Affiliation:
1. Henan Key Laboratory of Network Cryptography Technology, Zhengzhou 450001, China
2. PLA Information Engineering University, Zhengzhou 450001, China
Abstract
The bounded distance decoding (BDD) is a fundamental problem in lattice-based cryptography which is derived from the closest vector problem (CVP). In this paper, we adapt the lattice enumeration with discrete pruning, a burgeoning method for the shortest lattice vector problem (SVP), to solve BDD in various cryptanalysis scenarios using direct method. We first transfer the basic definition involved in discrete pruning technique from SVP to CVP, prove corresponding properties and give the specific procedures of the algorithm. Additionally, we use the discrete pruning technique to interpret the classical CVP algorithms, including Babai’s nearest plane and Lindner–Peikert nearest planes, which can be regarded as discrete pruned enumeration on some special pruning sets. We propose three probability models in the runtime analysis to accurately estimate the cost of our algorithm in different application scenarios. We study the application of discrete pruned enumeration for BDD mainly on LWE-based cryptosystem and DSA with partially known nonces. The experimental results show that our new algorithm has higher efficiency than the previous algorithms which directly solve BDD, including the nearest plane(s) algorithms and the lattice enumeration with classical pruning strategies, and we are able to recover the DSA secret with less leaked information than the previous works.
Subject
Physics and Astronomy (miscellaneous),General Mathematics,Chemistry (miscellaneous),Computer Science (miscellaneous)
Reference36 articles.
1. Kiayias, A. (2011, January 14–18). Better Key Sizes (and Attacks) for LWE-Based Encryption. Proceedings of the Topics in Cryptology—CT-RSA, San Francisco, CA, USA.
2. Dawson, E. (March, January 25). Solving BDD by Enumeration: An Update. Proceedings of the Topics in Cryptology—CT-RSA, San Francisco, CA, USA.
3. Albrecht, M.R., Fitzpatrick, R., and Göpfert, F. (2014, January 5–8). On the Efficacy of Solving LWE by Reduction to Unique-SVP. Proceedings of the International Conference on Information Security and Cryptology, Fuzhou, China.
4. On the asymptotic complexity of solving LWE;Herold;Des. Codes Cryptogr.,2015
5. On the concrete hardness of Learning with Errors;Albrecht;J. Math. Cryptol.,2015