A hybrid lattice basis reduction and quantum search attack on LWE

F. Göpfert; C. van Vredendaal; T. Wunderer

doi:10.1007/978-3-319-59879-6_11

A hybrid lattice basis reduction and quantum search attack on LWE

F. Göpfert, C. van Vredendaal, T. Wunderer

Discrete Mathematics

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

39 Citaten (Scopus)

Samenvatting

Recently, an increasing amount of papers proposing post-quantum schemes also provide concrete parameter sets aiming for concrete post-quantum security levels. Security evaluations of such schemes need to include all possible attacks, in particular those by quantum adversaries. In the case of lattice-based cryptography, currently existing quantum attacks are mainly classical attacks, carried out with quantum basis reduction as subroutine. In this work, we propose a new quantum attack on the learning with errors (LWE) problem, whose hardness is the foundation for many modern lattice-based cryptographic constructions. Our quantum attack is based on Howgrave-Graham’s Classical Hybrid Attack and is suitable for LWE instances in recent cryptographic proposals. We analyze its runtime complexity and optimize it over all possible choices of the attack parameters. In addition, we analyze the concrete post-quantum security levels of the parameter sets proposed for the New Hope and Frodo key exchange schemes, as well as several instances of the Lindner-Peikert encryption scheme. Our results show that – depending on the assumed basis reduction costs – our Quantum Hybrid Attack either significantly outperforms, or is at least comparable to all other attacks covered by Albrecht–Player– Scott in their work “On the concrete hardness of Learning with Errors”. We further show that our Quantum Hybrid Attack improves upon the Classical Hybrid Attack in the case of LWE with binary error.

Originele taal-2	Engels
Titel	Post-Quantum Cryptography
Subtitel	8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings
Plaats van productie	Dordrecht
Uitgeverij	Springer
Pagina's	184-202
Aantal pagina's	19
ISBN van elektronische versie	978-3-319-59879-6
ISBN van geprinte versie	978-3-319-59878-9
DOI's	https://doi.org/10.1007/978-3-319-59879-6_11
Status	Gepubliceerd - 2017
Evenement	8th International Conference on Post-Quantum Cryptography, (PQCrypto 2017) - Utrecht, Nederland Duur: 26 jun. 2017 → 28 jun. 2017 Congresnummer: 8 https://2017.pqcrypto.org/conference/

Publicatie series

Naam	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10346 LNCS
ISSN van geprinte versie	0302-9743
ISSN van elektronische versie	1611-3349

Congres

Congres	8th International Conference on Post-Quantum Cryptography, (PQCrypto 2017)
Verkorte titel	PQCrypto 2017
Land/Regio	Nederland
Stad	Utrecht
Periode	26/06/17 → 28/06/17
Internet adres	https://2017.pqcrypto.org/conference/

Toegang tot document

10.1007/978-3-319-59879-6_11

Andere bestanden en links

Link to publication in Scopus

Citeer dit

Göpfert, F., van Vredendaal, C., & Wunderer, T. (2017). A hybrid lattice basis reduction and quantum search attack on LWE. In Post-Quantum Cryptography: 8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings (blz. 184-202). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10346 LNCS). Springer. https://doi.org/10.1007/978-3-319-59879-6_11

Göpfert, F. ; van Vredendaal, C. ; Wunderer, T. / A hybrid lattice basis reduction and quantum search attack on LWE. Post-Quantum Cryptography: 8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings. Dordrecht : Springer, 2017. blz. 184-202 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{380bdff3c110470f9ce07aeae187a2d6,

title = "A hybrid lattice basis reduction and quantum search attack on LWE",

abstract = "Recently, an increasing amount of papers proposing post-quantum schemes also provide concrete parameter sets aiming for concrete post-quantum security levels. Security evaluations of such schemes need to include all possible attacks, in particular those by quantum adversaries. In the case of lattice-based cryptography, currently existing quantum attacks are mainly classical attacks, carried out with quantum basis reduction as subroutine. In this work, we propose a new quantum attack on the learning with errors (LWE) problem, whose hardness is the foundation for many modern lattice-based cryptographic constructions. Our quantum attack is based on Howgrave-Graham{\textquoteright}s Classical Hybrid Attack and is suitable for LWE instances in recent cryptographic proposals. We analyze its runtime complexity and optimize it over all possible choices of the attack parameters. In addition, we analyze the concrete post-quantum security levels of the parameter sets proposed for the New Hope and Frodo key exchange schemes, as well as several instances of the Lindner-Peikert encryption scheme. Our results show that – depending on the assumed basis reduction costs – our Quantum Hybrid Attack either significantly outperforms, or is at least comparable to all other attacks covered by Albrecht–Player– Scott in their work “On the concrete hardness of Learning with Errors”. We further show that our Quantum Hybrid Attack improves upon the Classical Hybrid Attack in the case of LWE with binary error.",

keywords = "Hybrid Attack, Lattice-based cryptography, LWE, Public-key encryption, Quantum attack",

author = "F. G{\"o}pfert and {van Vredendaal}, C. and T. Wunderer",

year = "2017",

doi = "10.1007/978-3-319-59879-6_11",

language = "English",

isbn = "978-3-319-59878-9",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer",

