Faster enumeration-based lattice reduction: root Hermite factor Time
Annual International Cryptology Conference, 2020•Springer
We give a lattice reduction algorithm that achieves root Hermite factor k^ 1/(2k) in time k^
k/8+ o (k) and polynomial memory. This improves on the previously best known enumeration-
based algorithms which achieve the same quality, but in time k^ k/(2e)+ o (k). A cost of k^
k/8+ o (k) was previously mentioned as potentially achievable (Hanrot-Stehlé'10) or as a
heuristic lower bound (Nguyen'10) for enumeration algorithms. We prove the complexity and
quality of our algorithm under a heuristic assumption and provide empirical evidence from …
k/8+ o (k) and polynomial memory. This improves on the previously best known enumeration-
based algorithms which achieve the same quality, but in time k^ k/(2e)+ o (k). A cost of k^
k/8+ o (k) was previously mentioned as potentially achievable (Hanrot-Stehlé'10) or as a
heuristic lower bound (Nguyen'10) for enumeration algorithms. We prove the complexity and
quality of our algorithm under a heuristic assumption and provide empirical evidence from …
Abstract
We give a lattice reduction algorithm that achieves root Hermite factor in time and polynomial memory. This improves on the previously best known enumeration-based algorithms which achieve the same quality, but in time . A cost of was previously mentioned as potentially achievable (Hanrot-Stehlé’10) or as a heuristic lower bound (Nguyen’10) for enumeration algorithms. We prove the complexity and quality of our algorithm under a heuristic assumption and provide empirical evidence from simulation and implementation experiments attesting to its performance for practical and cryptographic parameter sizes. Our work also suggests potential avenues for achieving costs below for the same root Hermite factor, based on the geometry of SDBKZ-reduced bases.
Springer
以上显示的是最相近的搜索结果。 查看全部搜索结果