Skip to main content
SpringerLink
Log in

Development and analysis of massive parallelization of a lattice basis reduction algorithm

  • Original Paper
  • Published:
Japan Journal of Industrial and Applied Mathematics Aims and scope Submit manuscript

Abstract

The security of lattice-based cryptography relies on the hardness of solving lattice problems. Lattice basis reduction is a strong tool for solving lattice problems, and the block Korkine–Zolotarev (BKZ) reduction algorithm is the de facto standard in cryptanalysis. We propose a parallel algorithm of BKZ-type reduction based on randomization. Randomized copies of an input lattice basis are independently reduced in parallel, while several basis vectors are shared asynchronously among all processes. There is a trade-off between randomization and information sharing; if a substantial amount of information is shared, all processes might work on the same problem, which diminishes the benefit of parallelization. To monitor the balance between randomness and sharing, we propose a new metric to quantify the variety of lattice bases, and we empirically find an optimal parameter of sharing for high-dimensional lattices. We also demonstrate the effectiveness of our parallel algorithm and metric through experiments from multiple perspectives.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21

Similar content being viewed by others

Data availability

The paper uses data obtained from SVP Challenge as SVP instance in our experiments, at https://www.latticechallenge.org/svp-challenge/. Also, the source code is available on GitHub at https://github.com/nariaki3551/cmaplap.

Notes

  1. We found that bases reduced by DeepBKZ often contained shortest lattice vectors, and pruned enumeration got irrelevant. Hence, we used BKZ in this experiment instead of DeepBKZ.

References

  1. Ajtai, M.: Generating hard instances of lattice problems. In: Symposium on Theory of Computing (STOC 1996), pp. 99–108. ACM (1996). https://doi.org/10.1145/237814.237838

  2. Albrecht, M., Ducas, L.: Lattice attacks on NTRU and LWE: a history of refinements. Cryptology ePrint Archive: Report 2021/799 (2021)

  3. Albrecht, M., Ducas, L., Herold, G., Kirshanova, E., Postlethwaite, E.W., Stevens, M.: The general sieve kernel and new records in lattice reduction. In: Advances in Cryptology–EUROCRYPT 2019, Lecture Notes in Computer Science, vol. 11477, pp. 717–746. Springer (2019). https://doi.org/10.1007/978-3-030-17656-3_25

  4. Albrecht, M.R., Bai, S., Li, J., Rowell, J.: Lattice reduction with approximate enumeration oracles. In: Advances in Cryptology–CRYPTO 2021, Lecture Notes in Computer Science, vol. 12826, pp. 732–759. Springer (2021). https://doi.org/10.1007/978-3-030-84245-1_25

  5. Albrecht, M.R., Curtis, B.R., Deo, A., Davidson, A., Player, R., Postlethwaite, E.W., Virdia, F., Wunderer, T.: Estimate all the LWE, NTRU schemes! In: Security and Cryptography for Networks (SCN 2018), Lecture Notes in Computer Science, vol. 11035, pp. 351–367 (2018). https://doi.org/10.1007/978-3-319-98113-0_19

  6. Alkim, E., Ducas, L., Pöppelmann, T., Schwabe, P.: Post-quantum key exchange: a new hope. In: 25th USENIX Security Symposium (USENIX Security 16), pp. 327–343 (2016)

  7. Barg, A., Nogin, D.Y.: Bounds on packings of spheres in the Grassmann manifold. IEEE Trans. Inf. Theory 48(9), 2450–2454 (2002). https://doi.org/10.1109/TIT.2002.801469

    Article  MathSciNet  Google Scholar 

  8. Becker, A., Ducas, L., Gama, N., Laarhoven, T.: New directions in nearest neighbor searching with applications to lattice sieving. In: ACM-SIAM Symposium on Discrete Algorithms (SODA 2016), pp. 10–24. SIAM (2016). https://doi.org/10.1137/1.9781611974331.ch2

