The nearest-colattice algorithm: time-approximation tradeoff for approx-CVP
Thomas Espitau (NTT Secure Platform Laboratories) and Paul Kirchner (Université de Rennes 1)
Abstract: In this paper we exhibit a hierarchy of polynomial time algorithms solving approximate variants of the Closest Vector Problem (\CVP). Our first contribution is a heuristic algorithm achieving the same distance as HSVP algorithms, namely $\approx \beta^{\frac{n}{2\beta}}\mathrm{covol}(\Lambda)^{\frac{1}{n}}$ for a random lattice $\Lambda$ of dimension $n$. Compared to Kannan embedding, our technique allows using precomputations. This implies that some attacks on some lattice-based signatures lead to very cheap forgeries, after a precomputation. Our second contribution is a \emph{proven} reduction from approximating the closest vector with a factor $\approx n^{\frac32}\beta^{\frac{3n}{2\beta}}$ to the Shortest Vector Problem (SVP) in dimension $\beta$.
cryptography and securitynumber theory
Audience: researchers in the topic
( chat | paper | slides | video )
Comments: Chairs: Claus Fieker and Elena Kirshanova
Algorithmic Number Theory Symposium (ANTS XIV)
Series comments: Registration is now open. Registration is free but required to access the chat and livestream.
This is a hybrid synchronous/asynchronous conference with several ways to participate.
- Click the "paper" link to view contributed papers and posters (open to all).
- Click the "video" link to view pre-recorded talks of accepted papers (open to all).
These are 15-20 minutes aimed at a general algorithmic number theory audience. - Click the "slides" link to view slides used in the pre-recorded video when available (open to all).
- Click the "chat" link to access the chat stream related to the talk or poster before, during, and after the live event (registration required).
- Click the "livestream" button to join the live event when it is taking place (registration required and you must be logged in).
For accepted papers the audience will be expected to have watched the pre-recorded video and have the paper in front of them.
The invited talks will be recorded and made available via the "video" link after the talk is over. None of the other sessions will be recorded.
| Organizer: | Steven Galbraith* |
| Curator: | Andrew Sutherland* |
| *contact for this listing |