Algorithms for the Shortest and Closest Lattice Vector Problems

We present the state of the art solvers of the Shortest and Closest Lattice Vector Problems in the Euclidean norm. We recall the three main families of algorithms for these problems, namely the algorithm by Micciancio and Voulgaris based on the Voronoi cell [STOC'10], the Monte-Carlo algorithms derived from the Ajtai, Kumar and Sivakumar algorithm [STOC'01] and the enumeration algorithms originally elaborated by Kannan [STOC'83] and Fincke and Pohst [EUROCAL'83]. We concentrate on the theoretical worst-case complexity bounds, but also consider some practical facets of these algorithms.

[1]  Daniele Micciancio,et al.  Faster exponential time algorithms for the shortest vector problem , 2010, SODA '10.

[2]  Damien Stehlé,et al.  Bases Hermite-Korkine-Zolotarev réduites “ pires cas ” , 2007 .

[3]  Alexander Vardy,et al.  Closest point search in lattices , 2002, IEEE Trans. Inf. Theory.

[4]  Daniele Micciancio,et al.  A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations ( Extended Abstract ) , 2009 .

[5]  John J. Cannon,et al.  The Magma Algebra System I: The User Language , 1997, J. Symb. Comput..

[6]  Daniele Micciancio,et al.  On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem , 2009, CRYPTO.

[7]  Santosh S. Vempala,et al.  Enumerative Lattice Algorithms in any Norm Via M-ellipsoid Coverings , 2010, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[8]  Ravi Kumar,et al.  A sieve algorithm for the shortest lattice vector problem , 2001, STOC '01.

[9]  Jean-Jacques Quisquater,et al.  Advances in Cryptology — EUROCRYPT ’95 , 2001, Lecture Notes in Computer Science.

[10]  Claus-Peter Schnorr,et al.  Progress on LLL and Lattice Reduction , 2010, The LLL Algorithm.

[11]  A. Korkine,et al.  Sur les formes quadratiques , 1873 .

[12]  Nicolas Gama,et al.  Finding short lattice vectors within mordell's inequality , 2008, STOC.

[13]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[14]  Friedrich Eisenbrand,et al.  Integer Programming and Algorithmic Geometry of Numbers - A tutorial , 2010, 50 Years of Integer Programming.

[15]  U. Fincke,et al.  Improved methods for calculating vectors of short length in a lattice , 1985 .

[16]  Schrutka Geometrie der Zahlen , 1911 .

[17]  Venkatesan Guruswami,et al.  The complexity of the covering radius problem , 2004, Proceedings. 19th IEEE Annual Conference on Computational Complexity, 2004..

[18]  Sorin C. Popescu,et al.  Lidar Remote Sensing , 2011 .

[19]  Miklós Ajtai,et al.  The worst-case behavior of schnorr's algorithm approximating the shortest nonzero vector in a lattice , 2003, STOC '03.

[20]  Jeffrey Shallit,et al.  Algorithmic Number Theory , 1996, Lecture Notes in Computer Science.

[21]  Phong Q. Nguyen,et al.  The LLL Algorithm - Survey and Applications , 2009, Information Security and Cryptography.

[22]  Paulo S. L. M. Barreto,et al.  Progress in Cryptology - LATINCRYPT 2010, First International Conference on Cryptology and Information Security in Latin America, Puebla, Mexico, August 8-11, 2010, Proceedings , 2010, LATINCRYPT.

[23]  J. Martinet Perfect Lattices in Euclidean Spaces , 2010 .

[24]  Ravi Kannan,et al.  Minkowski's Convex Body Theorem and Integer Programming , 1987, Math. Oper. Res..

[25]  Claus-Peter Schnorr,et al.  Lattice basis reduction: Improved practical algorithms and solving subset sum problems , 1991, FCT.

[26]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[27]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[28]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[29]  Georges Voronoi Nouvelles applications des paramètres continus à la théorie des formes quadratiques. Deuxième mémoire. Recherches sur les parallélloèdres primitifs. , 1908 .