  9. Björck, Å., Golub, G.H.: Numerical methods for computing angles between linear subspaces. Math. Comput. 27(123), 579–594 (1973). https://doi.org/10.2307/2005662

    Article  MathSciNet  Google Scholar 

  10. Bremner, M.R.: Lattice Basis Reduction: An Introduction to the LLL Algorithm and Its Applications. CRC Press, Boca Raton (2011)

    Book  Google Scholar 

  11. Burger, M., Bischof, C., Krämer, J.: p3Enum: a new parameterizable and shared-memory parallelized shortest vector problem solver. In: Computational Science–ICCS 2019, Lecture Notes in Computer Science, vol. 11540, pp. 535–542. Springer (2019). https://doi.org/10.1007/978-3-030-22750-0_48

  12. Chen, H.: A measure version of Gaussian heuristic. IACR Cryptology ePrint Archive: Report 2016/439 (2016)

  13. Chen, Y.: Réduction de réseau et sécurité concrete du chiffrement completement homomorphe. Ph.D. thesis, Paris 7 (2013)

  14. Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Advances in Cryptology–ASIACRYPT 2011, Lecture Notes in Computer Science, vol. 7073, pp. 1–20. Springer (2011). https://doi.org/10.1007/978-3-642-25385-0_1

  15. Chikuse, Y.: Statistics on Special Manifolds, vol. 174. Springer Science & Business Media, New York (2003). https://doi.org/10.1007/978-0-387-21540-2

    Book  Google Scholar 

  16. Dagdelen, Ö., Schneider, M.: Parallel enumeration of shortest lattice vectors. In: Euro-Par 2010–Parallel Processing, Lecture Notes in Computer Science, vol. 6272, pp. 211–222. Springer (2010). https://doi.org/10.1007/978-3-642-15291-7_21

  17. Deutsch, P., Gailly, J.L.: Zlib compressed data format specification version 3.3. Tech. rep., RFC 1950, May (1996)

  18. Ducas, L.: Shortest vector from lattice sieving: a few dimensions for free. In: Advances in Cryptology–EUROCRYPT 2018, Lecture Notes in Computer Science, vol. 10820, pp. 125–145. Springer (2018). https://doi.org/10.1007/978-3-319-78381-9_5

  19. Ducas, L., Stevens, M., van Woerden, W.: Advanced lattice sieving on GPUs, with tensor cores. In: Advances in Cryptology–EUROCRYPT 2021, Lecture Notes in Computer Science, vol. 12697, pp. 249–279. Springer (2021). https://doi.org/10.1007/978-3-030-77886-6_9

  20. Edelman, A., Arias, T.A., Smith, S.T.: The geometry of algorithms with orthogonality constraints. SIAM J. Matrix Anal. Appl. 20(2), 303–353 (1998). https://doi.org/10.1137/S0895479895290954

    Article  MathSciNet  Google Scholar 

  21. Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Advances in Cryptology–EUROCRYPT 2008, Lecture Notes in Computer Science, vol. 4965, pp. 31–51. Springer (2008). https://doi.org/10.1007/978-3-540-78967-3_3

  22. Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Advances in Cryptology–EUROCRYPT 2010, Lecture Notes in Computer Science, vol. 6110, pp. 257–278. Springer (2010). https://doi.org/10.1007/978-3-642-13190-5_13

  23. Golub, G.H., Van Loan, C.F.: Matrix Computations, 4th edn. The Johns Hopkins University Press, Baltimore (1996)

    Google Scholar 

  24. Hermans, J., Schneider, M., Buchmann, J., Vercauteren, F., Preneel, B.: Parallel shortest lattice vector enumeration on graphics cards. In: Progress in Cryptology–AFRICACRYPT 2010, Lecture Notes in Computer Science, vol. 6055, pp. 52–68. Springer (2010). https://doi.org/10.1007/978-3-642-12678-9_4

