Improved Combinatorial Algorithms for the Inhomogeneous Short Integer Solution Problem

The paper is about algorithms for the inhomogeneous short integer solution problem: given $$(\mathbf A , \mathbf s )$$(A,s) to find a short vector $$\mathbf{x }$$x such that $$\mathbf A \mathbf{x }\equiv \mathbf s \pmod {q}$$Ax≡s(modq). We consider algorithms for this problem due to Camion and Patarin; Wagner; Schroeppel and Shamir; Minder and Sinclair; Howgrave–Graham and Joux (HGJ); Becker, Coron and Joux (BCJ). Our main results include: applying the Hermite normal form (HNF) to get faster algorithms; a heuristic analysis of the HGJ and BCJ algorithms in the case of density greater than one; an improved cryptanalysis of the SWIFFT hash function; a new method that exploits symmetries to speed up algorithms for Ring-SIS in some cases.

[1]  Alistair Sinclair,et al.  The Extended k-tree Algorithm , 2011, Journal of Cryptology.

[2]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[3]  Chris Peikert,et al.  SWIFFT: A Modest Proposal for FFT Hashing , 2008, FSE.

[4]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[5]  David A. Wagner,et al.  A Generalized Birthday Problem , 2002, CRYPTO.

[6]  Xin-She Yang,et al.  Introduction to Algorithms , 2021, Nature-Inspired Optimization Algorithms.

[7]  Antoine Joux,et al.  Improved Generic Algorithms for Hard Knapsacks , 2011, IACR Cryptol. ePrint Arch..

[8]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[9]  Nick Howgrave-Graham,et al.  A Hybrid Lattice-Reduction and Meet-in-the-Middle Attack Against NTRU , 2007, CRYPTO.

[10]  Alon Rosen,et al.  SWIFFTX : A Proposal for the SHA-3 Standard , 2008 .

[11]  Daniele Micciancio Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[12]  Daniele Micciancio,et al.  Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[13]  Nikhil Bansal,et al.  Faster space-efficient algorithms for subset sum and k-sum , 2017, STOC.

[14]  Adi Shamir,et al.  Efficient Dissection of Composite Problems, with Applications to Cryptanalysis, Knapsacks, and Combinatorial Search Problems , 2012, CRYPTO.

[15]  Vadim Lyubashevsky On Random High Density Subset Sums , 2005, Electron. Colloquium Comput. Complex..

[16]  Chris Peikert,et al.  Hardness of SIS and LWE with Small Parameters , 2013, CRYPTO.

[17]  Andrew Shallue,et al.  An Improved Multi-set Algorithm for the Dense Subset Sum Problem , 2008, ANTS.

[18]  Antoine Joux,et al.  Improved low-density subset sum algorithms , 1992, computational complexity.

[19]  Adi Shamir,et al.  A T=O(2n/2), S=O(2n/4) Algorithm for Certain NP-Complete Problems , 1981, SIAM J. Comput..

[20]  Johannes A. Buchmann,et al.  Secure Parameters for SWIFFT , 2009, INDOCRYPT.

[21]  Jeffrey C. Lagarias,et al.  Solving low density subset sum problems , 1983, 24th Annual Symposium on Foundations of Computer Science (sfcs 1983).

[22]  Nicolas Gama,et al.  Structural Lattice Reduction: Generalized Worst-Case to Average-Case Reductions and Homomorphic Cryptosystems , 2016, EUROCRYPT.

[23]  Paul Kirchner Improved Generalized Birthday Attack , 2011, IACR Cryptol. ePrint Arch..

[24]  Matthieu Finiasz,et al.  Security Bounds for the Design of Code-Based Cryptosystems , 2009, ASIACRYPT.

[25]  Antoine Joux,et al.  New Generic Algorithms for Hard Knapsacks , 2010, EUROCRYPT.

[26]  Peter Schwabe,et al.  Implementing Wagner's generalized birthday attack against the SHA-3 round-1 candidate FSB , 2009, IACR Cryptol. ePrint Arch..

[27]  Jacques Patarin,et al.  The Knapsack Hash Function proposed at Crypto'89 can be broken , 1991, EUROCRYPT.

[28]  D. Bernstein Better price-performance ratios for generalized birthday attacks , 2007 .

[29]  Thomas H. Cormen,et al.  Introduction to algorithms [2nd ed.] , 2001 .