Skip to main content Accessibility help
×
Home

Tuple lattice sieving

  • Shi Bai (a1), Thijs Laarhoven (a2) and Damien Stehlé (a3)

Abstract

Lattice sieving is asymptotically the fastest approach for solving the shortest vector problem (SVP) on Euclidean lattices. All known sieving algorithms for solving the SVP require space which (heuristically) grows as $2^{0.2075n+o(n)}$ , where $n$ is the lattice dimension. In high dimensions, the memory requirement becomes a limiting factor for running these algorithms, making them uncompetitive with enumeration algorithms, despite their superior asymptotic time complexity.

We generalize sieving algorithms to solve SVP with less memory. We consider reductions of tuples of vectors rather than pairs of vectors as existing sieve algorithms do. For triples, we estimate that the space requirement scales as $2^{0.1887n+o(n)}$ . The naive algorithm for this triple sieve runs in time $2^{0.5661n+o(n)}$ . With appropriate filtering of pairs, we reduce the time complexity to $2^{0.4812n+o(n)}$ while keeping the same space complexity. We further analyze the effects of using larger tuples for reduction, and conjecture how this provides a continuous trade-off between the memory-intensive sieving and the asymptotically slower enumeration.

    • Send article to Kindle

      To send this article to your Kindle, first ensure no-reply@cambridge.org is added to your Approved Personal Document E-mail List under your Personal Document Settings on the Manage Your Content and Devices page of your Amazon account. Then enter the ‘name’ part of your Kindle email address below. Find out more about sending to your Kindle. Find out more about sending to your Kindle.

      Note you can select to send to either the @free.kindle.com or @kindle.com variations. ‘@free.kindle.com’ emails are free but can only be sent to your device when it is connected to wi-fi. ‘@kindle.com’ emails can be delivered even when you are not connected to wi-fi, but note that service fees apply.

      Find out more about the Kindle Personal Document Service.

      Tuple lattice sieving
      Available formats
      ×

      Send article to Dropbox

      To send this article to your Dropbox account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Dropbox.

      Tuple lattice sieving
      Available formats
      ×

      Send article to Google Drive

      To send this article to your Google Drive account, please select one or more formats and confirm that you agree to abide by our usage policies. If this is the first time you use this feature, you will be asked to authorise Cambridge Core to connect with your <service> account. Find out more about sending content to Google Drive.

