Article

Solving BDD by enumeration: an update

Authors:

Phong Q. NguyenAuthors Info & Claims

CT-RSA'13: Proceedings of the 13th international conference on Topics in Cryptology

Pages 293 - 309

https://doi.org/10.1007/978-3-642-36095-4_19

Published: 25 February 2013 Publication History

Abstract

Bounded Distance Decoding (BDD) is a basic lattice problem used in cryptanalysis: the security of most lattice-based encryption schemes relies on the hardness of some BDD, such as LWE. We study how to solve BDD using a classical method for finding shortest vectors in lattices: enumeration with pruning speedup, such as Gama-Nguyen-Regev extreme pruning from EUROCRYPT '10. We obtain significant improvements upon Lindner-Peikert's Search-LWE algorithm (from CT-RSA '11), and update experimental cryptanalytic results, such as attacks on DSA with partially known nonces and GGH encryption challenges. Our work shows that any security estimate of BDD-based cryptosystems must take into account enumeration attacks, and that BDD enumeration can be practical even in high dimension like 350.

References

[1]

Ajtai, M.: Generating hard instances of lattice problems (extended abstract). In: STOC, pp. 99-108 (1996)

[2]

Babai, L.: On Lovász' Lattice Reduction and the Nearest Lattice Point Problem (Shortened Version). In: Mehlhorn, K. (ed.) STACS 1985. LNCS, vol. 182, pp. 13-20. Springer, Heidelberg (1984)

[3]

Brakerski, Z., Vaikuntanathan, V.: Fully Homomorphic Encryption from Ring-LWE and Security for Key Dependent Messages. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 505-524. Springer, Heidelberg (2011)

[4]

Chen, Y., Nguyen, P. Q.: BKZ 2.0: Better Lattice Security Estimates. In: Lee, D. H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1-20. Springer, Heidelberg (2011)

[5]

Gama, N., Nguyen, P. Q.: Predicting Lattice Reduction. In: Smart, N. P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31-51. Springer, Heidelberg (2008)

[6]

Gama, N., Nguyen, P. Q., Regev, O.: Lattice Enumeration Using Extreme Pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257-278. Springer, Heidelberg (2010)

[7]

Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Proc. STOC 2009, pp. 169-178. ACM (2009)

[8]

Gentry, C., Peikert, C., Vaikuntanathan, V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proc. STOC 2008, pp. 197-206. ACM (2008)

[9]

Goldreich, O., Goldwasser, S., Halevi, S.: Public-Key Cryptosystems from Lattice Reduction Problems. In: Kaliski Jr., B. S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 112-131. Springer, Heidelberg (1997)

[10]

Lindner, R., Peikert, C.: Better Key Sizes (and Attacks) for LWE-Based Encryption. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 319-339. Springer, Heidelberg (2011)

[11]

Regev, O.: Lattice-Based Cryptography. In: Dwork, C. (ed.) CRYPTO 2006. LNCS, vol. 4117, pp. 131-141. Springer, Heidelberg (2006)

[12]

National Institute of Standards and Technology (NIST). Fips publication 186:digital signature standard (1994)

[13]

Nguyên, P. Q.: Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto'97. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 288- 304. Springer, Heidelberg (1999)

[14]

Nguyen, P. Q.: Public-key cryptanalysis. In: Luengo, I. (ed.) Recent Trends in Cryptography. Contemporary Mathematics, vol. 477, AMS-RSME (2009)

[15]

Nguyen, P. Q., Shparlinski, I.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptology 15(3), 151-176 (2002)

[16]

Peikert, C.: Public-key cryptosystems from the worst-case shortest vector problem: extended abstract. In: Proc. STOC 2009, pp. 333-342. ACM (2009)

[17]

Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: Proc. STOC 2005, pp. 84-93. ACM (2005)

[18]

Regev, O.: The learning with errors problem (invited survey). In: Proc. IEEE Conference on Computational Complexity, pp. 191-204 (2010)

[19]

Schnorr, C.-P.: Lattice Reduction by Random Sampling and Birthday Methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145-156. Springer, Heidelberg (2003)

[20]

Schnorr, C.-P.: Lattice Reduction by Random Sampling and Birthday Methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145-156. Springer, Heidelberg (2003)

[21]

Schnorr, C.-P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Programming 66, 181-199 (1994)

Cited By

Nolte NMalhou MWenger EStevens SLi CCharton FLauter K(2024)The Cool and the Cruel: Separating Hard Parts of LWE SecretsProgress in Cryptology - AFRICACRYPT 202410.1007/978-3-031-64381-1_19(428-453)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-64381-1_19
Kirshanova EMarcolla CRovira S(2024)Guidance for Efficient Selection of Secure Parameters for Fully Homomorphic EncryptionProgress in Cryptology - AFRICACRYPT 202410.1007/978-3-031-64381-1_17(376-400)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-64381-1_17
Xia WWang LWang GGu DWang B(2024)A Refined Hardness Estimation of LWE in Two-Step ModePublic-Key Cryptography – PKC 202410.1007/978-3-031-57725-3_1(3-35)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57725-3_1
Show More Cited By

Recommendations

Enumeration of non-crossing pairings on bit strings

A non-crossing pairing on a bit string is a matching of 1s and 0s in the string with the property that the pairing diagram has no crossings. For an arbitrary bit-string w=1^p^"^10^q^"^1...1^p^"^r0^q^"^r, let @f(w) be the number of such pairings. This ...
Public-Key encryption from ID-Based encryption without one-time signature
OTM'06: Proceedings of the 2006 international conference on On the Move to Meaningful Internet Systems: AWeSOMe, CAMS, COMINF, IS, KSinBIT, MIOS-CIAO, MONET - Volume Part I

Design a secure public key encryption scheme and its security proof are one of the main interests in cryptography In 2004, Canetti, Halevi and Katz [8] constructed a public key encryption (PKE) from a selective identity-based encryption scheme with a ...
Identity-based strong designated verifier signature schemes: Attacks and new construction

A strong designated verifier signature scheme makes it possible for a signer to convince a designated verifier that she has signed a message in such a way that the designated verifier cannot transfer the signature to a third party, and no third party ...

Comments

Information & Contributors

Information

Published In

cover image Guide Proceedings

CT-RSA'13: Proceedings of the 13th international conference on Topics in Cryptology

February 2013

404 pages

ISBN:9783642360947

Editor:
Ed Dawson
Queensland University of Technology, Institute for Future Enviroments, Brisbane, QLD, Australia

Publisher

Springer-Verlag

Berlin, Heidelberg

Publication History

Published: 25 February 2013

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

47
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 03 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

Nolte NMalhou MWenger EStevens SLi CCharton FLauter K(2024)The Cool and the Cruel: Separating Hard Parts of LWE SecretsProgress in Cryptology - AFRICACRYPT 202410.1007/978-3-031-64381-1_19(428-453)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-64381-1_19
Kirshanova EMarcolla CRovira S(2024)Guidance for Efficient Selection of Secure Parameters for Fully Homomorphic EncryptionProgress in Cryptology - AFRICACRYPT 202410.1007/978-3-031-64381-1_17(376-400)Online publication date: 10-Jul-2024
https://dl.acm.org/doi/10.1007/978-3-031-64381-1_17
Xia WWang LWang GGu DWang B(2024)A Refined Hardness Estimation of LWE in Two-Step ModePublic-Key Cryptography – PKC 202410.1007/978-3-031-57725-3_1(3-35)Online publication date: 15-Apr-2024
https://dl.acm.org/doi/10.1007/978-3-031-57725-3_1
Bao THe PXie JJacinto H(2023)AEKA: FPGA Implementation of Area-Efficient Karatsuba Accelerator for Ring-Binary-LWE-based Lightweight PQCACM Transactions on Reconfigurable Technology and Systems10.1145/3637215Online publication date: 11-Dec-2023
https://dl.acm.org/doi/10.1145/3637215
He PBao TXie JAmin M(2023)FPGA Implementation of Compact Hardware Accelerators for Ring-Binary-LWE-based Post-quantum CryptographyACM Transactions on Reconfigurable Technology and Systems10.1145/356945716:3(1-23)Online publication date: 21-Jun-2023
https://dl.acm.org/doi/10.1145/3569457
Osaki SKunihiro N(2023)Extended Attacks on ECDSA with Noisy Multiple Bit Nonce LeakagesInformation Security and Cryptology – ICISC 202310.1007/978-981-97-1235-9_9(163-184)Online publication date: 29-Nov-2023
https://dl.acm.org/doi/10.1007/978-981-97-1235-9_9
Wei YBi LWang KLu X(2023)An Improved BKW Algorithm for Solving LWE with Small SecretsInformation Security10.1007/978-3-031-49187-0_29(578-595)Online publication date: 15-Nov-2023
https://dl.acm.org/doi/10.1007/978-3-031-49187-0_29
Shi WHan JJiang HMa Z(2023)Improved Key-Recovery Attacks Under Imperfect SCA Oracle for Lattice-Based KEMsProvable and Practical Security10.1007/978-3-031-45513-1_4(67-82)Online publication date: 20-Oct-2023
https://dl.acm.org/doi/10.1007/978-3-031-45513-1_4
Kirshanova EMay ANowakowski J(2023)New NTRU Records with Improved Lattice BasesPost-Quantum Cryptography10.1007/978-3-031-40003-2_7(167-195)Online publication date: 16-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-40003-2_7
Wenger EChen MCharton FLauter KKoyejo SMohamed SAgarwal ABelgrave DCho KOh A(2022)SALSAProceedings of the 36th International Conference on Neural Information Processing Systems10.5555/3600270.3602805(34981-34994)Online publication date: 28-Nov-2022
https://dl.acm.org/doi/10.5555/3600270.3602805
Show More Cited By

View Options

View options

Media

Figures

Other

Tables

View Table of Contents