Abstract
We propose a new lattice reduction method. Our algorithm approximates shortest lattice vectors up to a factor ≤ (k/6)n/2k and makes use of Grover’s quantum search algorithm. The proposed method has the expected running time O(n 3(k/6)k/8 A + n 4 A). That is about the square root of the running time O(n 3(k/6)k/4 A + n 4 A) of Schnorr’s recent random sampling reduction which in turn improved the running time to the fourth root of previously known algorithms. Our result demonstrates that the availability of quantum computers will affect not only the security of cryptosystems based on integer factorization or discrete logarithms, but also of lattice based cryptosystems. Rough estimates based on our asymptotic improvements and experiments reported in [1] suggest that the NTRU security parameter needed to be increased from 503 to 1277 if sufficiently large quantum computer were available nowadays.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)
Shor, P.W.: Polynomial-time algorithms for prime factorization and discrete logarithms on a quantum computer. SIAM J. Comput. 26, 1484–1509 (1997)
Hallgren, S.: Polynomial-time quantum algorithm for Pell’s equation and the principal ideal problem. In: Proceedings of the Thirty-Fourth Annual ACM Symposium on Theory of Computing, ACM Press, New York (2002)
Emde Boas, P. v.: Another NP-complete partition problem and the complexity of computing short vectors in a lattice. Technical Report 81-04, University of Amsterdam, Department of Mathematics, Netherlands (1981)
Ajtai, M.: The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract). In: Proceedings of the Thirtieth Annual ACM Symposium on Theory of Computing, pp. 10–19. ACM Press, New York (1998)
Micciancio, D.: The shortest vector in a lattice is hard to approximate to within some constant. In: IEEE Symposium on Foundations of Computer Science, pp. 92–98 (1998)
Goldreich, O., Goldwasser, S., Halevi, S.: Public-key cryptosystems from lattice reduction problems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 112–131. Springer, Heidelberg (1997)
Micciancio, D.: Improving lattice based cryptosystems using the Hermite normal form. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 126–145. Springer, Heidelberg (2001)
Regev, O.: Quantum computations and lattice problems. In: The 43rd Annual IEEE Symposium on Foundations of Computer Science (FOCS 2002), pp. 520–529. IEEE, Los Alamitos (2002)
Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Research 12, 415–440 (1987)
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515–534 (1982)
Schnorr, C.P.: A hierachy of polynomial lattice basis reduction algorithms. Theoretical Computer Science 53, 201–224 (1987)
Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 146–156. Springer, Heidelberg (2003)
Schnorr, C.P., Euchner, M.: Lattice basis reduction: Improved practical algorithms and solving subset sum problems. Math. Programming 66, 181–199 (1994)
Lenstra, A.K., Verheul, E.R.: Selecting cryptographic key sizes. J. Cryptology 14, 255–293 (2001)
Nielsen, M.A., Chuang, I.L.: Quantum Computation and Quantum Information. Cambridge University Press, Cambridge (2000)
Grover, L.K.: A fast quantum mechanical algorithm for database search. In: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing (STOC), pp. 212–219. ACM Press, New York (1996)
Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight bounds on quantum searching. arXiv e-print quant-ph/9605034 (1996)
Consortium for Efficient Embedded Security: EESS #1: Implementation aspects of NTRUEncrypt and NTRUSign. Version 1.0 (2002), http://www.ceesstandards.org/documents/EESS1_11122002_v2.pdf
Silverman, J.: Estimated breaking times for NTRU lattices. Technical Report 12, NTRU Cryptosystems, Inc. (1999)
Shoup, V.: NTL – a library for doing number theory. URL Release 5.2 (2001), http://www.shoup.net/ntl/index.html
Brassard, G., Høyer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. In: Lucchesi, C., Moura, A. (eds.) LATIN 1998. LNCS, vol. 1380, p. 163. Springer, Heidelberg (1998)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Ludwig, C. (2003). A Faster Lattice Reduction Method Using Quantum Search. In: Ibaraki, T., Katoh, N., Ono, H. (eds) Algorithms and Computation. ISAAC 2003. Lecture Notes in Computer Science, vol 2906. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-24587-2_22
Download citation
DOI: https://doi.org/10.1007/978-3-540-24587-2_22
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-20695-8
Online ISBN: 978-3-540-24587-2
eBook Packages: Springer Book Archive