Back to Search Start Over

Lower bounds of shortest vector lengths in random NTRU lattices

Authors :
Qi Cheng
Jingguo Bi
Institute for Advanced Study [Tsinghua]
Tsinghua University [Beijing]
Cryptanalyse (CRYPT)
Laboratoire Franco-Chinois d'Informatique, d'Automatique et de Mathématiques Appliquées (LIAMA)
Centre de Coopération Internationale en Recherche Agronomique pour le Développement (Cirad)-Institut National de la Recherche Agronomique (INRA)-Chinese Academy of Sciences [Changchun Branch] (CAS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institute of Automation - Chinese Academy of Sciences-Centre National de la Recherche Scientifique (CNRS)-Centre de Coopération Internationale en Recherche Agronomique pour le Développement (Cirad)-Institut National de la Recherche Agronomique (INRA)-Chinese Academy of Sciences [Changchun Branch] (CAS)-Institut National de Recherche en Informatique et en Automatique (Inria)-Institute of Automation - Chinese Academy of Sciences-Centre National de la Recherche Scientifique (CNRS)-Inria Paris-Rocquencourt
Institut National de Recherche en Informatique et en Automatique (Inria)
Computer Science Department- University of Oklahoma
University of Oklahoma (OU)
Tsinghua University [Beijing] (THU)
Source :
Theoretical Computer Science, Theoretical Computer Science, Elsevier, 2014, 560 (2), pp.121-130. ⟨10.1016/j.tcs.2014.10.011⟩, Theoretical Computer Science, 2014, 560 (2), pp.121-130. ⟨10.1016/j.tcs.2014.10.011⟩
Publication Year :
2014
Publisher :
HAL CCSD, 2014.

Abstract

International audience; Finding the shortest vector of a lattice is one of the most important problems in computational lattice theory. For a random lattice, one can estimate the length of the shortest vector using the Gaussian heuristic. However, no rigorous proof can be provided for some classes of lattices, as the Gaussian heuristic may not hold for them. In this paper, we propose a general method to estimate lower bounds of the shortest vector lengths for random integral lattices in certain classes, which is based on the incompressibility method from the theory of Kolmogorov complexity. As an application, we can prove that for a random NTRU lattice, with an overwhelming probability, the ratio between the length of the shortest vector and the length of the target vector, which corresponds to the secret key, is at least a constant, independent of the rank of the lattice.

Subjects

Subjects :
Random lattices
General method
Shortest vector problem
General Computer Science
Gaussian heuristic
NTRU
Gaussian
High Energy Physics::Lattice
Kolmogorov complexity
0102 computer and information sciences
01 natural sciences
Theoretical Computer Science
Combinatorics
symbols.namesake
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
Lattice (order)
0101 mathematics
Random lattice
Mathematics
Discrete mathematics
Lattice problem
010102 general mathematics
Rigorous proof
NTRU lattices
010201 computation theory & mathematics
symbols

Details

Language :
English
ISSN :
03043975 and 18792294
Database :
OpenAIRE
Journal :
Theoretical Computer Science, Theoretical Computer Science, Elsevier, 2014, 560 (2), pp.121-130. ⟨10.1016/j.tcs.2014.10.011⟩, Theoretical Computer Science, 2014, 560 (2), pp.121-130. ⟨10.1016/j.tcs.2014.10.011⟩
Accession number :
edsair.doi.dedup.....065de08b002c9937064bb50995042f6e
Full Text :
https://doi.org/10.1016/j.tcs.2014.10.011⟩
Full Text Access
View/download PDF

Tools

Authors Abstract Subjects Details