analyzing blockwise lattice algorithms using dynamical
play

Analyzing Blockwise Lattice Algorithms using Dynamical Systems - PowerPoint PPT Presentation

Nov 07, 2022 •322 likes •939 views

Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol, Damien Stehl e ENS Lyon, LIP (CNRS ENSL INRIA UCBL - ULyon) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 1/16

  1. Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol, Damien Stehl´ e ENS Lyon, LIP (CNRS – ENSL – INRIA – UCBL - ULyon) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 1/16

  2. Context Lattices provide exponentially hard problems suitable for public key cryptography. Best known attacks on lattice-based cryptosystems rely on blockwise lattice reduction algorithms. Understanding these algorithms helps assessing the security of LBC. The most widely used reduction algorithm is BKZ. No reasonable time bound was known about BKZ. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 2/16

  3. Context Lattices provide exponentially hard problems suitable for public key cryptography. Best known attacks on lattice-based cryptosystems rely on blockwise lattice reduction algorithms. Understanding these algorithms helps assessing the security of LBC. The most widely used reduction algorithm is BKZ. No reasonable time bound was known about BKZ. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 2/16

  4. Context Lattices provide exponentially hard problems suitable for public key cryptography. Best known attacks on lattice-based cryptosystems rely on blockwise lattice reduction algorithms. Understanding these algorithms helps assessing the security of LBC. The most widely used reduction algorithm is BKZ. No reasonable time bound was known about BKZ. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 2/16

  5. Context Lattices provide exponentially hard problems suitable for public key cryptography. Best known attacks on lattice-based cryptosystems rely on blockwise lattice reduction algorithms. Understanding these algorithms helps assessing the security of LBC. The most widely used reduction algorithm is BKZ. No reasonable time bound was known about BKZ. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 2/16

  6. Context Lattices provide exponentially hard problems suitable for public key cryptography. Best known attacks on lattice-based cryptosystems rely on blockwise lattice reduction algorithms. Understanding these algorithms helps assessing the security of LBC. The most widely used reduction algorithm is BKZ. No reasonable time bound was known about BKZ. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 2/16

  7. Contributions We give the first worst-case analysis of BKZ. We introduce a new BKZ model. It gives new tools for understanding lattice algorithms. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 3/16

  8. Contributions We give the first worst-case analysis of BKZ. We introduce a new BKZ model. It gives new tools for understanding lattice algorithms. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 3/16

  9. Contributions We give the first worst-case analysis of BKZ. We introduce a new BKZ model. It gives new tools for understanding lattice algorithms. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 3/16

  10. b b b b b b b b b b b b b b b b b Lattices a 1 a 2 (SVP) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 4/16

  11. b b b b b b b b b b b b b b b b b Lattices b 2 b 1 (SVP)Lattice reduction(SVP) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 4/16

  12. b b b b b b b b b b b b b b b b b Lattices b 2 b 1 (SVP)Determinant(SVP) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 4/16

  13. b b b b b b b b b b b b b b b b b Lattices b 2 b 1 Hermite factor of B : � b 1 � HF ( b 1 , . . . , b n ) = (det L ) 1 / n Goal of lattice reduction: find a basis with small HF. If b 1 is a shortest vector � = 0, then HF ( b 1 , . . . , b n ) ≤ √ γ n , with γ n = Hermite constant ≤ n . Analyzing Blockwise Lattice Algorithms using Dynamical Systems 4/16

  14. b b b b b b b b b b b b b b b b b Lattices b 2 b 1 Hermite factor of B : � b 1 � HF ( b 1 , . . . , b n ) = (det L ) 1 / n Goal of lattice reduction: find a basis with small HF. If b 1 is a shortest vector � = 0, then HF ( b 1 , . . . , b n ) ≤ √ γ n , with γ n = Hermite constant ≤ n . Analyzing Blockwise Lattice Algorithms using Dynamical Systems 4/16