      Tuple lattice sieving
      Available formats
      ×

Copyright

References

Hide All
1. Aggarwal, D., Dadush, D., Regev, O. and Stephens-Davidowitz, N., ‘Solving the shortest vector problem in 2 n time using discrete Gaussian sampling’, Proceedings of the STOC (ACM, 2015) 733742.
2. Ajtai, M., Kumar, R. and Sivakumar, D., ‘A sieve algorithm for the shortest lattice vector problem’, Proceedings of the STOC (ACM, 2001) 601610.
3. Albrecht, M., ‘DGS, an implementation of discrete Gaussians samplers over the integers’, available at https://github.com/malb/dgs.
4. Albrecht, M., Bai, S., Cadé, D., Pujol, X. and Stehlé, D., ‘FPLLL-4.0, a floating-point LLL implementation’, available at https://github.com/dstehle/fplll.
5. Becker, A., Ducas, L., Gama, N. and Laarhoven, T., ‘New directions in nearest neighbor searching with applications to lattice sieving’, Proceedings of the SODA (SIAM, 2016) 1024.
6. SVP Challenge. ‘Svp challenge generator’, available at http://latticechallenge.org/svp-challenge.
7. Chen, Y. and Nguyen, P. Q., ‘BKZ 2.0: better lattice security estimates’, Proceedings of the ASIACRYPT , Lecture Notes in Computer Science 7073 (Springer, 2011) 120.
8. Fitzpatrick, R., Bischof, C., Buchmann, J., Dagdelen, Ö, Göpfert, F., Mariano, A. and Yang, B.-Y., ‘Tuning GaussSieve for speed’, Proceedings of the LATINCRYPT , Lecture Notes in Computer Science 9230 (Springer, 2015) 288305.
9. Gama, N., Nguyen, P. Q. and Regev, O., ‘Lattice enumeration using extreme pruning’, Proceedings of the EUROCRYPT , Lecture Notes in Computer Science 6110 (Springer, 2010) 257278.
10. Gentry, C., Peikert, C. and Vaikuntanathan, V., ‘Trapdoors for hard lattices and new cryptographic constructions’, Proceedings of the STOC (ACM, 2008) 197206.
11. Hanrot, G., Pujol, X. and Stehlé, D., ‘Algorithms for the shortest and closest lattice vector problems’, IWCC , Lecture Notes in Computer Science 6639 (Springer, 2011) 159190.
12. Hanrot, G. and Stehlé, D., ‘Improved analysis of Kannan’s shortest lattice vector algorithm’, Proceedings of CRYPTO , Lecture Notes in Computer Science 4622 (Springer, 2007) 170186.
13. Hanrot, G. and Stehlé, D., ‘Worst-case Hermite–Korkine–Zolotarev reduced lattice bases’, CoRR, Preprint, 2008, arXiv:0801.3331.
14. Hoffstein, J., Pipher, J. and Silverman, J. H., ‘NTRU: a ring based public key cryptosystem’, Proceedings of the ANTS , Lecture Notes in Computer Science 1423 (Springer, 1998) 267288.
15. Inverse Symbolic Calculator, available at https://isc.carma.newcastle.edu.au/index.
16. Kannan, R., ‘Improved algorithms for integer programming and related lattice problems’, Proceedings of the STOC (ACM, 1983) 99108.
17. Laarhoven, T., ‘Sieving for shortest vectors in lattices using angular locality-sensitive hashing’, Proceedings of the CRYPTO , Lecture Notes in Computer Science 9215 (Springer, 2015) 322.
18. Laarhoven, T., Mosca, M. and van de Pol, J., ‘Finding shortest lattice vectors faster using quantum search’, DCC 77 (2015) no. 2–3, 375400.
19. Micciancio, D. and Regev, O., ‘Lattice-based cryptography’, Post-Quantum Cryptography (eds Bernstein, D. J., Buchmann, J. and Dahmen, E.; Springer, 2009) 147191.
20. Micciancio, D. and Voulgaris, P., ‘Faster exponential time algorithms for the shortest vector problem’, Proceedings of SODA (ACM, 2010).
21. Nguyen, P. Q. and Stehlé, D., ‘Low-dimensional lattice basis reduction revisited’, ACM Trans. Algorithms 5 (2009) no. 4, Article 46.
22. Nguyen, P. Q. and Vidick, T., ‘Sieve algorithms for the shortest vector problem are practical’, J. Math. Cryptol. 2 (2008) no. 2.
23. Pujol, X. and Stehlé, D., ‘Solving the shortest lattice vector problem in time $2^{2.465n}$ ’, Cryptology ePrint Archive, Report 2009/605, 2009, http://eprint.iacr.org/2009/605.
24. Regev, O., ‘Lecture notes of Lattices in Computer Science’, taught at the Computer Science Tel Aviv University, available at http://www.cims.nyu.edu/∼regev/teaching/lattices_fall_2004/index.html.
25. Semaev, I., ‘A 3-dimensional lattice reduction algorithm’, Proceedings of the CALC , Lecture Notes in Computer Science 2146 (Springer, 2001) 181193.
26. Tammela, P. P., ‘On the reduction theory of positive quadratic forms’, Sov. Math. Dokl. 14 (1973) 651655.
27. The Sage Developers, ‘Sage mathematics software (Version 6.8)’, 2015, http://www.sagemath.org.
28. Wolfram Research, Inc., Mathematica (version 10.3), 2015.
MathJax
MathJax is a JavaScript display engine for mathematics. For more information see http://www.mathjax.org.

MSC classification

Metrics

Full text views

Total number of HTML views: 0
Total number of PDF views: 0 *
Loading metrics...

Abstract views

Total abstract views: 0 *
Loading metrics...

* Views captured on Cambridge Core between <date>. This data will be updated every 24 hours.

Usage data cannot currently be displayed