A fully classical LLL algorithm for modules

. The celebrated LLL algorithm for Euclidean lattices is central to cryptanalysis of well-known and deployed protocols as it provides approximate solutions to the Shortest Vector Problem (SVP). Recent interest in algebrically structured lattices (e.g., for the efficient implementation of lattice-based cryptography) has prompted adapations of LLL to such structured lattices, and, in particular, to module lattices, i.e., lattices that are modules over algebraic ring extensions of the integers. One of these adaptations is a quantum algorithm proposed by Lee, Pellet-Mary, Stehl´e and Wallet (Asiacrypt 2019). In this work, we dequantize the algorithm of Lee et al., and provide a fully classical LLL-type algorithm for arbitrary module lattices that achieves same SVP approximation factors, single exponential in the rank of the input module. Just like the algorithm of Lee et al., our algorithm runs in polynomial time given an oracle that solves the Closest Vector Problem (CVP) in a certain, fixed lattice L K that depends only on the number field K .

[1]  Noah Stephens-Davidowitz,et al.  Lattice Reduction for Modules, or How to Reduce ModuleSVP to ModuleSVP , 2020, IACR Cryptol. ePrint Arch..

[2]  S. Thomas McCormick,et al.  A polynomial time algorithm for solving the closest vector problem in zonotopal lattices , 2020, SIAM J. Discret. Math..

[3]  Thomas Espitau,et al.  Algebraic and Euclidean Lattices: Optimal Lattice Reduction and Beyond , 2019, IACR Cryptol. ePrint Arch..

[4]  Damien Stehlé,et al.  An LLL Algorithm for Module Lattices , 2019, IACR Cryptol. ePrint Arch..

[5]  Damien Stehlé,et al.  Approx-SVP in Ideal Lattices with Pre-processing , 2019, IACR Cryptol. ePrint Arch..

[6]  Pierre-Alain Fouque,et al.  Computing Generator in Cyclotomic Integer Rings - A Subfield Algorithm for the Principal Ideal Problem in L|Δ𝕂|(½) and Application to the Cryptanalysis of a FHE Scheme , 2017, EUROCRYPT.

[7]  Ronald Cramer,et al.  Short Stickelberger Class Relations and Application to Ideal-SVP , 2016, EUROCRYPT.

[8]  Alex J. Grant,et al.  Finding a Closest Point in a Lattice of Voronoi's First Kind , 2014, SIAM J. Discret. Math..

[9]  Nisheeth K. Vishnoi,et al.  Almost Polynomial Factor Hardness for Closest Vector Problem with Preprocessing , 2014, SIAM J. Comput..

[10]  Damien Stehlé,et al.  Worst-case to average-case reductions for module lattices , 2014, Designs, Codes and Cryptography.

[11]  Damien Stehlé,et al.  Classical hardness of learning with errors , 2013, STOC '13.

[12]  Daniel Dadush,et al.  Algorithms for the Densest Sub-Lattice Problem , 2013, SODA.

[13]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[14]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[15]  Damien Stehlé,et al.  Short Bases of Lattices over Number Fields , 2010, ANTS.

[16]  Daniele Micciancio,et al.  A deterministic single exponential time algorithm for most lattice problems based on voronoi cell computations , 2010, STOC '10.

[17]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[18]  Ron Steinfeld,et al.  Efficient Public Key Encryption Based on Ideal Lattices , 2009, ASIACRYPT.

[19]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[20]  I. Vaughan L. Clarkson,et al.  Linear-Time Nearest Point Algorithms for Coxeter Lattices , 2009, IEEE Transactions on Information Theory.

[21]  Nicolas Gama,et al.  Finding short lattice vectors within mordell's inequality , 2008, STOC.

[22]  Chris Peikert,et al.  SWIFFT: A Modest Proposal for FFT Hashing , 2008, FSE.

[23]  Nicolas Gama,et al.  Rankin's Constant and Blockwise Lattice Reduction , 2006, CRYPTO.

[24]  Daniele Micciancio,et al.  Generalized Compact Knapsacks Are Collision Resistant , 2006, ICALP.

[25]  Chris Peikert,et al.  Efficient Collision-Resistant Hashing from Worst-Case Assumptions on Cyclic Lattices , 2006, TCC.

[26]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[27]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[28]  Daniele Micciancio,et al.  Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[29]  Daniele Micciancio,et al.  The hardness of the closest vector problem with preprocessing , 2001, IEEE Trans. Inf. Theory.

[30]  Joseph H. Silverman,et al.  NTRU: A Ring-Based Public Key Cryptosystem , 1998, ANTS.

[31]  Miklós Ajtai,et al.  Generating hard instances of lattice problems (extended abstract) , 1996, STOC '96.

[32]  Claus Fieker,et al.  On Lattices over Number Fields , 1996, ANTS.

[33]  I. Stewart,et al.  Algebraic Number Theory , 1992, All the Math You Missed.

[34]  Claus-Peter Schnorr,et al.  Lattice basis reduction: Improved practical algorithms and solving subset sum problems , 1991, FCT.

[35]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[36]  B. Casselman Introduction to quadratic forms , 2016 .

[37]  Karim Belabas,et al.  Topics in computational algebraic number theory , 2004 .

[38]  Henri Cohen,et al.  Advanced topics in computational number theory , 2000 .

[39]  Kenneth J. Giuliani Factoring Polynomials with Rational Coeecients , 1998 .

[40]  Huguette Napias,et al.  A generalization of the LLL-algorithm over euclidean rings or orders , 1996 .

[41]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.