The analysis of Hermite factor of BKZ algorithm on small lattices
Abstract
Lattice cryptography is one of the promising directions in modern cryptography research. Digital signatures and key encapsulation mechanisms on lattices have already been used in practice. In the future, such quantum-resistant transformations on lattices replace all standards that are not resistant to attacks on quantum computers. This makes the analysis of their security extremely relevant. Analysis of the security of cryptographic transformations on lattices is often reduced to the estimation of the minimum block size in the lattice reduction algorithm. For the expansion of small vectors, a reduction algorithm can be obtained for a given block size, the GSA model is often used, which uses the so-called Hermitian factor to predict the size of the vectors that the lattice reduction algorithm can obtain given the parameters. Asymptotic formulas have been developed to evaluate it in practice, but the question of their accuracy on cryptographic lattices has not been fully investigated. The work obtained estimates of the accuracy of the existing asymptotic estimates of the Hermite factor for lattices of sizes 120, 145, 170 for the classical BKZ algorithm. Research was conducted using the fpylll library. It was shown that the existing estimators are equivalent from a practical point of view and have a sufficiently small root mean square deviation from the true values. A formula was obtained that binds the root-mean-square error of approximation of the Hermit factor to the cryptographic parameters of lattices. The obtained results are useful for refining the security assessments of existing cryptographic transformations.
Downloads
References
Computer Security Division, Information Technology Laboratory, National Institute of Standards and Technology, U.S. Department of Commerce. (n.d.). Post-Quantum Cryptography | CSRC | CSRC. Retrieved from https://csrc.nist.gov/projects/post-quantum-cryptography
Information technologies. Cryptographic protection of information. Algorithms for asymmetric encryption and key encapsulation: DSTU 8961:2019. (2019). Kiev: State Committee for Standardization of Ukraine.
Information technologies. Cryptographic protection of information. Algorithm for electronic signature on algebraic lattices with wicks: DSTU 9212:2023. (2023). Kiev: State Committee for Standardization of Ukraine.
Acar, A., Aksu, H., Uluagac, A. S., & Conti, M. (2018). A survey on homomorphic encryption schemes. ACM Computing Surveys, 51(4), 1–35. https://doi.org/10.1145/3214303
Albrecht, M. R., Göpfert, F., Virdia, F., & Wunderer, T. (2017). Revisiting the expected cost of solving USVP and applications to LWE. In Lecture notes in computer science (pp. 297–322). https://doi.org/10.1007/978-3-319-0694-8_11
Albrecht, M. R., Bai, S., Li, J., & Rowell, J. (2021). Lattice Reduction with Approximate Enumeration Oracles. In Lecture notes in computer science (pp. 732–759). https://doi.org/10.1007/978-3-030-84245-1_25
Chen, Y., & Nguyen, P. Q. (2011). BKZ 2.0: Better Lattice Security Estimates. In Lecture notes in computer science (pp. 1–20). https://doi.org/10.1007/978-3-642-25385-0_1
Li, J., & Nguyen, P. Q. (2022, March 5). A complete analysis of the BKZ Lattice Reduction algorithm. Retrieved from https://eprint.iacr.org/2020/1237
Nguyen, P. Q., & Valle, B. (2010). The LLL algorithm. Information security and cryptography. https://doi.org/10.1007/978-3-642-02295-1
Schnorr, C. P. (2003). Lattice reduction by random sampling and birthday methods. In Lecture notes in computer science (pp. 145–156). https://doi.org/10.1007/3-540-36494-3_14
Alkim, E., Ducas, L., Pöppelmann, T., & Schwabe, P. (2019, July 10). Post-quantum key exchange - a new hope. Retrieved from https://eprint.iacr.org/2015/1092
Copyright (c) 2024 Computer Science and Cybersecurity
This work is licensed under a Creative Commons Attribution 4.0 International License.
