Efficient (Ideal) lattice sieving using cross-polytope LSH

Anja Becker; Thijs Laarhoven

doi:10.1007/978-3-319-31517-1_1

Efficient (Ideal) lattice sieving using cross-polytope LSH

Anja Becker, Thijs Laarhoven

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

17 Citations (Scopus)

Abstract

Combining the efficient cross-polytope locality-sensitive hash family of Terasawa and Tanaka with the heuristic lattice sieve algorithm of Micciancio and Voulgaris, we show how to obtain heuristic and practical speedups for solving the shortest vector problem (SVP) on both arbitrary and ideal lattices. In both cases, the asymptotic time complexity for solving SVP in dimension n is 2^0.298n+o(n). For any lattice, hashes can be computed in polynomial time, which makes our CPSieve algorithm much more practical than the SphereSieve of Laarhoven and de Weger, while the better asymptotic complexities imply that this algorithm will outperform the GaussSieve of Micciancio and Voulgaris and the HashSieve of Laarhoven in moderate dimensions as well. We performed tests to show this improvement in practice. For ideal lattices, by observing that the hash of a shifted vector is a shift of the hash value of the original vector and constructing rerandomization matrices which preserve this property, we obtain not only a linear decrease in the space complexity, but also a linear speedup of the overall algorithm. We demonstrate the practicability of our cross-polytope ideal lattice sieve ICPSieve by applying the algorithm to cyclotomic ideal lattices from the ideal SVP challenge and to lattices which appear in the cryptanalysis of NTRU.

Original language	English
Title of host publication	Progress in Cryptology – AFRICACRYPT 2016
Subtitle of host publication	8th International Conference on Cryptology in Africa, Fes, Morocco, April 13-15, 2016, Proceedings
Editors	D. Pointcheval, A. Nitaj, T. Rachidi
Place of Publication	Dordrecht
Publisher	Springer
Pages	3-23
Number of pages	21
ISBN (Electronic)	978-3-319-31517-1
ISBN (Print)	978-3-319-31516-4
DOIs	https://doi.org/10.1007/978-3-319-31517-1_1
Publication status	Published - 2016
Event	8th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2016) - Fes, Morocco Duration: 13 Apr 2016 → 15 Apr 2016 Conference number: 8

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	9646
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	8th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2016)
Abbreviated title	Africacrypt 2016
Country/Territory	Morocco
City	Fes
Period	13/04/16 → 15/04/16

Keywords

(Ideal) lattices
Locality-sensitive hashing
Shortest vector problem
Sieving algorithms

Access to Document

10.1007/978-3-319-31517-1_1

Cite this

Becker, A., & Laarhoven, T. (2016). Efficient (Ideal) lattice sieving using cross-polytope LSH. In D. Pointcheval, A. Nitaj, & T. Rachidi (Eds.), Progress in Cryptology – AFRICACRYPT 2016: 8th International Conference on Cryptology in Africa, Fes, Morocco, April 13-15, 2016, Proceedings (pp. 3-23). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9646). Springer. https://doi.org/10.1007/978-3-319-31517-1_1

Becker, Anja ; Laarhoven, Thijs. / Efficient (Ideal) lattice sieving using cross-polytope LSH. Progress in Cryptology – AFRICACRYPT 2016: 8th International Conference on Cryptology in Africa, Fes, Morocco, April 13-15, 2016, Proceedings. editor / D. Pointcheval ; A. Nitaj ; T. Rachidi. Dordrecht : Springer, 2016. pp. 3-23 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{8d55c8d808234a05bf8b5331616e0b50,

title = "Efficient (Ideal) lattice sieving using cross-polytope LSH",

abstract = "Combining the efficient cross-polytope locality-sensitive hash family of Terasawa and Tanaka with the heuristic lattice sieve algorithm of Micciancio and Voulgaris, we show how to obtain heuristic and practical speedups for solving the shortest vector problem (SVP) on both arbitrary and ideal lattices. In both cases, the asymptotic time complexity for solving SVP in dimension n is 20.298n+o(n). For any lattice, hashes can be computed in polynomial time, which makes our CPSieve algorithm much more practical than the SphereSieve of Laarhoven and de Weger, while the better asymptotic complexities imply that this algorithm will outperform the GaussSieve of Micciancio and Voulgaris and the HashSieve of Laarhoven in moderate dimensions as well. We performed tests to show this improvement in practice. For ideal lattices, by observing that the hash of a shifted vector is a shift of the hash value of the original vector and constructing rerandomization matrices which preserve this property, we obtain not only a linear decrease in the space complexity, but also a linear speedup of the overall algorithm. We demonstrate the practicability of our cross-polytope ideal lattice sieve ICPSieve by applying the algorithm to cyclotomic ideal lattices from the ideal SVP challenge and to lattices which appear in the cryptanalysis of NTRU.",

keywords = "(Ideal) lattices, Locality-sensitive hashing, Shortest vector problem, Sieving algorithms",

author = "Anja Becker and Thijs Laarhoven",

year = "2016",

doi = "10.1007/978-3-319-31517-1_1",

language = "English",

isbn = "978-3-319-31516-4",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "3--23",

editor = "D. Pointcheval and A. Nitaj and T. Rachidi",

booktitle = "Progress in Cryptology – AFRICACRYPT 2016",

address = "Germany",

note = "8th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2016), Africacrypt 2016 ; Conference date: 13-04-2016 Through 15-04-2016",

