Cryptography and Coding

Volume 8308 of the series Lecture Notes in Computer Science pp 290-303

Estimating Key Sizes for High Dimensional Lattice-Based Systems

  • Joop van de PolAffiliated withDept. Computer Science, University of Bristol
  • , Nigel P. SmartAffiliated withDept. Computer Science, University of Bristol

* Final gross prices may vary according to local VAT.

Get Access


We revisit the estimation of parameters for use in applications of the BGV homomorphic encryption system, which generally require high dimensional lattices. In particular, we utilize the BKZ-2.0 simulator of Chen and Nguyen to identify the best lattice attack that can be mounted using BKZ in a given dimension at a given security level. Using this technique, we show that it should be possible to work with lattices of smaller dimensions than previous methods have recommended, while still maintaining reasonable levels of security. As example applications we look at the evaluation of AES via FHE operations presented at Crypto 2012, and the parameters for the SHE variant of BGV used in the SPDZ protocol from Crypto 2012.