Explicit Hard Instances of the Shortest Vector Problem

  • Johannes Buchmann
  • Richard Lindner
  • Markus Rückert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5299)


Building upon a famous result due to Ajtai, we propose a sequence of lattice bases with growing dimension, which can be expected to be hard instances of the shortest vector problem (SVP) and which can therefore be used to benchmark lattice reduction algorithms.

The SVP is the basis of security for potentially post-quantum cryptosystems. We use our sequence of lattice bases to create a challenge, which may be helpful in determining appropriate parameters for these schemes.


Lattice reduction lattice-based cryptography challenge 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Aharonov, D., Regev, O.: Lattice problems in NP ∩ coNP. J. ACM 52(5), 749–765 (2005)MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Ajtai, M.: Generating hard instances of lattice problems. In: Proceedings of the Annual Symposium on the Theory of Computing (STOC), pp. 99–108. ACM Press, New York (1996)Google Scholar
  3. 3.
    Ajtai, M., Dwork, C.: A public-key cryptosystem with worst-case/average-case equivalence. In: Proceedings of the Annual Symposium on the Theory of Computing (STOC), pp. 284–293. ACM Press, New York (1997)Google Scholar
  4. 4.
    Ajtai, M., Kumar, R., Sivakumar, D.: A sieve algorithm for the shortest lattice vector problem. In: Proceedings of the Annual Symposium on the Theory of Computing (STOC), pp. 601–610. ACM Press, New York (2001)Google Scholar
  5. 5.
    Bailey, D., Crandall, R.: On the random character of fundamental constant expansions. Experimental Mathematics 10(2), 175–190 (2001)MathSciNetCrossRefzbMATHGoogle Scholar
  6. 6.
    Bailey, D., Crandall, R.: Random generators and normal numbers. Experimental Mathematics 11(4), 527–546 (2002)MathSciNetCrossRefzbMATHGoogle Scholar
  7. 7.
    Banaszczyk, W.: New bounds in some transference theorems in the geometry of numbers. Mathematische Annalen 296(4), 625–635 (1993)MathSciNetCrossRefzbMATHGoogle Scholar
  8. 8.
    Buchmann, J., Lindner, R., Rückert, M.: Explicit hard instances of the shortest vector problem (extended version). Cryptology ePrint Archive, Report 2008/333 (2008),
  9. 9.
    Cai, J., Nerurkar, A.: An improved worst-case to average-case connection for lattice problems. In: Proceedings of the Annual Symposium on Foundations of Computer Science (FOCS), pp. 468–477 (1997)Google Scholar
  10. 10.
    Certicom Corp. The Certicom ECC Challenge,
  11. 11.
    Coppersmith, D., Shamir, A.: Lattice Attacks on NTRU. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 52–61. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  12. 12.
    Filipović, B.: Implementierung der gitterbasenreduktion in segmenten. Master’s thesis, Johann Wolfgang Goethe-Universität Frankfurt am Main (2002)Google Scholar
  13. 13.
    Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Ladner, R.E., Dwork, C. (eds.) STOC, pp. 197–206. ACM Press, New York (2008)Google Scholar
  15. 15.
    Goldreich, O., Goldwasser, S.: On the limits of nonapproximability of lattice problems. J. Comput. Syst. Sci. 60(3), 540–563 (2000)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Goldreich, O., Goldwasser, S., Halevi, S.: Public-key cryptosystems from lattice reduction problems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 112–131. Springer, Heidelberg (1997)CrossRefGoogle Scholar
  17. 17.
    Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A ring-based public key cryptosystem. In: Buhler, J. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  18. 18.
    Hoffstein, J., Silverman, J.H., Whyte, W.: Estimated breaking times for NTRU lattices. Technical Report 012, Version 2, NTRU Cryptosystems (2003),
  19. 19.
    Howgrave-Graham, N., Pipher, H.J.J., Whyte, W.: On estimating the lattice security of NTRU. Technical Report 104, Cryptology ePrint Archive (2005),
