53 research outputs found
A Time-Distance Trade-Off for GDD with Preprocessing - Instantiating the DLW Heuristic
For , we show an algorithm that does the following.
Given appropriate preprocessing consisting of vectors in some lattice and a target vector , the
algorithm finds such that in time
, where is the smoothing
parameter of the lattice.
The algorithm itself is very simple and was originally studied by
Doulgerakis, Laarhoven, and de Weger (to appear in PQCrypto, 2019), who proved
its correctness under certain reasonable heuristic assumptions on the
preprocessing and target . Our primary
contribution is a choice of preprocessing that allows us to prove correctness
without any heuristic assumptions.
Our main motivation for studying this is the recent breakthrough algorithm
for IdealSVP due to Hanrot, Pellet--Mary, and Stehl\'e (to appear in Eurocrypt,
2019), which uses the DLW algorithm as a key subprocedure. In particular, our
result implies that the HPS IdealSVP algorithm can be made to work with fewer
heuristic assumptions.
Our only technical tool is the discrete Gaussian distribution over
, and in particular, a lemma showing that the one-dimensional
projections of this distribution behave very similarly to the continuous
Gaussian. This lemma might be of independent interest
Firma digital basada en redes(Lattice)
Se describe la secuencia de pasos necesaria para firmar digitalmente mediante Redes (Lattice) un mensaje, basado en la conjetura computacional de la dificultad que implica el problema de reducción SVP y CVP. El objetivo es brindar una alternativa al momento de utilizar algoritmos de cifrado de clave pública y firmas digitales
Improved Reduction from the Bounded Distance Decoding Problem to the Unique Shortest Vector Problem in Lattices
We present a probabilistic polynomial-time reduction from the lattice Bounded Distance Decoding (BDD) problem with parameter 1/( sqrt(2) * gamma) to the unique Shortest Vector Problem (uSVP) with parameter gamma for any gamma > 1 that is polynomial in the lattice dimension n. It improves the BDD to uSVP reductions of [Lyubashevsky and Micciancio, CRYPTO, 2009] and [Liu, Wang, Xu and Zheng, Inf. Process. Lett., 2014], which rely on Kannan\u27s embedding technique. The main ingredient to the improvement is the use of Khot\u27s lattice sparsification [Khot, FOCS, 2003] before resorting to Kannan\u27s embedding, in order to boost the uSVP parameter
Reduction of Search-LWE Problem to Integer Programming Problem
Let be an instance of the search-LWE problem, where is a matrix and is a vector. This paper constructs an integer programming problem using and , and shows that it is possible to derive a solution of the instance (perhaps with high probability) using its optimal solution or its tentative solution of small norm output by an integer programming solver. In other words, the LWE-search problem can be reduced to an integer programming problem. In the reduction, only basic linear algebra and finite field calculation are required. The computational complexity of the integer programming problem obtained is still unknown
Improved Algorithms for the Shortest Vector Problem and the Closest Vector Problem in the Infinity Norm
Blomer and Naewe[BN09] modified the randomized sieving algorithm of Ajtai,
Kumar and Sivakumar[AKS01] to solve the shortest vector problem (SVP). The
algorithm starts with randomly chosen vectors in the lattice and
employs a sieving procedure to iteratively obtain shorter vectors in the
lattice. The running time of the sieving procedure is quadratic in .
We study this problem for the special but important case of the
norm. We give a new sieving procedure that runs in time linear in , thereby
significantly improving the running time of the algorithm for SVP in the
norm. As in [AKS02,BN09], we also extend this algorithm to obtain
significantly faster algorithms for approximate versions of the shortest vector
problem and the closest vector problem (CVP) in the norm.
We also show that the heuristic sieving algorithms of Nguyen and Vidick[NV08]
and Wang et al.[WLTB11] can also be analyzed in the norm. The
main technical contribution in this part is to calculate the expected volume of
intersection of a unit ball centred at origin and another ball of a different
radius centred at a uniformly random point on the boundary of the unit ball.
This might be of independent interest.Comment: Changed the titl
The closest vector problem in tensored root lattices of type A and in their duals
In this work we consider the closest vector problem (CVP)—a problem also known as maximum-likelihood decoding—in the tensor of two root lattices of type A ((Formula presented.)), as well as in their duals ((Formula presented.)). This problem is mainly motivated by lattice based cryptography, where the cyclotomic rings (Formula presented.) (resp. its co-different (Formula presented.)) play a central role, and turn out to be isomorphic as lattices to tensors of (Formula presented.) lattices (resp. A root lattices). In particular, our results lead to solving CVP in (Formula presented.) and in (Formula presented.) for conductors of the form (Formula presented.) for any two odd primes p, q. For the primal case (Formula presented.), we provide a full characterization of the Voronoi region in terms of simple cycles in the complete directed bipartite graph (Formula presented.). This leads—relying on the Bellman-Ford algorithm for negative cycle detection—to a CVP algorithm running in polynomial time. Precisely, our algorithm performs (Formula presented.) operations on reals, where l is the number of bits per coordinate of the input target. For the dual case, we use a gluing-construction to solve CVP in sub-exponential time (Formula presented.)
The nearest-colattice algorithm
In this work, we exhibit a hierarchy of polynomial time algorithms solving
approximate variants of the Closest Vector Problem (CVP). Our first
contribution is a heuristic algorithm achieving the same distance tradeoff as
HSVP algorithms, namely for a random
lattice of rank . Compared to the so-called Kannan's embedding
technique, our algorithm allows using precomputations and can be used for
efficient batch CVP instances. This implies that some attacks on lattice-based
signatures lead to very cheap forgeries, after a precomputation. Our second
contribution is a proven reduction from approximating the closest vector with a
factor to the Shortest Vector
Problem (SVP) in dimension .Comment: 19 pages, presented at the Algorithmic Number Theory Symposium (ANTS
2020
Improved Key Pair Generation for Falcon, BAT and Hawk
In this short note, we describe a few implementation techniques that allow performing key pair generation for the Falcon and Hawk lattice-based signature schemes, and for the BAT key encapsulation scheme, in a fully constant-time way and without any use of floating-point operations. Our new code is faster than previously published implementations, especially when running on small embedded systems, and uses less RAM
Provable lattice reduction of Zn with blocksize n/2
The Lattice Isomorphism Problem (LIP) is the computational task of recovering, assuming it exists, an orthogonal linear transformation sending one lattice to another. For cryptographic purposes, the case of the trivial lattice Zn is of particular interest (Z LIP). Heuristic analysis suggests that the BKZ algorithm with blocksize β= n/ 2 + o(n) solves such instances (Ducas, Postlethwaite, Pulles, van Woerden, ASIACRYPT 2022). In this work, I propose a provable version of this statement, namely, that Z LIP can indeed be solved by making polynomially many calls to a Shortest Vector Problem oracle in dimension at most n/ 2 + 1
On the number of lattice points in a small sphere and a recursive lattice decoding algorithm
Let L be a lattice in . This paper provides two methods to obtain upper bounds on the number of points of L contained in a small sphere centered anywhere in . The first method is based on the observation that if the sphere is sufficiently small then the lattice points contained in the sphere give rise to a spherical code with a certain minimum angle. The second method involves Gaussian measures on L in the sense of Banaszczyk (Math Ann 296:625-635, 1993). Examples where the obtained bounds are optimal include some root lattices in small dimensions and the Leech lattice. We also present a natural decoding algorithm for lattices constructed from lattices of smaller dimension, and apply our results on the number of lattice points in a small sphere to conclude on the performance of this algorith
- …