Finding shortest lattice vectors faster using quantum search

T.M.M. Laarhoven; Michele Mosca; Joop Pol, van de

doi:10.1007/s10623-015-0067-5

Finding shortest lattice vectors faster using quantum search

T.M.M. Laarhoven, Michele Mosca, Joop Pol, van de

Research output: Contribution to journal › Article › Academic › peer-review

69 Citations (Scopus)

196 Downloads (Pure)

Abstract

By applying a quantum search algorithm to various heuristic and provable sieve algorithms from the literature, we obtain improved asymptotic quantum results for solving the shortest vector problem on lattices. With quantum computers we can provably find a shortest vector in time 2^1.799n+o(n) , improving upon the classical time complexities of 2^2.465n+o(n) of Pujol and Stehlé and the 2^2n+o(n) of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time 2^0.268n+o(n) , improving upon the classical time complexity of 2^0.298n+o(n) of Laarhoven and De Weger. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem. Keywords: Lattices Shortest vector problem Sieving Quantum search

Original language	English
Pages (from-to)	375-400
Number of pages	26
Journal	Designs, Codes and Cryptography
Volume	77
Issue number	2-3
DOIs	https://doi.org/10.1007/s10623-015-0067-5
Publication status	Published - 2015

Access to Document

10.1007/s10623-015-0067-5

Publisher versionFinal published version, 641 KB

69 Citations - based on content available in repository [source: Scopus]
1 Report
1 Phd Thesis 1 (Research TU/e / Graduation TU/e)

Search problems in cryptography: from fingerprinting to lattice sieving
Laarhoven, T., 16 Feb 2016, Eindhoven: Technische Universiteit Eindhoven. 219 p.
Research output: Thesis › Phd Thesis 1 (Research TU/e / Graduation TU/e)

Open Access
File
Finding shortest lattice vectors faster using quantum search
Laarhoven, T. M. M., Mosca, M. & Pol, van de, J., 2014, 26 p. (Cryptology ePrint Archive; vol. 2014/907)
Research output: Book/Report › Report › Academic

Cite this

@article{03e9548e24564bdbb85e73e095789b54,

title = "Finding shortest lattice vectors faster using quantum search",

abstract = "By applying a quantum search algorithm to various heuristic and provable sieve algorithms from the literature, we obtain improved asymptotic quantum results for solving the shortest vector problem on lattices. With quantum computers we can provably find a shortest vector in time 2^1.799n+o(n) , improving upon the classical time complexities of 2^2.465n+o(n) of Pujol and Stehl{\'e} and the 2^2n+o(n) of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time 2^0.268n+o(n) , improving upon the classical time complexity of 2^0.298n+o(n) of Laarhoven and De Weger. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem. Keywords: Lattices Shortest vector problem Sieving Quantum search",

author = "T.M.M. Laarhoven and Michele Mosca and {Pol, van de}, Joop",

year = "2015",

doi = "10.1007/s10623-015-0067-5",

language = "English",

volume = "77",

pages = "375--400",

journal = "Designs, Codes and Cryptography",

issn = "0925-1022",

publisher = "Springer",

number = "2-3",

}

TY - JOUR

T1 - Finding shortest lattice vectors faster using quantum search

AU - Laarhoven, T.M.M.

AU - Mosca, Michele

AU - Pol, van de, Joop

PY - 2015

Y1 - 2015

N2 - By applying a quantum search algorithm to various heuristic and provable sieve algorithms from the literature, we obtain improved asymptotic quantum results for solving the shortest vector problem on lattices. With quantum computers we can provably find a shortest vector in time 2^1.799n+o(n) , improving upon the classical time complexities of 2^2.465n+o(n) of Pujol and Stehlé and the 2^2n+o(n) of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time 2^0.268n+o(n) , improving upon the classical time complexity of 2^0.298n+o(n) of Laarhoven and De Weger. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem. Keywords: Lattices Shortest vector problem Sieving Quantum search

AB - By applying a quantum search algorithm to various heuristic and provable sieve algorithms from the literature, we obtain improved asymptotic quantum results for solving the shortest vector problem on lattices. With quantum computers we can provably find a shortest vector in time 2^1.799n+o(n) , improving upon the classical time complexities of 2^2.465n+o(n) of Pujol and Stehlé and the 2^2n+o(n) of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time 2^0.268n+o(n) , improving upon the classical time complexity of 2^0.298n+o(n) of Laarhoven and De Weger. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem. Keywords: Lattices Shortest vector problem Sieving Quantum search

U2 - 10.1007/s10623-015-0067-5

DO - 10.1007/s10623-015-0067-5

M3 - Article

SN - 0925-1022

VL - 77

SP - 375

EP - 400

JO - Designs, Codes and Cryptography

JF - Designs, Codes and Cryptography

IS - 2-3

ER -

Finding shortest lattice vectors faster using quantum search

Abstract

Access to Document

Fingerprint

Research output

Search problems in cryptography: from fingerprinting to lattice sieving

Finding shortest lattice vectors faster using quantum search

Cite this