Cryptology ePrint Archive: Report 2014/744

Sieving for shortest vectors in lattices using angular locality-sensitive hashing

Thijs Laarhoven

Abstract: By replacing the brute-force list search in sieving algorithms with Charikar's angular locality-sensitive hashing (LSH) method, we get both theoretical and practical speedups for solving the shortest vector problem (SVP) on lattices. Combining angular LSH with a variant of Nguyen and Vidick's heuristic sieve algorithm, we obtain heuristic time and space complexities for solving SVP in dimension n of 2^(0.3366n) and 2^(0.2075n) respectively, while combining the same ideas with Micciancio and Voulgaris' GaussSieve algorithm leads to a practical algorithm with (conjectured) time and space complexities bounded by 2^(0.3366n), leading to the best complexities for solving SVP in high dimensions to date.

Experiments show that in moderate dimensions the GaussSieve-based HashSieve algorithm already outperforms the GaussSieve, and the practical increase in the space complexity is smaller than the asymptotic bounds suggest, and can be further reduced with probing. Extrapolating to higher dimensions, we estimate that a fully optimized and parallelized implementation of the GaussSieve-based HashSieve algorithm might need a few core years to solve SVP in dimension 130 or even 140.

Category / Keywords: lattices, shortest vector problem (SVP), sieving algorithms, approximate nearest neighbor problem, locality-sensitive hashing (LSH)

Original Publication (with major differences): IACR-CRYPTO-2015

Date: received 24 Sep 2014, last revised 12 Jul 2015

Contact author: mail at thijs com

Available format(s): PDF | BibTeX Citation

Version: 20150713:014359 (All versions of this report)

Short URL: ia.cr/2014/744

Discussion forum: Show discussion | Start new discussion