The Convergence of Slide-Type Reductions

Walter, Michael

doi:10.1007/978-3-030-75245-3_3

Michael Walter⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 12710))

Included in the following conference series:

IACR International Conference on Public-Key Cryptography

782 Accesses

Abstract

In this work, we apply the dynamical systems analysis of Hanrot et al. (CRYPTO’11) to a class of lattice block reduction algorithms that includes (natural variants of) slide reduction and block-Rankin reduction. This implies sharper bounds on the polynomial running times (in the query model) for these algorithms and opens the door to faster practical variants of slide reduction. We give heuristic arguments showing that such variants can indeed speed up slide reduction significantly in practice. This is confirmed by experimental evidence, which also shows that our variants are competitive with state-of-the-art reduction algorithms.

Supported by the European Research Council, ERC consolidator grant (682815 - TOCNeT).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 119.00; Price excludes VAT (USA)

Softcover Book: USD 159.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
The restriction that \(d \mid n\) is lifted in [ALNS20] by combining it with the algorithm of [MW16].
2.
Technically, LLL reduction also requires size-reduction and usually contains a slack factor in the inequality to guarantee termination in polynomial time. Neither of these additional requirements are important for this work, so we ignore it here for simplicity.
3.
Code available at: http://pub.ist.ac.at/~mwalter/publication/hkz_slide/hkz_slide.zip.

References

Albrecht, M.R., Bai, S., Fouque, P.-A., Kirchner, P., Stehlé, D., Wen, W.: Faster enumeration-based lattice reduction: root hermite factor \(k^{1/(2k)}\) Time \(k^{k/8+o(k)}\). In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 186–212. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_7
Chapter Google Scholar
Albrecht, M.R., Ducas, L., Herold, G., Kirshanova, E., Postlethwaite, E.W., Stevens, M.: The general sieve kernel and new records in lattice reduction. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 717–746. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_25
Chapter MATH Google Scholar
Aggarwal, D., Li, J., Nguyen, P.Q., Stephens-Davidowitz, N.: Slide reduction, revisited—filling the gaps in SVP approximation. In: Micciancio, D., Ristenpart, T. (eds.) CRYPTO 2020. LNCS, vol. 12171, pp. 274–295. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-56880-1_10
Chapter Google Scholar
Aono, Y., Wang, Y., Hayashi, T., Takagi, T.: Improved progressive BKZ algorithms and their precise cost estimation by sharp simulator. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 789–819. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_30
Chapter Google Scholar
Buchmann, J., Lindner, R., Rückert, M.: Explicit hard instances of the shortest vector problem. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299, pp. 79–94. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-88403-3_6
Chapter MATH Google Scholar
Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_1
Chapter Google Scholar
Dadush, D., Micciancio, D.: Algorithms for the densest sub-lattice problem. In: Khanna, S., (ed.) 24th SODA, pp. 1103–1122. ACM-SIAM, January 2013
Google Scholar
The FPLLL development team. fplll, a lattice reduction library (2016). https://github.com/fplll/fplll
Gama, N., Nguyen, P.Q.: Finding short lattice vectors within Mordell’s inequality. In: Ladner, R.E., Dwork, C., (eds.) 40th ACM STOC, pp. 207–216. ACM Press, May 2008
Google Scholar
Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_3
Chapter Google Scholar
Hanrot, G., Pujol, X., Stehlé, D.: Analyzing blockwise lattice algorithms using dynamical systems. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 447–464. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_25
Chapter Google Scholar
Hanrot, G., Stehlé, D.: Improved analysis of Kannan’s shortest lattice vector algorithm. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 170–186. Springer, Heidelberg (2007)
Chapter Google Scholar
Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 513–534 (1982)
Google Scholar
Li, J., Nguyen, P.: Approximating the densest sublattice from rankin’s inequality. LMS J. Comput. Math. [electronic only], 17, 08 (2014)
Google Scholar
Li, J., Nguyen, P.Q.: A complete analysis of the bkz lattice reduction algorithm. Cryptology ePrint Archive, Report 2020/1237 (2020). https://eprint.iacr.org/2020/1237
Lovász, L.: An algorithmic theory of numbers, graphs and convexity, vol. 50. CBMS. SIAM (1986)
Google Scholar
Micciancio, D., Walter, M.: Practical, predictable lattice basis reduction. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 820–849. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_31
Chapter Google Scholar
Neumaier, A.: Bounding basis reduction properties. Des. Codes Cryptogr., 84(1-2), 237–259 (2017)
Google Scholar
Pataki, G., Tural, M.: Unifying lll inequalities (2009)
Google Scholar
Schnorr, C.-P.: A hierarchy of polynomial time lattice basis reduction algorithms. Theoret. Comput. Sci. 53(2–3), 201–224 (1987)
Article MathSciNet Google Scholar
Schnorr, C.-P., Euchner, M.: Lattice basis reduction: Improved practical algorithms and solving subset sum problems. Mathematical Programm. 66(1–3), 181–199, August 1994. Preliminary version in FCT 1991
Google Scholar
Walter, M.: Lattice point enumeration on block reduced bases. In: Lehmann, A., Wolf, S. (eds.) ICITS 2015. LNCS, vol. 9063, pp. 269–282. Springer, Cham (2015). https://doi.org/10.1007/978-3-319-17470-9_16
Chapter Google Scholar

Download references

Acknowledgment

This work was initiated in discussions with Léo Ducas, when the author was visiting the Simons Institute for the Theory of Computation during the program “Lattices: Algorithms, Complexity, and Cryptography”. We thank Thomas Espitau for pointing out a bug in a proof in an earlier version of this manuscript.

Author information

Authors and Affiliations

IST Austria, Klosterneuburg, Austria
Michael Walter

Authors

Michael Walter
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Walter .

Editor information

Editors and Affiliations

Texas A&M University, College Station, TX, USA
Juan A. Garay

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Walter, M. (2021). The Convergence of Slide-Type Reductions. In: Garay, J.A. (eds) Public-Key Cryptography – PKC 2021. PKC 2021. Lecture Notes in Computer Science(), vol 12710. Springer, Cham. https://doi.org/10.1007/978-3-030-75245-3_3

Download citation

DOI: https://doi.org/10.1007/978-3-030-75245-3_3
Published: 01 May 2021
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-75244-6
Online ISBN: 978-3-030-75245-3
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Societies and partnerships

the International Association for Cryptologic Research (opens in a new tab)