Lattice Point Enumeration on Block Reduced Bases
نویسنده
چکیده
When analyzing lattice-based cryptosystems, we often need to solve the Shortest Vector Problem (SVP) in some lattice associated to the system under scrutiny. The go-to algorithms in practice to solve SVP are enumeration algorithms, which usually consist of a preprocessing step, followed by an exhaustive search. Obviously, the two steps offer a trade-off and should be balanced in their running time in order to minimize the overall complexity. In practice, the most common approach to control this trade-off is to use block reduction algorithms during the preprocessing. Despite the popularity of this approach, it lacks any well founded analysis and all practical approaches seem to use ad hoc parameters. This weakens our confidence in the cryptanalysis of the systems. In this work, we aim to shed light on at least one side of this trade-off and analyze the effect of block reduction on the exhaustive search. For this, we give asymptotic worst case bounds and present results from both experiments and simulation that show its average case behavior in practice.
منابع مشابه
COMPUTATIONAL ENUMERATION OF POINT DEFECT CLUSTERS IN DOUBLE- LATTICE CRYSTALS
The cluster representation matrices have already been successfully used to enumerate close-packed vacancy clusters in all single-lattice crystals [I, 2]. Point defect clusters in double-lattice crystals may have identical geometry but are distinct due to unique atomic postions enclosing them. The method of representation matrices is extended to make it applicable to represent and enumerate ...
متن کاملA Measure Version of Gaussian Heuristic
Most applicable lattice reduction algorithms used in practice are BKZ (Block-Korkine-Zolotarev) type algorithms as the blockwise generalizations of the LLL algorithm (Lenstra-Lenstra-Lovasz). Its original version was proposed by Schnorr and Euchner in 1991. The quality of reduced lattice bases is measured by the Hermitian factor ||b1|| vol(L)1/d and the d-th root of this factor which is called ...
متن کاملBlock Korkin{zolotarev Bases and Successive Minima
Let b 1 : : : b m 2 IR n be an arbitrary basis of lattice L that is a block Korkin{Zolotarev basis with block s i z e and let i (L) denote the successive minima of lattice L. and we present b l o c k Korkin{Zolotarev lattice bases for which this bound is tight. We i m p r o ve the Nearest Plane Algorithm of Babai (1986) using block Korkin{Zolotarev bases. Given a block Korkin{Zolotarev basis b ...
متن کاملFast Lattice Point Enumeration with Minimal Overhead
Enumeration algorithms are the best currently known methods to solve lattice problems, both in theory (within the class of polynomial space algorithms), and in practice (where they are routinely used to evaluate the concrete security of lattice cryptography). However, there is an uncomfortable gap between our theoretical understanding and practical performance of lattice point enumeration algor...
متن کاملThe Enumeration of Lattice Paths 3
We survey old and new results on the enumeration of lattice paths in the plane with a given number of turns, including the recent developments on the enumeration of nonintersecting lattice paths with a given number of turns. Motivations to consider such enumeration problems come from various elds, e.g. probability, statistics, combinatorics, and commutative algebra. We show that the appropriate...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2014 شماره
صفحات -
تاریخ انتشار 2014