Annual Cryptology Conference

CRYPTO 2010: Advances in Cryptology – CRYPTO 2010 pp 80-97

An Efficient and Parallel Gaussian Sampler for Lattices

  • Chris Peikert
Conference paper

DOI: 10.1007/978-3-642-14623-7_5

Volume 6223 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Peikert C. (2010) An Efficient and Parallel Gaussian Sampler for Lattices. In: Rabin T. (eds) Advances in Cryptology – CRYPTO 2010. CRYPTO 2010. Lecture Notes in Computer Science, vol 6223. Springer, Berlin, Heidelberg


At the heart of many recent lattice-based cryptographic schemes is a polynomial-time algorithm that, given a ‘high-quality’ basis, generates a lattice point according to a Gaussian-like distribution. Unlike most other operations in lattice-based cryptography, however, the known algorithm for this task (due to Gentry, Peikert, and Vaikuntanathan; STOC 2008) is rather inefficient, and is inherently sequential.

We present a new Gaussian sampling algorithm for lattices that is efficient and highly parallelizable. We also show that in most cryptographic applications, the algorithm’s efficiency comes at almost no cost in asymptotic security. At a high level, our algorithm resembles the “perturbation” heuristic proposed as part of NTRUSign (Hoffstein et al., CT-RSA 2003), though the details are quite different. To our knowledge, this is the first algorithm and rigorous analysis demonstrating the security of a perturbation-like technique.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Chris Peikert
    • 1
  1. 1.Georgia Institute of Technology