An experimental study of Kannan’s embedding technique for the search LWE problem

Yuntao Wang; Yoshinori Aono; Tsuyoshi Takagi

doi:10.1007/978-3-319-89500-0_47

An experimental study of Kannan’s embedding technique for the search LWE problem

Yuntao Wang, Yoshinori Aono, Tsuyoshi Takagi

Laboratory of Mathematical Design for Advanced Cryptography

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

9 Citations (Scopus)

Abstract

The learning with errors (LWE) problem is considered as one of the most compelling candidates as the security base for the post-quantum cryptosystems. For the application of LWE based cryptographic schemes, the concrete parameters are necessary: the length n of secret vector, the moduli q and the deviation σ. In the middle of 2016, Germany TU Darmstadt group initiated the LWE Challenge in order to assess the hardness of LWE problems. There are several approaches to solve the LWE problem via reducing LWE to other lattice problems. Xu et al.’s group solved some LWE Challenge instances using Liu and Nguyen’s adapted enumeration technique (reducing LWE to BDD problem) [14] and they published this result at ACNS 2017 [23]. In this paper, we study Kannan’s embedding technique (reducing LWE to unique SVP problem) to solve the LWE problem in the aspect of practice. The lattice reduction algorithm we use is the progressive BKZ [2, 3]. At first, from our experimental results we can intuitively observe that the embedding technique is more efficient with the embedding factor M closer to 1. Then especially for the cases of σ/q= 0.005, we will give an preliminary analysis for the runtime and give an estimation for the proper size of parameters. Moreover, our experimental results show that for n≥ 55 and the fixed σ/q= 0.005, the embedding technique with progressive BKZ is more efficient than Xu et al.’s implementation of the enumeration algorithm in [21, 23]. Finally, by our parameter setting, we succeeded in solving the LWE Challenge over (n, σ/q) = (70, 0.005) using 2 ^16.8 s (32.73 single core hours).

Original language	English
Title of host publication	Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings
Editors	Sihan Qing, Dongmei Liu, Chris Mitchell, Liqun Chen
Publisher	Springer Verlag
Pages	541-553
Number of pages	13
ISBN (Print)	9783319894997
DOIs	https://doi.org/10.1007/978-3-319-89500-0_47
Publication status	Published - 2018
Event	19th International Conference on Information and Communications Security, ICICS 2017 - Beijing, China Duration: Dec 6 2017 → Dec 8 2017

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	10631 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Other

Other	19th International Conference on Information and Communications Security, ICICS 2017
Country/Territory	China
City	Beijing
Period	12/6/17 → 12/8/17

All Science Journal Classification (ASJC) codes

Theoretical Computer Science
Computer Science(all)

Access to Document

10.1007/978-3-319-89500-0_47

Cite this

Wang, Y., Aono, Y., & Takagi, T. (2018). An experimental study of Kannan’s embedding technique for the search LWE problem. In S. Qing, D. Liu, C. Mitchell, & L. Chen (Eds.), Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings (pp. 541-553). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10631 LNCS). Springer Verlag. https://doi.org/10.1007/978-3-319-89500-0_47

An experimental study of Kannan’s embedding technique for the search LWE problem. / Wang, Yuntao; Aono, Yoshinori; Takagi, Tsuyoshi.
Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings. ed. / Sihan Qing; Dongmei Liu; Chris Mitchell; Liqun Chen. Springer Verlag, 2018. p. 541-553 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 10631 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Wang, Y, Aono, Y & Takagi, T 2018, An experimental study of Kannan’s embedding technique for the search LWE problem. in S Qing, D Liu, C Mitchell & L Chen (eds), Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 10631 LNCS, Springer Verlag, pp. 541-553, 19th International Conference on Information and Communications Security, ICICS 2017, Beijing, China, 12/6/17. https://doi.org/10.1007/978-3-319-89500-0_47

Wang Y, Aono Y, Takagi T. An experimental study of Kannan’s embedding technique for the search LWE problem. In Qing S, Liu D, Mitchell C, Chen L, editors, Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings. Springer Verlag. 2018. p. 541-553. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-319-89500-0_47

Wang, Yuntao ; Aono, Yoshinori ; Takagi, Tsuyoshi. / An experimental study of Kannan’s embedding technique for the search LWE problem. Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings. editor / Sihan Qing ; Dongmei Liu ; Chris Mitchell ; Liqun Chen. Springer Verlag, 2018. pp. 541-553 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{52d3dc78e38140759c86eb0e28a9e6d9,

title = "An experimental study of Kannan{\textquoteright}s embedding technique for the search LWE problem",

abstract = "The learning with errors (LWE) problem is considered as one of the most compelling candidates as the security base for the post-quantum cryptosystems. For the application of LWE based cryptographic schemes, the concrete parameters are necessary: the length n of secret vector, the moduli q and the deviation σ. In the middle of 2016, Germany TU Darmstadt group initiated the LWE Challenge in order to assess the hardness of LWE problems. There are several approaches to solve the LWE problem via reducing LWE to other lattice problems. Xu et al.{\textquoteright}s group solved some LWE Challenge instances using Liu and Nguyen{\textquoteright}s adapted enumeration technique (reducing LWE to BDD problem) [14] and they published this result at ACNS 2017 [23]. In this paper, we study Kannan{\textquoteright}s embedding technique (reducing LWE to unique SVP problem) to solve the LWE problem in the aspect of practice. The lattice reduction algorithm we use is the progressive BKZ [2, 3]. At first, from our experimental results we can intuitively observe that the embedding technique is more efficient with the embedding factor M closer to 1. Then especially for the cases of σ/q= 0.005, we will give an preliminary analysis for the runtime and give an estimation for the proper size of parameters. Moreover, our experimental results show that for n≥ 55 and the fixed σ/q= 0.005, the embedding technique with progressive BKZ is more efficient than Xu et al.{\textquoteright}s implementation of the enumeration algorithm in [21, 23]. Finally, by our parameter setting, we succeeded in solving the LWE Challenge over (n, σ/q) = (70, 0.005) using 2 16.8 s (32.73 single core hours).",

