Sieving for closest lattice vectors (with preprocessing)

Onderzoeksoutput: Hoofdstuk in Boek/Rapport/CongresprocedureConferentiebijdrageAcademicpeer review

10 Citaten (Scopus)
42 Downloads (Pure)

Samenvatting

Lattice-based cryptography has recently emerged as a prime candidate for efficient and secure post-quantum cryptography. The two main hard problems underlying its security are the shortest vector problem (SVP) and the closest vector problem (CVP). Various algorithms have been studied for solving these problems, and for SVP, lattice sieving currently dominates in terms of the asymptotic time complexity: one can heuristically solve SVP in time $2^{0.292d}$ in high dimensions $d$ [BDGL'16]. Although several SVP algorithms can also be used to solve CVP, it is not clear whether this also holds for heuristic lattice sieving methods. The best time complexity for CVP is currently $2^{0.377d}$ [BGJ'14]. In this paper we revisit sieving algorithms for solving SVP, and study how these algorithms can be modified to solve CVP and its variants as well. Our first method is aimed at solving one problem instance and minimizes the overall time complexity for a single CVP instance with a time complexity of $2^{0.292d}$. Our second method minimizes the amortized time complexity for several instances on the same lattice, at the cost of a larger preprocessing cost. We can solve the closest vector problem with preprocessing (CVPP) with $2^{0.636d}$ space and preprocessing, in $2^{0.136d}$ time, while the query complexity can even be reduced to $2^{\epsilon d}$ at the cost of preprocessing time and memory complexities of $(1/\epsilon)^{O(d)}$. For easier variants of CVP, such as approximate CVP and bounded distance decoding (BDD), we further show how the preprocessing method achieves even better complexities. For instance, we can solve approximate CVPP with large approximation factors $k$ with polynomial-sized advice in polynomial time if $k = \Omega(\sqrt{d/\log d})$, heuristically closing the gap between the decision-CVPP result of [AR'04] and the search-CVPP result of [DRS'14].
Originele taal-2Engels
TitelSelected Areas in Cryptography – SAC 2016
Subtitel23rd International Conference, St. John's, NL, Canada, August 10-12, 2016, Revised Selected Papers
RedacteurenR. Avanzi, H. Heys
Plaats van productieDordrecht
UitgeverijSpringer
Pagina's533-542
ISBN van elektronische versie978-3-319-69453-5
ISBN van geprinte versie978-3-319-69452-8
DOI's
StatusGepubliceerd - 16 jul 2016
Evenement23rd International Conference on Selected Areas in Cryptography (SAC 2016) - St. John's, Canada
Duur: 10 aug 201612 aug 2016
Congresnummer: 23

Publicatie series

NaamLNCS
Volume10532

Congres

Congres23rd International Conference on Selected Areas in Cryptography (SAC 2016)
Verkorte titelSAC 2016
LandCanada
StadSt. John's
Periode10/08/1612/08/16

Vingerafdruk Duik in de onderzoeksthema's van 'Sieving for closest lattice vectors (with preprocessing)'. Samen vormen ze een unieke vingerafdruk.

Citeer dit