An experimental study of Kannan’s embedding technique for the search LWE problem

Yuntao Wang, Yoshinori Aono, Tsuyoshi Takagi

Research output: Chapter in Book/Report/Conference proceedingConference contribution

3 Citations (Scopus)

Abstract

The learning with errors (LWE) problem is considered as one of the most compelling candidates as the security base for the post-quantum cryptosystems. For the application of LWE based cryptographic schemes, the concrete parameters are necessary: the length n of secret vector, the moduli q and the deviation σ. In the middle of 2016, Germany TU Darmstadt group initiated the LWE Challenge in order to assess the hardness of LWE problems. There are several approaches to solve the LWE problem via reducing LWE to other lattice problems. Xu et al.’s group solved some LWE Challenge instances using Liu and Nguyen’s adapted enumeration technique (reducing LWE to BDD problem) [14] and they published this result at ACNS 2017 [23]. In this paper, we study Kannan’s embedding technique (reducing LWE to unique SVP problem) to solve the LWE problem in the aspect of practice. The lattice reduction algorithm we use is the progressive BKZ [2, 3]. At first, from our experimental results we can intuitively observe that the embedding technique is more efficient with the embedding factor M closer to 1. Then especially for the cases of σ/q= 0.005, we will give an preliminary analysis for the runtime and give an estimation for the proper size of parameters. Moreover, our experimental results show that for n≥ 55 and the fixed σ/q= 0.005, the embedding technique with progressive BKZ is more efficient than Xu et al.’s implementation of the enumeration algorithm in [21, 23]. Finally, by our parameter setting, we succeeded in solving the LWE Challenge over (n, σ/q) = (70, 0.005) using 2 16.8 s (32.73 single core hours).

Original languageEnglish
Title of host publicationInformation and Communications Security - 19th International Conference, ICICS 2017, Proceedings
EditorsSihan Qing, Dongmei Liu, Chris Mitchell, Liqun Chen
PublisherSpringer Verlag
Pages541-553
Number of pages13
ISBN (Print)9783319894997
DOIs
Publication statusPublished - Jan 1 2018
Event19th International Conference on Information and Communications Security, ICICS 2017 - Beijing, China
Duration: Dec 6 2017Dec 8 2017

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume10631 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Other

Other19th International Conference on Information and Communications Security, ICICS 2017
CountryChina
CityBeijing
Period12/6/1712/8/17

Fingerprint

Experimental Study
Enumeration
Learning
Lattice Reduction
Experimental Results
Cryptosystem
Hardness
Cryptography
Modulus
Deviation
Concretes
Necessary

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

Wang, Y., Aono, Y., & Takagi, T. (2018). An experimental study of Kannan’s embedding technique for the search LWE problem. In S. Qing, D. Liu, C. Mitchell, & L. Chen (Eds.), Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings (pp. 541-553). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10631 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-89500-0_47

An experimental study of Kannan’s embedding technique for the search LWE problem. / Wang, Yuntao; Aono, Yoshinori; Takagi, Tsuyoshi.

Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings. ed. / Sihan Qing; Dongmei Liu; Chris Mitchell; Liqun Chen. Springer Verlag, 2018. p. 541-553 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10631 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Wang, Y, Aono, Y & Takagi, T 2018, An experimental study of Kannan’s embedding technique for the search LWE problem. in S Qing, D Liu, C Mitchell & L Chen (eds), Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10631 LNCS, Springer Verlag, pp. 541-553, 19th International Conference on Information and Communications Security, ICICS 2017, Beijing, China, 12/6/17. https://doi.org/10.1007/978-3-319-89500-0_47
Wang Y, Aono Y, Takagi T. An experimental study of Kannan’s embedding technique for the search LWE problem. In Qing S, Liu D, Mitchell C, Chen L, editors, Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings. Springer Verlag. 2018. p. 541-553. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/978-3-319-89500-0_47
Wang, Yuntao ; Aono, Yoshinori ; Takagi, Tsuyoshi. / An experimental study of Kannan’s embedding technique for the search LWE problem. Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings. editor / Sihan Qing ; Dongmei Liu ; Chris Mitchell ; Liqun Chen. Springer Verlag, 2018. pp. 541-553 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{52d3dc78e38140759c86eb0e28a9e6d9,
title = "An experimental study of Kannan’s embedding technique for the search LWE problem",
abstract = "The learning with errors (LWE) problem is considered as one of the most compelling candidates as the security base for the post-quantum cryptosystems. For the application of LWE based cryptographic schemes, the concrete parameters are necessary: the length n of secret vector, the moduli q and the deviation σ. In the middle of 2016, Germany TU Darmstadt group initiated the LWE Challenge in order to assess the hardness of LWE problems. There are several approaches to solve the LWE problem via reducing LWE to other lattice problems. Xu et al.’s group solved some LWE Challenge instances using Liu and Nguyen’s adapted enumeration technique (reducing LWE to BDD problem) [14] and they published this result at ACNS 2017 [23]. In this paper, we study Kannan’s embedding technique (reducing LWE to unique SVP problem) to solve the LWE problem in the aspect of practice. The lattice reduction algorithm we use is the progressive BKZ [2, 3]. At first, from our experimental results we can intuitively observe that the embedding technique is more efficient with the embedding factor M closer to 1. Then especially for the cases of σ/q= 0.005, we will give an preliminary analysis for the runtime and give an estimation for the proper size of parameters. Moreover, our experimental results show that for n≥ 55 and the fixed σ/q= 0.005, the embedding technique with progressive BKZ is more efficient than Xu et al.’s implementation of the enumeration algorithm in [21, 23]. Finally, by our parameter setting, we succeeded in solving the LWE Challenge over (n, σ/q) = (70, 0.005) using 2 16.8 s (32.73 single core hours).",
author = "Yuntao Wang and Yoshinori Aono and Tsuyoshi Takagi",
year = "2018",
month = "1",
day = "1",
doi = "10.1007/978-3-319-89500-0_47",
language = "English",
isbn = "9783319894997",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
publisher = "Springer Verlag",
pages = "541--553",
editor = "Sihan Qing and Dongmei Liu and Chris Mitchell and Liqun Chen",
booktitle = "Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings",
address = "Germany",

