Paper 2024/1612
On Wagner's k-Tree Algorithm Over Integers
, National University of Singapore, National University of SingaporeAbstract
The $k$-Tree algorithm [Wagner 02] is a non-trivial algorithm for the average-case $k$-SUM problem that has found widespread use in cryptanalysis. Its input consists of $k$ lists, each containing $n$ integers from a range of size $m$. Wagner's original heuristic analysis suggested that this algorithm succeeds with constant probability if $n \approx m^{1/(\log{k}+1)}$, and that in this case it runs in time $O(kn)$. Subsequent rigorous analysis of the algorithm [Lyubashevsky 05, Shallue 08, Joux-Kippen-Loss 24] has shown that it succeeds with high probability if the input list sizes are significantly larger than this. We present a broader rigorous analysis of the $k$-Tree algorithm, showing upper and lower bounds on its success probability and complexity for any size of the input lists. Our results confirm Wagner's heuristic conclusions, and also give meaningful bounds for a wide range of list sizes that are not covered by existing analyses. We present analytical bounds that are asymptotically tight, as well as an efficient algorithm that computes (provably correct) bounds for a wide range of concrete parameter settings. We also do the same for the $k$-Tree algorithm over $\mathbb{Z}_m$. Finally, we present experimental evaluation of the tightness of our results.
Metadata
- Available format(s)
-
PDF
- Category
- Attacks and cryptanalysis
- Publication info
- Preprint.
- Keywords
- k-SUMk-XORk-Tree
- Contact author(s)
-
haoxingl @ comp nus edu sg
prashant @ comp nus edu sg - History
- 2024-10-11: approved
- 2024-10-10: received
- See all versions
- Short URL
- https://ia.cr/2024/1612
- License
-
CC0
BibTeX
@misc{cryptoeprint:2024/1612,
author = {Haoxing Lin and Prashant Nalini Vasudevan},
title = {On Wagner's k-Tree Algorithm Over Integers},
howpublished = {Cryptology {ePrint} Archive, Paper 2024/1612},
year = {2024},
url = {https://eprint.iacr.org/2024/1612}
}
