The Randomized Slicer for CVPP: Sharper, Faster, Smaller, Batchier

Léo Ducas; Thijs Laarhoven; Wessel P.J. van Woerden

doi:10.1007/978-3-030-45388-6_1

The Randomized Slicer for CVPP: Sharper, Faster, Smaller, Batchier

Léo Ducas, Thijs Laarhoven, Wessel P.J. van Woerden

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

Abstract

Following the recent line of work on solving the closest vector problem with preprocessing (CVPP) using approximate Voronoi cells, we improve upon previous results in the following ways:We derive sharp asymptotic bounds on the success probability of the randomized slicer, by modelling the behaviour of the algorithm as a random walk on the coset of the lattice of the target vector. We thereby solve the open question left by Doulgerakis–Laarhoven–De Weger [PQCrypto 2019] and Laarhoven [MathCrypt 2019].We obtain better trade-offs for CVPP and its generalisations (strictly, in certain regimes), both with and without nearest neighbour searching, as a direct result of the above sharp bounds on the success probabilities.We show how to reduce the memory requirement of the slicer, and in particular the corresponding nearest neighbour data structures, using ideas similar to those proposed by Becker–Gama–Joux [Cryptology ePrint Archive, 2015]. Using memory, we can solve a single CVPP instance in time.We further improve on the per-instance time complexities in certain memory regimes, when we are given a sufficiently large batch of CVPP problem instances for the same lattice. Using memory, we can heuristically solve CVPP instances in amortized time, for batches of size at least. Our random walk model for analysing arbitrary-step transition probabilities in complex step-wise algorithms may be of independent interest, both for deriving analytic bounds through convexity arguments, and for computing optimal paths numerically with a shortest path algorithm. As a side result we apply the same random walk model to graph-based nearest neighbour searching, where we improve upon results of Laarhoven [SOCG 2018] by deriving sharp bounds on the success probability of the corresponding greedy search procedure.

Original language	English
Title of host publication	Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings
Editors	Aggelos Kiayias, Markulf Kohlweiss, Petros Wallden, Vassilis Zikas
Publisher	Springer Gabler
Pages	3-36
Number of pages	34
ISBN (Print)	9783030453879
DOIs	https://doi.org/10.1007/978-3-030-45388-6_1
Publication status	Published - 2020
Event	23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020 - Edinburgh, United Kingdom Duration: 4 May 2020 → 7 May 2020

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	12111 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020
Country	United Kingdom
City	Edinburgh
Period	4/05/20 → 7/05/20

Keywords

Approximate Voronoi cells
Closest vector problem with preprocessing
Graph-based nearest neighbours
Iterative slicer
Lattices

Access to Document

10.1007/978-3-030-45388-6_1

Link to publication in Scopus

Fingerprint Dive into the research topics of 'The Randomized Slicer for CVPP: Sharper, Faster, Smaller, Batchier'. Together they form a unique fingerprint.

Cite this

Ducas, L., Laarhoven, T., & van Woerden, W. P. J. (2020). The Randomized Slicer for CVPP: Sharper, Faster, Smaller, Batchier. In A. Kiayias, M. Kohlweiss, P. Wallden, & V. Zikas (Eds.), Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings (pp. 3-36). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12111 LNCS). Springer Gabler. https://doi.org/10.1007/978-3-030-45388-6_1

Ducas, Léo ; Laarhoven, Thijs ; van Woerden, Wessel P.J. / The Randomized Slicer for CVPP : Sharper, Faster, Smaller, Batchier. Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. editor / Aggelos Kiayias ; Markulf Kohlweiss ; Petros Wallden ; Vassilis Zikas. Springer Gabler, 2020. pp. 3-36 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a1edee9ba8f74ce397438c6e1d0c057a,

title = "The Randomized Slicer for CVPP: Sharper, Faster, Smaller, Batchier",

abstract = "Following the recent line of work on solving the closest vector problem with preprocessing (CVPP) using approximate Voronoi cells, we improve upon previous results in the following ways:We derive sharp asymptotic bounds on the success probability of the randomized slicer, by modelling the behaviour of the algorithm as a random walk on the coset of the lattice of the target vector. We thereby solve the open question left by Doulgerakis–Laarhoven–De Weger [PQCrypto 2019] and Laarhoven [MathCrypt 2019].We obtain better trade-offs for CVPP and its generalisations (strictly, in certain regimes), both with and without nearest neighbour searching, as a direct result of the above sharp bounds on the success probabilities.We show how to reduce the memory requirement of the slicer, and in particular the corresponding nearest neighbour data structures, using ideas similar to those proposed by Becker–Gama–Joux [Cryptology ePrint Archive, 2015]. Using memory, we can solve a single CVPP instance in time.We further improve on the per-instance time complexities in certain memory regimes, when we are given a sufficiently large batch of CVPP problem instances for the same lattice. Using memory, we can heuristically solve CVPP instances in amortized time, for batches of size at least. Our random walk model for analysing arbitrary-step transition probabilities in complex step-wise algorithms may be of independent interest, both for deriving analytic bounds through convexity arguments, and for computing optimal paths numerically with a shortest path algorithm. As a side result we apply the same random walk model to graph-based nearest neighbour searching, where we improve upon results of Laarhoven [SOCG 2018] by deriving sharp bounds on the success probability of the corresponding greedy search procedure.",

keywords = "Approximate Voronoi cells, Closest vector problem with preprocessing, Graph-based nearest neighbours, Iterative slicer, Lattices",

author = "L{\'e}o Ducas and Thijs Laarhoven and {van Woerden}, {Wessel P.J.}",

year = "2020",

doi = "10.1007/978-3-030-45388-6_1",

language = "English",

isbn = "9783030453879",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Gabler",

pages = "3--36",

editor = "Aggelos Kiayias and Markulf Kohlweiss and Petros Wallden and Vassilis Zikas",

booktitle = "Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings",

address = "Germany",

note = "23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020 ; Conference date: 04-05-2020 Through 07-05-2020",

