A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
Fast reduction and composition of binary quadratic forms
ISSAC '91 Proceedings of the 1991 international symposium on Symbolic and algebraic computation
Lattice basis reduction: improved practical algorithms and solving subset sum problems
Mathematical Programming: Series A and B
Generating hard instances of lattice problems (extended abstract)
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
A sieve algorithm for the shortest lattice vector problem
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Worst-Case Complexity of the Optimal LLL Algorithm
LATIN '00 Proceedings of the 4th Latin American Symposium on Theoretical Informatics
Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems
FCT '91 Proceedings of the 8th International Symposium on Fundamentals of Computation Theory
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Improved algorithms for integer programming and related lattice problems
STOC '83 Proceedings of the fifteenth annual ACM symposium on Theory of computing
Tensor-based hardness of the shortest vector problem to within almost polynomial factors
Proceedings of the thirty-ninth annual ACM symposium on Theory of computing
Finding short lattice vectors within mordell's inequality
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Fast unimodular reduction: planar integer lattices
SFCS '92 Proceedings of the 33rd Annual Symposium on Foundations of Computer Science
Rigorous and Efficient Short Lattice Vectors Enumeration
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
An LLL Algorithm with Quadratic Complexity
SIAM Journal on Computing
The LLL Algorithm: Survey and Applications
The LLL Algorithm: Survey and Applications
Attacking the Chor-Rivest cryptosystem by improved lattice reduction
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Improved analysis of Kannan's shortest lattice vector algorithm
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Proceedings of the forty-second ACM symposium on Theory of computing
The Learning with Errors Problem (Invited Survey)
CCC '10 Proceedings of the 2010 IEEE 25th Annual Conference on Computational Complexity
Faster exponential time algorithms for the shortest vector problem
SODA '10 Proceedings of the twenty-first annual ACM-SIAM symposium on Discrete Algorithms
An LLL-reduction algorithm with quasi-linear time complexity: extended abstract
Proceedings of the forty-third annual ACM symposium on Theory of computing
ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
Modelling the LLL algorithm by sandpiles
LATIN'10 Proceedings of the 9th Latin American conference on Theoretical Informatics
Rankin's constant and blockwise lattice reduction
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
BKZ 2.0: better lattice security estimates
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
Strong lattice reduction is the key element for most attacks against lattice-based cryptosystems. Between the strongest but impractical HKZ reduction and the weak but fast LLL reduction, there have been several attempts to find efficient trade-offs. Among them, the BKZ algorithm introduced by Schnorr and Euchner [FCT'91] seems to achieve the best time/quality compromise in practice. However, no reasonable complexity upper bound is known for BKZ, and Gama and Nguyen [Eurocrypt' 08] observed experimentally that its practical runtime seems to grow exponentially with the lattice dimension. In this work, we show that BKZ can be terminated long before its completion, while still providing bases of excellent quality. More precisely, we show that if given as inputs a basis (bi)i ≤ n ε Qn × n of a lattice L and a block-size β, and if terminated after Ω (n3/β2(log n + log logmaxi ||bi||)) calls to a β-dimensional HKZ-reduction (or SVP) subroutine, then BKZ returns a basis whose first vector has norm ≤ 2vβn-1/2(β-1)+3/2 ċ (det L)1/n, where vβ ≤ β is the maximum of Hermite's constants in dimensions ≤ β. To obtain this result, we develop a completely new elementary technique based on discrete-time affine dynamical systems, which could lead to the design of improved lattice reduction algorithms.