Solving low-density subset sum problems
Journal of the ACM (JACM)
A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
Lattice basis reduction: improved practical algorithms and solving subset sum problems
Mathematical Programming: Series A and B
Generating hard instances of lattice problems (extended abstract)
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
A public-key cryptosystem with worst-case/average-case equivalence
STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
Finding the closest lattice vector when it's unusually close
SODA '00 Proceedings of the eleventh annual ACM-SIAM symposium on Discrete algorithms
A sieve algorithm for the shortest lattice vector problem
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Lattice Attacks on Digital Signature Schemes
Designs, Codes and Cryptography
Complexity of Lattice Problems
Complexity of Lattice Problems
Public-Key Cryptosystems from Lattice Reduction Problems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Improved algorithms for integer programming and related lattice problems
STOC '83 Proceedings of the fifteenth annual ACM symposium on Theory of computing
New lattice-based cryptographic constructions
Journal of the ACM (JACM)
On lattices, learning with errors, random linear codes, and cryptography
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Worst-Case to Average-Case Reductions Based on Gaussian Measures
SIAM Journal on Computing
Lossy trapdoor functions and their applications
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Trapdoors for hard lattices and new cryptographic constructions
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Finding short lattice vectors within mordell's inequality
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Attacking the Chor-Rivest cryptosystem by improved lattice reduction
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of RSA with private key d less than N0:292
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
Cryptanalysis of the Paeng-Jung-Ha cryptosystem from PKC 2003
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Adapting density attacks to low-weight knapsacks
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Rankin's constant and blockwise lattice reduction
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Symplectic lattice reduction and NTRU
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Finding short lattice vectors within mordell's inequality
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Explicit Hard Instances of the Shortest Vector Problem
PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Rigorous and Efficient Short Lattice Vectors Enumeration
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Public-key cryptosystems from the worst-case shortest vector problem: extended abstract
Proceedings of the forty-first annual ACM symposium on Theory of computing
Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Broadcast Attacks against Lattice-Based Cryptosystems
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Known---Plaintext---Only Attack on RSA---CRT with Montgomery Multiplication
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Fiat-Shamir with Aborts: Applications to Lattice and Factoring-Based Signatures
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
INDOCRYPT '09 Proceedings of the 10th International Conference on Cryptology in India: Progress in Cryptology
Faster exponential time algorithms for the shortest vector problem
SODA '10 Proceedings of the twenty-first annual ACM-SIAM symposium on Discrete Algorithms
Lattice basis delegation in fixed dimension and shorter-ciphertext hierarchical IBE
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Parallel enumeration of shortest lattice vectors
Euro-Par'10 Proceedings of the 16th international Euro-Par conference on Parallel processing: Part II
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Shrinking the keys of discrete-log-type lossy trapdoor functions
ACNS'10 Proceedings of the 8th international conference on Applied cryptography and network security
An improvement of key generation algorithm for Gentry's homomorphic encryption scheme
IWSEC'10 Proceedings of the 5th international conference on Advances in information and computer security
Improved zero-knowledge identification with lattices
ProvSec'10 Proceedings of the 4th international conference on Provable security
Interpreting hash function security proofs
ProvSec'10 Proceedings of the 4th international conference on Provable security
Better key sizes (and attacks) for LWE-based encryption
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Analysis of gauss-sieve for solving the shortest vector problem in lattices
WALCOM'11 Proceedings of the 5th international conference on WALCOM: algorithms and computation
NTRU-like public key cryptosystems beyond dedekind domain up to alternative algebra
Transactions on computational science X
Lattice reduction algorithms: theory and practice
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Implementing Gentry's fully-homomorphic encryption scheme
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Algorithms for the shortest and closest lattice vector problems
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
Analyzing blockwise lattice algorithms using dynamical systems
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Random sampling for short lattice vectors on graphics cards
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Extreme enumeration on GPU and in clouds: how many dollars you need to break SVP challenges
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Can homomorphic encryption be practical?
Proceedings of the 3rd ACM workshop on Cloud computing security workshop
Proceedings of the 3rd Innovations in Theoretical Computer Science Conference
Modelling the LLL algorithm by sandpiles
LATIN'10 Proceedings of the 9th Latin American conference on Theoretical Informatics
Implicit factoring with shared most significant and middle bits
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Lattice mixing and vanishing trapdoors: a framework for fully secure short signatures and more
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Lattice enumeration using extreme pruning
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Parallel shortest lattice vector enumeration on graphics cards
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
BKZ 2.0: better lattice security estimates
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
Trapdoors for lattices: simpler, tighter, faster, smaller
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Lattice signatures without trapdoors
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
A non-associative lattice-based public key cryptosystem
Security and Communication Networks
Efficient multiplication over extension fields
WAIFI'12 Proceedings of the 4th international conference on Arithmetic of Finite Fields
On the optimality of lattices for the coppersmith technique
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
Towards efficient arithmetic for lattice-based cryptography on reconfigurable hardware
LATINCRYPT'12 Proceedings of the 2nd international conference on Cryptology and Information Security in Latin America
Practical lattice-based cryptography: a signature scheme for embedded systems
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Ring switching in BGV-Style homomorphic encryption
SCN'12 Proceedings of the 8th international conference on Security and Cryptography for Networks
Solving BDD by enumeration: an update
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
A note on BDD problems with λ2 -gap
Information Processing Letters
Field switching in BGV-style homomorphic encryption
Journal of Computer Security - Advances in Security for Communication Networks
| Hi-index | 0.00 |
Despite their popularity, lattice reduction algorithms remain mysterious cryptanalytical tools. Though it has been widely reported that they behave better than their proved worst-case theoretical bounds, no precise assessment has ever been given. Such an assessment would be very helpful to predict the behaviour of lattice-based attacks, as well as to select keysizes for lattice-based cryptosystems. The goal of this paper is to provide such an assessment, based on extensive experiments performed with the NTL library. The experiments suggest several conjectures on the worst case and the actual behaviour of lattice reduction algorithms. We believe the assessment might also help to design new reduction algorithms overcoming the limitations of current algorithms.