Analysis of Gauss-Sieve for solving the shortest vector problem in lattices

Abstract

Lattice based cryptography is gaining more and more importance in the cryptographic community. The security of lattice based cryptosystems can be proven to be as hard as worst case lattice problems. The most important underlying hard problem is the shortest vector problem. There are two concurrent approaches for the search for shortest vectors in lattices: enumeration and probabilistic sieving algorithms. Enumeration algorithms were the best choice, until in 2010, Micciancio and Voulgaris present a new heuristic sieving algorithm called Gauss Sieve, which was the first sieving algorithm considered to be competitive to exhaustive search algorithms. Later in 2010, Gama, Nguyen, and Regev published their extreme pruning variant of the enumeration, which again ruled out sieving. In this paper, we present the practical results using Gauss Sieve that we gained in our experiments throughout the last year. We analyze the behaviour of Gauss Sieve that helps understanding the strengths and weaknesses of the algorithm. © 2011 Springer-Verlag.