Improved Analysis of Kannan's Shortest Lattice Vector Algorithm

Guillaume Hanrot 1 Damien Stehlé 2
1 CACAO - Curves, Algebra, Computer Arithmetic, and so On
INRIA Lorraine, LORIA - Laboratoire Lorrain de Recherche en Informatique et ses Applications
2 ARENAIRE - Computer arithmetic
Inria Grenoble - Rhône-Alpes, LIP - Laboratoire de l'Informatique du Parallélisme
Abstract : The security of lattice-based cryptosystems such as NTRU, GGH and Ajtai-Dwork essentially relies upon the intractability of computing a shortest non-zero lattice vector and a closest lattice vector to a given target vector in high dimensions. The best algorithms for these tasks are due to Kannan, and, though remarkably simple, their complexity estimates have not been improved since more than twenty years. Kannan's algorithm for solving the shortest vector problem is in particular crucial in Schnorr's celebrated block reduction algorithm, on which are based the best known attacks against the lattice-based encryption schemes mentioned above. Understanding precisely Kannan's algorithm is of prime importance for providing meaningful key-sizes. In this paper we improve the complexity analyses of Kannan's algorithms and discuss the possibility of improving the underlying enumeration strategy.
Liste complète des métadonnées

Cited literature [27 references]  Display  Hide  Download
Contributor : Rapport de Recherche Inria <>
Submitted on : Wednesday, May 9, 2007 - 5:32:32 PM
Last modification on : Thursday, February 7, 2019 - 4:49:43 PM
Document(s) archivé(s) le : Tuesday, September 21, 2010 - 1:40:35 PM


Files produced by the author(s)



Guillaume Hanrot, Damien Stehlé. Improved Analysis of Kannan's Shortest Lattice Vector Algorithm. Alfred Menezes. Advances in Cryptology - Crypto'07, Aug 2007, Santa Barbara, United States. Springer-Verlag, 4622, pp.170-186, 2007, LNCS. 〈10.1007/978-3-540-74143-5_10〉. 〈inria-00145049v2〉



Record views


Files downloads