author = "Yuntao Wang and Yoshinori Aono and Tsuyoshi Takagi",

note = "Funding Information: Acknowledgment. This work was supported by JSPS KAKENHI Grant Number JP17J01987, JP26730069 and JST CREST Grant Number JPMJCR14D6, Japan. Funding Information: This work was supported by JSPS KAKENHI Grant Number JP17J01987, JP26730069 and JST CREST Grant Number JPMJCR14D6, Japan. Publisher Copyright: {\textcopyright} Springer International Publishing AG, part of Springer Nature 2018.; 19th International Conference on Information and Communications Security, ICICS 2017 ; Conference date: 06-12-2017 Through 08-12-2017",

year = "2018",

doi = "10.1007/978-3-319-89500-0_47",

language = "English",

isbn = "9783319894997",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "541--553",

editor = "Sihan Qing and Dongmei Liu and Chris Mitchell and Liqun Chen",

booktitle = "Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings",

address = "Germany",

}

TY - GEN

T1 - An experimental study of Kannan’s embedding technique for the search LWE problem

AU - Wang, Yuntao

AU - Aono, Yoshinori

AU - Takagi, Tsuyoshi

N1 - Funding Information: Acknowledgment. This work was supported by JSPS KAKENHI Grant Number JP17J01987, JP26730069 and JST CREST Grant Number JPMJCR14D6, Japan. Funding Information: This work was supported by JSPS KAKENHI Grant Number JP17J01987, JP26730069 and JST CREST Grant Number JPMJCR14D6, Japan. Publisher Copyright: © Springer International Publishing AG, part of Springer Nature 2018.

PY - 2018

Y1 - 2018

N2 - The learning with errors (LWE) problem is considered as one of the most compelling candidates as the security base for the post-quantum cryptosystems. For the application of LWE based cryptographic schemes, the concrete parameters are necessary: the length n of secret vector, the moduli q and the deviation σ. In the middle of 2016, Germany TU Darmstadt group initiated the LWE Challenge in order to assess the hardness of LWE problems. There are several approaches to solve the LWE problem via reducing LWE to other lattice problems. Xu et al.’s group solved some LWE Challenge instances using Liu and Nguyen’s adapted enumeration technique (reducing LWE to BDD problem) [14] and they published this result at ACNS 2017 [23]. In this paper, we study Kannan’s embedding technique (reducing LWE to unique SVP problem) to solve the LWE problem in the aspect of practice. The lattice reduction algorithm we use is the progressive BKZ [2, 3]. At first, from our experimental results we can intuitively observe that the embedding technique is more efficient with the embedding factor M closer to 1. Then especially for the cases of σ/q= 0.005, we will give an preliminary analysis for the runtime and give an estimation for the proper size of parameters. Moreover, our experimental results show that for n≥ 55 and the fixed σ/q= 0.005, the embedding technique with progressive BKZ is more efficient than Xu et al.’s implementation of the enumeration algorithm in [21, 23]. Finally, by our parameter setting, we succeeded in solving the LWE Challenge over (n, σ/q) = (70, 0.005) using 2 16.8 s (32.73 single core hours).

AB - The learning with errors (LWE) problem is considered as one of the most compelling candidates as the security base for the post-quantum cryptosystems. For the application of LWE based cryptographic schemes, the concrete parameters are necessary: the length n of secret vector, the moduli q and the deviation σ. In the middle of 2016, Germany TU Darmstadt group initiated the LWE Challenge in order to assess the hardness of LWE problems. There are several approaches to solve the LWE problem via reducing LWE to other lattice problems. Xu et al.’s group solved some LWE Challenge instances using Liu and Nguyen’s adapted enumeration technique (reducing LWE to BDD problem) [14] and they published this result at ACNS 2017 [23]. In this paper, we study Kannan’s embedding technique (reducing LWE to unique SVP problem) to solve the LWE problem in the aspect of practice. The lattice reduction algorithm we use is the progressive BKZ [2, 3]. At first, from our experimental results we can intuitively observe that the embedding technique is more efficient with the embedding factor M closer to 1. Then especially for the cases of σ/q= 0.005, we will give an preliminary analysis for the runtime and give an estimation for the proper size of parameters. Moreover, our experimental results show that for n≥ 55 and the fixed σ/q= 0.005, the embedding technique with progressive BKZ is more efficient than Xu et al.’s implementation of the enumeration algorithm in [21, 23]. Finally, by our parameter setting, we succeeded in solving the LWE Challenge over (n, σ/q) = (70, 0.005) using 2 16.8 s (32.73 single core hours).

UR - http://www.scopus.com/inward/record.url?scp=85045994359&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85045994359&partnerID=8YFLogxK

U2 - 10.1007/978-3-319-89500-0_47

DO - 10.1007/978-3-319-89500-0_47

M3 - Conference contribution

AN - SCOPUS:85045994359

SN - 9783319894997

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 541

EP - 553

BT - Information and Communications Security - 19th International Conference, ICICS 2017, Proceedings

A2 - Qing, Sihan

A2 - Liu, Dongmei

A2 - Mitchell, Chris

A2 - Chen, Liqun

PB - Springer Verlag

T2 - 19th International Conference on Information and Communications Security, ICICS 2017

Y2 - 6 December 2017 through 8 December 2017

ER -

An experimental study of Kannan’s embedding technique for the search LWE problem

Abstract

Publication series

Other

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this