Analyzing Blockwise Lattice Algorithms Using Dynamical Systems

  • Guillaume Hanrot
  • Xavier Pujol
  • Damien Stehlé
Conference paper

DOI: 10.1007/978-3-642-22792-9_25

Part of the Lecture Notes in Computer Science book series (LNCS, volume 6841)
Cite this paper as:
Hanrot G., Pujol X., Stehlé D. (2011) Analyzing Blockwise Lattice Algorithms Using Dynamical Systems. In: Rogaway P. (eds) Advances in Cryptology – CRYPTO 2011. CRYPTO 2011. Lecture Notes in Computer Science, vol 6841. Springer, Berlin, Heidelberg

Abstract

Strong lattice reduction is the key element for most attacks against lattice-based cryptosystems. Between the strongest but impractical HKZ reduction and the weak but fast LLL reduction, there have been several attempts to find efficient trade-offs. Among them, the BKZ algorithm introduced by Schnorr and Euchner [FCT’91] seems to achieve the best time/quality compromise in practice. However, no reasonable complexity upper bound is known for BKZ, and Gama and Nguyen [Eurocrypt’08] observed experimentally that its practical runtime seems to grow exponentially with the lattice dimension. In this work, we show that BKZ can be terminated long before its completion, while still providing bases of excellent quality. More precisely, we show that if given as inputs a basis (bi)i ≤ n ∈ ℚn ×n of a lattice L and a block-size β, and if terminated after \(\Omega\left(\frac{n^3}{\beta^2}(\log n + \log \log \max_i \|{b}_i\|)\right)\) calls to a β-dimensional HKZ-reduction (or SVP) subroutine, then BKZ returns a basis whose first vector has norm \(\leq 2 \nu _{\beta}^{\frac{n-1}{2(\beta-1)}+\frac{3}{2}} \cdot (\det L )^{\frac{1}{n}}\), where νβ ≤ β is the maximum of Hermite’s constants in dimensions ≤ β. To obtain this result, we develop a completely new elementary technique based on discrete-time affine dynamical systems, which could lead to the design of improved lattice reduction algorithms.

Keywords

Euclidean lattices BKZ lattice-based cryptanalysis 
Download to read the full conference paper text

Copyright information

© International Association for Cryptologic Research 2011

Authors and Affiliations

  • Guillaume Hanrot
    • 1
  • Xavier Pujol
    • 1
  • Damien Stehlé
    • 2
  1. 1.ÉNS Lyon, Laboratoire LIP (U. Lyon, CNRS, ENS Lyon, INRIA, UCBL)Lyon Cedex 07France
  2. 2.CNRS, Laboratoire LIP (U. Lyon, CNRS, ENS Lyon, INRIA, UCBL)Lyon Cedex 07France

Personalised recommendations