[30]  Henri Gilbert,et al.  Advances in Cryptology - EUROCRYPT 2010, 29th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Monaco / French Riviera, May 30 - June 3, 2010. Proceedings , 2010, EUROCRYPT.

[31]  Stephen P. Boyd,et al.  Integer parameter estimation in linear models with applications to GPS , 1998, IEEE Trans. Signal Process..

[32]  Oded Regev,et al.  The Learning with Errors Problem (Invited Survey) , 2010, 2010 IEEE 25th Annual Conference on Computational Complexity.

[33]  Cynthia Dwork,et al.  Advances in Cryptology – CRYPTO 2020: 40th Annual International Cryptology Conference, CRYPTO 2020, Santa Barbara, CA, USA, August 17–21, 2020, Proceedings, Part III , 2020, Annual International Cryptology Conference.

[34]  Nigel P. Smart,et al.  Advances in Cryptology - EUROCRYPT 2008, 27th Annual International Conference on the Theory and Applications of Cryptographic Techniques, Istanbul, Turkey, April 13-17, 2008. Proceedings , 2008, EUROCRYPT.

[35]  Damien Stehlé,et al.  Closest Vectors, Successive Minima, and Dual HKZ-Bases of Lattices , 2000, ICALP.

[36]  Phong Q. Nguyen,et al.  Sieve algorithms for the shortest vector problem are practical , 2008, J. Math. Cryptol..

[37]  Damien Stehlé,et al.  Solving the Shortest Lattice Vector Problem in Time 22.465n , 2009, IACR Cryptol. ePrint Arch..

[38]  J. Calmet Computer Algebra , 1982 .

[39]  Philip N. Klein,et al.  Finding the closest lattice vector when it's unusually close , 2000, SODA '00.

[40]  Oded Regev,et al.  Tensor-based hardness of the shortest vector problem to within almost polynomial factors , 2007, STOC '07.

[41]  Daniele Micciancio,et al.  Efficient reductions among lattice problems , 2008, SODA '08.

[42]  Nicolas Gama,et al.  Lattice Enumeration Using Extreme Pruning , 2010, EUROCRYPT.

[43]  Friedrich Eisenbrand,et al.  Covering cubes and the closest vector problem , 2011, SoCG '11.

[44]  Subhash Khot,et al.  Inapproximability Results for Computational Problems on Lattices , 2010, The LLL Algorithm.

[45]  Shafi Goldwasser,et al.  Complexity of lattice problems - a cryptographic perspective , 2002, The Kluwer international series in engineering and computer science.

[46]  O. Regev The Learning with Errors problem , 2010 .

[47]  Johannes A. Buchmann,et al.  Reducing lattice bases by means of approximations , 1994, ANTS.

[48]  Johannes Blömer,et al.  Sampling Methods for Shortest Vectors, Closest Vectors and Successive Minima , 2007, ICALP.

[49]  Cynthia Dwork,et al.  A public-key cryptosystem with worst-case/average-case equivalence , 1997, STOC '97.

[50]  Ravi Kannan,et al.  Improved algorithms for integer programming and related lattice problems , 1983, STOC.

[51]  Frederik Vercauteren,et al.  Parallel Shortest Lattice Vector Enumeration on Graphics Cards , 2010, AFRICACRYPT.

[52]  Daniel Goldstein,et al.  On the equidistribution of Hecke points , 2003 .

[53]  Meir Feder,et al.  Finding the Closest Lattice Point by Iterative Slicing , 2007, 2007 IEEE International Symposium on Information Theory.

[54]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[55]  Damien Stehlé,et al.  Rigorous and Efficient Short Lattice Vectors Enumeration , 2008, ASIACRYPT.

[56]  Oded Regev,et al.  On the Complexity of Lattice Problems with Polynomial Approximation Factors , 2010, The LLL Algorithm.

[57]  Burton S. Kaliski Advances in Cryptology - CRYPTO '97 , 1997 .

[58]  Bettina Helfrich,et al.  Algorithms to Construct Minkowski Reduced an Hermite Reduced Lattice Bases , 1985, Theor. Comput. Sci..

[59]  Oded Goldreich,et al.  Public-Key Cryptosystems from Lattice Reduction Problems , 1996, CRYPTO.

