Abstract
The security of lattice-based cryptography relies on the hardness of solving lattice problems. Lattice basis reduction is a strong tool for solving lattice problems, and the block Korkine–Zolotarev (BKZ) reduction algorithm is the de facto standard in cryptanalysis. We propose a parallel algorithm of BKZ-type reduction based on randomization. Randomized copies of an input lattice basis are independently reduced in parallel, while several basis vectors are shared asynchronously among all processes. There is a trade-off between randomization and information sharing; if a substantial amount of information is shared, all processes might work on the same problem, which diminishes the benefit of parallelization. To monitor the balance between randomness and sharing, we propose a new metric to quantify the variety of lattice bases, and we empirically find an optimal parameter of sharing for high-dimensional lattices. We also demonstrate the effectiveness of our parallel algorithm and metric through experiments from multiple perspectives.
Similar content being viewed by others
Data availability
The paper uses data obtained from SVP Challenge as SVP instance in our experiments, at https://www.latticechallenge.org/svp-challenge/. Also, the source code is available on GitHub at https://github.com/nariaki3551/cmaplap.
Notes
We found that bases reduced by DeepBKZ often contained shortest lattice vectors, and pruned enumeration got irrelevant. Hence, we used BKZ in this experiment instead of DeepBKZ.
References
Ajtai, M.: Generating hard instances of lattice problems. In: Symposium on Theory of Computing (STOC 1996), pp. 99–108. ACM (1996). https://doi.org/10.1145/237814.237838
Albrecht, M., Ducas, L.: Lattice attacks on NTRU and LWE: a history of refinements. Cryptology ePrint Archive: Report 2021/799 (2021)
Albrecht, M., Ducas, L., Herold, G., Kirshanova, E., Postlethwaite, E.W., Stevens, M.: The general sieve kernel and new records in lattice reduction. In: Advances in Cryptology–EUROCRYPT 2019, Lecture Notes in Computer Science, vol. 11477, pp. 717–746. Springer (2019). https://doi.org/10.1007/978-3-030-17656-3_25
Albrecht, M.R., Bai, S., Li, J., Rowell, J.: Lattice reduction with approximate enumeration oracles. In: Advances in Cryptology–CRYPTO 2021, Lecture Notes in Computer Science, vol. 12826, pp. 732–759. Springer (2021). https://doi.org/10.1007/978-3-030-84245-1_25
Albrecht, M.R., Curtis, B.R., Deo, A., Davidson, A., Player, R., Postlethwaite, E.W., Virdia, F., Wunderer, T.: Estimate all the LWE, NTRU schemes! In: Security and Cryptography for Networks (SCN 2018), Lecture Notes in Computer Science, vol. 11035, pp. 351–367 (2018). https://doi.org/10.1007/978-3-319-98113-0_19
Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange: a new hope. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 327–343 (2016)
Barg, A., Nogin, D.Y.: Bounds on packings of spheres in the Grassmann manifold. IEEE Trans. Inf. Theory 48(9), 2450–2454 (2002). https://doi.org/10.1109/TIT.2002.801469
Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: ACM-SIAM Symposium on Discrete Algorithms (SODA 2016), pp. 10–24. SIAM (2016). https://doi.org/10.1137/1.9781611974331.ch2
Björck, Å., Golub, G.H.: Numerical methods for computing angles between linear subspaces. Math. Comput. 27(123), 579–594 (1973). https://doi.org/10.2307/2005662
Bremner, M.R.: Lattice Basis Reduction: An Introduction to the LLL Algorithm and Its Applications. CRC Press, Boca Raton (2011)
Burger, M., Bischof, C., Krämer, J.: p3Enum: a new parameterizable and shared-memory parallelized shortest vector problem solver. In: Computational Science–ICCS 2019, Lecture Notes in Computer Science, vol. 11540, pp. 535–542. Springer (2019). https://doi.org/10.1007/978-3-030-22750-0_48
Chen, H.: A measure version of Gaussian heuristic. IACR Cryptology ePrint Archive: Report 2016/439 (2016)
Chen, Y.: Réduction de réseau et sécurité concrete du chiffrement completement homomorphe. Ph.D. thesis, Paris 7 (2013)
Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Advances in Cryptology–ASIACRYPT 2011, Lecture Notes in Computer Science, vol. 7073, pp. 1–20. Springer (2011). https://doi.org/10.1007/978-3-642-25385-0_1
