Skip to main content
Conference Proceedings

Solving BDD by enumeration: An update

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2013) 7779 LNCS 293-309
DOI: 10.1007/978-3-642-36095-4_19
104Citations
Citations of this article
32Readers
Mendeley users who have this article in their library.
Get full text

Abstract

Bounded Distance Decoding (BDD) is a basic lattice problem used in cryptanalysis: the security of most lattice-based encryption schemes relies on the hardness of some BDD, such as LWE. We study how to solve BDD using a classical method for finding shortest vectors in lattices: enumeration with pruning speedup, such as Gama-Nguyen-Regev extreme pruning from EUROCRYPT '10. We obtain significant improvements upon Lindner-Peikert's Search-LWE algorithm (from CT-RSA '11), and update experimental cryptanalytic results, such as attacks on DSA with partially known nonces and GGH encryption challenges. Our work shows that any security estimate of BDD-based cryptosystems must take into account enumeration attacks, and that BDD enumeration can be practical even in high dimension like 350. © 2013 Springer-Verlag.

Cite

CITATION STYLE

APA

Liu, M., & Nguyen, P. Q. (2013). Solving BDD by enumeration: An update. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7779 LNCS, pp. 293–309). https://doi.org/10.1007/978-3-642-36095-4_19

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free