Lattice-based cryptanalysis Thijs Laarhoven mail@thijs.com - PowerPoint PPT Presentation
Lattice-based cryptanalysis Thijs Laarhoven mail@thijs.com http://www.thijs.com/ EiPSI seminar (February 11th, 2019) Lattices What is a lattice? O Lattices What is a lattice? b 2 b 1 O Lattices What is a lattice? b 2 b 1 O Lattices
v 8 Sieving v 11 3. Repeat with difference vectors until we find a shortest vector v 5 v 12 v 15 v 7 v 14 v 1 v 3 v 2 O v 6 v 10 v 9 v 13 v 4
v 8 Sieving v 11 3. Repeat with difference vectors until we find a shortest vector v 5 v 12 v 15 v 7 v 3 v 14 v 7 v 2 v 5 v 1 v 8 v 3 v 9 v 2 O v 6 v 1 v 6 v 10 v 4 v 9 v 13 v 4
v 8 Sieving v 11 Overview v 5 v 12 v 15 v 7 v 3 v 14 v 7 v 2 v 5 v 1 v 8 v 3 v 9 v 2 O v 6 v 1 v 6 v 10 v 4 v 9 v 13 v 4
v 8 Sieving v 11 Overview v 5 v 12 v 15 v 7 v 3 v 14 v 7 v 2 Heuristic (Nguyen–Vidick, J. Math. Crypt. ’08) Sieving solves SVP in time ( 4 / 3 ) n + o ( n ) and space ( 4 / 3 ) n / 2 + o ( n ) . v 5 v 1 v 8 v 3 v 9 v 2 O v 6 v 1 v 6 v 10 v 4 v 9 v 13 v 4
v 8 Sieving v 11 Overview v 5 v 12 v 15 v 7 v 3 v 14 v 7 v 2 Heuristic (Nguyen–Vidick, J. Math. Crypt. ’08) Sieving solves SVP in time ( 4 / 3 ) n + o ( n ) and space ( 4 / 3 ) n / 2 + o ( n ) . v 5 v 1 v 8 v 3 v 9 v 2 The list size comes from heuristic packing / saturation arguments, O v 6 v 1 the time complexity is quadratic in the list size. v 6 v 10 v 4 v 9 v 13 v 4
Sieving Near neighbor techniques O
v 8 Sieving v 11 Near neighbor techniques v 5 v 12 v 15 v 7 v 14 v 1 v 3 v 2 O v 6 v 10 v 9 v 13 v 4
v 8 Sieving v 11 Near neighbor techniques v 5 v 12 v 15 v 7 v 14 v 1 v 3 v 2 O v 6 v 10 v 9 v 13 v 4
v 8 Sieving v 11 Near neighbor techniques v 5 v 12 v 15 v 7 v 14 v 1 v 3 v 2 O v 6 v 10 v 9 v 13 v 4
v 8 v 8 Sieving v 11 v 11 Near neighbor techniques v 5 v 5 v 12 v 12 v 15 v 15 v 7 v 7 v 14 v 14 v 1 v 1 v 3 v 3 v 2 v 2 O v 6 v 6 v 10 v 10 v 9 v 9 v 13 v 13 v 4 v 4
v 8 v 8 Sieving v 11 v 11 Near neighbor techniques v 5 v 5 v 12 v 12 v 15 v 15 v 7 v 7 v 14 v 14 v 1 v 1 v 3 v 3 v 2 v 2 O v 6 v 6 v 10 v 10 v 9 v 9 v 13 v 13 v 4 v 4
v 8 Sieving v 11 Near neighbor techniques v 5 v 12 v 15 v 7 v 14 v 1 v 3 v 2 O v 6 v 10 v 9 v 13 v 4
v 8 Sieving v 11 Near neighbor techniques v 5 v 12 v 15 v 7 v 3 v 14 v 2 v 4 v 1 v 7 v 3 v 6 v 2 O v 5 v 1 v 6 v 10 v 9 v 13 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Random hypercones v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
v 9 Sieving v 12 Randomly rotated cross-polytopes v 5 v 13 v 16 v 7 v 15 v 1 v 3 v 8 v 2 O v 6 v 11 v 10 v 14 v 4
Recommend
More recommend
Explore More Topics
Stay informed with curated content and fresh updates.
Sambuz