Skip to main content

On the Efficacy of Solving LWE by Reduction to Unique-SVP

Part of the Lecture Notes in Computer Science book series (LNSC,volume 8565)

Abstract

We present a study of the concrete complexity of solving instances of the unique shortest vector problem (uSVP). In particular, we study the complexity of solving the Learning with Errors (LWE) problem by reducing the Bounded-Distance Decoding (BDD) problem to uSVP and attempting to solve such instances using the ‘embedding’ approach. We experimentally derive a model for the success of the approach, compare to alternative methods and demonstrate that for the LWE instances considered in this work, reducing to uSVP and solving via embedding compares favorably to other approaches.

Keywords

  • Success Probability
  • Target Vector
  • Short Vector
  • Overwhelming Probability
  • Lattice Basis Reduction

These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-319-12160-4_18
  • Chapter length: 18 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   59.99
Price excludes VAT (USA)
  • ISBN: 978-3-319-12160-4
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   79.99
Price excludes VAT (USA)
Fig. 1.
Fig. 2.
Fig. 3.
Fig. 4.
Fig. 5.
Fig. 6.

Notes

  1. 1.

    We employ the notation \(\mathrm {GH}_{q,n,m}\) to denote the application of the Gaussian heuristic to an LWE lattice formed from \(m\) LWE samples of dimension \(n\), with modulus \(q\).

References

  1. Albrecht, M.R., Cid, C., Faugère, J.-C., Fitzpatrick, R., Perret, L.: On the complexity of the BKW algorithm on LWE. Des. Codes and Cryptogr. 1–30 (2013)

    Google Scholar 

  2. Albrecht, M.R., Farshim, P., Faugère, J.-C., Perret, L.: Polly cracker, revisited. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 179–196. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  3. Albrecht, M.R., Fitzpatrick, R., Cabracas, D., Göpfert, F., Schneider, M.: A generator for LWE and Ring-LWE instances (2013). http://www.iacr.org/news/files/2013-04-29lwe-generator.pdf

  4. Arora, S., Ge, R.: New algorithms for learning in presence of errors. In: Aceto, L., Henzinger, M., Sgall, J. (eds.) ICALP 2011, Part I. LNCS, vol. 6755, pp. 403–415. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  5. Banaszczyk, W.: New bounds in some transference theorems in the geometry of numbers. Math. Ann. 296(1), 625–635 (1993)

    MathSciNet  CrossRef  MATH  Google Scholar 

  6. Brakerski, Z., Langlois, A., Peikert, C., Regev, O., Stehlé, D.: Classical hardness of Learning with Errors. To appear STOC 2013 (2013)

    Google Scholar 

  7. Brakerski, Z., Vaikuntanathan, V.: Efficient fully homomorphic encryption from (standard) LWE. In: Ostrovsky, R. (ed.) IEEE 52nd Annual Symposium on Foundations of Computer Science, FOCS 2011, pp. 97–106. IEEE (2011)

    Google Scholar 

  8. Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  9. Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  10. Gentry, C.: A fully homomorphic encryption scheme. Ph.D. thesis, Stanford University (2009). http://crypto.stanford.edu/craig

  11. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: STOC 08: Proceedings of the 40th Annual ACM Symposium on Theory of Computing, pp. 197–206. ACM (2008)

    Google Scholar 

  12. Goldstein, D., Mayer, A.: On the equidistribution of Hecke points. Forum Mathematicum 15, 165–189 (2003)

    MathSciNet  CrossRef  MATH  Google Scholar 

  13. Kannan, R.: Minkowski’s convex body theorem and integer programming. Math. Oper. Res. 12(3), 415–440 (1987)

    MathSciNet  CrossRef  MATH  Google Scholar 

  14. Lindner, R., Peikert, C.: Better key sizes (and attacks) for LWE-based encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319–339. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  15. Liu, M., Nguyen, P.Q.: Solving BDD by enumeration: an update. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 293–309. Springer, Heidelberg (2013)

    CrossRef  Google Scholar 

  16. Liu, M., Wang, X., Xu, G., Zheng, X.: Shortest lattice vectors in the presence of gaps. Cryptology ePrint Archive, Report 2011/139 (2011). http://eprint.iacr.org/. Accessed 4 March 2012

  17. Lovász, L.: An algorithmic theory of numbers, graphs, and convexity. In: CBMS-NSF Regional Conference Series in Applied Mathematics. Society for Industrial and Applied Mathematics, Philadelphia (1986)

    Google Scholar 

  18. Lyubashevsky, V., Micciancio, D.: On bounded distance decoding, unique shortest vectors, and the minimum distance problem. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 577–594. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  19. Micciancio, D., Regev, O.: Lattice-based cryptography. In: Bernstein, D.J., Buchmann, J., Dahmen, E. (eds.) Post-Quantum Cryptography, pp. 147–191. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

  20. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Gabow, H.N., Fagin, R. (eds.) STOC, pp. 84–93. ACM (2005)

    Google Scholar 

  21. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. J. ACM 56(6), 1–40 (2009)

    MathSciNet  CrossRef  Google Scholar 

  22. Regev, O.: The learning with errors problem (invited survey). In: IEEE Conference on Computational Complexity, pp. 191–204. IEEE Computer Society (2010)

    Google Scholar 

  23. Stehlé, D., Steinfeld, R., Tanaka, K., Xagawa, K.: Efficient public key encryption based on ideal lattices. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 617–635. Springer, Heidelberg (2009)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Robert Fitzpatrick .

Editor information

Editors and Affiliations

A Root Hermite Factors for LWE-Derived Lattices

A Root Hermite Factors for LWE-Derived Lattices

It is a generally-accepted heuristic that the norms of shortest lattice vectors found by lattice basis reduction algorithms can be approximated by (Table 5)

$$ \Vert \varvec{b}_1\Vert \approx \det (\mathcal {L})^{1/m}\cdot \delta _0(m)^m $$

where \(\delta _0(m)\) rapidly converges to a constant, denoted \(\delta _0\), as \(m\) grows. The following tables give experimentally-derived root Hermite factors for LLL and some BKZ algorithms as applied to the LWE-derived lattices studied in this work – all root Hermite factors being obtained for the minimum dimension in which the given algorithm solves the LWE-\(n\) instance with probability \(0.1\) (Tables 6 and 7).

Table 5. Root Hermite factors, LLL, Regev’s parameters
Table 6. Root Hermite factors, BKZ-5, Regev’s parameters
Table 7. Root Hermite factors, BKZ-10, Regev’s parameters

Rights and permissions

Reprints and Permissions

Copyright information

© 2014 Springer International Publishing Switzerland

About this paper

Cite this paper

Albrecht, M.R., Fitzpatrick, R., Göpfert, F. (2014). On the Efficacy of Solving LWE by Reduction to Unique-SVP. In: Lee, HS., Han, DG. (eds) Information Security and Cryptology -- ICISC 2013. ICISC 2013. Lecture Notes in Computer Science(), vol 8565. Springer, Cham. https://doi.org/10.1007/978-3-319-12160-4_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-12160-4_18

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-12159-8

  • Online ISBN: 978-3-319-12160-4

  • eBook Packages: Computer ScienceComputer Science (R0)