Advertisement

Journal of Cryptology

, Volume 32, Issue 1, pp 35–83 | Cite as

Improved Combinatorial Algorithms for the Inhomogeneous Short Integer Solution Problem

  • Shi Bai
  • Steven D. GalbraithEmail author
  • Liangze Li
  • Daniel Sheffield
Article

Abstract

The paper is about algorithms for the inhomogeneous short integer solution problem: given \((\mathbf A , \mathbf s )\) to find a short vector \(\mathbf{x }\) such that \(\mathbf A \mathbf{x }\equiv \mathbf s \pmod {q}\). We consider algorithms for this problem due to Camion and Patarin; Wagner; Schroeppel and Shamir; Minder and Sinclair; Howgrave–Graham and Joux (HGJ); Becker, Coron and Joux (BCJ). Our main results include: applying the Hermite normal form (HNF) to get faster algorithms; a heuristic analysis of the HGJ and BCJ algorithms in the case of density greater than one; an improved cryptanalysis of the SWIFFT hash function; a new method that exploits symmetries to speed up algorithms for Ring-SIS in some cases.

Keywords

Short integer solution problem (SIS) SWIFFT hash function Subset-sum Knapsacks 

Notes

Acknowledgements

We thank the reviewers for their detailed comments and suggestions. We acknowledge NeSI (the New Zealand eScience Infrastructure), PSMN (Pôle Scientifique de Modélisation Numérique – ENS de Lyon) and the Research Computing at Florida Atlantic University for providing computing facilities and support. The work of the first author has been supported in part by ERC Starting Grant ERC-2013-StG-335086-LATTAC.

