Skip to main content
SpringerLink
Log in

Practical Improvements on BKZ Algorithm

  • Conference paper
  • First Online:
Cyber Security, Cryptology, and Machine Learning (CSCML 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 13914))

Abstract

Lattice problems such as NTRU and LWE problems are widely used as the security base of post-quantum cryptosystems. And currently, lattice reduction by BKZ algorithm is the most efficient way to solve them. In this paper, we give four further improvements on BKZ algorithm, which can be used for SVP subroutines based on enumeration and sieving. These improvements in combination provide a speed-up of \(2^\text {3-4}\) in total. So all the lattice-based NIST PQC candidates lose 3–4 bits of security in concrete attacks. Using these new techniques, we solved the 656 and 700 dimensional ideal lattice challenges in 380 and 1787 thread hours, respectively. The cost of the first one (also used an enumeration-based SVP subroutine) is much less than the previous records (4600 thread hours). One can still simulate the improved BKZ algorithm to find the blocksize strategy that makes \(\textrm{Pot}\) of the basis (defined in Sect. 4.2) decrease as fast as possible, which means the length of the first basis vector decrease the fastest if we accept the GSA assumption. It is useful for analyzing concrete attacks on lattice-based cryptography.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 79.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 99.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Albrecht, M.R., Ducas, L., Herold, G., Kirshanova, E., Postlethwaite, E.W., Stevens, M.: The general Sieve Kernel and new records in lattice reduction. In: Ishai, Y., Rijmen, V. (eds.) EUROCRYPT 2019. LNCS, vol. 11477, pp. 717–746. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-17656-3_25

    Chapter  MATH  Google Scholar 

  2. Aono, Y., Wang, Y., Hayashi, T., Takagi, T.: Improved progressive BKZ algorithms and their precise cost estimation by sharp simulator. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 789–819. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-49890-3_30

    Chapter  Google Scholar 

  3. Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Proceedings of the Twenty-Seventh Annual ACM-SIAM Symposium on Discrete Algorithms, pp. 10–24. SODA 2016 (2016). https://doi.org/10.1137/1.9781611974331.ch2

  4. Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_1

    Chapter  Google Scholar 

  5. Coppersmith, D., Shamir, A.: Lattice attacks on NTRU. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 52–61. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_5

    Chapter  Google Scholar 

  6. Fincke, U., Pohst, M.E.: Improved methods for calculating vectors of short length in a lattice. Math. Comput. 44, 463–471 (1985). https://doi.org/10.1090/S0025-5718-1985-0777278-8

    Article  MATH  Google Scholar 

  7. Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257–278. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-13190-5_13

    Chapter  Google Scholar 

  8. Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008). https://doi.org/10.1007/978-3-540-78967-3_3

    Chapter  Google Scholar 

  9. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the Fortieth Annual ACM Symposium on Theory of Computing. STOC 2008, Association for Computing Machinery (2008). https://doi.org/10.1145/1374376.1374407

  10. Hanrot, G., Pujol, X., Stehlé, D.: Algorithms for the shortest and closest lattice vector problems. In: Chee, Y.M., et al. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 159–190. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-20901-7_10

    Chapter  MATH  Google Scholar 

  11. Hanrot, G., Pujol, X., Stehlé, D.: Analyzing blockwise lattice algorithms using dynamical systems. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 447–464. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-22792-9_25

    Chapter  Google Scholar 

  12. Haque, M.M., Rahman, M.O.: Analyzing progressive-BKZ lattice reduction algorithm. Int. J. Comput. Netw. Inf. Secur. 11, 40–46 (2019)

    Google Scholar 

  13. Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: a ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998). https://doi.org/10.1007/BFb0054868

    Chapter  Google Scholar 

  14. Kannan, R.: Improved algorithms for integer programming and related lattice problems. Proceedings of the Fifteenth Annual ACM Symposium on Theory of Computing (1983). https://doi.org/10.1145/800061.808749

