子格筛法的两种优化方法

Two Optimization Methods of SubSieve Algorithm

下载PDF

导出

摘要子格筛法是求解格上最短向量问题(shortest vector problem,SVP)的一个高效算法,通过在(n-d)维投影子格上调用高斯筛法以求解n维格上的SVP问题,其中d是自由维数.子格筛法的降维思想有效降低了筛法的时间复杂度,缩小了与枚举算法运行效率的差距.本文在简要回顾高斯筛法和子格筛法的算法思想及运行机理的基础上,提出子格筛法的两种优化方法.通过调整高斯筛法的算法参数,改变算法输出包含的信息,增大了子格筛法的自由维数d,从而降低了算法的时间复杂度;在子格筛法最重要的子程序高斯筛法中加入过滤器,在更新列表向量的同时可以更快地完成筛选,从而将高斯筛法的二次搜索过程降低为亚二次搜索过程,节约了算法的运行时间;综合应用上述两种方法优化子格筛法,提出Filteredα-子格筛法.实验数据表明两种优化方法都能有效提升子格筛法的运行效率.在70–86维的随机格上,Filteredα-子格筛法的运行效率相比于初始子格筛法最高提升了约58.8%,平均提高了约41.7%. The SubSieve algorithm is an efficient algorithm for solving the shortest vector problem(SVP)on lattices which uses a few calls to the GaussSieve algorithm on the(n-d)-dimensional projected sublattice to solve the SVP on an n-dimensional lattice,where d is the free dimension.The idea of dimensional reduction of the SubSieve algorithm effectively reduces the time complexity of the sieve and narrows the gap in the running efficiency with the enumeration algorithm.This paper briefly reviews the main idea and the mechanisms of the GaussSieve algorithm and the SubSieve algorithm.Subsequently,two methods are proposed to improve the SubSieve algorithm.First,by adjusting the algorithm parameters of the GaussSieve algorithm to change its output,the free dimension d of the SubSieve algorithm can be increased,and the time complexity is reduced.Second,by adding filters to the GaussSieve algorithm which is the most important subroutine of the SubSieve algorithm,the vectors can be sieved more quickly when the list is updated.By this way,the quadratic search can be reduced in the GaussSieve algorithm to a sub-quadratic search process and the runtime is reduced.Finally,the above two methods are applied to optimize the SubSieve algorithm,forming the Filteredα-SubSieve algorithm.According to the experimental results,the above two methods do improve the efficiency of the initial SubSieve algorithm.On random lattices in dimension 70–86,compared with that of the initial SubSieve algorithm,the efficiency of the Filteredα-SubSieve algorithm can be improved by up to 58.8%and 41.7%on average.

作者张维孙明豪屈龙江 ZHANG Wei;SUN Ming-Hao;QU Long-Jiang(College of Science,National University of Defense Technology,Changsha 410073,China;Hunan Engineering Research Center of Commercial Cryptography Theory and Technology Innovation,Changsha 410073,China)

机构地区国防科技大学理学院商用密码理论与技术创新湖南省工程研究中心

出处《密码学报》 CSCD 2023年第3期476-490,共15页 Journal of Cryptologic Research

基金国家自然科学基金(62032009)。

关键词格子格筛法最短向量问题自由维数过滤器 lattice SubSieve algorithm shortest vector problem free dimension filters

分类号 TP309.7 [自动化与计算机技术—计算机系统结构]

引文网络
相关文献

参考文献5

1王旭阳,胡爱群.格困难问题的复杂度分析[J].密码学报,2015,2(1):1-16. 被引量：5
2王小云,刘明洁.格密码学研究[J].密码学报,2014,1(1):13-27. 被引量：45
3曹金政,程庆丰.一种基于分块采样方法的格基约减算法[J].密码学报,2019,6(1):73-82. 被引量：4
4毕蕾,路献辉,王鲲鹏.格上筛法研究现状与发展趋势[J].密码学报,2021,8(5):735-757. 被引量：1
5金悦祺,胡红钢.利用K-Means LSH加速求解格中的最短向量问题[J].密码学报,2020,7(4):473-482. 被引量：1