}

Ducas, L, Laarhoven, T & van Woerden, WPJ 2020, The Randomized Slicer for CVPP: Sharper, Faster, Smaller, Batchier. in A Kiayias, M Kohlweiss, P Wallden & V Zikas (eds), Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 12111 LNCS, Springer Gabler, pp. 3-36, 23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020, Edinburgh, United Kingdom, 4/05/20. https://doi.org/10.1007/978-3-030-45388-6_1

The Randomized Slicer for CVPP : Sharper, Faster, Smaller, Batchier. / Ducas, Léo; Laarhoven, Thijs; van Woerden, Wessel P.J.

Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. ed. / Aggelos Kiayias; Markulf Kohlweiss; Petros Wallden; Vassilis Zikas. Springer Gabler, 2020. p. 3-36 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 12111 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › Academic › peer-review

TY - GEN

T1 - The Randomized Slicer for CVPP

T2 - 23rd IACR International Conference on the Practice and Theory of Public-Key Cryptography, PKC 2020

AU - Ducas, Léo

AU - Laarhoven, Thijs

AU - van Woerden, Wessel P.J.

PY - 2020

Y1 - 2020

N2 - Following the recent line of work on solving the closest vector problem with preprocessing (CVPP) using approximate Voronoi cells, we improve upon previous results in the following ways:We derive sharp asymptotic bounds on the success probability of the randomized slicer, by modelling the behaviour of the algorithm as a random walk on the coset of the lattice of the target vector. We thereby solve the open question left by Doulgerakis–Laarhoven–De Weger [PQCrypto 2019] and Laarhoven [MathCrypt 2019].We obtain better trade-offs for CVPP and its generalisations (strictly, in certain regimes), both with and without nearest neighbour searching, as a direct result of the above sharp bounds on the success probabilities.We show how to reduce the memory requirement of the slicer, and in particular the corresponding nearest neighbour data structures, using ideas similar to those proposed by Becker–Gama–Joux [Cryptology ePrint Archive, 2015]. Using memory, we can solve a single CVPP instance in time.We further improve on the per-instance time complexities in certain memory regimes, when we are given a sufficiently large batch of CVPP problem instances for the same lattice. Using memory, we can heuristically solve CVPP instances in amortized time, for batches of size at least. Our random walk model for analysing arbitrary-step transition probabilities in complex step-wise algorithms may be of independent interest, both for deriving analytic bounds through convexity arguments, and for computing optimal paths numerically with a shortest path algorithm. As a side result we apply the same random walk model to graph-based nearest neighbour searching, where we improve upon results of Laarhoven [SOCG 2018] by deriving sharp bounds on the success probability of the corresponding greedy search procedure.

AB - Following the recent line of work on solving the closest vector problem with preprocessing (CVPP) using approximate Voronoi cells, we improve upon previous results in the following ways:We derive sharp asymptotic bounds on the success probability of the randomized slicer, by modelling the behaviour of the algorithm as a random walk on the coset of the lattice of the target vector. We thereby solve the open question left by Doulgerakis–Laarhoven–De Weger [PQCrypto 2019] and Laarhoven [MathCrypt 2019].We obtain better trade-offs for CVPP and its generalisations (strictly, in certain regimes), both with and without nearest neighbour searching, as a direct result of the above sharp bounds on the success probabilities.We show how to reduce the memory requirement of the slicer, and in particular the corresponding nearest neighbour data structures, using ideas similar to those proposed by Becker–Gama–Joux [Cryptology ePrint Archive, 2015]. Using memory, we can solve a single CVPP instance in time.We further improve on the per-instance time complexities in certain memory regimes, when we are given a sufficiently large batch of CVPP problem instances for the same lattice. Using memory, we can heuristically solve CVPP instances in amortized time, for batches of size at least. Our random walk model for analysing arbitrary-step transition probabilities in complex step-wise algorithms may be of independent interest, both for deriving analytic bounds through convexity arguments, and for computing optimal paths numerically with a shortest path algorithm. As a side result we apply the same random walk model to graph-based nearest neighbour searching, where we improve upon results of Laarhoven [SOCG 2018] by deriving sharp bounds on the success probability of the corresponding greedy search procedure.

KW - Approximate Voronoi cells

KW - Closest vector problem with preprocessing

KW - Graph-based nearest neighbours

KW - Iterative slicer

KW - Lattices

UR - http://www.scopus.com/inward/record.url?scp=85090001706&partnerID=8YFLogxK

U2 - 10.1007/978-3-030-45388-6_1

DO - 10.1007/978-3-030-45388-6_1

M3 - Conference contribution

AN - SCOPUS:85090001706

SN - 9783030453879

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 3

EP - 36

BT - Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings

A2 - Kiayias, Aggelos

A2 - Kohlweiss, Markulf

A2 - Wallden, Petros

A2 - Zikas, Vassilis

PB - Springer Gabler

Y2 - 4 May 2020 through 7 May 2020

ER -

Ducas L, Laarhoven T, van Woerden WPJ. The Randomized Slicer for CVPP: Sharper, Faster, Smaller, Batchier. In Kiayias A, Kohlweiss M, Wallden P, Zikas V, editors, Public-Key Cryptography – PKC 2020 - 23rd IACR International Conference on Practice and Theory of Public-Key Cryptography, Proceedings. Springer Gabler. 2020. p. 3-36. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-030-45388-6_1