Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.


Practical Improvements on BKZ Algorithm

November 30, 2022


Ziyu Zhao - Tsinghua University


Lattice problems such as NTRU problem and LWE problem are widely used as the security base of post-quantum cryptosystems. And currently doing lattice reduction by BKZ algorithm is the most efficient way to solve them. In this paper, we give 4 further improvements on BKZ algorithm, which can be used for SVP subroutines base on enumeration and sieving. These improvements in combination provide a speed up of 23~4 in total. So all the lattice-based NIST PQC candidates lose 3 ∼ 4 bits of security in concrete attacks. Using these new techniques, we solved the 656 and 700 dimensional ideal lattice challenge in 380 and 1787 thread hours, respectively. The cost of the first one (also used an enumeration based SVP subroutine) is much less than the previous records (4600 thread hours). With these improvements enabled, we can still simulate the new BKZ algorithm easily. One can also use the simulator to find the blocksize strategy (and the corresponding cost) that makes Pot of the basis (defined in Section 4.2) decrease as fast as possible, which means the length of the first basis vector decrease the fastest if we accept the GSA assumption. It is useful for analyzing concrete attacks on lattice-based cryptography.

Event Details



Related Topics

Security and Privacy: post-quantum cryptography

Created November 23, 2022, Updated December 06, 2022