References

  1. 1.
    Y. Arbitman, G. Dogon, V. Lyubashevsky, D. Micciancio, C. Peikert, A. Rosen, SWIFFTX: A proposal for the SHA-3 standard. Submitted to NIST SHA-3 competitionGoogle Scholar
  2. 2.
    M. Ajtai, Generating hard instances of lattice problems, electronic colloquium on computational complexity (ECCC), TR96-007 (1996)Google Scholar
  3. 3.
    N. Bansal, S. Garg, J. Nederlof, N. Vyas, Faster space-efficient algorithms for subset sum and k-sum, in Proceedings of the 49th Annual ACM SIGACT Symposium on Theory of Computing, STOC 2017 (2017), pp. 198–209Google Scholar
  4. 4.
    A. Becker, J.-S. Coron, A. Joux, Improved generic algorithms for hard knapsacks, in K. G. Paterson (ed.), EUROCRYPT 2011. LNCS, 6632 (Springer, 2011), pp. 364–385Google Scholar
  5. 5.
    D.J. Bernstein, Better price-performance ratios for generalized birthday attacks, in Workshop Record of SHARCS07, (2007). http://cr.yp.to/papers.html#genbday
  6. 6.
    D.J. Bernstein, T. Lange, R. Niederhagen, C. Peters, P. Schwabe, FSBday: Implementing Wagner’s generalized birthday attack against the SHA-3 round-1 candidate FSB, in B.K. Roy and N. Sendrier (eds.), INDOCRYPT 2009. LNCS, 5922 (Springer, 2009), pp. 18–38Google Scholar
  7. 7.
    J. Buchmann, R. Lindner, Secure parameters for SWIFFT, in B. Roy and N. Sendrier (eds.), INDOCRYPT 2009. LNCS, 5922 (2009), pp. 1–17Google Scholar
  8. 8.
    P. Camion, J. Patarin, The knapsack hash function proposed at Crypto’89 can be broken, in D.W. Davies (ed.), EUROCRYPT 1991. LNCS, 547 (Springer, 1991), pp. 39–53Google Scholar
  9. 9.
    T.H. Cormen, C.E. Leiserson, R.L. Rivest, C. Stein, Introduction to algorithms, 2nd ed., (MIT press, 2001)Google Scholar
  10. 10.
    M.J. Coster, A. Joux, B.A. LaMacchia, A.M. Odlyzko, C.-P. Schnorr, J. Stern, Improved low-density subset sum algorithms. Comput. Complex., 2, 111–128, (1992)MathSciNetCrossRefzbMATHGoogle Scholar
  11. 11.
    I. Dinur, O. Dunkelman, N. Keller, A. Shamir, Efficient dissection of composite problems, with applications to cryptanalysis, knapsacks, and combinatorial search problems, in R. Safavi-Naini and R. Canetti, CRYPTO 2012. LNCS, 7417 (Springer, 2012), pp. 719–740.Google Scholar
  12. 12.
    M. Finiasz, N. Sendrier, Security bounds for the design of code-based cryptosystems, In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912 (Springer, Heidelberg, 2009), pp. 88105Google Scholar
  13. 13.
    N. Gama, M. Izabachène, P.Q. Nguyen, X. Xie, Structural lattice reduction: generalized worst-case to average-case reductions and homomorphic cryptosystems. EUROCRYPT (2), 528–558 (2016)Google Scholar
  14. 14.
    N. Howgrave-Graham, J.H. Silverman, W. Whyte, A meet-in-the-middle attack on an NTRU private key, Technical Report 004, NTRU Cryptosystems, June 2003Google Scholar
  15. 15.
    N. Howgrave-Graham, A. Joux, New generic algorithms for hard knapsacks, in H. Gilbert (ed.), EUROCRYPT 2010. LNCS, 6110 (Springer, 2010), pp. 235–256Google Scholar
  16. 16.
    N. Howgrave-Graham, A. Joux, New Generic Algorithms for Hard Knapsacks (preprint), 17 pages (undated). Available from www.joux.biz/publications/Knapsacks.pdf
  17. 17.
    N. Howgrave-Graham, A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU, in A. Menezes (ed.), CRYPTO 2007. LNCS, 4622 (Springer, 2007), pp. 150–169.Google Scholar
  18. 18.
    J.C. Lagarias, A.M. Odlyzko, Solving low-density subset sum problems. J. ACM 32(1), 229–246 (1985)MathSciNetCrossRefzbMATHGoogle Scholar
  19. 19.
    P. Kirchner, Improved generalized birthday attack, cryptology ePrint Archive: Report 2011/377 (2011)Google Scholar
  20. 20.
    V. Lyubashevsky, On random high density subset sums, electronic colloquium on computational complexity (ECCC) 007 (2005)Google Scholar
  21. 21.
    V. Lyubashevsky, D. Micciancio, C. Peikert, A. Rosen, SWIFFT: A modest proposal for FFT hashing, in K. Nyberg (ed.), FSE 2008. LNCS, 5086 (Springer, 2008), pp. 54–72Google Scholar
  22. 22.
    D. Micciancio, Generalized compact knapsacks, cyclic lattices, and efficient one-way functions from worst-case complexity assumptions, electronic colloquium on computational complexity (ECCC), No. 095 (2004)Google Scholar
  23. 23.
    D. Micciancio, C. Peikert, Hardness of SIS and LWE with Small Parameters, in R. Canetti and J. A. Garay (eds.), CRYPTO 2013. LNCS, 8042 (Springer , 2013), pp. 21–39Google Scholar
  24. 24.
    D. Micciancio, O. Regev, Lattice-based cryptography, in D. J. Bernstein, J. Buchmann and E. Dahmen (eds.), Post quantum cryptography, (Springer, 2009), pp. 147–191Google Scholar
  25. 25.
    L. Minder, A. Sinclair, The extended k-tree algorithm. J. Cryptol. 25, 349–382 (2012)MathSciNetCrossRefzbMATHGoogle Scholar
  26. 26.
    R. Schroeppel, A. Shamir, A \(T=O(2^{n/2})\), \(S=O(2^{n/4})\) algorithm for certain NP-complete problems. SIAM J. Comput. 3, 456–464 (1981)CrossRefzbMATHGoogle Scholar
  27. 27.
    A. Shallue, An Improved Multi-set Algorithm for the Dense Subset Sum Problem, in A.J. van der Poorten and A. Stein (eds.), ANTS 2008. LNCS, 5011 (Springer, 2008), pp. 416–429Google Scholar
  28. 28.
    D. Wagner, A Generalized Birthday Problem, in M. Yung (ed.), CRYPTO 2002, LNCS. 2442 (Springer, 2002), pp. 288–303Google Scholar

Copyright information

© International Association for Cryptologic Research 2018

Authors and Affiliations

  1. 1.Department of Mathematical SciencesFlorida Atlantic UniversityBoca RatonUSA
  2. 2.Department of MathematicsUniversity of AucklandAucklandNew Zealand
  3. 3.School of Mathematical SciencesPeking UniversityBeijingChina

Personalised recommendations