1 research outputs found
Several Improvements on BKZ Algorithm
Lattice problem such as NTRU problem and LWE problem is widely used as the security
base of post-quantum cryptosystems. And currently doing lattice reduction by BKZ algorithm
is the most efficient way to solve it. In this paper, we give several further improvements
on BKZ algorithm, which can be used for different SVP subroutines base on both enumeration
and sieving. These improvements in combination provide a speed up of in total.
It is significant in concrete attacks. Using these new techniques, we solved the 656 dimensional
ideal lattice challenge in only 380 thread hours (also with a enumeration based SVP subroutine),
much less than the previous records (which costs 4600 thread hours in total). With these
improvements enabled, we can still simulate the new BKZ algorithm easily. One can also use this
simulator to find the blocksize strategy (and the corresponding cost) to make
of the basis (defined in section 5.2) decrease as fast as possible, which means the length of
the first basis vector decrease the fastest if we accept the GSA assumption. It is useful for analyzing
concrete attacks on lattice-based cryptography