二级参考文献31

1Oded Regev.On lattices, learning with errors, random linear codes, and cryptography[J].Journal of the ACM (JACM).2009(6)
2Johannes Bl?mer,Stefanie Naewe.Sampling methods for shortest vectors, closest vectors and successive minima[J].Theoretical Computer Science.2009(18)
3Phong Q. Nguyen,Thomas Vidick.Sieve algorithms for the shortest vector problem are practical[J].Journal of Mathematical Cryptology.2008(2)
4Jean-Sebastien Coron,Alexander May.Deterministic Polynomial-Time Equivalence of Computing the RSA Secret Key and Factoring[J].Journal of Cryptology.2007(1)
5Dorit Aharonov,Oded Regev.Lattice problems in NP ∩ coNP[J].Journal of the ACM (JACM).2005(5)
6Subhash Khot.Hardness of approximating the shortest vector problem in lattices[J].Journal of the ACM (JACM).2005(5)
7Phong Q. Nguyen,Igor E. Shparlinski.The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces[J].Designs Codes and Cryptography.2003(2)
8I. Dinur,G. Kindler,R. Raz,S. Safra.Approximating CVP to Within Almost-Polynomial Factors is NP-Hard[J].COMBINATORICA.2003(2)
9Irit Dinur.Approximating SVP ∞ to within almost-polynomial factors is NP-hard[J].Theoretical Computer Science.2002(1)
10Jin-Yi Cai.A new transference theorem in the geometry of numbers and new bounds for Ajtai’s connection factor[J].Discrete Applied Mathematics.2002(1)

共引文献49

1邓银娟.基于身份的同态加密[J].宝鸡文理学院学报（自然科学版）,2015,35(2):25-30.
2向新银.格上基于身份的前向安全签名方案[J].计算机工程,2015,41(9):155-158. 被引量：4
3宋福成,杨汀,陈宜金,时爽爽.改进的整周模糊度搜索算法[J].测绘科学,2015,40(10):16-20. 被引量：2
4商玉芳,傅泽源.格上基于身份的前向安全环签名方案[J].科技创新与应用,2016,6(29):62-62.
5王旭阳,胡爱群,方昊.基于LWE的单层同态云计算方案[J].东南大学学报（自然科学版）,2016,46(5):945-949. 被引量：1
6汤建国,汪江桦.基于粗糙集的古典密码模型[J].计算机应用,2017,37(4):993-998.
7郑彦斌,周星辰.密码学课程的教学探索[J].大众科技,2017,19(2):88-89. 被引量：3
8张平原,蒋瀚,蔡杰,王晨光,郑志华,徐秋亮.格密码技术近期研究进展[J].计算机研究与发展,2017,54(10):2121-2129. 被引量：9
9商玉芳,梁向前,孙意如.理想格上基于身份的代理重签名方案[J].计算机工程与应用,2017,53(21):110-114. 被引量：1
10汤永利,周锦,刘琨,叶青,闫玺玺.标准模型下格上基于身份的盲签名方案[J].计算机科学与探索,2017,11(12):1965-1971. 被引量：3

1金悦祺,胡红钢.利用K-Means LSH加速求解格中的最短向量问题[J].密码学报,2020,7(4):473-482. 被引量：1
2Xue ZHANG,Zhongxiang ZHENG,Xiaoyun WANG.A detailed analysis of primal attack and its variants[J].Science China(Information Sciences),2022,65(3):178-191. 被引量：1
3徐孟玥.基于模型预测的牵引逆变器容错控制方法[J].铁道勘测与设计,2023(4):58-62.
4俞立平,潘伟波.基于K-means和PLS-DA的期刊评价关键指标研究[J].农业图书情报学报,2022,34(12):55-64. 被引量：1
5ZHANG Xinglong,CHENG Qingfeng,LI Yuting.LaTLS:A Lattice-Based TLS Proxy Protocol[J].Chinese Journal of Electronics,2022,31(2):313-321.
6Jiang-shan CHEN,Yu-pu HU,Hong-mei LIANG,Wen GAO.Novel efficient identity-based signature on lattices[J].Frontiers of Information Technology & Electronic Engineering,2021,22(2):244-250. 被引量：2
7陈凯.从一个思想实验看计算思维运用的必要性问题[J].中国信息技术教育,2023(13):14-18.
8DENG Yingpu,LUO Lixia,PAN Yanbin,XIAO Guanju.On Some Computational Problems in Local Fields[J].Journal of Systems Science & Complexity,2022,35(3):1191-1200.
9毕蕾,路献辉,王鲲鹏.格上筛法研究现状与发展趋势[J].密码学报,2021,8(5):735-757. 被引量：1
10喻中.法必本于人:魏源法理学的核心命题[J].中南大学学报（社会科学版）,2023,29(3):39-52.

密码学报

2023年第3期

浏览历史

内容加载中请稍等...

子格筛法的两种优化方法

参考文献5

二级参考文献31

共引文献49

相关作者

相关机构

相关主题

浏览历史