Abstract
In this paper, we report that we have solved the SVP Challenge over a 128-dimensional lattice in Ideal Lattice Challenge from TU Darmstadt, which is currently the highest dimension in the challenge that has ever been solved. The security of lattice-based cryptography is based on the hardness of solving the shortest vector problem (SVP) in lattices. In 2010, Micciancio and Voulgaris proposed a Gauss Sieve algorithm for heuristically solving the SVP using a list L of Gauss-reduced vectors. Milde and Schneider proposed a parallel implementation method for the Gauss Sieve algorithm. However, the efficiency of the more than 10 threads in their implementation decreased due to the large number of non-Gauss-reduced vectors appearing in the distributed list of each thread. In this paper, we propose a more practical parallelized Gauss Sieve algorithm. Our algorithm deploys an additional Gauss-reduced list V of sample vectors assigned to each thread, and all vectors in list L remain Gauss-reduced by mutually reducing them using all sample vectors in V. Therefore, our algorithm allows the Gauss Sieve algorithm to run for large dimensions with a small communication overhead. Finally, we succeeded in solving the SVP Challenge over a 128-dimensional ideal lattice generated by the cyclotomic polynomial x128 + 1 using about 30,000 CPU hours.
The full-version of this paper is appeared in [13].
Chapter PDF
Similar content being viewed by others
Keywords
References
Ajtai, M.: The Shortest Vector Problem in L2 is NP-hard for Randomized Reductions (Extended Abstract). In: Proceedings of the 30th Annual ACM Symposium on Theory of Computing, STOC 1998, pp. 10–19. ACM (1998)
Ajtai, M., Dwork, C.: A Public-key Cryptosystem with Worst-case/average-case Equivalence. In: Proceedings of the 29th Annual ACM Symposium on Theory of Computing, STOC 1997, pp. 284–293. ACM (1997)
Ajtai, M., Kumar, R., Sivakumar, D.: A Sieve Algorithm for the Shortest Lattice Vector Problem. In: Proceedings of the 33th Annual ACM Symposium on Theory of Computing, STOC 2001, pp. 601–610. ACM (2001)
Amazon. Amazon Elastic Compute Cloud, http://aws.amazon.com/jp/ec2/
Arvind, V., Joglekar, P.S.: Some Sieving Algorithms for Lattice Problems. In: Proceedings of the IARCS Annual Conference on Foundations of Software Technology and Theoretical Computer Science, FSTTCS 2008. LIPIcs, vol. 2, pp. 25–36. Schloss Dagstuhl–Leibniz-Zentrum fuer Informatik (2008)
Gama, N., Nguyen, P., Regev, O.: Lattice Enumeration Using Extreme Pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257–278. Springer, Heidelberg (2010)
Garg, S., Gentry, C., Halevi, S.: Candidate Multilinear Maps from Ideal Lattices. Cryptology ePrint Archive. Report 2012/610 (2012)
Gentry, C.: Fully Homomorphic Encryption Using Ideal Lattices. In: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, STOC 2009, pp. 169–178. ACM (2009)
Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for Hard Lattices and New Cryptographic Constructions. In: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, STOC 2008, pp. 197–206. ACM (2008)
Hoffstein, J., Pipher, J., Silverman, J.: NTRU: A Ring-based Public Key Cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)
Hanrot, G., Stehlé, D.: Improved Analysis of Kannan’s Shortest Lattice Vector Algorithm. In: Menezes, A. (ed.) CRYPTO 2007. LNCS, vol. 4622, pp. 170–186. Springer, Heidelberg (2007)
Hanrot, G., Pujol, X., Stehlé, D.: Algorithms for the Shortest and Closest Lattice Vector Problems. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 159–190. Springer, Heidelberg (2011)
Ishiguro, T., Kiyomoto, S., Miyake, Y., Takagi, T.: Parallel Gauss Sieve Algorithm: Solving the SVP Challenge over a 128-Dimensional Ideal Lattice. Cryptology ePrint Archive. Report 2013/388 (2013)
