### Abstract

The proved hardness of the Learning With Errors (LWE) problem, assuming the worst case intractability of classic lattice problems, has made it a standard building block in the recent design of lattice based cryptosystems. Nonetheless, a thorough understanding of the security of these schemes from the perspective of existing attacks remains an open problem. In this manuscript, we report our implementation of the Bounded Distance Decoding (BDD) approach for solving the search LWE problem. We implement a parallel version of the pruned enumeration method of the BDD strategy proposed by Liu and Nguyen. In our implementation we use the embarrassingly parallel design so that the power of multi-cores can be fully utilized. We let each thread take a randomized basis and perform independent enumerations to find the solution instead of parallelizing the enumeration algorithm itself. Other optimizations include fine-tuning the BKZ block size, the enumeration bound and the pruning coefficients and the optimal dimension of the LWE problem. Experiments are done using the TU Darmstadt LWE challenge. Finally we compare our implementation with a recent parallel BDD implementation by Kirshanova et al. [18] and show that our implementation is more efficient.

Original language | English |
---|---|

Title of host publication | Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Proceedings |

Editors | Dieter Gollmann, Atsuko Miyaji, Hiroaki Kikuchi |

Publisher | Springer Verlag |

Pages | 253-272 |

Number of pages | 20 |

ISBN (Print) | 9783319612034 |

DOIs | |

Publication status | Published - Jan 1 2017 |

Event | 15th International Conference on Applied Cryptography and Network Security, ACNS 2017 - Kanazawa, Japan Duration: Jul 10 2017 → Jul 12 2017 |

### Publication series

Name | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |
---|---|

Volume | 10355 LNCS |

ISSN (Print) | 0302-9743 |

ISSN (Electronic) | 1611-3349 |

### Other

Other | 15th International Conference on Applied Cryptography and Network Security, ACNS 2017 |
---|---|

Country | Japan |

City | Kanazawa |

Period | 7/10/17 → 7/12/17 |

### Fingerprint

### All Science Journal Classification (ASJC) codes

- Theoretical Computer Science
- Computer Science(all)

### Cite this

*Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Proceedings*(pp. 253-272). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10355 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-61204-1_13

**An experimental study of the BDD approach for the search LWE problem.** / Xu, Rui; Yeo, Sze Ling; Fukushima, Kazuhide; Takagi, Tsuyoshi; Seo, Hwajung; Kiyomoto, Shinsaku; Henricksen, Matt.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

*Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Proceedings.*Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10355 LNCS, Springer Verlag, pp. 253-272, 15th International Conference on Applied Cryptography and Network Security, ACNS 2017, Kanazawa, Japan, 7/10/17. https://doi.org/10.1007/978-3-319-61204-1_13

}

TY - GEN

T1 - An experimental study of the BDD approach for the search LWE problem

AU - Xu, Rui

AU - Yeo, Sze Ling

AU - Fukushima, Kazuhide

AU - Takagi, Tsuyoshi

AU - Seo, Hwajung

AU - Kiyomoto, Shinsaku

AU - Henricksen, Matt

PY - 2017/1/1

Y1 - 2017/1/1

N2 - The proved hardness of the Learning With Errors (LWE) problem, assuming the worst case intractability of classic lattice problems, has made it a standard building block in the recent design of lattice based cryptosystems. Nonetheless, a thorough understanding of the security of these schemes from the perspective of existing attacks remains an open problem. In this manuscript, we report our implementation of the Bounded Distance Decoding (BDD) approach for solving the search LWE problem. We implement a parallel version of the pruned enumeration method of the BDD strategy proposed by Liu and Nguyen. In our implementation we use the embarrassingly parallel design so that the power of multi-cores can be fully utilized. We let each thread take a randomized basis and perform independent enumerations to find the solution instead of parallelizing the enumeration algorithm itself. Other optimizations include fine-tuning the BKZ block size, the enumeration bound and the pruning coefficients and the optimal dimension of the LWE problem. Experiments are done using the TU Darmstadt LWE challenge. Finally we compare our implementation with a recent parallel BDD implementation by Kirshanova et al. [18] and show that our implementation is more efficient.

AB - The proved hardness of the Learning With Errors (LWE) problem, assuming the worst case intractability of classic lattice problems, has made it a standard building block in the recent design of lattice based cryptosystems. Nonetheless, a thorough understanding of the security of these schemes from the perspective of existing attacks remains an open problem. In this manuscript, we report our implementation of the Bounded Distance Decoding (BDD) approach for solving the search LWE problem. We implement a parallel version of the pruned enumeration method of the BDD strategy proposed by Liu and Nguyen. In our implementation we use the embarrassingly parallel design so that the power of multi-cores can be fully utilized. We let each thread take a randomized basis and perform independent enumerations to find the solution instead of parallelizing the enumeration algorithm itself. Other optimizations include fine-tuning the BKZ block size, the enumeration bound and the pruning coefficients and the optimal dimension of the LWE problem. Experiments are done using the TU Darmstadt LWE challenge. Finally we compare our implementation with a recent parallel BDD implementation by Kirshanova et al. [18] and show that our implementation is more efficient.

UR - http://www.scopus.com/inward/record.url?scp=85022323708&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85022323708&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-61204-1_13

DO - 10.1007/978-3-319-61204-1_13

M3 - Conference contribution

AN - SCOPUS:85022323708

SN - 9783319612034

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 253

EP - 272

BT - Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Proceedings

A2 - Gollmann, Dieter

A2 - Miyaji, Atsuko

A2 - Kikuchi, Hiroaki

PB - Springer Verlag

ER -