Sieving for shortest vectors in ideal lattices: a practical perspective (Q1626132)

From MaRDI portal
Revision as of 10:45, 30 July 2024 by Openalex240730090724 (talk | contribs) (Set OpenAlex properties.)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
scientific article
Language Label Description Also known as
English
Sieving for shortest vectors in ideal lattices: a practical perspective
scientific article

    Statements

    Sieving for shortest vectors in ideal lattices: a practical perspective (English)
    0 references
    0 references
    0 references
    0 references
    26 November 2018
    0 references
    Summary: The security of many lattice-based cryptographic schemes relies on the hardness of finding short vectors in integral lattices. We propose a new variant of the parallel Gauss sieve algorithm to compute such short vectors. It combines favourable properties of previous approaches resulting in reduced run time and memory requirement per node. Our publicly available implementation outperforms all previous Gauss sieve approaches for dimensions 80, 88, and 96. When computing short vectors in ideal lattices, we show how to reduce the number of multiplications and comparisons by using a symbolic Fourier transform. We computed a short vector in a negacyclic ideal lattice of dimension 128 in less than nine days on 1,024 cores, more than twice as fast as the recent record computation for the same lattice on the same computer hardware.
    0 references
    lattice cryptanalysis
    0 references
    parallel Gauss sieve
    0 references
    ideal lattices
    0 references
    ring LWE
    0 references

    Identifiers