  25. Herold, G., Kirshanova, E.: Improved algorithms for the approximate \(k\)-list problem in Euclidean norm. In: Public Key Cryptography (PKC 2017), Lecture Notes in Computer Science, vol. 10174, pp. 16–40. Springer (2017). https://doi.org/10.1007/978-3-662-54365-8_2

  26. Joux, A.: A tutorial on high performance computing applied to cryptanalysis (invited talk). In: Advances in Cryptology–EUROCRYPT 2012, Lecture Notes in Computer Science, vol. 7237, pp. 1–7. Springer (2012). https://doi.org/10.1007/978-3-642-29011-4_1

  27. Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987). https://doi.org/10.1287/moor.12.3.415

    Article  MathSciNet  Google Scholar 

  28. Kuo, P.C., Schneider, M., Dagdelen, Ö., Reichelt, J., Buchmann, J., Cheng, C.M., Yang, B.Y.: Extreme enumeration on GPU and in clouds. In: Cryptographic Hardware and Embedded Systems–CHES 2011, Lecture Notes in Computer Science, vol. 6917, pp. 176–191. Springer (2011). https://doi.org/10.1007/978-3-642-23951-9_12

  29. Laarhoven, T., Mariano, A.: Progressive lattice sieving. In: Post-Quantum Cryptography (PQCrypto 2018), Lecture Notes in Computer Science, vol. 10786, pp. 292–311. Springer (2018). https://doi.org/10.1007/978-3-319-79063-3_14

  30. Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)

    Article  MathSciNet  Google Scholar 

  31. Nguyen, P.Q.: Hermite’s constant and lattice algorithms. In: The LLL Algorithm, pp. 19–69. Springer (2009). https://doi.org/10.1007/978-3-642-02295-1_2

  32. Pohmann, S., Stevens, M., Zumbrägel, J.: Lattice enumeration on GPUs for fplll. IACR ePrint 2021/430 (2021)

  33. Ralphs, T., Shinano, Y., Berthold, T., Koch, T.: Parallel Solvers for Mixed Integer Linear Optimization, pp. 283–336. Springer International Publishing, Cham (2018). https://doi.org/10.1007/978-3-319-63516-3_8

  34. Schneider, M., Gama, N., Baumann, P., Nobach, L.: SVP challenge (2010). http://latticechallenge.org/svp-challenge (2010)

  35. Schnorr, C.P.: Block Korkin–Zolotarev Bases and Successive Minima. International Computer Science Institute (1992)

  36. Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Symposium on Theoretical Aspects of Computer Science (STACS 2003), Lecture Notes in Computer Science, vol. 2607, pp. 145–156. Springer (2003). https://doi.org/10.1007/3-540-36494-3_14

  37. Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994)

    Article  MathSciNet  Google Scholar 

  38. Shinano, Y.: UG: ubiquity generator framework. http://ug.zib.de/

  39. Tateiwa, N., Shinano, Y., Nakamura, S., Yoshida, A., Kaji, S., Yasuda, M., Fujisawa, K.: Massive parallelization for finding shortest lattice vectors based on ubiquity generator framework. In: SC20: International Conference for High Performance Computing, Networking, Storage and Analysis, pp. 1–15. IEEE (2020)

  40. Tateiwa, N., Shinano, Y., Yamamura, K., Yoshida, A., Kaji, S., Yasuda, M., Fujisawa, K.: CMAP-LAP: Configurable massively parallel solver for lattice problems. In: 2021 IEEE 28th International Conference on High Performance Computing, Data, and Analytics (HiPC), pp. 42–52. IEEE (2021). https://doi.org/10.1109/HiPC53243.2021.00018

  41. Teruya, T., Kashiwabara, K., Hanaoka, G.: Fast lattice basis reduction suitable for massive parallelization and its application to the shortest vector problem. In: Public Key Cryptography (PKC 2018), Lecture Notes in Computer Science, vol. 10769, pp. 437–460. Springer (2018). https://doi.org/10.1007/978-3-319-76578-5_15

