P. Shor discovered quantum algorithms which can break both the RSA cryptosystem and the ElGamal cryptosystem. In 2007, D-Wave demonstrated the first quantum computer. These events and further developments have brought a crisis to secret communication. In 2016, the National Institute of Standards and Technology (NIST) launched a global project to solicit and select a handful of encryption algorithms with the ability to resist quantum computer attacks. In 2022, it announced four candidates, CRYSTALS-Kyber, CRYSTALS-Dilithium, Falcon and Sphincs$+$ for post-quantum cryptography standards. The first three are based on lattice theory and the last on the Hash function. It is well known that the security of the lattice-based cryptosystems relies on the computational complexity of the shortest vector problem (SVP), the closest vector problem (CVP) and their generalizations. In fact, the SVP is a ball packing problem and the CVP is a ball covering problem. Furthermore, both SVP and CVP are equivalent to arithmetic problems for positive definite quadratic forms. Therefore, post-quantum cryptography provides unprecedented opportunities for mathematicians to make contributions in modern technology. This paper will briefly review the mathematical problems on which the lattice-based cryptography is built up, so that mathematicians can see that they are indeed in the game.