Accelerating lattice reduction with FPGAs

Authors:
Jérémie Detrey;Guillaume Hanrot;Xavier Pujol;Damien Stehlé
Affiliations:
LORIA, INRIA, CNRS, Nancy Université, Vandoeuvre-lès-Nancy Cedex, France;ÉNS Lyon, Université de Lyon, Laboratoire LIP, CNRS-ENSL-INRIA-UCBL, Lyon Cedex 07, France;ÉNS Lyon, Université de Lyon, Laboratoire LIP, CNRS-ENSL-INRIA-UCBL, Lyon Cedex 07, France;CNRS, Macquarie University and University of Sydney, Dpt. of Mathematics and Statistics, University of Sydney, NSW, Australia
Venue:
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
Year:
2010

Citing 34
Cited 6

A hierarchy of polynomial time lattice basis reduction algorithms

Theoretical Computer Science
Lattice basis reduction: improved practical algorithms and solving subset sum problems

Mathematical Programming: Series A and B
A public-key cryptosystem with worst-case/average-case equivalence

STOC '97 Proceedings of the twenty-ninth annual ACM symposium on Theory of computing
The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract)

STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
A sieve algorithm for the shortest lattice vector problem

STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
A procedure for determining algebraic integers of given norm

EUROCAL '83 Proceedings of the European Computer Algebra Conference on Computer Algebra
Public-Key Cryptosystems from Lattice Reduction Problems

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of the Ajtai-Dwork Cryptosystem

CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem

ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
The Two Faces of Lattices in Cryptology

CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Improved algorithms for integer programming and related lattice problems

STOC '83 Proceedings of the fifteenth annual ACM symposium on Theory of computing
On lattices, learning with errors, random linear codes, and cryptography

Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
Trapdoors for hard lattices and new cryptographic constructions

STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Finding short lattice vectors within mordell's inequality

STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Rigorous and Efficient Short Lattice Vectors Enumeration

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Fully homomorphic encryption using ideal lattices

Proceedings of the forty-first annual ACM symposium on Theory of computing
Public-key cryptosystems from the worst-case shortest vector problem: extended abstract

Proceedings of the forty-first annual ACM symposium on Theory of computing
Efficient Public Key Encryption Based on Ideal Lattices

ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
The LLL Algorithm: Survey and Applications

The LLL Algorithm: Survey and Applications
Attacking the Chor-Rivest cryptosystem by improved lattice reduction

EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
A hybrid lattice-reduction and meet-in-the-middle attack against NTRU

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Improved analysis of Kannan's shortest lattice vector algorithm

CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
A deterministic single exponential time algorithm for most lattice problems based on voronoi cell computations

Proceedings of the forty-second ACM symposium on Theory of computing
Faster exponential time algorithms for the shortest vector problem

SODA '10 Proceedings of the twenty-first annual ACM-SIAM symposium on Discrete Algorithms
LLL on the average

ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
Floating-Point LLL revisited

EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Fully homomorphic encryption with relatively small key and ciphertext sizes

PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Fully homomorphic encryption over the integers

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Lattice enumeration using extreme pruning

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Bonsai trees, or how to delegate a lattice basis

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Efficient lattice (H)IBE in the standard model

EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Parallel shortest lattice vector enumeration on graphics cards

AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
A universal lattice code decoder for fading channels

IEEE Transactions on Information Theory
Soft-output sphere decoding: algorithms and VLSI implementation

IEEE Journal on Selected Areas in Communications

Analysis of gauss-sieve for solving the shortest vector problem in lattices

WALCOM'11 Proceedings of the 5th international conference on WALCOM: algorithms and computation
Algorithms for the shortest and closest lattice vector problems

IWCC'11 Proceedings of the Third international conference on Coding and cryptology
A parallel implementation of GaussSieve for the shortest vector problem in lattices

PaCT'11 Proceedings of the 11th international conference on Parallel computing technologies
Random sampling for short lattice vectors on graphics cards

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Extreme enumeration on GPU and in clouds: how many dollars you need to break SVP challenges

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Full lattice basis reduction on graphics cards

WEWoRC'11 Proceedings of the 4th Western European conference on Research in Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

We describe an FPGA accelerator for the Kannan-Fincke-Pohst enumeration algorithm (KFP) solving the Shortest Lattice Vector Problem (SVP). This is the first FPGA implementation of KFP specifically targeting cryptographically relevant dimensions. In order to optimize this implementation, we theoretically and experimentally study several facets of KFP, including its efficient parallelization and its underlying arithmetic. Our FPGA accelerator can be used for both solving stand-alone instances of SVP (within a hybrid CPU-FPGA compound) or myriads of smaller dimensional SVP instances arising in a BKZ-type algorithm. For devices of comparable costs, our FPGA implementation is faster than a multi-core CPU implementation by a factor around 2.12.