A Measure Version of Gaussian Heuristic

Most applicable lattice reduction algorithms used in practice are BKZ (Block-Korkine-Zolotarev) type algorithms as the blockwise generalizations of the LLL algorithm (Lenstra-Lenstra-Lovasz). Its original version was proposed by Schnorr and Euchner in 1991. The quality of reduced lattice bases is measured by the Hermitian factor ||b1|| vol(L)1/d and the d-th root of this factor which is called root Hermitian factor. In Asiacrypt 2011 paper Y. Chen and Phong Q. Nguyen used BKZ with extreme pruning enumeration subroutine to handle the large block size lattice reduction with the purpose that the better root Hermitian factors can be expected. This BKZ 2.0 algorithm has been served as a base stone for the security evaluation of recent lattice-based cryptosystems such as fully homomorphic encryption and cryptographic multilinear mappings. In this paper we propose a measure version of Gaussian heuristic. This is a strict mathematical proven theorem. It can be used to give a strict mathematical proof for conjectured or simulated root Hermitian factors in BKZ 2.0 type algorithms and BKZ or slide reduction with large block-sizes. The theoretical analysis of these heuristic assumptions in the simulator of BKZ 2.0 type algorithms are also given.

[1]  Carl Ludwig Siegel,et al.  A Mean Value Theorem in Geometry of Numbers , 1945 .

[2]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[3]  Miklós Ajtai,et al.  Random lattices and a conjectured 0 - 1 law about their polynomial time computable properties , 2002, The 43rd Annual IEEE Symposium on Foundations of Computer Science, 2002. Proceedings..

[4]  Miklós Ajtai,et al.  The worst-case behavior of schnorr's algorithm approximating the shortest nonzero vector in a lattice , 2003, STOC '03.

[5]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[6]  Daniele Micciancio,et al.  Practical, Predictable Lattice Basis Reduction , 2016, EUROCRYPT.

[7]  Nicolas Gama,et al.  Finding short lattice vectors within mordell's inequality , 2008, STOC.

[8]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[9]  Miklós Ajtai,et al.  Optimal lower bounds for the Korkine-Zolotareff parameters of a lattice and for Schnorr's algorithm for the shortest vector problem , 2008, Theory Comput..

[10]  Phong Q. Nguyen,et al.  BKZ 2.0: Better Lattice Security Estimates , 2011, ASIACRYPT.

[11]  Thomas C. Hales Sphere packings, I , 1997, Discret. Comput. Geom..

[12]  Michael E. Pohst,et al.  A procedure for determining algebraic integers of given norm , 1983, EUROCAL.

[13]  Damien Stehlé,et al.  Analyzing Blockwise Lattice Algorithms Using Dynamical Systems , 2011, CRYPTO.

[14]  Michael Naehrig,et al.  A Comparison of the Homomorphic Encryption Schemes FV and YASHE , 2014, AFRICACRYPT.

[15]  Claus-Peter Schnorr,et al.  Lattice basis reduction: Improved practical algorithms and solving subset sum problems , 1991, FCT.

[16]  Claus-Peter Schnorr,et al.  Progress on LLL and Lattice Reduction , 2010, The LLL Algorithm.

[17]  Shafi Goldwasser,et al.  Complexity of lattice problems - a cryptographic perspective , 2002, The Kluwer international series in engineering and computer science.

[18]  Martin R. Albrecht,et al.  On the concrete hardness of Learning with Errors , 2015, J. Math. Cryptol..

[19]  W. Xiao Survey of Lattice-based Cryptography , 2014 .

[20]  Nicolas Gama,et al.  Rankin's Constant and Blockwise Lattice Reduction , 2006, CRYPTO.

[21]  Craig Gentry,et al.  Candidate Multilinear Maps from Ideal Lattices , 2013, EUROCRYPT.

[22]  J. Alonso,et al.  Convex and Discrete Geometry , 2009 .

[23]  Nicolas Gama,et al.  Lattice Enumeration Using Extreme Pruning , 2010, EUROCRYPT.

[24]  Tsuyoshi Takagi,et al.  Improved Progressive BKZ Algorithms and Their Precise Cost Estimation by Sharp Simulator , 2016, EUROCRYPT.

[25]  Claus-Peter Schnorr,et al.  Lattice Reduction by Random Sampling and Birthday Methods , 2003, STACS.

[26]  Damien Stehlé,et al.  Bases Hermite-Korkine-Zolotarev réduites “ pires cas ” , 2007 .

[27]  Claus-Peter Schnorr,et al.  Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems , 1991, FCT.

[28]  Oded Regev,et al.  Lattice-Based Cryptography , 2006, CRYPTO.

[29]  Nigel P. Smart,et al.  Estimating Key Sizes for High Dimensional Lattice-Based Systems , 2013, IMACC.

[30]  Thomas Plantard,et al.  Creating a Challenge for Ideal Lattices , 2013, IACR Cryptol. ePrint Arch..

[31]  D. Stehlé,et al.  Analyzing Blockwise Lattice Algorithms Using , 2011 .

[32]  Chris Peikert,et al.  Better Key Sizes (and Attacks) for LWE-Based Encryption , 2011, CT-RSA.

[33]  G. A. Margulis Random minkowski theorem , 2011, Probl. Inf. Transm..

[34]  Ravi Kannan,et al.  Improved algorithms for integer programming and related lattice problems , 1983, STOC.