Full Lattice Basis Reduction on Graphics Cards

  • Timo Bartkewitz
  • Tim Güneysu
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7242)


Recent lattice enumeration GPU implementations are very useful to find shortest vectors within a given lattice but are also highly dependent on a lattice basis reduction that still runs on a CPU. Therefore we present an implementation of a full lattice basis reduction that makes exclusive use of GPUs to close this gap. Hence, we show that GPUs are, as well, suited to apply lattice basis reduction algorithms that were merely of theoretical interest so far due to their enormous computational effort. We modified and optimized these algorithms to fit the architecture of graphics cards, in particular we focused on Givens Rotations and the All-swap reduction method. Eventually, our GPU implementation achieved a significant speed-up for given lattice challenges compared to the NTL implementation running on an CPU of about 18, providing at least the same reduction quality.


Lattice Basis Reduction Givens Rotations All-Swap Algorithm Parallelization Graphics Cards CUDA 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: STOC 1996: Proceedings of the Twenty-Eighth Annual ACM Symposium on Theory of Computing, pp. 99–108. ACM, New York (1996)CrossRefGoogle Scholar
  2. 2.
    Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-case equivalence. In: STOC 1997: Proceedings of the Twenty-Ninth Annual ACM Symposium on Theory of Computing, pp. 284–293. ACM, New York (1997)CrossRefGoogle Scholar
  3. 3.
    Applebaum, B., Cash, D., Peikert, C., Sahai, A.: Fast Cryptographic Primitives and Circular-Secure Encryption Based on Hard Learning Problems. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 595–618. Springer, Heidelberg (2009)CrossRefGoogle Scholar
  4. 4.
    Backes, W., Wetzel, S.: A Parallel LLL using POSIX Threads. Tech. rep., Dept. of Computer Science, Stevens Institute of Technology (2009), dIMACS Technical Report 2008-12Google Scholar
  5. 5.
    Brakerski, Z., Goldwasser, S., Kalai, Y.: Circular-Secure Encryption Beyond Affine Functions. Cryptology ePrint Archive, Report 2009/485 (2009),
  6. 6.
    Buchmann, J., Lindner, R., Rückert, M., Schneider, M.: Explicit hard instances of the shortest vector problem. Cryptology ePrint Archive, Report 2008/333 (2008),
  7. 7.
    Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient Public Key Encryption Based on Ideal Lattices. Cryptology ePrint Archive, Report 2009/285 (2009),
  8. 8.
    Detrey, J., Hanrot, G., Pujol, X., Stehlé, D.: Accelerating Lattice Reduction with FPGAs. In: Abdalla, M., Barreto, P.S.L.M. (eds.) LATINCRYPT 2010. LNCS, vol. 6212, pp. 124–143. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  9. 9.
    Gentle, J., Härdle, W., Mori, Y.: Handbook of Computational Statistics. Springer, Heidelberg (2004)zbMATHGoogle Scholar
  10. 10.
    Goldreich, O., Goldwasser, S., Halevi, S.: Collision-Free Hashing from Lattice Problems (1996)Google Scholar
  11. 11.
    Heckler, C.: Automatische Parallelisierung und parallele Gitterbasisreduktion. Ph.D. thesis, Universität des Saarlandes, Saarbrücken (1995)Google Scholar
  12. 12.
    Heckler, C., Thiele, L.: Parallel Complexitiy of Lattice Basis Reduction and a Floating-Point Parallel Algorithm. In: Reeve, M., Bode, A., Wolf, G. (eds.) PARLE 1993. LNCS, vol. 694, pp. 744–747. Springer, Heidelberg (1993)CrossRefGoogle Scholar
  13. 13.
    Hermans, J., Schneider, M., Buchmann, J., Vercauteren, F., Preneel, B.: Parallel Shortest Lattice Vector Enumeration on Graphics Cards. In: Bernstein, D.J., Lange, T. (eds.) AFRICACRYPT 2010. LNCS, vol. 6055, pp. 52–68. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  14. 14.