  15. b b b b b b b b b b b b b b b b b Lattices b 2 b 1 Hermite factor of B : � b 1 � HF ( b 1 , . . . , b n ) = (det L ) 1 / n Goal of lattice reduction: find a basis with small HF. If b 1 is a shortest vector � = 0, then HF ( b 1 , . . . , b n ) ≤ √ γ n , with γ n = Hermite constant ≤ n . Analyzing Blockwise Lattice Algorithms using Dynamical Systems 4/16

  16. Hierarchy of lattice reductions in dimension n x i = log � b ∗ i � for i ≤ n ( b ∗ 1 , . . . , b ∗ n = Gram-Schmidt basis of B ). Analyzing Blockwise Lattice Algorithms using Dynamical Systems 5/16

  17. Hierarchy of lattice reductions in dimension n x i = log � b ∗ i � for i ≤ n ( b ∗ 1 , . . . , b ∗ n = Gram-Schmidt basis of B ). HKZ BKZ β LLL Hermite-Korkine-Zolorareff Block Korkine-Zolotareff Lenstra-Lenstra-Lov´ asz x 1 x 2 x 3 x 4 x 5 x 6 HF: √ γ n n n ≃ ( γ β ) ≃ ( γ 2 ) 2 β 2 Time: 2 O ( n ) 2 O ( β ) × ? Poly ( n ) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 5/16

  18. Hierarchy of lattice reductions in dimension n x i = log � b ∗ i � for i ≤ n ( b ∗ 1 , . . . , b ∗ n = Gram-Schmidt basis of B ). HKZ BKZ β LLL Hermite-Korkine-Zolorareff Block Korkine-Zolotareff Lenstra-Lenstra-Lov´ asz x 1 x 2 x 3 x 4 x 5 x 6 x 1 x 2 x 3 x 4 x 5 x 6 HF: √ γ n n n ≃ ( γ β ) ≃ ( γ 2 ) 2 β 2 Time: 2 O ( n ) 2 O ( β ) × ? Poly ( n ) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 5/16

  19. Hierarchy of lattice reductions in dimension n x i = log � b ∗ i � for i ≤ n ( b ∗ 1 , . . . , b ∗ n = Gram-Schmidt basis of B ). HKZ BKZ β LLL Hermite-Korkine-Zolorareff Block Korkine-Zolotareff Lenstra-Lenstra-Lov´ asz x 1 x 2 x 3 x 4 x 5 x 6 x 1 x 2 x 3 x 4 x 5 x 6 x 1 x 2 x 3 x 4 x 5 x 6 HF: √ γ n n n ≃ ( γ β ) ≃ ( γ 2 ) 2 β 2 Time: 2 O ( n ) 2 O ( β ) × ? Poly ( n ) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 5/16

  20. Known results on blockwise algorithms BKZ Schnorr (1987): first hierarchies between LLL and HKZ. Schnorr and Euchner (1994): algorithm for BKZ-reduction. Gama and Nguyen (2008): BKZ behaves badly when the block size is ≥ 25. Other reductions in time 2 O ( β ) × Poly ( n ): Schnorr (1987) : Semi-block-2 β -reduction. Gama et al. (2006): Block-Rankin-reduction. Gama and Nguyen (2008): Slide-reduction. ...but BKZ remains the most efficient in practice. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 6/16

  21. Known results on blockwise algorithms BKZ Schnorr (1987): first hierarchies between LLL and HKZ. Schnorr and Euchner (1994): algorithm for BKZ-reduction. Gama and Nguyen (2008): BKZ behaves badly when the block size is ≥ 25. Other reductions in time 2 O ( β ) × Poly ( n ): Schnorr (1987) : Semi-block-2 β -reduction. Gama et al. (2006): Block-Rankin-reduction. Gama and Nguyen (2008): Slide-reduction. ...but BKZ remains the most efficient in practice. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 6/16

  22. Known results on blockwise algorithms BKZ Schnorr (1987): first hierarchies between LLL and HKZ. Schnorr and Euchner (1994): algorithm for BKZ-reduction. Gama and Nguyen (2008): BKZ behaves badly when the block size is ≥ 25. Other reductions in time 2 O ( β ) × Poly ( n ): Schnorr (1987) : Semi-block-2 β -reduction. Gama et al. (2006): Block-Rankin-reduction. Gama and Nguyen (2008): Slide-reduction. ...but BKZ remains the most efficient in practice. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 6/16

