Skip to main content
SpringerLink
Log in

A detailed analysis of primal attack and its variants

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

Primal attack is a typically considered strategy to estimate the hardness of cryptosystem based on learning with errors problem (LWE), it reduces the LWE problem to the unique-SVP by embedding technique and then employs lattice reduction such as BKZ to find the shortest vector. The main reason for the popularity of primal attack is its conservative estimation, in general, the complexity of primal attack is estimated by the hardness of core-SVP as \({\cal T} = {2^{0.292b}}\). In this work, we first revisit primal attack and give supplemental proof of the scaling factor in Bai-Galbraith embedding, whose value was given according to the experimental results. Then we refine primal attack in two special cases and analyze the variants in detail. One is that, for sparse secret LWE (or sparse secret-error LWE), primal attack with dropping makes a trade-off between guessing zero components and solving dimension-reduced problems to improve the complexity. The other is that, when \({{\cal T}_{{\rm{BKZ}}}}(b) = {\rm{poly}}(d) \cdot {{\cal T}_{{\rm{Sieve}}}}(b)\) holds in practice, primal attack with preprocessing reduces the time complexity by a factor of 26−210 through dividing primal attack into three steps and considering them independently.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Regev O. On lattices, learning with errors, random linear codes, and cryptography. J ACM, 2009, 56: 1–40

    Article  MathSciNet  Google Scholar 

  2. Alkim E, Ducas L, Pöppelmann T, et al. Post-quantum key exchange — a new hope. In: Proceedings of the 25th USENIX Security Symposium, Austin, 2016. 327–343

  3. Bos J W, Costello C, Ducas L, et al. Frodo: take off the ring! practical, quantum-secure key exchange from LWE. In: Proceedings of ACM SIGSAC Conference on Computer and Communications Security, Vienna, 2016. 1006–1018

  4. Brakerski Z, Vaikuntanathan V. Efficient fully homomorphic encryption from standard LWE. SIAM J Comput, 2014, 42: 831–871

    Article  MathSciNet  Google Scholar 

  5. Lyubashevsky V. Lattice signatures without trapdoors. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2012. 738–755

  6. Garg S, Gentry C, Halevi S. Candidate multilinear maps from ideal lattices. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2013

  7. Albrecht M R. On dual lattice attacks against small-secret LWE and parameter choices in helib and SEAL. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2017. 103–129

  8. Wunderer T. A detailed analysis of the hybrid lattice-reduction and meet-in-the-middle attack. J Math Cryptol, 2019, 13: 1–26

    Article  MathSciNet  Google Scholar 

  9. Guo Q, Johansson T, Martensson E, et al. Coded-BKW with sieving. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security, 2017. 323–346

  10. Bai S, Galbraith S D, Li L Z, et al. Improved combinatorial algorithms for the inhomogeneous short integer solution problem. J Cryptol, 2019, 32: 35–83

    Article  MathSciNet  Google Scholar 

  11. Albrecht M R, Cid C, Faugére J C, et al. Algebraic algorithms for LWE problems. ACM Commun Comput Algebra, 2015, 49: 62

    Article  Google Scholar 

  12. Albrecht M R, Fitzpatrick R, Göpfert F. On the efficacy of solving LWE by reduction to unique-svp. In: Proceedings of International Conference on Information Security and Cryptology, 2013. 293–310

  13. Bai S, Galbraith S D. Lattice decoding attacks on binary LWE. In: Proceedings of Australasian Conference on Information Security and Privacy, 2014. 322–337

  14. Albrecht M R, Göpfert F, Virdia F, et al. Revisiting the expected cost of solving usvp and applications to LWE. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security, 2017. 297–322

  15. Albrecht M R, Curtis B R, Wunderer T. Exploring trade-offs in batch bounded distance decoding. In: Proceedings of International Conference on Selected Areas in Cryptography, 2019. 467–491

  16. Albrecht M R, Player R, Scott S. On the concrete hardness of learning with errors. J Math Cryptol, 2015, 9: 169–203

    Article  MathSciNet  Google Scholar 

  17. Gama N, Nguyen P Q. Predicting lattice reduction. In: Proceedings of Annual International Conference on the Theory and Applications of Cryptographic Techniques, 2008. 31–51

  18. Chen Y M. Réduction de réseau et sécurité concrete du chiffrement completement homomorphe. Dissertation for Ph.D. Degree. Paris: École Normale Supérieure, 2013

  19. Hanrot G, Pujol X, Stehlé D. Analyzing blockwise lattice algorithms using dynamical systems. In: Proceedings of Annual Cryptology Conference, 2011. 447–464

  20. Kannan R. Minkowski’s convex body theorem and integer programming. Math Oper Res, 1987, 12: 415–440

    Article  MathSciNet  Google Scholar 

  21. Chen Y M, Nguyen P Q. BKZ 2.0: better lattice security estimates. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security, 2011

Download references

Acknowledgements

This work was supported by National Key Research and Development Program of China (Grant Nos. 2017YFA0303903, 2018YFA0704701), Major Program of Guangdong Basic and Applied Research (Grant No. 2019B030302008), and Major Scientific and Technological Innovation Project of Shandong Province (Grant No. 2019JZZY010133).

Author information

Authors and Affiliations

  1. Institute for Advanced Study, Tsinghua University, Beijing, 100084, China

    Xue Zhang, Zhongxiang Zheng & Xiaoyun Wang

  2. Key Laboratory of Cryptologic Technology and Information Security, Ministry of Education, Shandong University, Jinan, 250100, China

    Xiaoyun Wang

Authors
  1. Xue Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Zhongxiang Zheng
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Xiaoyun Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Zhongxiang Zheng or Xiaoyun Wang.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Zhang, X., Zheng, Z. & Wang, X. A detailed analysis of primal attack and its variants. Sci. China Inf. Sci. 65, 132301 (2022). https://doi.org/10.1007/s11432-020-2958-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11432-020-2958-9

Keywords

Search

Navigation