Abstract
Under the threat of quantum computers’ expected powerful computational capacity, the study on post-quantum cryptography is becoming urgent nowadays. Lattice-based cryptography is one of the most promising candidates of post-quantum cryptography. To give a secure instantiation for practical applications, it is necessary to understand the complexity of the best-known attacks. Most of the attacks to lattice-based cryptography use basis reduction algorithms. For instance, the most commonly used practical basis reduction algorithms are variants of the block Korkin–Zolotarev (BKZ) algorithm. In this paper, we study the effect of applying the quick reordering technique (QRT) to lattice algorithms, mainly the enumeration algorithm and the BKZ algorithm. We show that QRT is a simple method to improve these two algorithms with respect to cutting down the number of search nodes and thus reducing the total runtime. For improving on the LLL algorithm with dimensions smaller than 30, the success rate is larger than 10%, and for the BKZ algorithm with blocksize smaller than 30, the success rate is larger than 40%. At first, we observe that reordering the LLL-reduced basis vectors by increasing norm orders will change the distribution of search nodes in the enumeration tree, which gives a chance to reduce the enumeration search nodes with a certain probability. The experimental results show that the runtime of the enumeration algorithm can be accelerated approximately by a factor of two. We further explain this phenomenon from a theoretical point of view, which follows Gama–Nguyen–Regev’s analysis (Gama et al., in: Advances in cryptology—EUROCRYPT 2010, proceedings of 29th annual international conference on the theory and applications of cryptographic techniques, pp 257–278, 2010). Then we apply this reordering technique to the implementation of the BKZ algorithm in the open-source library NTL. Our experimental results in dimensions 100–120 with blocksize 15–30 show that on the LLL-reduced bases, our modified NTL-BKZ outputs a vector shorter than the original NTL-BKZ with rate 40.91%-45.73% by setting the LLL approximation factor by $$\delta _{LLL}=0.99$$ . Furthermore, in the instances where the improved BKZ found one same or shorter vector, the runtime is up to 2.02 times faster than the original NTL-BKZ when setting the blocksize $$\beta =25$$ with $$\delta _{LLL}=0.99$$ .
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call