Skip to main content
SpringerLink
Log in
Book cover

Cryptographers’ Track at the RSA Conference

CT-RSA 2017: Topics in Cryptology – CT-RSA 2017 pp 39–57Cite as

Gauss Sieve Algorithm on GPUs

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10159))

Abstract

Lattice-based cryptanalysis is an important field in cryptography since lattice problems are among the most robust assumptions, and have been used to construct most cryptographic primitives. In this research, we focus on the Gauss Sieve algorithm, a heuristic lattice sieving algorithm proposed by Micciancio and Voulgaris. We propose the technique of lifting computations in prime-cyclotomic ideals into that in cyclic ideals. Lifting makes rotations easier to compute and reduces the complexity of inner products from \(O(n^3)\) to \(O(n^2)\). We implemented our Gauss Sieve on GPUs by adapting the framework of Ishiguro et al. in a single GPU, and the one of Bos et al. among multiple GPUs. We found a short vector at dimension 130 in the Darmstadt Ideal SVP Challenge (currently in first place in the Hall of Fame) using 8 GPUs in 824 h using our implementation.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-case equivalence. In: STOC 1997, pp. 284–293. ACM, New York (1997)

    Google Scholar 

  2. Ajtai, M.: The shortest vector problem in \({\rm l}_{\text{2}}\) is np-hard for randomized reductions. In: Electronic Colloquium on Computational Complexity (ECCC), vol. 4, no. 47 (1997)

    Google Scholar 

  3. Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest lattice vector problem. In: STOC 2001, pp. 601–610. ACM, New York (2001)

    Google Scholar 

  4. Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: SODA 2016, pp. 10–24 (2016)

    Google Scholar 

  5. Becker, A., Laarhoven, T.: Efficient (ideal) lattice sieving using cross-polytope LSH. In: Pointcheval, D., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2016. LNCS, vol. 9646, pp. 3–23. Springer, Heidelberg (2016). doi:10.1007/978-3-319-31517-1_1

    Chapter  Google Scholar 

  6. Bos, J.W., Naehrig, M., van de Pol, J.: Sieving for shortest vectors in ideal lattices: a practical perspective. IACR Cryptology ePrint Archive 2014, 880 (2014)

    Google Scholar 

  7. Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). doi:10.1007/978-3-642-25385-0_1

    Chapter  Google Scholar 

  8. Crandall, R.E.: Topics in Advanced Scientific Computation. Springer-Telos, New York (1996)

    Book  MATH  Google Scholar 

  9. CUDA C programming guide 7.5 (2015). http://docs.nvidia.com/cuda/cuda-c-programming-guide/

  10. Fukase, M., Kashiwabara, K.: An accelerated algorithm for solving SVP based on statistical analysis. JIP 23(1), 67–80 (2015)

    Google Scholar 

  11. Gauss Sieve implementation by panagiotis voulgaris. https://cseweb.ucsd.edu/~pvoulgar/impl.html

  12. Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Annual ACM Symposium on Theory of Computing – STOC, pp. 169–178 (2009)

    Google Scholar 

  13. Garg, S., Gentry, C., Halevi, S.: Candidate multilinear maps from ideal lattices. In: Johansson, T., Nguyen, P.Q. (eds.) EUROCRYPT 2013. LNCS, vol. 7881, pp. 1–17. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38348-9_1

    Chapter  Google Scholar 

  14. Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257–278. Springer, Heidelberg (2010). doi:10.1007/978-3-642-13190-5_13

    Chapter  Google Scholar 

  15. Idea Lattice Challenge. http://www.latticechallenge.org/ideallattice-challenge/

  16. Ishiguro, T., Kiyomoto, S., Miyake, Y., Takagi, T.: Parallel Gauss Sieve algorithm: solving the SVP challenge over a 128-dimensional ideal lattice. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 411–428. Springer, Heidelberg (2014). doi:10.1007/978-3-642-54631-0_24

    Chapter  Google Scholar 

  17. Kuo, P.-C., Schneider, M., Dagdelen, Ö., Reichelt, J., Buchmann, J., Cheng, C.-M., Yang, B.-Y.: Extreme enumeration on GPU and in clouds. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 176–191. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23951-9_12