  15. Lenstra, A.K., Lenstra, H.W., Lovász, L.M.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515–534 (1982)

    Article  MathSciNet  MATH  Google Scholar 

  16. Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-19074-2_21

    Chapter  Google Scholar 

  17. Micciancio, D., Regev, O.: Lattice-based Cryptography. In: In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147–191. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-540-88702-7_5

  18. Micciancio, D., Voulgaris, P.: A deterministic single exponential time algorithm for most lattice problems based on voronoi cell computations. Electron. Colloquium Comput. Complex. 17, 14 (2010). https://doi.org/10.1145/1806689.1806739

  19. Nguyen, P.: Cryptanalysis of the Goldreich-Goldwasser-Halevi cryptosystem from crypto 1997. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 288–304. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48405-1_18

    Chapter  Google Scholar 

  20. Vaudenay, S. (ed.): EUROCRYPT 2006. LNCS, vol. 4004. Springer, Heidelberg (2006). https://doi.org/10.1007/11761679

  21. Nguyen, P.Q., Valle, B.: The LLL Algorithm - Survey and Applications. In: Information Security and Cryptography. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-02295-1

  22. Nguyen, P.Q., Vidick, T.: Sieve algorithms for the shortest vector problem are practical. J. Math. Cryptol. 2(2), 181–207 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  23. Plantard, T., Schneider, M.: Creating a challenge for ideal lattices. Cryptology ePrint Archive, Report 2013/039 (2013). https://ia.cr/2013/039

  24. Pohst, M.E.: On the computation of lattice vectors of minimal length, successive minima and reduced bases with applications. SIGSAM Bull. 15, 37–44 (1981). https://doi.org/10.1145/1089242.1089247

    Article  MATH  Google Scholar 

  25. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the Thirty-Seventh Annual ACM Symposium on Theory of Computing. STOC 2005 (2005). https://doi.org/10.1145/1060590.1060603

  26. Schneider, M., Gama, N.: Darmstadt SVP challenges (2010)

    Google Scholar 

  27. Schnorr, C.P., Hörner, H.H.: Attacking the Chor-rivest cryptosystem by improved lattice reduction. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 1–12. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-49264-X_1

    Chapter  Google Scholar 

  28. Schnorr, C.P.: A hierarchy of polynomial time lattice basis reduction algorithms. Theor. Comput. Sci. 53, 201–224 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  29. Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145–156. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36494-3_14

    Chapter  Google Scholar 

  30. Schnorr, C.P.: Accelerated slide- and LLL-reduction. Electron. Colloquium Comput. Complex. TR11 (2011)

    Google Scholar 

  31. Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994)

    Article  MathSciNet  MATH  Google Scholar 

  32. Yamaguchi, J., Yasuda, M.: Explicit formula for Gram-Schmidt vectors in LLL with deep insertions and its applications. In: Kaczorowski, J., Pieprzyk, J., Pomykała, J. (eds.) NuTMiC 2017. LNCS, vol. 10737, pp. 142–160. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76620-1_9

    Chapter  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Yau Mathematical Center, Tsinghua University, Beijing, China

    Ziyu Zhao & Jintai Ding

Authors
  1. Ziyu Zhao
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jintai Ding
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Ziyu Zhao or Jintai Ding .

Editor information

Editors and Affiliations

  1. Ben-Gurion University of the Negev, Be’er Sheva, Israel

    Shlomi Dolev

  2. Ben-Gurion University of the Negev, Be’er Sheva, Israel

    Ehud Gudes

  3. Zama, Meythet, France

    Pascal Paillier

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Zhao, Z., Ding, J. (2023). Practical Improvements on BKZ Algorithm. In: Dolev, S., Gudes, E., Paillier, P. (eds) Cyber Security, Cryptology, and Machine Learning. CSCML 2023. Lecture Notes in Computer Science, vol 13914. Springer, Cham. https://doi.org/10.1007/978-3-031-34671-2_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-34671-2_19

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-34670-5

  • Online ISBN: 978-3-031-34671-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation