Skip to main content

Classical and Quantum 3 and 4-Sieves to Solve SVP with Low Memory

  • Conference paper
  • First Online:
Post-Quantum Cryptography (PQCrypto 2023)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 14154))

Included in the following conference series:

  • 1011 Accesses

Abstract

The Shortest Vector Problem (SVP) is at the foundation of lattice-based cryptography. The fastest known method to solve SVP in dimension d is by lattice sieving, which runs in time \(2^{td+o(d)}\) with \(2^{md+o(d)}\) memory for constants \(t,m \in \varTheta (1)\). Searching reduced vectors in the sieve is a problem reduced to the configuration problem, i.e. searching k vectors satisfying given constraints on their pairwise scalar products.

In this work, we present a framework for k-sieve algorithms: we filter the input list of lattice vectors using a code structure modified from [Bec+16] to get lists centred around k codewords summing to the null-vector. Then, we solve a simpler instance of the configuration problem in the k filtered lists. Based on this framework, we describe classical sieves for \(k=3\) and 4 that introduce new time-memory trade-offs. We also use the k-Lists algorithm [Kir+19] inside our framework, and this improves the time for \(k=3\) and gives new trade-offs for \(k=4\).

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Similar content being viewed by others

Notes

  1. 1.

    See https://www.latticechallenge.org/svp-challenge/.

  2. 2.

    This simplification was already done in  [Kir+19]. At no point do we use the fact that we do not have the first register, this is just for simplicity of notations.

References

  1. Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: Proceedings of the 2016 Annual ACM-SIAM Symposium on Discrete Algorithms (2016)

    Google Scholar 

  2. Bai, S., Laarhoven, T., Stehlé, D.: Tuple lattice sieving. LMS J. Comput. Math. 19, 146–162 (2016)

    Article  MathSciNet  MATH  Google Scholar 

  3. Bonnetain, X., Chailloux, A., Schrottenloher, A., Shen, Y.: Finding many collisions via reusable quantum walks (2022)

    Google Scholar 

  4. Bos, J., et al.:. CRYSTALS-Kyber: a CCA-secure module-lattice-based KEM. IEEE (2018)

    Google Scholar 

  5. Brassard, G., Hoeyer, P., Mosca, M., Tapp, A.: Quantum amplitude amplification and estimation. In: Quantum Computation and Quantum Information: A Millennium, vol. 305, pp. 53–74 (2002)

    Google Scholar 

  6. Chailloux, A., Loyer, J.: Lattice sieving via quantum random walks. In: Tibouchi, M., Wang, H. (eds.) ASIACRYPT 2021. LNCS, vol. 13093, pp. 63–91. Springer, Cham (2021). https://doi.org/10.1007/978-3-030-92068-5_3

    Chapter  Google Scholar 

  7. Ducas, L.: Crystals-dilithium, algorithm specifications and supporting documentation. NIST (2019)

    Google Scholar 

  8. Fincke, U., Pohst, M.: Improved methods for calculating vectors of short length in a lattice. Math. Comput. 44(170), 463–471 (1985)

    Article  MATH  Google Scholar 

  9. Grover, L.: A fast quantum mechanical algorithm for database search. In: Proceedings of the 28th Annual ACM Symposium on the Theory of Computing STOC, pp. 212–219 (1996)

    Google Scholar 

  10. Heiser, M.: Improved quantum hypercone locality sensitive filtering in lattice sieving. preprint (2021)

    Google Scholar 

  11. Herold, G., Kirshanova, E.: Improved algorithms for the approximate k-list problem in Euclidean norm. In: Fehr, S. (ed.) PKC 2017. LNCS, vol. 10174, pp. 16–40. Springer, Heidelberg (2017). https://doi.org/10.1007/978-3-662-54365-8_2

    Chapter  Google Scholar 

  12. Herold, G., Kirshanova, E., Laarhoven, T.: Speed-ups and time–memory trade-offs for tuple lattice sieving. In: Abdalla, M., Dahab, R. (eds.) PKC 2018. LNCS, vol. 10769, pp. 407–436. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76578-5_14

    Chapter  Google Scholar 

  13. Kannan, R.: Improved algorithms for integer programming and related lattice problems. In: Proceedings of the 15th Symposium on the Theory of Computing (STOC), ACM Press, pp. 99–108 (1983)

    Google Scholar 

  14. Kirshanova, E., Mårtensson, E., Postlethwaite, E.W., Moulik, S.R.: Quantum algorithms for the approximate k-list problem and their application to lattice sieving. In: Galbraith, S.D., Moriai, S. (eds.) ASIACRYPT 2019. LNCS, vol. 11921, pp. 521–551. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-34578-5_19

    Chapter  Google Scholar 

  15. Klein, P.: Finding the closest lattice vector when it’s unusually close. SODA, pp. 937–941 (2000)

    Google Scholar 

  16. Laarhoven, T.: Search problems in cryptography, from fingerprinting to lattice sieving (2016)

    Google Scholar 

  17. Micciancio, D., Voulgaris, P.: Faster exponential time algorithms for the shortest vector problem. SODA, pp. 1468–1480 (2010)

    Google Scholar 

  18. Nguyen, P.Q., Vidick, T.: Sieve algorithms for the shortest vector problem are practical. J. Math. Crypt. 2, 181–207 (2008)

    MathSciNet  MATH  Google Scholar 

  19. Pohst, M.E.: On the computation of lattice vectors of minimal length, successive minima and reduced bases with applications. ACM SIGSAM Bull. 15(1), 37–44 (1981)

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to André Chailloux or Johanna Loyer .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and permissions

Copyright information

© 2023 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Chailloux, A., Loyer, J. (2023). Classical and Quantum 3 and 4-Sieves to Solve SVP with Low Memory. In: Johansson, T., Smith-Tone, D. (eds) Post-Quantum Cryptography. PQCrypto 2023. Lecture Notes in Computer Science, vol 14154. Springer, Cham. https://doi.org/10.1007/978-3-031-40003-2_9

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-40003-2_9

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-40002-5

  • Online ISBN: 978-3-031-40003-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics