Skip to main content

Solving the Shortest Vector Problem in Lattices Faster Using Quantum Search

  • Conference paper

Part of the Lecture Notes in Computer Science book series (LNSC,volume 7932)

Abstract

By applying Grover’s quantum search algorithm to the lattice algorithms of Micciancio and Voulgaris, Nguyen and Vidick, Wang et al., and Pujol and Stehlé, we obtain improved asymptotic quantum results for solving the shortest vector problem. With quantum computers we can provably find a shortest vector in time 21.799n + o(n), improving upon the classical time complexity of 22.465n + o(n) of Pujol and Stehlé and the 22n + o(n) of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time 20.312n + o(n), improving upon the classical time complexity of 20.384n + o(n) of Wang et al. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem.

Keywords

  • lattices
  • shortest vector problem
  • sieving
  • quantum algorithms
  • quantum search

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-642-38616-9_6
  • Chapter length: 19 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   54.99
Price excludes VAT (USA)
  • ISBN: 978-3-642-38616-9
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   69.99
Price excludes VAT (USA)

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Aharonov, D., Regev, O.: A Lattice Problem in Quantum NP. In: 44th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 210–219. IEEE Press, New York (2003)

    Google Scholar 

  2. Ajtai, M.: The Shortest Vector Problem in L 2 is NP-hard for Randomized Reductions. In: 30th Annual ACM Symposium on Theory of Computing (STOC), pp. 10–19. ACM, New York (1998)

    Google Scholar 

  3. Ajtai, M., Kumar, R., Sivakumar, D.: A Sieve Algorithm for the Shortest Lattice Vector Problem. In: 33rd Annual ACM Symposium on Theory of Computing (STOC), pp. 601–610. ACM, New York (2001)

    Google Scholar 

  4. Ambainis, A.: Quantum Walk Algorithm for Element Distinctness. In: 45th Annual IEEE Symposium on Foundations of Computer Science (FOCS), pp. 22–31. IEEE Press, New York (2003)

    Google Scholar 

  5. Aono, Y., Naganuma, K.: Heuristic Improvements of BKZ 2.0. IEICE Tech. Rep. 112(211), 15–22 (2012)

    Google Scholar 

  6. Bennett, C.H., Bernstein, E., Brassard, G., Vazirani, V.: Strengths and Weaknesses of Quantum Computing. SIAM J. Comput. 26(5), 1510–1523 (1997)

    MathSciNet  MATH  CrossRef  Google Scholar 

  7. Bernstein, D.J.: Cost analysis of hash collisions: Will quantum computers make SHARCs obsolete? In: SHARCS 2009: Special-purpose Hardware for Attacking Cryptographic Systems (2009)

    Google Scholar 

  8. Buchmann, J., Ding, J. (eds.): PQCrypto 2008. LNCS, vol. 5299. Springer, Heidelberg (2008)

    MATH  Google Scholar 

  9. Boyer, M., Brassard, G., Høyer, P., Tapp, A.: Tight Bounds on Quantum Searching. Fortschritte der Physik 46, 493–505 (1998)

    CrossRef  Google Scholar 

  10. Brakerski, Z., Gentry, C., Vaikuntanathan, V.: Fully homomorphic encryption without bootstrapping. In: Goldwasser, S. (ed.) Innovations in Theoretical Computer Science, ITCS 2012, pp. 309–325. ACM (2012)

    Google Scholar 

  11. Brassard, G., Høyer, P., Tapp, A.: Quantum cryptanalysis of hash and claw-free functions. In: Lucchesi, C.L., Moura, A.V. (eds.) LATIN 1998. LNCS, vol. 1380, pp. 163–169. Springer, Heidelberg (1998)

    CrossRef  Google Scholar 

  12. Brassard, G., Høyer, P., Mosca, M., Tapp, A.: Quantum Amplitude Amplification and Estimation. AMS Contemporary Mathematics Series Millennium Vol. entitled Quantum Computation & Information, vol. 305 (2002)

    Google Scholar 

  13. Buhrman, B., Dürr, C., Heiligman, M., Høyer, P., Magniez, F., Santha, M., de Wolf, R.: Quantum Algorithms for Element Distinctness. SIAM J. Comput. 34(6), 1324–1330 (2005)

    MathSciNet  MATH  CrossRef  Google Scholar 

  14. Chen, Y., Nguyen, P.Q.: BKZ 2.0: Better Lattice Security Estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  15. Childs, A., Van Dam, W.: Quantum algorithms for algebraic problems. Rev. Mod. Phys. 82, 1–52 (2010)

    MATH  CrossRef  Google Scholar 

  16. Childs, A.M., Jao, D., Soukharev, V.: Constructing elliptic curve isogenies in quantum subexponential time. arXiv:1012.4019 (2010)

    Google Scholar 

  17. Fincke, U., Pohst, M.: Improved methods for calculating vectors of short length in a lattice, including a complexity analysis. Math. Comp. 44, 463–471 (1985)

    MathSciNet  MATH  CrossRef  Google Scholar 

  18. Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  19. Gama, N., Nguyen, P.Q., Regev, O.: Lattice Enumeration Using Extreme Pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257–278. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  20. Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Dwork, C. (ed.) STOC 2008, pp. 197–206. ACM (2008)

    Google Scholar 

  21. Gentry, C.: A fully homomorphic encryption scheme (Doctoral dissertation, Stanford University) (2009)

    Google Scholar 

  22. Giovannetti, V., Lloyd, S., Maccone, L.: Quantum Random Access Memory. Phys. Rev. Lett. 100, 160501 (2008)

    MathSciNet  CrossRef  Google Scholar 

  23. Grover, L.K.: A Fast Quantum Mechanical Algorithm for Database Search. In: 28th Annual ACM Symposium on Theory of Computing (STOC), pp. 212–219. ACM, New York (1996)

    Google Scholar 

  24. Grover, L., Rudolph, T.: How significant are the known collision and element distinctness quantum algorithms? Quantum Info. Comput. 4(3), 201–206 (2004)

    MathSciNet  MATH  Google Scholar 

  25. Hallgren, S.: Polynomial-time quantum algorithms for Pell’s equation and the principal ideal problem. J. ACM. 54(1), 653–658 (2007)

    MathSciNet  CrossRef  Google Scholar 

  26. Hanrot, G., Pujol, X., Stehlé, D.: Algorithms for the Shortest and Closest Lattice Vector Problems. In: Chee, Y.M., Guo, Z., Ling, S., Shao, F., Tang, Y., Wang, H., Xing, C. (eds.) IWCC 2011. LNCS, vol. 6639, pp. 159–190. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  27. Hoffstein, J., Pipher, J., Silverman, J.H.: NTRU: A ring-based public key cryptosystem. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 267–288. Springer, Heidelberg (1998)

    CrossRef  Google Scholar 

  28. Jeffery, S.: Collision Finding with Many Classical or Quantum Processors. Master’s thesis, University of Waterloo (2011)

    Google Scholar 

  29. Kabatiansky, G., Levenshtein, V.I.: On Bounds for Packings on a Sphere and in Space. Problemy Peredachi Informacii 14(1), 3–25 (1978)

    Google Scholar 

  30. Kannan, R.: Improved Algorithms for Integer Programming and Related Lattice Problems. In: 15th Annual ACM Symposium on Theory of Computing (STOC), pp. 193–206. ACM, New York (1983)

    Google Scholar 

  31. Khot, S.: Hardness of approximating the shortest vector problem in lattices. Journal of the ACM 52(5), 789–808 (2005)

    MathSciNet  CrossRef  Google Scholar 

  32. Kuo, P.C., Schneider, M., Dagdelen, Ö., Reichelt, J., Buchmann, J., Cheng, C.M., Yang, B.Y.: Extreme Enumeration on GPU and in Clouds. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol. 6917, pp. 176–191. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  33. Kuperberg, G.: A Subexponential-Time Quantum Algorithm for the Dihedral Hidden Subgroup Problem. SIAM J. Comput. 35(1), 170–188 (2005)

    MathSciNet  MATH  CrossRef  Google Scholar 

  34. Kuperberg, G.: Another Subexponential-Time Quantum Algorithm for the Dihedral Hidden Subgroup Problem. arXiv, Report 1112/3333, pp. 1–10 (2011)

    Google Scholar 

  35. Laarhoven, T., van de Pol, J., de Weger, B.: Solving Hard Lattice Problems and the Security of Lattice-Based Cryptosystems. Cryptology ePrint Archive, Report 2012/533, pp. 1–43 (2012)

    Google Scholar 

  36. TU Darmstadt Lattice Challenge, http://www.latticechallenge.org/

  37. Lenstra, A.K., Lenstra, H., Lovász, L.: Factoring Polynomials with Rational Coefficients. Math. Ann. 261(4), 515–534 (1982)

    MathSciNet  MATH  CrossRef  Google Scholar 

  38. Ludwig, C.: A Faster Lattice Reduction Method Using Quantum Search. In: Ibaraki, T., Katoh, N., Ono, H. (eds.) ISAAC 2003. LNCS, vol. 2906, pp. 199–208. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  39. Lyubashevsky, V.: Lattice signatures without trapdoors. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT 2012. LNCS, vol. 7237, pp. 738–755. Springer, Heidelberg (2012)

    CrossRef  Google Scholar 

  40. Micciancio, D., Voulgaris, P.: A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations. In: 42nd Annual ACM Symposium on Theory of Computing (STOC), pp. 351–358. ACM, New York (2010)

    CrossRef  Google Scholar 

  41. Micciancio, D., Voulgaris, P.: Faster Exponential Time Algorithms for the Shortest Vector Problem. In: 21st Annual ACM Symposium on Discrete Algorithms (SODA), pp. 1468–1480. ACM, New York (2010)

    Google Scholar 

  42. Mosca, M.: Quantum Algorithms. In: Meyers, R. (ed.) Encyclopedia of Complexity and Systems Science (2009)

    Google Scholar 

  43. Nguyen, P.Q., Vidick, T.: Sieve Algorithms for the Shortest Vector Problem are Practical. J. Math. Crypt. 2(2), 181–207 (2008)

    MathSciNet  MATH  Google Scholar 

  44. Pohst, M.: On the computation of lattice vectors of minimal length, successive minima and reduced bases with applications. ACM SIGSAM Bulletin 15(1), 37–44 (1981)

    MathSciNet  MATH  CrossRef  Google Scholar 

  45. van de Pol, J.: Lattice-based cryptography. Master’s thesis. Eindhoven University of Technology (2011)

    Google Scholar 

  46. Pujol, X., Stehlé, D.: Solving the Shortest Lattice Vector Problem in Time 22.465n. Cryptology ePrint Archive, Report 2009/605, pp. 1–7 (2009)

    Google Scholar 

  47. Regev, O.: A Subexponential Time Algorithm for the Dihedral Hidden Subgroup Problem with Polynomial Space. arXiv, Report 0405/151, pp. 1–7 (2004)

    Google Scholar 

  48. Regev, O.: Lattices in Computer Science. Lecture Notes for a Course at the Tel Aviv University (2004)

    Google Scholar 

  49. Regev, O.: Quantum Computation and Lattice Problems. SIAM J. Comput. 33(3), 738–760 (2004)

    MathSciNet  MATH  CrossRef  Google Scholar 

  50. Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: 37th Annual ACM Symposium on Theory of Computing (STOC), pp. 84–93 (2005)

    Google Scholar 

  51. Santha, M.: Quantum Walk Based Search Algorithms. In: Agrawal, M., Du, D.-Z., Duan, Z., Li, A. (eds.) TAMC 2008. LNCS, vol. 4978, pp. 31–46. Springer, Heidelberg (2008)

    CrossRef  Google Scholar 

  52. Schneider, M.: Analysis of Gauss-Sieve for Solving the Shortest Vector Problem in Lattices. In: Katoh, N., Kumar, A. (eds.) WALCOM 2011. LNCS, vol. 6552, pp. 89–97. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  53. Schneider, M.: Sieving for Short Vectors in Ideal Lattices. Cryptology ePrint Archive, Report 2011/458, pp. 1–19 (2011)

    Google Scholar 

  54. Schnorr, C.P.: A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms. Theoretical Computer Science 53(2-3), 201–224 (1987)

    MathSciNet  MATH  CrossRef  Google Scholar 

  55. Schnorr, C.P., Euchner, M.: Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems. Mathematical Programming 66(2-3), 181–199 (1994)

    MathSciNet  MATH  CrossRef  Google Scholar 

  56. Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145–156. Springer, Heidelberg (2003)

    CrossRef  Google Scholar 

  57. Shor, P.W.: Polynomial-Time Algorithms for Prime Factorization and Discrete Logarithms on a Quantum Computer. SIAM J. Comput. 26(5), 1484–1509 (1997)

    MathSciNet  MATH  CrossRef  Google Scholar 

  58. Smith, J.: Mosca. M.: Algorithms for Quantum Computers. In: Handbook of Natural Computing, pp. 1451–1492. Springer (2012)

    Google Scholar 

  59. SVP Challenge, http://latticechallenge.org/svp-challenge/

  60. Wang, X., Liu, M., Tian, C., Bi, J.: Improved Nguyen-Vidick Heuristic Sieve Algorithm for Shortest Vector Problem. In: 6th ACM Symposium on Information, Computer and Communications Security (ASIACCS), pp. 1–9. ACM, New York (2011)

    CrossRef  Google Scholar 

Download references

Author information

Authors and Affiliations

Authors

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2013 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Laarhoven, T., Mosca, M., van de Pol, J. (2013). Solving the Shortest Vector Problem in Lattices Faster Using Quantum Search. In: Gaborit, P. (eds) Post-Quantum Cryptography. PQCrypto 2013. Lecture Notes in Computer Science, vol 7932. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38616-9_6

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-38616-9_6

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-38615-2

  • Online ISBN: 978-3-642-38616-9

  • eBook Packages: Computer ScienceComputer Science (R0)