  42. The FPLLL development team: fplll, a lattice reduction library (2016). https://github.com/fplll/fplll

  43. The National Institute of Standards and Technology (NIST): post-quantum cryptography. https://csrc.nist.gov/projects/post-quantum-cryptography/post-quantum-cryptography-standardization

  44. Yamaguchi, J., Yasuda, M.: Explicit formula for Gram–Schmidt vectors in LLL with deep insertions and its applications. In: Number-Theoretic Methods in Cryptology (NuTMiC 2017), Lecture Notes in Computer Science, vol. 10737, pp. 142–160. Springer (2017). https://doi.org/10.1007/978-3-319-76620-1_9

  45. Yasuda, M.: A survey of solving SVP algorithms and recent strategies for solving the SVP challenge. In: International Symposium on Mathematics, Quantum Theory, and Cryptography, pp. 189–207. Springer (2021). https://doi.org/10.1007/978-981-15-5191-8_15

  46. Yasuda, M., Nakamura, S., Yamaguchi, J.: Analysis of DeepBKZ reduction for finding short lattice vectors. Designs Codes Cryptogr. 88, 2077–2100 (2020). https://doi.org/10.1007/s10623-020-00765-4

    Article  MathSciNet  Google Scholar 

  47. Yasuda, M., Yamaguchi, J.: A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram–Schmidt lengths. Designs Codes Cryptogr. 87, 2489–2505 (2019). https://doi.org/10.1007/s10623-019-00634-9

    Article  MathSciNet  Google Scholar 

  48. Yu, Y., Ducas, L.: Second order statistical behavior of LLL and BKZ. In: Selected Areas in Cryptography (SAC 2017), Lecture Notes in Computer Science, vol. 10719, pp. 3–22. Springer (2017). https://doi.org/10.1007/978-3-319-72565-9_1

Download references

Acknowledgements

This work was partially supported by the National High Performance Computing Center at the Zuse Institute Berlin (NHR@ZIB). We are grateful to the supercomputer staff, especially Matthias Läuter and Tobias Watermann.

Funding

This research project was supported by the Japan Science and Technology Agency (JST), the Core Research of Evolutionary Science and Technology (CREST), the Center of Innovation Science and Technology based Radical Innovation and Entrepreneurship Program (COI Program), JSPS KAKENHI Grant Number JP21H04599, JP20H04142, Japan, the German Research Foundation (DFG) through the project HPO-Navi (fund number 391087700): Sustainable Infrastructures for Archiving and Publishing High-Performance Optimization Software, the Research Campus MODAL funded by the German Federal Ministry of Education and Research (fund number 05M20ZBM).

Author information

Authors and Affiliations

  1. Graduate School of Mathematics, Kyushu University, Fukuoka, Japan

    Nariaki Tateiwa & Keiichiro Yamamura

  2. Department of Optimization, Mathematical Algorithmic Intelligence, Applied Algorithmic Intelligence Methods (A2IM), Zuse Institute Berlin, Berlin, Germany

    Yuji Shinano

  3. Institute of Mathematics for Industry, Kyushu University, Fukuoka, Japan

    Shizuo Kaji & Katsuki Fujisawa

  4. Department of Mathematics, Rikkyo University, Tokyo, Japan

    Masaya Yasuda

Authors
  1. Nariaki Tateiwa
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yuji Shinano
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Masaya Yasuda
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Shizuo Kaji
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Keiichiro Yamamura
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Katsuki Fujisawa
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Nariaki Tateiwa.

Ethics declarations

Conflict of interest

The authors have no competing interests to declare that are relevant to the content of this article.

Additional information

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Tateiwa, N., Shinano, Y., Yasuda, M. et al. Development and analysis of massive parallelization of a lattice basis reduction algorithm. Japan J. Indust. Appl. Math. 41, 13–56 (2024). https://doi.org/10.1007/s13160-023-00580-z

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13160-023-00580-z

Keywords

Mathematics Subject Classification

Search

Navigation