    Chapter  Google Scholar 

  18. Laarhoven, T.: Sieving for shortest vectors in lattices using angular locality-sensitive hashing. In: Gennaro, R., Robshaw, M. (eds.) CRYPTO 2015. LNCS, vol. 9215, pp. 3–22. Springer, Heidelberg (2015). doi:10.1007/978-3-662-47989-6_1

    Chapter  Google Scholar 

  19. SVP Challenge. http://www.latticechallenge.org/svp-challenge/

  20. Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19074-2_21

    Chapter  Google Scholar 

  21. Mariano, A., Bischof, C.H., Laarhoven, T.: Parallel (probable) lock-free hash sieve: a practical sieving algorithm for the SVP. ICPP 2015, 590–599 (2015)

    Google Scholar 

  22. Mariano, A., Dagdelen, Ö., Bischof, C.: A comprehensive empirical comparison of parallel ListSieve and GaussSieve. In: Lopes, L., et al. (eds.) Euro-Par 2014. LNCS, vol. 8805, pp. 48–59. Springer, Heidelberg (2014). doi:10.1007/978-3-319-14325-5_5

    Google Scholar 

  23. Duane (Nvidia Coorporation) Merrill. The CUB Library

    Google Scholar 

  24. Milde, B., Schneider, M.: A parallel implementation of GaussSieve for the shortest vector problem in lattices. In: Malyshkin, V. (ed.) PaCT 2011. LNCS, vol. 6873, pp. 452–458. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23178-0_40

    Chapter  Google Scholar 

  25. Micciancio, D., Voulgaris, P.: Faster exponential time algorithms for the shortest vector problem. In: SODA 2010, pp. 1468–1480 (2010)

    Google Scholar 

  26. Nguyen, P.Q., Vidick, T.: Sieve algorithms for the shortest vector problem are practical. J. Math. Cryptol. 2(2), 181–207 (2008)

    Article  MathSciNet  MATH  Google Scholar 

  27. Schneider, M.: Analysis of Gauss-Sieve for solving the shortest vector problem in lattices. In: Katoh, N., Kumar, A. (eds.) WALCOM 2011. LNCS, vol. 6552, pp. 89–97. Springer, Heidelberg (2011). doi:10.1007/978-3-642-19094-0_11

    Chapter  Google Scholar 

  28. Schneider, M.: Sieving for shortest vectors in ideal lattices. In: Youssef, A., Nitaj, A., Hassanien, A.E. (eds.) AFRICACRYPT 2013. LNCS, vol. 7918, pp. 375–391. Springer, Heidelberg (2013). doi:10.1007/978-3-642-38553-7_22

    Chapter  Google Scholar 

Download references

Acknowledgement

Partially sponsored by MoST projects 105-2923-E-001-003-MY3 and 105-2221-E-001-020-MY3. We would also like to thank Dr. Shinsaku Kiyomoto of KDDI Research for the fruitful discussion.

Author information

Authors and Affiliations

  1. Department of Electrical Engineering, National Taiwan University, Taipei, Taiwan

    Shang-Yi Yang, Po-Chun Kuo & Chen-Mou Cheng

  2. Institute of Information Science, Acamedia Sinica, Taipei, Taiwan

    Bo-Yin Yang

Authors
  1. Shang-Yi Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Po-Chun Kuo
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Bo-Yin Yang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Chen-Mou Cheng
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Po-Chun Kuo .

Editor information

Editors and Affiliations

  1. Cryptography Research Inc. , San Francisco, California, USA

    Helena Handschuh

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Yang, SY., Kuo, PC., Yang, BY., Cheng, CM. (2017). Gauss Sieve Algorithm on GPUs. In: Handschuh, H. (eds) Topics in Cryptology – CT-RSA 2017. CT-RSA 2017. Lecture Notes in Computer Science(), vol 10159. Springer, Cham. https://doi.org/10.1007/978-3-319-52153-4_3

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-52153-4_3

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-52152-7

  • Online ISBN: 978-3-319-52153-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation