Paper 2022/239

Several Improvements on BKZ Algorithm

Ziyu Zhao and Jintai Ding

Abstract

Lattice problem such as NTRU problem and LWE problem is widely used as the security base of post-quantum cryptosystems. And currently doing lattice reduction by BKZ algorithm is the most efficient way to solve it. In this paper, we give several further improvements on BKZ algorithm, which can be used for different SVP subroutines base on both enumeration and sieving. These improvements in combination provide a speed up of $2^{3\sim 4}$ in total. It is significant in concrete attacks. Using these new techniques, we solved the 656 dimensional ideal lattice challenge in only 380 thread hours (also with a enumeration based SVP subroutine), much less than the previous records (which costs 4600 thread hours in total). With these improvements enabled, we can still simulate the new BKZ algorithm easily. One can also use this simulator to find the blocksize strategy (and the corresponding cost) to make $\mathrm{Pot}$ of the basis (defined in section 5.2) decrease as fast as possible, which means the length of the first basis vector decrease the fastest if we accept the GSA assumption. It is useful for analyzing concrete attacks on lattice-based cryptography.

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint. MINOR revision.
Keywords
LatticeBKZ
Contact author(s)
zhao-zy18 @ mails tsinghua edu cn
History
2022-02-25: received
Short URL
https://ia.cr/2022/239
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2022/239,
      author = {Ziyu Zhao and Jintai Ding},
      title = {Several Improvements on BKZ Algorithm},
      howpublished = {Cryptology ePrint Archive, Paper 2022/239},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/239}},
      url = {https://eprint.iacr.org/2022/239}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.