TY - JOUR
T1 - Finding shortest lattice vectors faster using quantum search
AU - Laarhoven, T.M.M.
AU - Mosca, Michele
AU - Pol, van de, Joop
PY - 2015
Y1 - 2015
N2 - By applying a quantum search algorithm to various heuristic and provable sieve algorithms from the literature, we obtain improved asymptotic quantum results for solving the shortest vector problem on lattices. With quantum computers we can provably find a shortest vector in time 2^1.799n+o(n) , improving upon the classical time complexities of 2^2.465n+o(n) of Pujol and Stehlé and the 2^2n+o(n) of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time 2^0.268n+o(n) , improving upon the classical time complexity of 2^0.298n+o(n) of Laarhoven and De Weger. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem.
Keywords: Lattices Shortest vector problem Sieving Quantum search
AB - By applying a quantum search algorithm to various heuristic and provable sieve algorithms from the literature, we obtain improved asymptotic quantum results for solving the shortest vector problem on lattices. With quantum computers we can provably find a shortest vector in time 2^1.799n+o(n) , improving upon the classical time complexities of 2^2.465n+o(n) of Pujol and Stehlé and the 2^2n+o(n) of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time 2^0.268n+o(n) , improving upon the classical time complexity of 2^0.298n+o(n) of Laarhoven and De Weger. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem.
Keywords: Lattices Shortest vector problem Sieving Quantum search
U2 - 10.1007/s10623-015-0067-5
DO - 10.1007/s10623-015-0067-5
M3 - Article
SN - 0925-1022
VL - 77
SP - 375
EP - 400
JO - Designs, Codes and Cryptography
JF - Designs, Codes and Cryptography
IS - 2-3
ER -