[60]  Ákos G. Horváth On the Dirichlet—Voronoi cell of unimodular lattices , 1996 .

[61]  C. A. Rogers,et al.  An Introduction to the Geometry of Numbers , 1959 .

[62]  Nicolas Gama,et al.  Predicting Lattice Reduction , 2008, EUROCRYPT.

[63]  R. Varga,et al.  Proof of Theorem 4 , 1983 .

[64]  W. Fischer,et al.  Sphere Packings, Lattices and Groups , 1990 .

[65]  Ravi Kumar,et al.  Sampling short lattice vectors and the closest lattice vector problem , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[66]  Nicolas Gama,et al.  Rankin's Constant and Blockwise Lattice Reduction , 2006, CRYPTO.

[67]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[68]  Jean-Pierre Seifert,et al.  Approximating Shortest Lattice Vectors is Not Harder Than Approximating Closest Lattice Vectors , 1999, Electron. Colloquium Comput. Complex..

[69]  Damien Stehlé,et al.  Accelerating Lattice Reduction with FPGAs , 2010, LATINCRYPT.

[70]  Tanja Lange,et al.  Progress in Cryptology - AFRICACRYPT 2010, Third International Conference on Cryptology in Africa, Stellenbosch, South Africa, May 3-6, 2010. Proceedings , 2010, AFRICACRYPT.

[71]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[72]  Phong Q. Nguyen Hermite's Constant and Lattice Algorithms , 2010, The LLL Algorithm.

[73]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[74]  M. Jünger,et al.  50 Years of Integer Programming 1958-2008 - From the Early Years to the State-of-the-Art , 2010 .

[75]  Shafi Goldwasser,et al.  Complexity of lattice problems , 2002 .

[76]  Josef Pieprzyk,et al.  Advances in Cryptology - ASIACRYPT 2008, 14th International Conference on the Theory and Application of Cryptology and Information Security, Melbourne, Australia, December 7-11, 2008. Proceedings , 2008, ASIACRYPT.

[77]  Andrew Odlyzko,et al.  The Rise and Fall of Knapsack Cryptosystems , 1998 .

[78]  Shai Halevi Advances in Cryptology - CRYPTO 2009, 29th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 16-20, 2009. Proceedings , 2009, CRYPTO.

[79]  Claus-Peter Schnorr,et al.  Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction , 1995, EUROCRYPT.

[80]  Xiaoyun Wang,et al.  Improved Nguyen-Vidick heuristic sieve algorithm for shortest vector problem , 2011, ASIACCS '11.

[81]  Damien Stehlé,et al.  LLL on the Average , 2006, ANTS.

[82]  Santosh S. Vempala,et al.  Enumerative Algorithms for the Shortest and Closest Lattice Vector Problems in Any Norm via M-Ellipsoid Coverings , 2010, ArXiv.

[83]  Wai Ho Mow Maximum likelihood sequence estimation from the lattice viewpoint , 1994, IEEE Trans. Inf. Theory.

[84]  C. Siegel,et al.  Lectures on the Geometry of Numbers , 1989 .

[85]  Daniele Micciancio Lattice-Based Cryptography , 2011, Encyclopedia of Cryptography and Security.

[86]  Damien Stehlé,et al.  On the Extremality of an 80-Dimensional Lattice , 2010, ANTS.

[87]  Wai Ho Mow,et al.  Universal lattice decoding: principle and recent advances , 2003, Wirel. Commun. Mob. Comput..

[88]  F. Thorne,et al.  Geometry of Numbers , 2017, Algebraic Number Theory.

[89]  Daniele Micciancio,et al.  On Bounded Distance Decoding for General Lattices , 2006, APPROX-RANDOM.

[90]  A. J. Menezes,et al.  Advances in Cryptology - CRYPTO 2007, 27th Annual International Cryptology Conference, Santa Barbara, CA, USA, August 19-23, 2007, Proceedings , 2007, CRYPTO.

[91]  Michael E. Pohst,et al.  A procedure for determining algebraic integers of given norm , 1983, EUROCAL.