pages = "184--202",

booktitle = "Post-Quantum Cryptography",

address = "Germany",

note = "8th International Conference on Post-Quantum Cryptography, (PQCrypto 2017), PQCrypto 2017 ; Conference date: 26-06-2017 Through 28-06-2017",

url = "https://2017.pqcrypto.org/conference/",

}

Göpfert, F, van Vredendaal, C & Wunderer, T 2017, A hybrid lattice basis reduction and quantum search attack on LWE. in Post-Quantum Cryptography: 8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10346 LNCS, Springer, Dordrecht, blz. 184-202, 8th International Conference on Post-Quantum Cryptography, (PQCrypto 2017), Utrecht, Nederland, 26/06/17. https://doi.org/10.1007/978-3-319-59879-6_11

A hybrid lattice basis reduction and quantum search attack on LWE. / Göpfert, F.; van Vredendaal, C.; Wunderer, T.
Post-Quantum Cryptography: 8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings. Dordrecht: Springer, 2017. blz. 184-202 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10346 LNCS).

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/Congresprocedure › Conferentiebijdrage › Academic › peer review

TY - GEN

T1 - A hybrid lattice basis reduction and quantum search attack on LWE

AU - Göpfert, F.

AU - van Vredendaal, C.

AU - Wunderer, T.

N1 - Conference code: 8

PY - 2017

Y1 - 2017

N2 - Recently, an increasing amount of papers proposing post-quantum schemes also provide concrete parameter sets aiming for concrete post-quantum security levels. Security evaluations of such schemes need to include all possible attacks, in particular those by quantum adversaries. In the case of lattice-based cryptography, currently existing quantum attacks are mainly classical attacks, carried out with quantum basis reduction as subroutine. In this work, we propose a new quantum attack on the learning with errors (LWE) problem, whose hardness is the foundation for many modern lattice-based cryptographic constructions. Our quantum attack is based on Howgrave-Graham’s Classical Hybrid Attack and is suitable for LWE instances in recent cryptographic proposals. We analyze its runtime complexity and optimize it over all possible choices of the attack parameters. In addition, we analyze the concrete post-quantum security levels of the parameter sets proposed for the New Hope and Frodo key exchange schemes, as well as several instances of the Lindner-Peikert encryption scheme. Our results show that – depending on the assumed basis reduction costs – our Quantum Hybrid Attack either significantly outperforms, or is at least comparable to all other attacks covered by Albrecht–Player– Scott in their work “On the concrete hardness of Learning with Errors”. We further show that our Quantum Hybrid Attack improves upon the Classical Hybrid Attack in the case of LWE with binary error.

AB - Recently, an increasing amount of papers proposing post-quantum schemes also provide concrete parameter sets aiming for concrete post-quantum security levels. Security evaluations of such schemes need to include all possible attacks, in particular those by quantum adversaries. In the case of lattice-based cryptography, currently existing quantum attacks are mainly classical attacks, carried out with quantum basis reduction as subroutine. In this work, we propose a new quantum attack on the learning with errors (LWE) problem, whose hardness is the foundation for many modern lattice-based cryptographic constructions. Our quantum attack is based on Howgrave-Graham’s Classical Hybrid Attack and is suitable for LWE instances in recent cryptographic proposals. We analyze its runtime complexity and optimize it over all possible choices of the attack parameters. In addition, we analyze the concrete post-quantum security levels of the parameter sets proposed for the New Hope and Frodo key exchange schemes, as well as several instances of the Lindner-Peikert encryption scheme. Our results show that – depending on the assumed basis reduction costs – our Quantum Hybrid Attack either significantly outperforms, or is at least comparable to all other attacks covered by Albrecht–Player– Scott in their work “On the concrete hardness of Learning with Errors”. We further show that our Quantum Hybrid Attack improves upon the Classical Hybrid Attack in the case of LWE with binary error.

KW - Hybrid Attack

KW - Lattice-based cryptography

KW - LWE

KW - Public-key encryption

KW - Quantum attack

UR - http://www.scopus.com/inward/record.url?scp=85021738763&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-59879-6_11

DO - 10.1007/978-3-319-59879-6_11

M3 - Conference contribution

AN - SCOPUS:85021738763

SN - 978-3-319-59878-9

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 184

EP - 202

BT - Post-Quantum Cryptography

PB - Springer

CY - Dordrecht

T2 - 8th International Conference on Post-Quantum Cryptography, (PQCrypto 2017)

Y2 - 26 June 2017 through 28 June 2017

ER -

Göpfert F, van Vredendaal C, Wunderer T. A hybrid lattice basis reduction and quantum search attack on LWE. In Post-Quantum Cryptography: 8th International Workshop, PQCrypto 2017, Utrecht, The Netherlands, June 26-28, 2017, Proceedings. Dordrecht: Springer. 2017. blz. 184-202. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-59879-6_11

A hybrid lattice basis reduction and quantum search attack on LWE

Samenvatting

Publicatie series

Congres

Toegang tot document

Andere bestanden en links

Vingerafdruk

Citeer dit