TY - GEN
T1 - Parallel gauss sieve algorithm
T2 - 17th IACR International Conference on Practice and Theory in Public-Key Cryptography, PKC 2014
AU - Ishiguro, Tsukasa
AU - Kiyomoto, Shinsaku
AU - Miyake, Yutaka
AU - Takagi, Tsuyoshi
N1 - Copyright:
Copyright 2016 Elsevier B.V., All rights reserved.
PY - 2014
Y1 - 2014
N2 - In this paper, we report that we have solved the SVP Challenge over a 128-dimensional lattice in Ideal Lattice Challenge from TU Darmstadt, which is currently the highest dimension in the challenge that has ever been solved. The security of lattice-based cryptography is based on the hardness of solving the shortest vector problem (SVP) in lattices. In 2010, Micciancio and Voulgaris proposed a Gauss Sieve algorithm for heuristically solving the SVP using a list L of Gauss-reduced vectors. Milde and Schneider proposed a parallel implementation method for the Gauss Sieve algorithm. However, the efficiency of the more than 10 threads in their implementation decreased due to the large number of non-Gauss-reduced vectors appearing in the distributed list of each thread. In this paper, we propose a more practical parallelized Gauss Sieve algorithm. Our algorithm deploys an additional Gauss-reduced list V of sample vectors assigned to each thread, and all vectors in list L remain Gauss-reduced by mutually reducing them using all sample vectors in V. Therefore, our algorithm allows the Gauss Sieve algorithm to run for large dimensions with a small communication overhead. Finally, we succeeded in solving the SVP Challenge over a 128-dimensional ideal lattice generated by the cyclotomic polynomial x128+1 using about 30,000 CPU hours.
AB - In this paper, we report that we have solved the SVP Challenge over a 128-dimensional lattice in Ideal Lattice Challenge from TU Darmstadt, which is currently the highest dimension in the challenge that has ever been solved. The security of lattice-based cryptography is based on the hardness of solving the shortest vector problem (SVP) in lattices. In 2010, Micciancio and Voulgaris proposed a Gauss Sieve algorithm for heuristically solving the SVP using a list L of Gauss-reduced vectors. Milde and Schneider proposed a parallel implementation method for the Gauss Sieve algorithm. However, the efficiency of the more than 10 threads in their implementation decreased due to the large number of non-Gauss-reduced vectors appearing in the distributed list of each thread. In this paper, we propose a more practical parallelized Gauss Sieve algorithm. Our algorithm deploys an additional Gauss-reduced list V of sample vectors assigned to each thread, and all vectors in list L remain Gauss-reduced by mutually reducing them using all sample vectors in V. Therefore, our algorithm allows the Gauss Sieve algorithm to run for large dimensions with a small communication overhead. Finally, we succeeded in solving the SVP Challenge over a 128-dimensional ideal lattice generated by the cyclotomic polynomial x128+1 using about 30,000 CPU hours.
UR - http://www.scopus.com/inward/record.url?scp=84958522374&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84958522374&partnerID=8YFLogxK
U2 - 10.1007/978-3-642-54631-0_24
DO - 10.1007/978-3-642-54631-0_24
M3 - Conference contribution
AN - SCOPUS:84958522374
SN - 9783642546303
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 411
EP - 428
BT - Public-Key Cryptography, PKC 2014 - 17th International Conference on Practice and Theory in Public-Key Cryptography, Proceedings
PB - Springer Verlag
Y2 - 26 March 2014 through 28 March 2014
ER -