Practical lattice basis sampling reduction
نویسنده
چکیده
We propose a practical sampling reduction algorithm for lattice bases based on work by Schnorr [1] as well as two even more effective generalizations. We report the empirical behaviour of these algorithms. We describe how Sampling Reduction allows to stage lattice attacks against the NTRU cryptosystem with smaller BKZ parameters than before and conclude that therefore the recommeded NTRU security parameters offer ≤ 74 Bit security.
منابع مشابه
Lattice Reduction by Random Sampling and Birthday Methods
We present a novel practical algorithm that given a lattice basis b1, ..., bn finds in O(n ( k 6 )) average time a shorter vector than b1 provided that b1 is ( k 6 ) times longer than the length of the shortest, nonzero lattice vector. We assume that the given basis b1, ..., bn has an orthogonal basis that is typical for worst case lattice bases. The new reduction method samples short lattice v...
متن کاملPractical algorithms for constructing HKZ and Minkowski reduced bases
In this paper, three practical lattice basis reduction algorithms are presented. The first algorithm constructs a Hermite, Korkine and Zolotareff (HKZ) reduced lattice basis, in which a unimodular transformation is used for basis expansion. Our complexity analysis shows that our algorithm is significantly more efficient than the existing HKZ reduction algorithms. The second algorithm computes a...
متن کاملProgress on LLL and Lattice Reduction
We surview variants and extensions of the LLL-algorithm of Lenstra, Lenstra Lovász, extensions to quadratic indefinite forms and to faster and stronger reduction algorithms. The LLL-algorithm with Householder orthogonalisation in floating-point arithmetic is very efficient and highly accurate. We surview approximations of the shortest lattice vector by feasible lattice reduction, in particular ...
متن کاملPractical HKZ and Minkowski Lattice Reduction Algorithms
Recently, lattice reduction has been widely used for signal detection in multiinput multioutput (MIMO) communications. In this paper, we present three novel lattice reduction algorithms. First, using a unimodular transformation, a significant improvement on an existing Hermite-Korkine-Zolotareff-reduction algorithm is proposed. Then, we present two practical algorithms for constructing Minkowsk...
متن کامل[hal-00453440, v1] On sampling lattices with similarity scaling relationships
We provide a method for constructing regular sampling lattices in arbitrary dimensions together with an integer dilation matrix. Subsampling using this dilation matrix leads to a similarity-transformed version of the lattice with a chosen density reduction. These lattices are interesting candidates for multidimensional wavelet constructions with a limited number of subbands. 1. Primer on sampli...
متن کامل