Skip to main content
SpringerLink
Log in

On the Efficacy of Solving LWE by Reduction to Unique-SVP

  • Conference paper
  • First Online:
Information Security and Cryptology -- ICISC 2013 (ICISC 2013)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 8565))

Included in the following conference series:

Abstract

We present a study of the concrete complexity of solving instances of the unique shortest vector problem (uSVP). In particular, we study the complexity of solving the Learning with Errors (LWE) problem by reducing the Bounded-Distance Decoding (BDD) problem to uSVP and attempting to solve such instances using the ‘embedding’ approach. We experimentally derive a model for the success of the approach, compare to alternative methods and demonstrate that for the LWE instances considered in this work, reducing to uSVP and solving via embedding compares favorably to other approaches.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    We employ the notation \(\mathrm {GH}_{q,n,m}\) to denote the application of the Gaussian heuristic to an LWE lattice formed from \(m\) LWE samples of dimension \(n\), with modulus \(q\).

References

  1. Albrecht, M.R., Cid, C., Faugère, J.-C., Fitzpatrick, R., Perret, L.: On the complexity of the BKW algorithm on LWE. Des. Codes and Cryptogr. 1–30 (2013)

    Google Scholar 

  2. Albrecht, M.R., Farshim, P., Faugère, J.-C., Perret, L.: Polly cracker, revisited. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 179–196. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  3. Albrecht, M.R., Fitzpatrick, R., Cabracas, D., Göpfert, F., Schneider, M.: A generator for LWE and Ring-LWE instances (2013). http://www.iacr.org/news/files/2013-04-29lwe-generator.pdf

  4. Arora, S., Ge, R.: New algorithms for learning in presence of errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part I. LNCS, vol. 6755, pp. 403–415. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  5. Banaszczyk, W.: New bounds in some transference theorems in the geometry of numbers. Math. Ann. 296(1), 625–635 (1993)

    Article  MathSciNet  MATH  Google Scholar 

  6. Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of Learning with Errors. To appear STOC 2013 (2013)

    Google Scholar 

  7. Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: Ostrovsky, R. (ed.) IEEE 52nd Annual Symposium on Foundations of Computer Science, FOCS 2011, pp. 97–106. IEEE (2011)

    Google Scholar 

  8. Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  9. Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  10. Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009). http://crypto.stanford.edu/craig

  11. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC 08: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, pp. 197–206. ACM (2008)

    Google Scholar 

  12. Goldstein, D., Mayer, A.: On the equidistribution of Hecke points. Forum Mathematicum 15, 165–189 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  13. Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  14. Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  15. Liu, M., Nguyen, P.Q.: Solving BDD by enumeration: an update. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 293–309. Springer, Heidelberg (2013)

    Chapter  Google Scholar 

  16. Liu, M., Wang, X., Xu, G., Zheng, X.: Shortest lattice vectors in the presence of gaps. Cryptology ePrint Archive, Report 2011/139 (2011). http://eprint.iacr.org/. Accessed 4 March 2012

  17. Lovász, L.: An algorithmic theory of numbers, graphs, and convexity. In: CBMS-NSF Regional Conference Series in Applied Mathematics. Society for Industrial and Applied Mathematics, Philadelphia (1986)

    Google Scholar 

  18. Lyubashevsky, V., Micciancio, D.: On bounded distance decoding, unique shortest vectors, and the minimum distance problem. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 577–594. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  19. Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147–191. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  20. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) STOC, pp. 84–93. ACM (2005)

    Google Scholar 

  21. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 1–40 (2009)

    Article  MathSciNet  Google Scholar 

  22. Regev, O.: The learning with errors problem (invited survey). In: IEEE Conference on Computational Complexity, pp. 191–204. IEEE Computer Society (2010)

    Google Scholar 

  23. Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Technical University of Denmark, Kongens Lyngby, Denmark

    Martin R. Albrecht

  2. ISG, Royal Holloway, University of London, Egham, UK

    Robert Fitzpatrick

  3. CASED, TU Darmstadt, Darmstadt, Germany

    Florian Göpfert

Authors
  1. Martin R. Albrecht
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Robert Fitzpatrick
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Florian Göpfert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Robert Fitzpatrick .

Editor information

Editors and Affiliations

  1. EWHA Womans University, Seoul, Korea, Republic of (South Korea)

    Hyang-Sook Lee

  2. Kookmin University, Seoul, Korea, Republic of (South Korea)

    Dong-Guk Han

A Root Hermite Factors for LWE-Derived Lattices

A Root Hermite Factors for LWE-Derived Lattices

It is a generally-accepted heuristic that the norms of shortest lattice vectors found by lattice basis reduction algorithms can be approximated by (Table 5)

$$ \Vert \varvec{b}_1\Vert \approx \det (\mathcal {L})^{1/m}\cdot \delta _0(m)^m $$

where \(\delta _0(m)\) rapidly converges to a constant, denoted \(\delta _0\), as \(m\) grows. The following tables give experimentally-derived root Hermite factors for LLL and some BKZ algorithms as applied to the LWE-derived lattices studied in this work – all root Hermite factors being obtained for the minimum dimension in which the given algorithm solves the LWE-\(n\) instance with probability \(0.1\) (Tables 6 and 7).

Table 5. Root Hermite factors, LLL, Regev’s parameters
Full size table
Table 6. Root Hermite factors, BKZ-5, Regev’s parameters
Full size table
Table 7. Root Hermite factors, BKZ-10, Regev’s parameters
Full size table

Rights and permissions

Reprints and permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Albrecht, M.R., Fitzpatrick, R., Göpfert, F. (2014). On the Efficacy of Solving LWE by Reduction to Unique-SVP. In: Lee, HS., Han, DG. (eds) Information Security and Cryptology -- ICISC 2013. ICISC 2013. Lecture Notes in Computer Science(), vol 8565. Springer, Cham. https://doi.org/10.1007/978-3-319-12160-4_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12160-4_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12159-8

  • Online ISBN: 978-3-319-12160-4

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation