BKZ 2.0: Better Lattice Security Estimates

Revisiting the Sparsification Technique in Kannan’s Embedding Attack on LWE ⋮ \textsc{Hawk}: module LIP makes lattice signatures fast, compact and simple ⋮ On the measurement and simulation of the BKZ behavior for \(q\)-ary lattices ⋮ Log-\(\mathcal{S}\)-unit lattices using explicit Stickelberger generators to solve approx ideal-SVP ⋮ Development and analysis of massive parallelization of a lattice basis reduction algorithm ⋮ Fast practical lattice reduction through iterated compression ⋮ Fault-enabled chosen-ciphertext attacks on Kyber ⋮ Estimating the hidden overheads in the BDGL lattice sieving algorithm ⋮ Lattice-based public key cryptosystems invoking linear mapping mask ⋮ Lattice-based cryptography: a survey ⋮ Revisiting security estimation for LWE with hints from a geometric perspective ⋮ Private AI: Machine Learning on Encrypted Data ⋮ Lattice reduction with approximate enumeration oracles. Practical algorithms and concrete performance ⋮ Towards faster polynomial-time lattice reduction ⋮ A trace map attack against special ring-LWE samples ⋮ Shortest vectors in lattices of Bai-Galbraith's embedding attack on the LWR problem ⋮ Homomorphic Encryption Standard ⋮ Sieve, Enumerate, Slice, and Lift: ⋮ A Tale of Three Signatures: Practical Attack of ECDSA with wNAF ⋮ Homomorphic AES evaluation using the modified LTV scheme ⋮ Partially Known Nonces and Fault Injection Attacks on SM2 Signature Algorithm ⋮ Lattice Reduction for Modular Knapsack ⋮ Coded-BKW: Solving LWE Using Lattice Codes ⋮ An Improved BKW Algorithm for LWE with Applications to Cryptography and Lattices ⋮ Cryptanalysis of the Co-ACD Assumption ⋮ An efficient lattice reduction using reuse technique blockwisely on NTRU ⋮ Solving the search-LWE problem over projected lattices ⋮ Review of cryptographic schemes applied to remote electronic voting systems: remaining challenges and the upcoming post-quantum paradigm ⋮ Attacking ECDSA leaking discrete bits with a more efficient lattice ⋮ On a dual/hybrid approach to small secret LWE. A dual/enumeration technique for learning with errors and application to security estimates of FHE schemes ⋮ Lattice-based fault attacks on deterministic signature schemes of ECDSA and EdDSA ⋮ Shortest vector from lattice sieving: a few dimensions for free ⋮ On the Efficacy of Solving LWE by Reduction to Unique-SVP ⋮ Secure Statistical Analysis Using RLWE-Based Homomorphic Encryption ⋮ A Ring-LWE-based digital signature inspired by Lindner-Peikert scheme ⋮ \(\mathsf{Rubato}\): noisy ciphers for approximate homomorphic encryption ⋮ A non-commutative cryptosystem based on quaternion algebras ⋮ A Fast Phase-based Enumeration Algorithm for SVP Challenge Through $$y$$-Sparse Representations of Short Lattice Vectors ⋮ Predicting truncated multiple recursive generators with unknown parameters ⋮ Faster Sieving for Shortest Lattice Vectors Using Spherical Locality-Sensitive Hashing ⋮ Lattice Point Enumeration on Block Reduced Bases ⋮ Finding shortest lattice vectors faster using quantum search ⋮ Predicting the concrete security of LWE against the dual attack using binary search ⋮ A detailed analysis of the hybrid lattice-reduction and meet-in-the-middle attack ⋮ Estimation of the hardness of the learning with errors problem with a restricted number of samples ⋮ PotLLL: a polynomial time version of LLL with deep insertions ⋮ Secret computation of purchase history data using somewhat homomorphic encryption ⋮ NTRU Fatigue: How Stretched is Overstretched? ⋮ Faster Dual Lattice Attacks for Solving LWE with Applications to CRYSTALS ⋮ Generalized attack on ECDSA: known bits in arbitrary positions ⋮ On the hardness of the finite field isomorphism problem ⋮ Recovering secrets from prefix-dependent leakage ⋮ A signature scheme from the finite field isomorphism problem ⋮ Flattening NTRU for evaluation key free homomorphic encryption ⋮ Self-dual DeepBKZ for finding short lattice vectors ⋮ EHNP strikes back: analyzing SM2 implementations ⋮ Faster Fully Homomorphic Encryption: Bootstrapping in Less Than 0.1 Seconds ⋮ Improved broadcast attacks against subset sum problems via lattice oracle ⋮ Improving convergence and practicality of slide-type reductions ⋮ Post-quantum key exchange for the Internet and the open quantum safe project ⋮ Sieving for closest lattice vectors (with preprocessing) ⋮ Twisted-PHS: using the product formula to solve approx-SVP in ideal lattices ⋮ Systematics of aligned axions ⋮ A lattice reduction algorithm based on sublattice BKZ ⋮ The irreducible vectors of a lattice: some theory and applications ⋮ Choosing Parameters for NTRUEncrypt ⋮ Gauss Sieve Algorithm on GPUs ⋮ Analysis of Error Terms of Signatures Based on Learning with Errors ⋮ Unnamed Item ⋮ An Experimental Study of Kannan’s Embedding Technique for the Search LWE Problem ⋮ The lattice-based digital signature scheme qTESLA ⋮ ETRU: NTRU over the Eisenstein integers ⋮ Dynamic self-dual DeepBKZ lattice reduction with free dimensions and its implementation ⋮ LLL for ideal lattices: re-evaluation of the security of Gentry-Halevi's FHE scheme ⋮ Second order statistical behavior of LLL and BKZ ⋮ A public-key encryption scheme based on non-linear indeterminate equations ⋮ NTRU prime: reducing attack surface at low cost ⋮ Unnamed Item ⋮ Vulnerable public keys in NTRU cryptosystem ⋮ On the complexity of the BKW algorithm on LWE ⋮ Analysis of DeepBKZ reduction for finding short lattice vectors ⋮ Revisiting Lattice Attacks on Overstretched NTRU Parameters ⋮ One-Shot Verifiable Encryption from Lattices ⋮ Random Sampling Revisited: Lattice Enumeration with Discrete Pruning ⋮ On Dual Lattice Attacks Against Small-Secret LWE and Parameter Choices in HElib and SEAL ⋮ Enhancing Goldreich, Goldwasser and Halevi's scheme with intersecting lattices ⋮ Learning strikes again: the case of the DRS signature scheme ⋮ Post-Quantum Cryptography: State of the Art ⋮ A Survey of Solving SVP Algorithms and Recent Strategies for Solving the SVP Challenge ⋮ Modular lattice signatures, revisited ⋮ TFHE: fast fully homomorphic encryption over the torus ⋮ (One) failure is not an option: bootstrapping the search for failures in lattice-based encryption schemes ⋮ Worst case short lattice vector enumeration on block reduced bases of arbitrary blocksizes ⋮ BKZ ⋮ Parallel Implementation of BDD Enumeration for LWE ⋮ The convergence of slide-type reductions ⋮ On the success probability of solving unique SVP via BKZ ⋮ Bootstrapping fully homomorphic encryption over the integers in less than one second ⋮ A Subfield Lattice Attack on Overstretched NTRU Assumptions ⋮ Unnamed Item ⋮ Quantum Hardness of Learning Shallow Classical Circuits ⋮ A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram-Schmidt lengths ⋮ A polynomial-time algorithm for solving the hidden subset sum problem ⋮ Faster enumeration-based lattice reduction: root Hermite factor \(k^{1/(2k)}\) time \(k^{k/8+o(k)}\) ⋮ LWE with side information: attacks and concrete security estimation ⋮ Lattice-based blind signatures, revisited ⋮ Improved lattice enumeration algorithms by primal and dual reordering methods ⋮ A physical study of the LLL algorithm ⋮ Lattice-Based SNARGs and Their Application to More Efficient Obfuscation ⋮ Revisiting orthogonal lattice attacks on approximate common divisor problems

• NTRU