}

TY - GEN

T1 - An experimental study of Kannan’s embedding technique for the search LWE problem

AU - Wang, Yuntao

AU - Aono, Yoshinori

AU - Takagi, Tsuyoshi

PY - 2018/1/1

Y1 - 2018/1/1

N2 - The learning with errors (LWE) problem is considered as one of the most compelling candidates as the security base for the post-quantum cryptosystems. For the application of LWE based cryptographic schemes, the concrete parameters are necessary: the length n of secret vector, the moduli q and the deviation σ. In the middle of 2016, Germany TU Darmstadt group initiated the LWE Challenge in order to assess the hardness of LWE problems. There are several approaches to solve the LWE problem via reducing LWE to other lattice problems. Xu et al.’s group solved some LWE Challenge instances using Liu and Nguyen’s adapted enumeration technique (reducing LWE to BDD problem) [14] and they published this result at ACNS 2017 [23]. In this paper, we study Kannan’s embedding technique (reducing LWE to unique SVP problem) to solve the LWE problem in the aspect of practice. The lattice reduction algorithm we use is the progressive BKZ [2, 3]. At first, from our experimental results we can intuitively observe that the embedding technique is more efficient with the embedding factor M closer to 1. Then especially for the cases of σ/q= 0.005, we will give an preliminary analysis for the runtime and give an estimation for the proper size of parameters. Moreover, our experimental results show that for n≥ 55 and the fixed σ/q= 0.005, the embedding technique with progressive BKZ is more efficient than Xu et al.’s implementation of the enumeration algorithm in [21, 23]. Finally, by our parameter setting, we succeeded in solving the LWE Challenge over (n, σ/q) = (70, 0.005) using 2 16.8 s (32.73 single core hours).

AB - The learning with errors (LWE) problem is considered as one of the most compelling candidates as the security base for the post-quantum cryptosystems. For the application of LWE based cryptographic schemes, the concrete parameters are necessary: the length n of secret vector, the moduli q and the deviation σ. In the middle of 2016, Germany TU Darmstadt group initiated the LWE Challenge in order to assess the hardness of LWE problems. There are several approaches to solve the LWE problem via reducing LWE to other lattice problems. Xu et al.’s group solved some LWE Challenge instances using Liu and Nguyen’s adapted enumeration technique (reducing LWE to BDD problem) [14] and they published this result at ACNS 2017 [23]. In this paper, we study Kannan’s embedding technique (reducing LWE to unique SVP problem) to solve the LWE problem in the aspect of practice. The lattice reduction algorithm we use is the progressive BKZ [2, 3]. At first, from our experimental results we can intuitively observe that the embedding technique is more efficient with the embedding factor M closer to 1. Then especially for the cases of σ/q= 0.005, we will give an preliminary analysis for the runtime and give an estimation for the proper size of parameters. Moreover, our experimental results show that for n≥ 55 and the fixed σ/q= 0.005, the embedding technique with progressive BKZ is more efficient than Xu et al.’s implementation of the enumeration algorithm in [21, 23]. Finally, by our parameter setting, we succeeded in solving the LWE Challenge over (n, σ/q) = (70, 0.005) using 2 16.8 s (32.73 single core hours).

UR - http://www.scopus.com/inward/record.url?scp=85045994359&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85045994359&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-89500-0_47

DO - 10.1007/978-3-319-89500-0_47

M3 - Conference contribution

AN - SCOPUS:85045994359

SN - 9783319894997

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 541

EP - 553

BT - Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings

A2 - Qing, Sihan

A2 - Liu, Dongmei

A2 - Mitchell, Chris

A2 - Chen, Liqun

PB - Springer Verlag

ER -