  23. Known results on blockwise algorithms BKZ Schnorr (1987): first hierarchies between LLL and HKZ. Schnorr and Euchner (1994): algorithm for BKZ-reduction. Gama and Nguyen (2008): BKZ behaves badly when the block size is ≥ 25. Other reductions in time 2 O ( β ) × Poly ( n ): Schnorr (1987) : Semi-block-2 β -reduction. Gama et al. (2006): Block-Rankin-reduction. Gama and Nguyen (2008): Slide-reduction. ...but BKZ remains the most efficient in practice. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 6/16

  24. Known results on blockwise algorithms BKZ Schnorr (1987): first hierarchies between LLL and HKZ. Schnorr and Euchner (1994): algorithm for BKZ-reduction. Gama and Nguyen (2008): BKZ behaves badly when the block size is ≥ 25. Other reductions in time 2 O ( β ) × Poly ( n ): Schnorr (1987) : Semi-block-2 β -reduction. Gama et al. (2006): Block-Rankin-reduction. Gama and Nguyen (2008): Slide-reduction. ...but BKZ remains the most efficient in practice. Analyzing Blockwise Lattice Algorithms using Dynamical Systems 6/16

  25. BKZ Algorithm (BKZ β , modified version) Input: B of dimension n . Repeat ... times For i from 1 to n − β + 1 do Size-reduce B . HKZ-reduce a projection of the block ( b i , . . . , b i + β − 1 ) . Report the transformation on B . Termination? Analyzing Blockwise Lattice Algorithms using Dynamical Systems 7/16

  26. BKZ Algorithm (BKZ β , modified version) Input: B of dimension n . Repeat ... times For i from 1 to n − β + 1 do Size-reduce B . HKZ-reduce a projection of the block ( b i , . . . , b i + β − 1 ) . Report the transformation on B . Termination? Analyzing Blockwise Lattice Algorithms using Dynamical Systems 7/16

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical

ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical

ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical Analysis := Analysis of Algorithms + Dynamical Systems Brigitte Vall ee (CNRS and Universit e de Caen, France) Results obtained with : Ali Akhavi ,

1.73k views • 125 slides
ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical

ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical

ANALYSIS of EUCLIDEAN ALGORITHMS An Arithmetical Instance of Dynamical Analysis Dynamical Analysis := Analysis of Algorithms + Dynamical Systems Brigitte Vall ee (CNRS and Universit e de Caen, France) Results obtained with : Ali Akhavi ,

893 views • 55 slides
Dynamical mean field approach to correlated lattice systems in and out of equilibrium Philipp

Dynamical mean field approach to correlated lattice systems in and out of equilibrium Philipp

Dynamical mean field approach to correlated lattice systems in and out of equilibrium Philipp Werner University of Fribourg, Switzerland Kyoto, December 2013 Overview Dynamical mean field approximation applied to quantum field theory in

835 views • 56 slides
Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239

Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239

Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239 Algorithms 23 39 24 Thore Husfeldt 2 Lund University and IT University of Copenhagen 3 This Talk in 60 Seconds In Prefix sum Out y i = x

1.39k views • 111 slides
Dynamical analysis of euclidean algorithms Introduction Dynamical analysis of euclidean

Dynamical analysis of euclidean algorithms Introduction Dynamical analysis of euclidean

Dynamical analysis of euclidean algorithms Beno t Daireaux Dynamical analysis of euclidean algorithms Introduction Dynamical analysis of euclidean algorithms Beno t Daireaux Application to accelerated GREYC, Universit e

978 views • 76 slides
Analysis of Algorithms Amr Magdy Analyzing Algorithms Algorithm Correctness 1. Termination a.

Analysis of Algorithms Amr Magdy Analyzing Algorithms Algorithm Correctness 1. Termination a.