  20. 20.
    Kleinbock, D., Weiss, B.: Dirichlet’s theorem on diophantine approximation and homogeneous flows. J.MOD.DYN. 4, 43 (2008)MathSciNetzbMATHGoogle Scholar
  21. 21.
    Koy, H.: Primale-duale Segment-Reduktion (2004),
  22. 22.
    Koy, H., Schnorr, C.-P.: Segment LLL-reduction of lattice bases. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 67–80. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  23. 23.
    Lagarias, J.C., Lenstra Jr., H.W., Schnorr, C.-P.: Korkin-Zolotarev bases and successive minima of a lattice and its reciprocal lattice. Combinatorica 10(4), 333–348 (1990)MathSciNetCrossRefzbMATHGoogle Scholar
  24. 24.
    Lenstra, A., Lenstra, H., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261(4), 515–534 (1982)MathSciNetCrossRefzbMATHGoogle Scholar
  25. 25.
    Ludwig, C.: A faster lattice reduction method using quantum search. In: Ibaraki, T., Katoh, N., Ono, H. (eds.) ISAAC 2003. LNCS, vol. 2906, pp. 199–208. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  26. 26.
    Ludwig, C.: Practical Lattice Basis Sampling Reduction. PhD thesis, Technische Universität Darmstadt (2005),
  27. 27.
    McCurley, K.S.: The discrete logarithm problem. In: Pomerance, C. (ed.) Cryptology and computational number theory, Providence, pp. 49–74. American Mathematical Society (1990)Google Scholar
  28. 28.
    Micciancio, D.: Almost perfect lattices, the covering radius problem, and applications to Ajtai’s connection factor. SIAM Journal on Computing 34(1), 118–169 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  29. 29.
    Micciancio, D., Regev, O.: Worst-case to average-case reductions based on gaussian measures. SIAM Journal on Computing 37(1), 267–302 (2007)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Nguyen, P.Q., Stehlé, D.: Floating-point LLL revisited. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  31. 31.
    Nguyen, P.Q., Stehlé, D.: LLL on the average. In: Hess, F., Pauli, S., Pohst, M.E. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 238–256. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  32. 32.
    Peikert, C.: Limits on the hardness of lattice problems in ℓp norms. In: IEEE Conference on Computational Complexity, pp. 333–346. IEEE Computer Society Press, Los Alamitos (2007)Google Scholar
  33. 33.
    Regev, O.: Quantum computation and lattice problems. SIAM J. Comput. 33(3), 738–760 (2004)MathSciNetCrossRefzbMATHGoogle Scholar
  34. 34.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proceedings of the 37th annual ACM symposium on Theory of computing, pp. 84–93. ACM Press, New York (2005)Google Scholar
  35. 35.
    Regev, O.: On the complexity of lattice problems with polynomial approximation factors. In: A survey for the LLL+25 conference (2007)Google Scholar
  36. 36.
    RSA Security Inc. The RSA Challenge Numbers,
  37. 37.
    Schmidt, W.: Diophantine Approximation. Lecture Notes in Mathematics, vol. 785. Springer, Heidelberg (1980)zbMATHGoogle Scholar
  38. 38.
    Schnorr, C.: A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical Computer Science 53, 201–224 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  39. 39.
    Schnorr, C.: Block reduced lattice bases and successive minima. Combinatorics, Probability and Computing 4, 1–16 (1994)MathSciNetzbMATHGoogle Scholar
  40. 40.
    Schnorr, C.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 146–156. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  41. 41.
    Shoup, V.: Number theory library (NTL) for C++,
  42. 42.
    Stehlé, D.: Damien Stehlé’s homepage at école normale supérieure de Lyon,

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • Johannes Buchmann
    • 1
  • Richard Lindner
    • 1
  • Markus Rückert
    • 1
  1. 1.Department of Computer ScienceTechnische Universität DarmstadtDarmstadtGermany

Personalised recommendations