Paper 2022/1067

Lattice Enumeration with Discrete Pruning: Improvement, Cost Estimation and Optimal Parameters

Luan Luan
Chunxiang Gu
Yonghui Zheng
Yanan Shi
Abstract

Lattice enumeration is a linear-space algorithm for solving the shortest lattice vector problem(SVP). Extreme pruning is a practical technique for accelerating lattice enumeration, which has mature theoretical analysis and practical implementation. However, these works are still remain to be done for discrete pruning. In this paper, we improve the discrete pruned enumeration (DP enumeration), and give a solution to the problem proposed by Leo Ducas et Damien Stehle about the cost estimation of discrete pruning. Our contribution is on the following three aspects: First, we refine the algorithm both from theoretical and practical aspects. Discrete pruning using natural number representation lies on a randomness assumption of lattice point distribution, which has an obvious paradox in the original analysis. We rectify this assumption to fix the problem, and correspondingly modify some details of DP enumeration. We also improve the binary search algorithm for cell enumeration radius with polynomial time complexity, and refine the cell decoding algorithm. Besides, we propose to use a truncated lattice reduction algorithm -- k-tours-BKZ as reprocessing method when a round of enumeration failed. Second, we propose a cost estimation simulator for DP enumeration. Based on the investigation of lattice basis stability during reprocessing, we give a method to simulate the squared length of Gram-Schmidt orthogonalization basis quickly, and give the fitted cost estimation formulae of sub-algorithms in CPU-cycles through intensive experiments. The success probability model is also modified based on the rectified assumption. We verify the cost estimation simulator on middle size SVP challenge instances, and the simulation results are very close to the actual performance of DP enumeration. Third, we give a method to calculate the optimal parameter setting to minimize the running time of DP enumeration. We compare the efficiency of our optimized DP enumeration with extreme pruning enumeration in solving SVP challenge instances. The experimental results in medium dimension and simulation results in high dimension both show that the discrete pruning method could outperform extreme pruning. An open-source implementation of DP enumeration with its simulator is also provided.

Note: The open-source DP enumeration implementation is provided on https://github.com/LunaLuan9555/DP-ENUM

Metadata
Available format(s)
PDF
Category
Foundations
Publication info
Preprint.
Keywords
lattice SVP Gram-Schmidt orthogonalization enumeration discrete pruning
Contact author(s)
lunaluan9555 @ gmail com
chunxianggu meac @ gmail com
History
2022-08-17: approved
2022-08-17: received
See all versions
Short URL
https://ia.cr/2022/1067
License
Creative Commons Attribution-NonCommercial-ShareAlike
CC BY-NC-SA

BibTeX 

@misc{cryptoeprint:2022/1067,
      author = {Luan Luan and Chunxiang Gu and Yonghui Zheng and Yanan Shi},
      title = {Lattice Enumeration with Discrete Pruning: Improvement, Cost Estimation and Optimal Parameters},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1067},
      year = {2022},
      note = {\url{https://eprint.iacr.org/2022/1067}},
      url = {https://eprint.iacr.org/2022/1067}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.