}

Becker, A & Laarhoven, T 2016, Efficient (Ideal) lattice sieving using cross-polytope LSH. in D Pointcheval, A Nitaj & T Rachidi (eds), Progress in Cryptology – AFRICACRYPT 2016: 8th International Conference on Cryptology in Africa, Fes, Morocco, April 13-15, 2016, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 9646, Springer, Dordrecht, pp. 3-23, 8th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2016), Fes, Morocco, 13/04/16. https://doi.org/10.1007/978-3-319-31517-1_1

Efficient (Ideal) lattice sieving using cross-polytope LSH. / Becker, Anja; Laarhoven, Thijs.
Progress in Cryptology – AFRICACRYPT 2016: 8th International Conference on Cryptology in Africa, Fes, Morocco, April 13-15, 2016, Proceedings. ed. / D. Pointcheval; A. Nitaj; T. Rachidi. Dordrecht: Springer, 2016. p. 3-23 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 9646).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - Efficient (Ideal) lattice sieving using cross-polytope LSH

AU - Becker, Anja

AU - Laarhoven, Thijs

N1 - Conference code: 8

PY - 2016

Y1 - 2016

N2 - Combining the efficient cross-polytope locality-sensitive hash family of Terasawa and Tanaka with the heuristic lattice sieve algorithm of Micciancio and Voulgaris, we show how to obtain heuristic and practical speedups for solving the shortest vector problem (SVP) on both arbitrary and ideal lattices. In both cases, the asymptotic time complexity for solving SVP in dimension n is 20.298n+o(n). For any lattice, hashes can be computed in polynomial time, which makes our CPSieve algorithm much more practical than the SphereSieve of Laarhoven and de Weger, while the better asymptotic complexities imply that this algorithm will outperform the GaussSieve of Micciancio and Voulgaris and the HashSieve of Laarhoven in moderate dimensions as well. We performed tests to show this improvement in practice. For ideal lattices, by observing that the hash of a shifted vector is a shift of the hash value of the original vector and constructing rerandomization matrices which preserve this property, we obtain not only a linear decrease in the space complexity, but also a linear speedup of the overall algorithm. We demonstrate the practicability of our cross-polytope ideal lattice sieve ICPSieve by applying the algorithm to cyclotomic ideal lattices from the ideal SVP challenge and to lattices which appear in the cryptanalysis of NTRU.

AB - Combining the efficient cross-polytope locality-sensitive hash family of Terasawa and Tanaka with the heuristic lattice sieve algorithm of Micciancio and Voulgaris, we show how to obtain heuristic and practical speedups for solving the shortest vector problem (SVP) on both arbitrary and ideal lattices. In both cases, the asymptotic time complexity for solving SVP in dimension n is 20.298n+o(n). For any lattice, hashes can be computed in polynomial time, which makes our CPSieve algorithm much more practical than the SphereSieve of Laarhoven and de Weger, while the better asymptotic complexities imply that this algorithm will outperform the GaussSieve of Micciancio and Voulgaris and the HashSieve of Laarhoven in moderate dimensions as well. We performed tests to show this improvement in practice. For ideal lattices, by observing that the hash of a shifted vector is a shift of the hash value of the original vector and constructing rerandomization matrices which preserve this property, we obtain not only a linear decrease in the space complexity, but also a linear speedup of the overall algorithm. We demonstrate the practicability of our cross-polytope ideal lattice sieve ICPSieve by applying the algorithm to cyclotomic ideal lattices from the ideal SVP challenge and to lattices which appear in the cryptanalysis of NTRU.

KW - (Ideal) lattices

KW - Locality-sensitive hashing

KW - Shortest vector problem

KW - Sieving algorithms

UR - http://www.scopus.com/inward/record.url?scp=84964054438&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-31517-1_1

DO - 10.1007/978-3-319-31517-1_1

M3 - Conference contribution

AN - SCOPUS:84964054438

SN - 978-3-319-31516-4

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 3

EP - 23

BT - Progress in Cryptology – AFRICACRYPT 2016

A2 - Pointcheval, D.

A2 - Nitaj, A.

A2 - Rachidi, T.

PB - Springer

CY - Dordrecht

T2 - 8th International Conference on the Theory and Application of Cryptographic Techniques in Africa (Africacrypt 2016)

Y2 - 13 April 2016 through 15 April 2016

ER -

Becker A, Laarhoven T. Efficient (Ideal) lattice sieving using cross-polytope LSH. In Pointcheval D, Nitaj A, Rachidi T, editors, Progress in Cryptology – AFRICACRYPT 2016: 8th International Conference on Cryptology in Africa, Fes, Morocco, April 13-15, 2016, Proceedings. Dordrecht: Springer. 2016. p. 3-23. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-31517-1_1

Efficient (Ideal) lattice sieving using cross-polytope LSH

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Search problems in cryptography: from fingerprinting to lattice sieving

Efficient (ideal) lattice sieving using cross-polytope LSH

Cite this