    Hinek, M.: Lattice Attacks in Cryptography: A Partial Overview. Tech. rep., School of Computer Science, University of Waterloo (2004)Google Scholar
  15. 15.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A Ring-Based Public Key Cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  16. 16.
    Joux, A.: A Fast Parallel Lattice Basis Reduction Algorithm. In: Proceedings of the Second Gauss Symposium, pp. 1–15 (1993)Google Scholar
  17. 17.
    Joux, A., Stern, J.: Lattice Reduction: a Toolbox for the Cryptanalyst. Journal of Cryptology 11, 161–185 (1994)MathSciNetCrossRefGoogle Scholar
  18. 18.
    Kerr, A., Campbell, D., Richards, M.: QR Decomposition on GPUs. Tech. rep., Georgia Institue of Technlogogy, Georgia Tech Research Institute (2009)Google Scholar
  19. 19.
    Khronos Group: The OpenCL Specification Version 1.1 (2011),
  20. 20.
    Kuo, P.-C., Schneider, M., Dagdelen, Ö., Reichelt, J., Buchmann, J., Cheng, C.-M., Yang, B.-Y.: Extreme Enumeration on GPU and in Clouds. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 176–191. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  21. 21.
    Lenstra, A., Lenstra, H., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(4), 515–534 (1982)MathSciNetzbMATHCrossRefGoogle Scholar
  22. 22.
    Lyubashevsky, V., Micciancio, D., Peikert, C., Rosen, A.: SWIFFT: A Modest Proposal for FFT Hashing. In: Nyberg, K. (ed.) FSE 2008. LNCS, vol. 5086, pp. 54–72. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  23. 23.
    Merkle, R., Hellman, M.: Hiding information and signatures in trapdoor knapsacks. IEEE Transactions on Information Theory 24, 525–530 (1978)CrossRefGoogle Scholar
  24. 24.
    Nguyen, P.Q., Stehlé, D.: An LLL Algorithm with Quadratic Complexity. SIAM Journal on Computing 39(3), 874–903 (2009)MathSciNetzbMATHCrossRefGoogle Scholar
  25. 25.
  26. 26.
  27. 27.
    Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: STOC 2009: Proceedings of the 41st Annual ACM Symposium on Theory of Computing, pp. 333–342. ACM, New York (2009)CrossRefGoogle Scholar
  28. 28.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 1–40 (2009)MathSciNetCrossRefGoogle Scholar
  29. 29.
    Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21, 120–126 (1978)MathSciNetzbMATHCrossRefGoogle Scholar
  30. 30.
    Schneider, M., Göttert, N.: Random Sampling for Short Lattice Vectors on Graphics Cards. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 160–175. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  31. 31.
    Schnorr, C., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(2), 181–199 (1994)MathSciNetzbMATHCrossRefGoogle Scholar
  32. 32.
    Shoup, V.: NTL: A Library for doing Number Theory,
  33. 33.
    Villard, G.: Parallel lattice basis reduction. In: ISSAC 1992: Papers from the International Symposium on Symbolic and Algebraic Computation, pp. 269–277. ACM, New York (1992)CrossRefGoogle Scholar
  34. 34.
    Wetzel, S.: An Efficient Parallel Block-Reduction Algorithm. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 323–337. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  35. 35.
    Wiese, K.: Parallelisierung von LLL-Algorithmen zur Gitterbasisreduktionen. Master’s thesis, Universität des Saarlandes (1994)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Timo Bartkewitz
    • 1
  • Tim Güneysu
    • 2
  1. 1.Department of Computer ScienceBonn-Rhine-Sieg University of Applied SciencesSankt AugustinGermany
  2. 2.Horst Görtz Institute for IT SecurityRuhr-University BochumGermany

Personalised recommendations