A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
Lattice basis reduction: improved practical algorithms and solving subset sum problems
Mathematical Programming: Series A and B
Generating hard instances of lattice problems (extended abstract)
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
A sieve algorithm for the shortest lattice vector problem
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Dimension Reduction Methods for Convolution Modular Lattices
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Improved algorithms for integer programming and related lattice problems
STOC '83 Proceedings of the fifteenth annual ACM symposium on Theory of computing
Finding short lattice vectors within mordell's inequality
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Choosing NTRUEncrypt Parameters in Light of Combined Lattice Reduction and MITM Approaches
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
The LLL Algorithm: Survey and Applications
The LLL Algorithm: Survey and Applications
Attacking the Chor-Rivest cryptosystem by improved lattice reduction
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Improved analysis of Kannan's shortest lattice vector algorithm
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Proceedings of the forty-second ACM symposium on Theory of computing
Faster exponential time algorithms for the shortest vector problem
SODA '10 Proceedings of the twenty-first annual ACM-SIAM symposium on Discrete Algorithms
Better key sizes (and attacks) for LWE-based encryption
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
An LLL-reduction algorithm with quasi-linear time complexity: extended abstract
Proceedings of the forty-third annual ACM symposium on Theory of computing
Analyzing blockwise lattice algorithms using dynamical systems
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
Lattice enumeration using extreme pruning
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Rankin's constant and blockwise lattice reduction
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Breaking fully-homomorphic-encryption challenges
CANS'11 Proceedings of the 10th international conference on Cryptology and Network Security
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Trapdoors for lattices: simpler, tighter, faster, smaller
EUROCRYPT'12 Proceedings of the 31st Annual international conference on Theory and Applications of Cryptographic Techniques
Public-Key cryptography from new multivariate quadratic assumptions
PKC'12 Proceedings of the 15th international conference on Practice and Theory in Public Key Cryptography
Practical lattice-based cryptography: a signature scheme for embedded systems
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Solving BDD by enumeration: an update
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
Secure pattern matching using somewhat homomorphic encryption
Proceedings of the 2013 ACM workshop on Cloud computing security workshop
Using bleichenbacher's solution to the hidden number problem to attack nonce leaks in 384-bit ECDSA
CHES'13 Proceedings of the 15th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
The best lattice reduction algorithm known in practice for high dimension is Schnorr-Euchner's BKZ: all security estimates of lattice cryptosystems are based on NTL's old implementation of BKZ. However, recent progress on lattice enumeration suggests that BKZ and its NTL implementation are no longer optimal, but the precise impact on security estimates was unclear. We assess this impact thanks to extensive experiments with BKZ 2.0, the first state-of-the-art implementation of BKZ incorporating recent improvements, such as Gama-Nguyen-Regev pruning. We propose an efficient simulation algorithm to model the behaviour of BKZ in high dimension with high blocksize ≥50, which can predict approximately both the output quality and the running time, thereby revising lattice security estimates. For instance, our simulation suggests that the smallest NTRUSign parameter set, which was claimed to provide at least 93-bit security against key-recovery lattice attacks, actually offers at most 65-bit security.