Improving GGH cryptosystem for large error vector

This paper analyzes the first lattice-based encryption scheme proposed by Goldreich, Goldwasser and Halevi and proposed a variant of the schemes to improve resistance against lattice reductions. In practice, lattice reductions such as LLL reduction are able to break the specific CVP with small dimension that was applied to the GGH cryptosystem; the scheme with representative dimensions such as 400 dimension was broken. This paper proposes an improvement of GGH cryptosystem based on a variant of lattice problem, which is expected to be harder than the previous problem of CVP. For given lattice basis B, a vector v, sets of integers I₁ and I₂, and an integer k, the problem is to find a vector e such that k coordinates of b-v are in I₁ and others are in I₂ with some lattice vector b. Furthermore, unlike the original GGH cryptosystem sacrificed from an ineligible probability of decryption error, the proposal solves the decryption error problem and decrypts ciphertext with probability 1.