Abstract
The Kannan-Fincke-Pohst enumeration algorithm for the shortest and closest lattice vector problems is the keystone of all strong lattice reduction algorithms and their implementations. In the context of the fast developing lattice-based cryptography, the practical security estimates derive from floating-point implementations of these algorithms. However, these implementations behave very unexpectedly and make these security estimates debatable. Among others, numerical stability issues seem to occur and raise doubts on what is actually computed. We give here the first results on the numerical behavior of the floating-point enumeration algorithm. They provide a theoretical and practical framework for the use of floating-point numbers within strong reduction algorithms, which could lead to more sensible hardness estimates.
Chapter PDF
Similar content being viewed by others
References
Agrell, E., Eriksson, T., Vardy, A., Zeger, K.: Closest point search in lattices. IEEE Transactions on Information Theory 48(8), 2201–2214 (2002)
Ajtai, M.: The shortest vector problem in l 2 is NP-hard for randomized reductions (extended abstract). In: Proc. of the 30th Symposium on the Theory of Computing (STOC 1998), pp. 284–293. ACM Press, New York (1998)
Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-case equivalence. In: Proc. of the 29th Symposium on the Theory of Computing (STOC 1997), pp. 284–293. ACM Press, New York (1997)
Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest lattice vector problem. In: Proc. of the 33rd Symposium on the Theory of Computing (STOC 2001), pp. 601–610. ACM Press, New York (2001)
Cadé, D., Pujol, X., Stehlé, D.: fplll-3.0, a floating-point LLL implementation, http://perso.ens-lyon.fr/damien.stehle
Cohen, H.: A Course in Computational Algebraic Number Theory, 2nd edn. Springer, Heidelberg (1995)
van Emde Boas, P.: Another NP-complete partition problem and the complexity of computing short vectors in a lattice. Technical report 81-04, Mathematisch Instituut, Universiteit van Amsterdam (1981)
Fincke, U., Pohst, M.: A procedure for determining algebraic integers of given norm. In: van Hulzen, J.A. (ed.) ISSAC 1983 and EUROCAL 1983. LNCS, vol. 162, pp. 194–202. Springer, Heidelberg (1983)
Gama, N., Howgrave-Graham, N., Koy, H., Nguyen, P.: Rankin’s constant and blockwise lattice reduction. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 112–130. Springer, Heidelberg (2006)
Gama, N., Nguyen, P.: Finding short lattice vectors within Mordell’s inequality. In: Proc. of the 40th Symposium on the Theory of Computing (STOC 2008), pp. 207–216. ACM Press, New York (2008)
Gama, N., Nguyen, P.: Predicting lattice reduction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008)
Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proc. of the 40th Symposium on the Theory of Computing (STOC 2008), pp. 197–206. ACM Press, New York (2008)
Goldreich, O., Goldwasser, S., Halevi, S.: Public-key cryptosystems from lattice reduction problems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 112–131. Springer, Heidelberg (1997)
Hanrot, G., Stehlé, D.: Improved analysis of Kannan’s shortest lattice vector algorithm (extended abstract). In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 170–186. Springer, Heidelberg (2007)
Hassibi, A., Boyd, S.: Integer parameter estimation in linear models with applications to GPS. IEEE Transactions on signal process 46(11), 2938–2952 (1998)
Higham, N.: Accuracy and Stability of Numerical Algorithms. SIAM Publications, Philadelphia (2002)
Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU : a ring based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)
Joux, A., Stern, J.: Lattice reduction: a toolbox for the cryptanalyst. Journal of Cryptology 11(3), 161–185 (1998)
Kannan, R.: Improved algorithms for integer programming and related lattice problems. In: Proc. of the 15th Symposium on the Theory of Computing (STOC 1983), pp. 99–108. ACM Press, New York (1983)
Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 513–534 (1982)
Lyubashevsky, V.: Lattice-based identification schemes secure under active attacks. In: Cramer, R. (ed.) PKC 2008. LNCS, vol. 4939, pp. 162–179. Springer, Heidelberg (2008)
Lyubashevsky, V., Micciancio, D.: Asymptotically efficient lattice-based digital signatures. In: Canetti, R. (ed.) TCC 2008. LNCS, vol. 4948, pp. 37–54. Springer, Heidelberg (2008)
Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: SWIFFT: a modest proposal for FFT hashing. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 54–72. Springer, Heidelberg (2008)
Micciancio, D., Regev, O.: Lattice-based cryptography. In: Buchmann, J., Ding, J. (eds.) PQCrypto 2008. LNCS, vol. 5299. Springer, Heidelberg (2008)
Mow, W.H.: Maximum likelihood sequence estimation from the lattice viewpoint. IEEE Transactions on Information Theory 40, 1591–1600 (1994)
Nguyen, P.: Cryptanalysis of the Goldreich-Goldwasser-Halevi cryptosystem from Crypto 1997. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 288–304. Springer, Heidelberg (1999)
Nguyen, P., Stehlé, D.: Floating-point LLL revisited. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005)
Nguyen, P., Vidick, T.: Sieve algorithms for the shortest vector problem are practical. Journal of Mathematical Cryptology (to appear, 2008)
Odlyzko, A.M.: The rise and fall of knapsack cryptosystems. In: Proc. of Cryptology and Computational Number Theory. In: Proc. of Symposia in Applied Mathematics, vol. 42, pp. 75–88. American Mathematical Society (1989)
The SPACES Project. MPFR, a LGPL-library for multiple-precision floating-point computations with exact rounding, http://www.mpfr.org/
Schnorr, C.P.: A hierarchy of polynomial lattice basis reduction algorithms. Theoretical Computer Science 53, 201–224 (1987)
Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Mathematics of Programming 66, 181–199 (1994)
Shoup, V.: NTL, Number Theory Library, http://www.shoup.net/
Stehlé, D.: Floating-point LLL: theoretical and practical aspects. In: Proc. of the LLL+25 conference (to appear)
Villard, G.: Certification of the QR factor R, and of lattice basis reducedness. In: Proc. of the 2007 International Symposium on Symbolic and Algebraic Computation (ISSAC 2007). ACM Press, New York (2007)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Pujol, X., Stehlé, D. (2008). Rigorous and Efficient Short Lattice Vectors Enumeration. In: Pieprzyk, J. (eds) Advances in Cryptology - ASIACRYPT 2008. ASIACRYPT 2008. Lecture Notes in Computer Science, vol 5350. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-89255-7_24
Download citation
DOI: https://doi.org/10.1007/978-3-540-89255-7_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-89254-0
Online ISBN: 978-3-540-89255-7
eBook Packages: Computer ScienceComputer Science (R0)