## Cryptology ePrint Archive: Report 2013/388

Parallel Gauss Sieve Algorithm : Solving the SVP in the Ideal Lattice of 128-dimensions

Tsukasa Ishiguro and Shinsaku Kiyomoto and Yutaka Miyake and Tsuyoshi Takagi

Abstract: In this paper, we report that we have solved the SVP Challenge over a 128-dimensional lattice in Ideal Lattice Challenge from TU Darmstadt, which is currently the highest dimension in the challenge that has ever been solved. The security of lattice-based cryptography is based on the hardness of solving the shortest vector problem (SVP) in lattices. In 2010, Micciancio and Voulgaris proposed a Gauss Sieve algorithm for heuristically solving the SVP using a list $L$ of Gauss-reduced vectors. Milde and Schneider proposed a parallel implementation method for the Gauss Sieve algorithm. However, the efficiency of the more than 10 threads in their implementation decreased due to the large number of non-Gauss-reduced vectors appearing in the distributed list of each thread. In this paper, we propose a more practical parallelized Gauss Sieve algorithm. Our algorithm deploys an additional Gauss-reduced list $V$ of sample vectors assigned to each thread, and all vectors in list $L$ remain Gauss-reduced by mutually reducing them using all sample vectors in $V$. Therefore, our algorithm allows the Gauss Sieve algorithm to run for large dimensions with a small communication overhead. Finally, we succeeded in solving the SVP Challenge over a 128-dimensional ideal lattice generated by the cyclotomic polynomial $x^{128}+1$ using about 30,000 CPU hours.

Category / Keywords: shortest vector problem, lattice-based cryptography, ideal lattice, Gauss Sieve algorithm, parallel algorithm

Date: received 13 Jun 2013, last revised 17 Jan 2014

Contact author: tsukasa at kddilabs jp, takagi@imi kyushu-u ac jp

Available format(s): PDF | BibTeX Citation

Short URL: ia.cr/2013/388

[ Cryptology ePrint archive ]