Faster enumeration-based lattice reduction: Root hermite factor k1/(2k) time kk/8+o(k)

Martin R. Albrecht; Shi Bai; Pierre Alain Fouque; Paul Kirchner; Damien Stehlé; Weiqiang Wen

doi:10.1007/978-3-030-56880-1_7

Faster enumeration-based lattice reduction: Root hermite factor k^1/(2k) time k^k/8+o(k)

Martin R. Albrecht
, Shi Bai
, Pierre Alain Fouque
, Paul Kirchner
, Damien Stehlé
, Weiqiang Wen

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

Abstract

We give a lattice reduction algorithm that achieves root Hermite factor k^1/(2k) in time k^k/8+o(k) and polynomial memory. This improves on the previously best known enumeration-based algorithms which achieve the same quality, but in time k^{k/(2e) + o(k)}. A cost of k^{k/8 + o(k)} was previously mentioned as potentially achievable (Hanrot-Stehlé’10) or as a heuristic lower bound (Nguyen’10) for enumeration algorithms. We prove the complexity and quality of our algorithm under a heuristic assumption and provide empirical evidence from simulation and implementation experiments attesting to its performance for practical and cryptographic parameter sizes. Our work also suggests potential avenues for achieving costs below k^{k/8 + o(k)} for the same root Hermite factor, based on the geometry of SDBKZ-reduced bases.

Original language	English
Title of host publication	Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Proceedings
Editors	Daniele Micciancio, Thomas Ristenpart
Publisher	Springer
Pages	186-212
Number of pages	27
ISBN (Print)	9783030568795
DOIs	https://doi.org/10.1007/978-3-030-56880-1_7
Publication status	Published - 1 Jan 2020
Externally published	Yes
Event	40th Annual International Cryptology Conference, CRYPTO 2020 - Santa Barbara, United States Duration: 17 Aug 2020 → 21 Aug 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12171 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	40th Annual International Cryptology Conference, CRYPTO 2020
Country/Territory	United States
City	Santa Barbara
Period	17/08/20 → 21/08/20

Access to Document

10.1007/978-3-030-56880-1_7

Cite this

Albrecht, M. R., Bai, S., Fouque, P. A., Kirchner, P., Stehlé, D., & Wen, W. (2020). Faster enumeration-based lattice reduction: Root hermite factor k^1/(2k) time k^k/8+o(k). In D. Micciancio, & T. Ristenpart (Eds.), Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Proceedings (pp. 186-212). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12171 LNCS). Springer. https://doi.org/10.1007/978-3-030-56880-1_7

Albrecht, Martin R. ; Bai, Shi ; Fouque, Pierre Alain et al. / Faster enumeration-based lattice reduction : Root hermite factor k^1/(2k) time k^k/8+o(k). Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Proceedings. editor / Daniele Micciancio ; Thomas Ristenpart. Springer, 2020. pp. 186-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{5dcf5a9d017e494f820c364681ba811d,

title = "Faster enumeration-based lattice reduction: Root hermite factor k1/(2k) time kk/8+o(k)",

abstract = "We give a lattice reduction algorithm that achieves root Hermite factor k1/(2k) in time kk/8+o(k) and polynomial memory. This improves on the previously best known enumeration-based algorithms which achieve the same quality, but in time kk/(2e) + o(k). A cost of kk/8 + o(k) was previously mentioned as potentially achievable (Hanrot-Stehl{\'e}{\textquoteright}10) or as a heuristic lower bound (Nguyen{\textquoteright}10) for enumeration algorithms. We prove the complexity and quality of our algorithm under a heuristic assumption and provide empirical evidence from simulation and implementation experiments attesting to its performance for practical and cryptographic parameter sizes. Our work also suggests potential avenues for achieving costs below kk/8 + o(k) for the same root Hermite factor, based on the geometry of SDBKZ-reduced bases.",

author = "Albrecht, \{Martin R.\} and Shi Bai and Fouque, \{Pierre Alain\} and Paul Kirchner and Damien Stehl{\'e} and Weiqiang Wen",

