Abstract

AbstractRecently, lattice-based cryptography has received attention as a candidate of post-quantum cryptography (PQC). The essential security of lattice-based cryptography is based on the hardness of classical lattice problems such as the shortest vector problem (SVP) and the closest vector problem (CVP). A number of algorithms have been proposed for solving SVP exactly or approximately, and most of them are useful also for solving CVP. In this paper, we give a survey of typical algorithms for solving SVP from a mathematical point of view. We also present recent strategies for solving the Darmstadt SVP challenge in dimensions higher than 150.

Highlights

  • It has rapidly accelerated to research lattice-based cryptography as a candidate of post-quantum cryptography (PQC)

  • The security of modern lattice-based cryptosystems is based on the hardness of cryptographic lattice problems, such as the learning with errors (LWE) and the NTRU problems. (For example, see National Institute of Standards and Technology (NIST) 2016 for NIST post-quantum candidates.) Such lattice problems are reduced to approximate-Shortest Vector Problem (SVP) or approximate-Closest Vector Problem (CVP). (For example, see Albrecht et al 2018 for details.)

  • There are experimental evidences to support this prediction for high blocksizes such as β > 50. (Note that the Gaussian Heuristic holds in practice for random lattices in high dimensions, but it is violated in low dimensions.) In a simple form based on the Gaussian Heuristic, the geometric series assumption (GSA) shape of a β-Block Korkine–Zolotarev (BKZ)-reduced basis of volume 1 is predicted as bi∗ ≈ αβn−21 −i, where αβ = 2πβe 1/β

Read more

Summary

Introduction

There has recently been a substantial amount of research for large-scale quantum computers. (See Shor 1994 for Shor’s quantum algorithms.) In order to prepare information security systems to be able to resist quantum computing, the US National Institute of Standards and Technology (NIST) began a process to develop new standards for PQC in 2015 and called for proposals in 2016. It has rapidly accelerated to research lattice-based cryptography as a candidate of PQC. At the submission deadline of the end of November 2017 for the call, NIST received more than 20 proposals of lattice-based cryptosystems. More than 10 proposals were allowed for Round 2 submissions around the end of January 2019. (See the web page of NIST 2016.) The security of such proposals relies on the hard- More than 10 proposals were allowed for Round 2 submissions around the end of January 2019. (See the web page of NIST 2016.) The security of such proposals relies on the hard-

Yasuda (B)
Yasuda ness of cryptographic lattice problems such as learning with errors (LWE) and NTRU
Mathematical Background
Lattices and Their Bases
Successive Minima, Hermite’s Constants, and Gaussian Heuristic
Introduction to Lattice Problems
Solving SVP Algorithms
Exact-SVP Algorithms
Polynomial-Space Exact Algorithms
Exponential-Space Exact Algorithms
LLL Reduction
Variants of LLL
4: Size-reduce B as in LLL
The SVP Challenge and Recent Strategies
The Random Sampling Strategy
The Sub-Sieving Strategy

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.