The randomized slicer for CVPP: sharper, faster, smaller, batchier

Following the recent line of work on solving the closest vector problem with preprocessing (CVPP) using approximate Voronoi cells, we improve upon previous results in the following ways: We derive sharp asymptotic bounds on the success probability of the randomized slicer, by modelling the behaviour of the algorithm as a random walk on the coset of the lattice of the target vector. We thereby solve the open question left by Doulgerakis–Laarhoven–De Weger [PQCrypto 2019] and Laarhoven [MathCrypt 2019]. We obtain better trade-offs for CVPP and its generalisations (strictly, in certain regimes), both with and without nearest neighbour searching, as a direct result of the above sharp bounds on the success probabilities. We show how to reduce the memory requirement of the slicer, and in particular the corresponding nearest neighbour data structures, using ideas similar to those proposed by Becker–Gama–Joux [Cryptology ePrint Archive, 2015]. Using \(2^{0.185d + o(d)}\) memory, we can solve a single CVPP instance in \(2^{0.264d + o(d)}\) time. We further improve on the per-instance time complexities in certain memory regimes, when we are given a sufficiently large batch of CVPP problem instances for the same lattice. Using \(2^{0.208d + o(d)}\) memory, we can heuristically solve CVPP instances in \(2^{0.234d + o(d)}\) amortized time, for batches of size at least \(2^{0.058d + o(d)}\).

[1]  Antoine Joux,et al.  Speeding-up lattice sieving without increasing the memory, using sub-quadratic nearest neighbor search , 2015, IACR Cryptol. ePrint Arch..

[2]  Daniel Dadush,et al.  Short Paths on the Voronoi Graph and Closest Vector Problem with Preprocessing , 2014, SODA.

[3]  Yoshinori Aono,et al.  Quantum Lattice Enumeration and Tweaking Discrete Pruning , 2018, IACR Cryptol. ePrint Arch..

[4]  Meir Feder,et al.  Finding the Closest Lattice Point by Iterative Slicing , 2007, 2007 IEEE International Symposium on Information Theory.

[5]  Anja Becker,et al.  New directions in nearest neighbor searching with applications to lattice sieving , 2016, IACR Cryptol. ePrint Arch..

[6]  Chris Peikert,et al.  A Decade of Lattice Cryptography , 2016, Found. Trends Theor. Comput. Sci..

[7]  Thijs Laarhoven Approximate Voronoi cells for lattices, revisited , 2020, J. Math. Cryptol..

[8]  Ravi Kumar,et al.  A sieve algorithm for the shortest lattice vector problem , 2001, STOC '01.

[9]  Thijs Laarhoven,et al.  Finding Closest Lattice Vectors Using Approximate Voronoi Cells , 2019, PQCrypto.

[10]  Ravi Kannan,et al.  Improved algorithms for integer programming and related lattice problems , 1983, STOC.

[11]  Daniele Micciancio,et al.  A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations ( Extended Abstract ) , 2009 .

[12]  Thijs Laarhoven Sieving for Closest Lattice Vectors (with Preprocessing) , 2016, SAC.

[13]  Martin R. Albrecht,et al.  The General Sieve Kernel and New Records in Lattice Reduction , 2019, IACR Cryptol. ePrint Arch..

[14]  Gottfried Herold,et al.  Improved Algorithms for the Approximate k-List Problem in Euclidean Norm , 2017, Public Key Cryptography.

[15]  Liudmila Prokhorenkova,et al.  Graph-based Nearest Neighbor Search: From Practice to Theory , 2019, ICML.

[16]  Edsger W. Dijkstra,et al.  A note on two problems in connexion with graphs , 1959, Numerische Mathematik.

[17]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[18]  U. Fincke,et al.  Improved methods for calculating vectors of short length in a lattice , 1985 .

[19]  Thijs Laarhoven Graph-based time-space trade-offs for approximate near neighbors , 2018, Symposium on Computational Geometry.

[20]  Nicolas Gama,et al.  Lattice Enumeration Using Extreme Pruning , 2010, EUROCRYPT.

[21]  Yoshinori Aono,et al.  Random Sampling Revisited: Lattice Enumeration with Discrete Pruning , 2017, IACR Cryptol. ePrint Arch..

[22]  Phong Q. Nguyen,et al.  Sieve algorithms for the shortest vector problem are practical , 2008, J. Math. Cryptol..

[23]  Peter W. Shor,et al.  Algorithms for quantum computation: discrete logarithms and factoring , 1994, Proceedings 35th Annual Symposium on Foundations of Computer Science.

[24]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[25]  Martin Aumüller,et al.  ANN-Benchmarks: A Benchmarking Tool for Approximate Nearest Neighbor Algorithms , 2018, SISAP.