note = "Publisher Copyright: {\textcopyright} International Association for Cryptologic Research 2020.; 40th Annual International Cryptology Conference, CRYPTO 2020 ; Conference date: 17-08-2020 Through 21-08-2020",

year = "2020",

month = jan,

day = "1",

doi = "10.1007/978-3-030-56880-1\_7",

language = "English",

isbn = "9783030568795",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "186--212",

editor = "Daniele Micciancio and Thomas Ristenpart",

booktitle = "Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Proceedings",

}

Albrecht, MR, Bai, S, Fouque, PA, Kirchner, P, Stehlé, D & Wen, W 2020, Faster enumeration-based lattice reduction: Root hermite factor k^1/(2k) time k^k/8+o(k). in D Micciancio & T Ristenpart (eds), Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12171 LNCS, Springer, pp. 186-212, 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, United States, 17/08/20. https://doi.org/10.1007/978-3-030-56880-1_7

Faster enumeration-based lattice reduction: Root hermite factor k^1/(2k) time k^k/8+o(k). / Albrecht, Martin R.; Bai, Shi; Fouque, Pierre Alain et al.
Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Proceedings. ed. / Daniele Micciancio; Thomas Ristenpart. Springer, 2020. p. 186-212 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12171 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Faster enumeration-based lattice reduction

T2 - 40th Annual International Cryptology Conference, CRYPTO 2020

AU - Albrecht, Martin R.

AU - Bai, Shi

AU - Fouque, Pierre Alain

AU - Kirchner, Paul

AU - Stehlé, Damien

AU - Wen, Weiqiang

PY - 2020/1/1

Y1 - 2020/1/1

N2 - We give a lattice reduction algorithm that achieves root Hermite factor k1/(2k) in time kk/8+o(k) and polynomial memory. This improves on the previously best known enumeration-based algorithms which achieve the same quality, but in time kk/(2e) + o(k). A cost of kk/8 + o(k) was previously mentioned as potentially achievable (Hanrot-Stehlé’10) or as a heuristic lower bound (Nguyen’10) for enumeration algorithms. We prove the complexity and quality of our algorithm under a heuristic assumption and provide empirical evidence from simulation and implementation experiments attesting to its performance for practical and cryptographic parameter sizes. Our work also suggests potential avenues for achieving costs below kk/8 + o(k) for the same root Hermite factor, based on the geometry of SDBKZ-reduced bases.

AB - We give a lattice reduction algorithm that achieves root Hermite factor k1/(2k) in time kk/8+o(k) and polynomial memory. This improves on the previously best known enumeration-based algorithms which achieve the same quality, but in time kk/(2e) + o(k). A cost of kk/8 + o(k) was previously mentioned as potentially achievable (Hanrot-Stehlé’10) or as a heuristic lower bound (Nguyen’10) for enumeration algorithms. We prove the complexity and quality of our algorithm under a heuristic assumption and provide empirical evidence from simulation and implementation experiments attesting to its performance for practical and cryptographic parameter sizes. Our work also suggests potential avenues for achieving costs below kk/8 + o(k) for the same root Hermite factor, based on the geometry of SDBKZ-reduced bases.

UR - https://www.scopus.com/pages/publications/85089722039

U2 - 10.1007/978-3-030-56880-1_7

DO - 10.1007/978-3-030-56880-1_7

M3 - Conference contribution

AN - SCOPUS:85089722039

SN - 9783030568795

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 186

EP - 212

BT - Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Proceedings

A2 - Micciancio, Daniele

A2 - Ristenpart, Thomas

PB - Springer

Y2 - 17 August 2020 through 21 August 2020

ER -

Albrecht MR, Bai S, Fouque PA, Kirchner P, Stehlé D, Wen W. Faster enumeration-based lattice reduction: Root hermite factor k^1/(2k) time k^k/8+o(k). In Micciancio D, Ristenpart T, editors, Advances in Cryptology - CRYPTO 2020 - 40th Annual International Cryptology Conference, CRYPTO 2020, Proceedings. Springer. 2020. p. 186-212. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-030-56880-1_7