Chikuse, Y.: Statistics on Special Manifolds, vol. 174. Springer Science & Business Media, New York (2003). https://doi.org/10.1007/978-0-387-21540-2
Dagdelen, Ö., Schneider, M.: Parallel enumeration of shortest lattice vectors. In: Euro-Par 2010–Parallel Processing, Lecture Notes in Computer Science, vol. 6272, pp. 211–222. Springer (2010). https://doi.org/10.1007/978-3-642-15291-7_21
Deutsch, P., Gailly, J.L.: Zlib compressed data format specification version 3.3. Tech. rep., RFC 1950, May (1996)
Ducas, L.: Shortest vector from lattice sieving: a few dimensions for free. In: Advances in Cryptology–EUROCRYPT 2018, Lecture Notes in Computer Science, vol. 10820, pp. 125–145. Springer (2018). https://doi.org/10.1007/978-3-319-78381-9_5
Ducas, L., Stevens, M., van Woerden, W.: Advanced lattice sieving on GPUs, with tensor cores. In: Advances in Cryptology–EUROCRYPT 2021, Lecture Notes in Computer Science, vol. 12697, pp. 249–279. Springer (2021). https://doi.org/10.1007/978-3-030-77886-6_9
Edelman, A., Arias, T.A., Smith, S.T.: The geometry of algorithms with orthogonality constraints. SIAM J. Matrix Anal. Appl. 20(2), 303–353 (1998). https://doi.org/10.1137/S0895479895290954
Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Advances in Cryptology–EUROCRYPT 2008, Lecture Notes in Computer Science, vol. 4965, pp. 31–51. Springer (2008). https://doi.org/10.1007/978-3-540-78967-3_3
Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Advances in Cryptology–EUROCRYPT 2010, Lecture Notes in Computer Science, vol. 6110, pp. 257–278. Springer (2010). https://doi.org/10.1007/978-3-642-13190-5_13
Golub, G.H., Van Loan, C.F.: Matrix Computations, 4th edn. The Johns Hopkins University Press, Baltimore (1996)
Hermans, J., Schneider, M., Buchmann, J., Vercauteren, F., Preneel, B.: Parallel shortest lattice vector enumeration on graphics cards. In: Progress in Cryptology–AFRICACRYPT 2010, Lecture Notes in Computer Science, vol. 6055, pp. 52–68. Springer (2010). https://doi.org/10.1007/978-3-642-12678-9_4
Herold, G., Kirshanova, E.: Improved algorithms for the approximate \(k\)-list problem in Euclidean norm. In: Public Key Cryptography (PKC 2017), Lecture Notes in Computer Science, vol. 10174, pp. 16–40. Springer (2017). https://doi.org/10.1007/978-3-662-54365-8_2
Joux, A.: A tutorial on high performance computing applied to cryptanalysis (invited talk). In: Advances in Cryptology–EUROCRYPT 2012, Lecture Notes in Computer Science, vol. 7237, pp. 1–7. Springer (2012). https://doi.org/10.1007/978-3-642-29011-4_1
Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987). https://doi.org/10.1287/moor.12.3.415
Kuo, P.C., Schneider, M., Dagdelen, Ö., Reichelt, J., Buchmann, J., Cheng, C.M., Yang, B.Y.: Extreme enumeration on GPU and in clouds. In: Cryptographic Hardware and Embedded Systems–CHES 2011, Lecture Notes in Computer Science, vol. 6917, pp. 176–191. Springer (2011). https://doi.org/10.1007/978-3-642-23951-9_12
Laarhoven, T., Mariano, A.: Progressive lattice sieving. In: Post-Quantum Cryptography (PQCrypto 2018), Lecture Notes in Computer Science, vol. 10786, pp. 292–311. Springer (2018). https://doi.org/10.1007/978-3-319-79063-3_14
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)
Nguyen, P.Q.: Hermite’s constant and lattice algorithms. In: The LLL Algorithm, pp. 19–69. Springer (2009). https://doi.org/10.1007/978-3-642-02295-1_2
Pohmann, S., Stevens, M., Zumbrägel, J.: Lattice enumeration on GPUs for fplll. IACR ePrint 2021/430 (2021)
Ralphs, T., Shinano, Y., Berthold, T., Koch, T.: Parallel Solvers for Mixed Integer Linear Optimization, pp. 283–336. Springer International Publishing, Cham (2018). https://doi.org/10.1007/978-3-319-63516-3_8
Schneider, M., Gama, N., Baumann, P., Nobach, L.: SVP challenge (2010). http://latticechallenge.org/svp-challenge (2010)
Schnorr, C.P.: Block Korkin–Zolotarev Bases and Successive Minima. International Computer Science Institute (1992)
Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Symposium on Theoretical Aspects of Computer Science (STACS 2003), Lecture Notes in Computer Science, vol. 2607, pp. 145–156. Springer (2003). https://doi.org/10.1007/3-540-36494-3_14
Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994)
Shinano, Y.: UG: ubiquity generator framework. http://ug.zib.de/
Tateiwa, N., Shinano, Y., Nakamura, S., Yoshida, A., Kaji, S., Yasuda, M., Fujisawa, K.: Massive parallelization for finding shortest lattice vectors based on ubiquity generator framework. In: SC20: International Conference for High Performance Computing, Networking, Storage and Analysis, pp. 1–15. IEEE (2020)
Tateiwa, N., Shinano, Y., Yamamura, K., Yoshida, A., Kaji, S., Yasuda, M., Fujisawa, K.: CMAP-LAP: Configurable massively parallel solver for lattice problems. In: 2021 IEEE 28th International Conference on High Performance Computing, Data, and Analytics (HiPC), pp. 42–52. IEEE (2021). https://doi.org/10.1109/HiPC53243.2021.00018
Teruya, T., Kashiwabara, K., Hanaoka, G.: Fast lattice basis reduction suitable for massive parallelization and its application to the shortest vector problem. In: Public Key Cryptography (PKC 2018), Lecture Notes in Computer Science, vol. 10769, pp. 437–460. Springer (2018). https://doi.org/10.1007/978-3-319-76578-5_15
The FPLLL development team: fplll, a lattice reduction library (2016). https://github.com/fplll/fplll
The National Institute of Standards and Technology (NIST): post-quantum cryptography. https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization
Yamaguchi, J., Yasuda, M.: Explicit formula for Gram–Schmidt vectors in LLL with deep insertions and its applications. In: Number-Theoretic Methods in Cryptology (NuTMiC 2017), Lecture Notes in Computer Science, vol. 10737, pp. 142–160. Springer (2017). https://doi.org/10.1007/978-3-319-76620-1_9
Yasuda, M.: A survey of solving SVP algorithms and recent strategies for solving the SVP challenge. In: International Symposium on Mathematics, Quantum Theory, and Cryptography, pp. 189–207. Springer (2021). https://doi.org/10.1007/978-981-15-5191-8_15
Yasuda, M., Nakamura, S., Yamaguchi, J.: Analysis of DeepBKZ reduction for finding short lattice vectors. Designs Codes Cryptogr. 88, 2077–2100 (2020). https://doi.org/10.1007/s10623-020-00765-4
Yasuda, M., Yamaguchi, J.: A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram–Schmidt lengths. Designs Codes Cryptogr. 87, 2489–2505 (2019). https://doi.org/10.1007/s10623-019-00634-9
Yu, Y., Ducas, L.: Second order statistical behavior of LLL and BKZ. In: Selected Areas in Cryptography (SAC 2017), Lecture Notes in Computer Science, vol. 10719, pp. 3–22. Springer (2017). https://doi.org/10.1007/978-3-319-72565-9_1
Acknowledgements
This work was partially supported by the National High Performance Computing Center at the Zuse Institute Berlin (NHR@ZIB). We are grateful to the supercomputer staff, especially Matthias Läuter and Tobias Watermann.
Funding
This research project was supported by the Japan Science and Technology Agency (JST), the Core Research of Evolutionary Science and Technology (CREST), the Center of Innovation Science and Technology based Radical Innovation and Entrepreneurship Program (COI Program), JSPS KAKENHI Grant Number JP21H04599, JP20H04142, Japan, the German Research Foundation (DFG) through the project HPO-Navi (fund number 391087700): Sustainable Infrastructures for Archiving and Publishing High-Performance Optimization Software, the Research Campus MODAL funded by the German Federal Ministry of Education and Research (fund number 05M20ZBM).
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Conflict of interest
The authors have no competing interests to declare that are relevant to the content of this article.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
About this article
Cite this article
Tateiwa, N., Shinano, Y., Yasuda, M. et al. Development and analysis of massive parallelization of a lattice basis reduction algorithm. Japan J. Indust. Appl. Math. 41, 13–56 (2024). https://doi.org/10.1007/s13160-023-00580-z
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13160-023-00580-z
Keywords
- Lattice problems
- Shortest vector problem (SVP)
- Lattice basis reduction
- Parallel computation
- CMAP-LAP framework