CS141: Intermediate Data Structures and Algorithms Analysis of Algorithms Amr Magdy Analyzing Algorithms Algorithm Correctness 1. Termination a. Produces the correct output for all possible input. b. Algorithm Performance 2. Either

1.02k views • 64 slides
The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V. Vazirani, Chapter 27 - Problem statement, general discussion - Lattices: brief introduction - The Gauss algorithm in R 2 - Lower bound via

295 views • 13 slides
Polyakov line actions from SU(3) lattice gauge theory with dynamical fermions: first results via

Polyakov line actions from SU(3) lattice gauge theory with dynamical fermions: first results via

Polyakov line actions from SU(3) lattice gauge theory with dynamical fermions: first results via relative weights Roman Hllwieser ab , Jeff Greensite c a Institute of Atomic and Subatomic Physics, Nuclear Physics Dept., Vienna University of

741 views • 52 slides
CS141: Intermediate Data Structures and Algorithms Analysis of Algorithms Amr Magdy Analyzing

CS141: Intermediate Data Structures and Algorithms Analysis of Algorithms Amr Magdy Analyzing

CS141: Intermediate Data Structures and Algorithms Analysis of Algorithms Amr Magdy Analyzing Algorithms Algorithm Correctness 1. Termination a. Produces the correct output for all possible input. b. Algorithm Performance 2. Either

579 views • 47 slides
A form factor series for dynamical correlation functions of integrable lattice models at finite

A form factor series for dynamical correlation functions of integrable lattice models at finite

A form factor series for dynamical correlation functions of integrable lattice models at finite temperature Frank G ohmann Bergische Universit at Wuppertal Fakult at f ur Mathematik und Naturwissenschaften Annecy 11.9.2018

1.01k views • 65 slides
Big- Big -O O Analyzing Algorithms Asymptotically Analyzing Algorithms Asymptotically P1 P2

Big- Big -O O Analyzing Algorithms Asymptotically Analyzing Algorithms Asymptotically P1 P2

Comparing Algorithms Comparing Algorithms Big- Big -O O Analyzing Algorithms Asymptotically Analyzing Algorithms Asymptotically P1 P2 CS 226 CS 226 5 February 2002 5 February 2002 Noah Smith ( nasmith@cs Noah Smith ( nasmith@cs ) )

108 views • 6 slides
Algorithms for hard lattice problems Thijs Laarhoven ts

Algorithms for hard lattice problems Thijs Laarhoven ts

Algorithms for hard lattice problems Thijs Laarhoven ts ttts Tenerife PQCrypto Conference (January 31, 2018) Lattices What is a lattice? O Lattices What

1.59k views • 136 slides
Analyzing the Shuffling Side-Channel Countermeasure for Lattice-Based Signatures Peter Pessl

Analyzing the Shuffling Side-Channel Countermeasure for Lattice-Based Signatures Peter Pessl

S C I E N C E P A S S I O N T E C H N O L O G Y Analyzing the Shuffling Side-Channel Countermeasure for Lattice-Based Signatures Peter Pessl IAIK, Graz University of Technology, Austria Indocrypt 2016, December 12

522 views • 25 slides
Analyzing algorithms, Growth of functions, and Divide-and-conquer Course: CS 5130 - Advanced Data

Analyzing algorithms, Growth of functions, and Divide-and-conquer Course: CS 5130 - Advanced Data

Analyzing algorithms, Growth of functions, and Divide-and-conquer Course: CS 5130 - Advanced Data Structures and Algorithms Instructor: Dr. Badri Adhikari What kinds of problems are solved by algorithms? Biological problems The human DNA

577 views • 25 slides
Analyzing Data Access of Algorithms and How to Make Them Cache-Friendly? Kenjiro Taura 1 / 79

Analyzing Data Access of Algorithms and How to Make Them Cache-Friendly? Kenjiro Taura 1 / 79

Analyzing Data Access of Algorithms and How to Make Them Cache-Friendly? Kenjiro Taura 1 / 79 Contents 1 Introduction 2 Analyzing data access complexity of serial programs Overview Model of a machine An analysis methodology 3 Applying the

1.26k views • 121 slides
Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore

Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore

Lattice Coding & Crypto Meeting Antonio Campello Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore (Huawei Technologies France) Discrete Gaussian Measures f : R n R + D : [0 , 1] is a

917 views • 33 slides
South End project Age Agenda 1. Consultation process and outcomes 2. Building fronts General

South End project Age Agenda 1. Consultation process and outcomes 2. Building fronts General

South End project Age Agenda 1. Consultation process and outcomes 2. Building fronts General update Timescales 3. Public realm General update Timescales 4. Budget update 5. Social Value (involving local

146 views • 11 slides
Address: Marsh Farm The Marsh Thrandeston Diss Suffolk IP21 4BZ Slide 2 Site Location Plan

Address: Marsh Farm The Marsh Thrandeston Diss Suffolk IP21 4BZ Slide 2 Site Location Plan

Slide 1 DC/17/05507 and Application No: DC/17/05508 LBC Address: Marsh Farm The Marsh Thrandeston Diss Suffolk IP21 4BZ Slide 2 Site Location Plan Slide 3 Constraints Map Slide 4 Aerial Map Slide 5 Block Plan Slide 6 Block Plan as

564 views • 25 slides
SPEAKERS DOMINIQUE DRAKEFORD Founder: MelaninASS Co-Founder: Sustainable Brooklyn

SPEAKERS DOMINIQUE DRAKEFORD Founder: MelaninASS Co-Founder: Sustainable Brooklyn

SPEAKERS DOMINIQUE DRAKEFORD Founder: MelaninASS Co-Founder: Sustainable Brooklyn Educator, Influencer, Writer, Advocate Presenting on: Equity in sustainable fashion Sustainability literacy and anti-racism Ethical

485 views • 11 slides
Adjusting to Adjusting to Succeed Succeed Raym ond Raym ond McManus McManus President &

Adjusting to Adjusting to Succeed Succeed Raym ond Raym ond McManus McManus President &

Adjusting to Adjusting to Succeed Succeed Raym ond Raym ond McManus McManus President & CEO President & CEO National Bank Financial Canadian Financial Services Conference Montreal - April 7, 2004 How we compare How we compare

756 views • 27 slides
PRESENTATION Fourth Quarter 2017 Conference call December 5, 2017 at 3:30 pm lbcfg.ca 1

PRESENTATION Fourth Quarter 2017 Conference call December 5, 2017 at 3:30 pm lbcfg.ca 1

INVESTOR PRESENTATION Fourth Quarter 2017 Conference call December 5, 2017 at 3:30 pm lbcfg.ca 1 Caution Regarding Forward-Looking Statements In this document and in other documents filed with Canadian regulatory authorities or in other

756 views • 36 slides
LGM International Inc., Ft. Lauderdale Second Generation of Liquid- -Based Cytology Based

LGM International Inc., Ft. Lauderdale Second Generation of Liquid- -Based Cytology Based

LGM International Inc., Ft. Lauderdale Second Generation of Liquid- -Based Cytology Based Cytology Second Generation of Liquid Liqui-PREP TM System What makes LBC technology superior ?? What makes LBC technology superior ?? All Cells

446 views • 15 slides
Area Planning Sub-Committee 19/01588/FULM and 19/01589/LBC 22 - 26 Blossom Street 1 Area

Area Planning Sub-Committee 19/01588/FULM and 19/01589/LBC 22 - 26 Blossom Street 1 Area

Area Planning Sub-Committee 19/01588/FULM and 19/01589/LBC 22 - 26 Blossom Street 1 Area Planning Sub Committee Meeting - 16 July 2020 Area Planning Sub Committee Meeting - 16 July 2020 2 Rear Elevation Front elevation (Blossom St) Front

626 views • 13 slides
Proposal for the closure to vehicular traffic of Croydon High Street between Park Street and

Proposal for the closure to vehicular traffic of Croydon High Street between Park Street and

Proposal for the closure to vehicular traffic of Croydon High Street between Park Street and Katherine Street Wednesday 26 July 2017 Introduction London Borough of Croydon (LBC) as part of The High Streets project and its wider public

917 views • 13 slides

More recommend