Accelerating lattice reduction with FPGAs

International audienceWe describe an FPGA accelerator for the Kannan­–Fincke­–Pohst enumeration algorithm (KFP) solving the Shortest Lattice Vector Problem (SVP). This is the first FPGA implementation of KFP specifically targeting cryptographically relevant dimensions. In order to optimize this implementation, we theoretically and experimentally study several facets of KFP, including its efficient parallelization and its underlying arithmetic. Our FPGA accelerator can be used for both solving stand-alone instances of SVP (within a hybrid CPU­–FPGA compound) or myriads of smaller dimensional SVP instances arising in a BKZ-type algorithm. For devices of comparable costs, our FPGA implementation is faster than a multi-core CPU implementation by a factor around 2.12

Adaptive Precision Floating Point LLL

Adaptive precision floating point LLL The LLL algorithm is one of the most studied lattice basis reduction algorithms in the literature. Among all of its variants, the floating point version, also known as L2, is the most popular one, due to its efficiency and its practicality. In its classic setting, the floating point precision is a fixed value, determined by the dimension of the input basis at the initiation of the algorithm. We observe that a fixed precision overkills the problem, since one does not require a huge precision to handle the process at the beginning of the reduction. In this paper, we propose an adaptive way to handle the precision, where the precision is adaptive during the procedure. Although this optimization does not change the worst-case complexity, it reduces the average-case complexity by a constant factor. In practice, we observe an average 20 % acceleration in our implementation

Rounding and Chaining LLL: Finding Faster Small Roots of Univariate Polynomial Congruences

International audienceIn a seminal work at EUROCRYPT '96, Coppersmith showed how to find all small roots of a univariate polynomial congruence in polynomial time: this has found many applications in public-key cryptanalysis and in a few security proofs. However, the running time of the algorithm is a high-degree polynomial, which limits experiments: the bottleneck is an LLL reduction of a high-dimensional matrix with extra-large coefficients. We present in this paper the first significant speedups over Coppersmith's algorithm. The first speedup is based on a special property of the matrices used by Coppersmith's algorithm, which allows us to provably speed up the LLL reduction by rounding, and which can also be used to improve the complexity analysis of Coppersmith's original algorithm. The exact speedup depends on the LLL algorithm used: for instance, the speedup is asymptotically quadratic in the bit-size of the small-root bound if one uses the Nguyen-Stehlé L2 algorithm. The second speedup is heuristic and applies whenever one wants to enlarge the root size of Coppersmith's algorithm by exhaustive search. Instead of performing several LLL reductions independently, we exploit hidden relationships between these matrices so that the LLL reductions can be somewhat chained to decrease the global running time. When both speedups are combined, the new algorithm is in practice hundreds of times faster for typical parameters

Practical realisation and elimination of an ECC-related software bug attack

We analyse and exploit implementation features in OpenSSL version 0.9.8g which permit an attack against ECDH-based functionality. The attack, although more general, can recover the entire (static) private key from an associated SSL server via $633$ adaptive queries when the NIST curve P-256 is used. One can view it as a software-oriented analogue of the bug attack concept due to Biham et al. and, consequently, as the first bug attack to be successfully applied against a real-world system. In addition to the attack and a posteriori countermeasures, we show that formal verification, while rarely used at present, is a viable means of detecting the features which the attack hinges on. Based on the security implications of the attack and the extra justification posed by the possibility of intentionally incorrect implementations in collaborative software development, we conclude that applying and extending the coverage of formal verification to augment existing test strategies for OpenSSL-like software should be deemed a worthwhile, long-term challenge.This work has been supported in part by EPSRC via grant EP/H001689/1 and by project SMART, funded by ENIAC Joint Undertaking (GA 120224)

Solving the Shortest Vector Problem in Lattices Faster Using Quantum Search

By applying Grover's quantum search algorithm to the lattice algorithms of Micciancio and Voulgaris, Nguyen and Vidick, Wang et al., and Pujol and Stehl\'{e}, we obtain improved asymptotic quantum results for solving the shortest vector problem. With quantum computers we can provably find a shortest vector in time $2^{1.799n + o(n)}$, improving upon the classical time complexity of $2^{2.465n + o(n)}$ of Pujol and Stehl\'{e} and the $2^{2n + o(n)}$ of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time $2^{0.312n + o(n)}$, improving upon the classical time complexity of $2^{0.384n + o(n)}$ of Wang et al. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem.Comment: 19 page

Nothophytophthora gen. nov., a new sister genus of Phytophthora from natural and semi-natural ecosystem

During various surveys of Phytophthora diversity in Europe, Chile and Vietnam slow growing oomycete isolates were obtained from rhizosphere soil samples and small streams in natural and planted forest stands. Phylogenetic analyses of sequences from the nuclear ITS, LSU, β-tubulin and HSP90 loci and the mitochondrial cox1 and NADH1 genes revealed they belong to six new species of a new genus, officially described here as Nothophytophthora gen. nov., which clustered as sister group to Phytophthora. Nothophytophthora species share numerous morphological characters with Phytophthora: persistent (all Nothophytophthora spp.) and caducous (N. caduca, N. chlamydospora, N. valdiviana, N. vietnamensis) sporangia with variable shapes, internal differentiation of zoospores and internal, nested and extended (N. caduca, N. chlamydospora) and external (all Nothophytophthora spp.) sporangial proliferation; smooth-walled oogonia with amphigynous (N. amphigynosa) and paragynous (N. amphigynosa, N. intricata, N. vietnamensis) attachment of the antheridia; chlamydospores (N. chlamydospora) and hyphal swellings. Main differing features of the new genus are the presence of a conspicuous, opaque plug inside the sporangiophore close to the base of most mature sporangia in all known Nothophytophthora species and intraspecific co-occurrence of caducity and non-papillate sporangia with internal nested and extended proliferation in several Nothophytophthora species. Comparisons of morphological structures of both genera allow hypotheses about the morphology and ecology of their common ancestor which are discussed. Production of caducous sporangia by N. caduca, N. chlamydospora and N. valdiviana from Valdivian rainforests and N. vietnamensis from a mountain forest in Vietnam suggests a partially aerial lifestyle as adaptation to these humid habitats. Presence of tree dieback in all forests from which Nothophytophthora spp. were recovered and partial sporangial caducity of several Nothophytophthora species indicate a pathogenic rather than a saprophytic lifestyle. Isolation tests from symptomatic plant tissues in these forests and pathogenicity tests are urgently required to clarify the lifestyle of the six Nothophytophthora species.info:eu-repo/semantics/publishedVersio