TY - GEN
T1 - An experimental study of the BDD approach for the search LWE problem
AU - Xu, Rui
AU - Yeo, Sze Ling
AU - Fukushima, Kazuhide
AU - Takagi, Tsuyoshi
AU - Seo, Hwajung
AU - Kiyomoto, Shinsaku
AU - Henricksen, Matt
N1 - Publisher Copyright:
© Springer International Publishing AG 2017.
PY - 2017
Y1 - 2017
N2 - The proved hardness of the Learning With Errors (LWE) problem, assuming the worst case intractability of classic lattice problems, has made it a standard building block in the recent design of lattice based cryptosystems. Nonetheless, a thorough understanding of the security of these schemes from the perspective of existing attacks remains an open problem. In this manuscript, we report our implementation of the Bounded Distance Decoding (BDD) approach for solving the search LWE problem. We implement a parallel version of the pruned enumeration method of the BDD strategy proposed by Liu and Nguyen. In our implementation we use the embarrassingly parallel design so that the power of multi-cores can be fully utilized. We let each thread take a randomized basis and perform independent enumerations to find the solution instead of parallelizing the enumeration algorithm itself. Other optimizations include fine-tuning the BKZ block size, the enumeration bound and the pruning coefficients and the optimal dimension of the LWE problem. Experiments are done using the TU Darmstadt LWE challenge. Finally we compare our implementation with a recent parallel BDD implementation by Kirshanova et al. [18] and show that our implementation is more efficient.
AB - The proved hardness of the Learning With Errors (LWE) problem, assuming the worst case intractability of classic lattice problems, has made it a standard building block in the recent design of lattice based cryptosystems. Nonetheless, a thorough understanding of the security of these schemes from the perspective of existing attacks remains an open problem. In this manuscript, we report our implementation of the Bounded Distance Decoding (BDD) approach for solving the search LWE problem. We implement a parallel version of the pruned enumeration method of the BDD strategy proposed by Liu and Nguyen. In our implementation we use the embarrassingly parallel design so that the power of multi-cores can be fully utilized. We let each thread take a randomized basis and perform independent enumerations to find the solution instead of parallelizing the enumeration algorithm itself. Other optimizations include fine-tuning the BKZ block size, the enumeration bound and the pruning coefficients and the optimal dimension of the LWE problem. Experiments are done using the TU Darmstadt LWE challenge. Finally we compare our implementation with a recent parallel BDD implementation by Kirshanova et al. [18] and show that our implementation is more efficient.
UR - http://www.scopus.com/inward/record.url?scp=85022323708&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85022323708&partnerID=8YFLogxK
U2 - 10.1007/978-3-319-61204-1_13
DO - 10.1007/978-3-319-61204-1_13
M3 - Conference contribution
AN - SCOPUS:85022323708
SN - 9783319612034
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 253
EP - 272
BT - Applied Cryptography and Network Security - 15th International Conference, ACNS 2017, Proceedings
A2 - Gollmann, Dieter
A2 - Miyaji, Atsuko
A2 - Kikuchi, Hiroaki
PB - Springer Verlag
T2 - 15th International Conference on Applied Cryptography and Network Security, ACNS 2017
Y2 - 10 July 2017 through 12 July 2017
ER -