Kannan, R.: Improved Algorithms for Integer Programming and Related Lattice Problems. In: Proceedings of the 15th ACM Symposium on Theory of Computing, STOC 1983, pp. 193–206. ACM (1983)
Klein, P.: Finding the Closest Lattice Vector When it’s Unusually Close. In: Proceedings of the 11th Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2000, pp. 937–941. ACM (2000)
Lenstra, A., Lenstra, H., Lovász, L.: Factoring Polynomials with Rational Coefficients. Journal of Mathematische Annalen 261(4), 515–534 (1982)
Micciancio, D.: The Shortest Vector in a Lattice is Hard to Approximate to within Some Constant. In: Proceedings of the 39th Annual Symposium on Foundations of Computer Science, FOCS 1998, pp. 92–98. IEEE Computer Society (1998)
Micciancio, D., Voulgaris, P.: A Deterministic Single Exponential Time Algorithm for Most Lattice Problems Based on Voronoi Cell Computations. In: Proceedings of the 42nd ACM Symposium on Theory of Computing, STOC 2010, pp. 351–358. ACM (2010)
Micciancio, D., Voulgaris, P.: Faster Exponential Time Algorithms for the Shortest Vector Problem. In: Proceedings of the 21st Annual ACM-SIAM Symposium on Discrete Algorithms, SODA 2010, vol. 65, pp. 1468–1480. SIAM (2010)
Milde, B., Schneider, M.: A Parallel Implementation of GaussSieve for the Shortest Vector Problem in Lattices. In: Malyshkin, V. (ed.) PaCT 2011. LNCS, vol. 6873, pp. 452–458. Springer, Heidelberg (2011)
Nguyen, P.Q., Vidick, T.: Sieve Algorithms for the Shortest Vector Problem Are Practical. Journal of Mathematical Cryptology 2, 181–207 (2008)
Plantard, T., Schneider, M.: Ideal Lattice Challenge, http://www.latticechallenge.org/ideallattice-challenge/
Plantard, T., Schneider, M.: Creating a Challenge for Ideal Lattices. Cryptology ePrint Archive. Report 2013/039 (2013)
Pujol, X., Stehle, D.: Solving the Shortest Lattice Vector Problem in Time 22.465n. Cryptology ePrint Archive. Report 2009/605 (2009)
Schneider, M.: Analysis of Gauss-Sieve for Solving the Shortest Vector Problem in Lattices. In: Katoh, N., Kumar, A. (eds.) WALCOM 2011. LNCS, vol. 6552, pp. 89–97. Springer, Heidelberg (2011)
Schneider, M.: Computing Shortest Lattice Vectors on Special Hardware. PhD thesis, Technische Universität Darmstadt (2011)
Schneider, M., Gama, N.: SVP Challenge, http://www.latticechallenge.org/svp-challenge/
Schnorr, C.-P.: A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms. Journal of Theoretical Computer Science 53(2-3), 201–224 (1987)
Schnorr, C.-P.: Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems. Journal of Mathematical Programming, 181–191 (1993)
Schnorr, C.-P., Hörner, H.H.: Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 1–12. Springer, Heidelberg (1995)
Shoup, V.: Number Theory Library (NTL) for C++. Available at Shoup’s homepage, http://shoup.net/ntl
Voulgaris, P.: Gauss Sieve beta 0.1 (2010) Available at Voulgaris’ homepage at the University of California, San Diego http://cseweb.ucsd.edu/~pvoulgar/impl.html
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 International Association for Cryptologic Research
About this paper
Cite this paper
Ishiguro, T., Kiyomoto, S., Miyake, Y., Takagi, T. (2014). Parallel Gauss Sieve Algorithm: Solving the SVP Challenge over a 128-Dimensional Ideal Lattice. In: Krawczyk, H. (eds) Public-Key Cryptography – PKC 2014. PKC 2014. Lecture Notes in Computer Science, vol 8383. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-54631-0_24
Download citation
DOI: https://doi.org/10.1007/978-3-642-54631-0_24
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-54630-3
Online ISBN: 978-3-642-54631-0
eBook Packages: Computer ScienceComputer Science (R0)