A faster lattice reduction method using quantum search

Abstract

We propose a new lattice reduction method. Our algorithm approximates shortest lattice vectors up to a factor ≤ (k/6)n/2k and makes use of Graver's quantum search algorithm. The proposed method has the expected running time O(n3(k/6)k/8 A + n4A). That is about the square root of the running time O(n3(k/6)k/4 A + n4A) of Schnorr's recent random sampling reduction which in turn improved the running time to the fourth root of previously known algorithms. Our result demonstrates that the availability of quantum computers will affect not only the security of cryptosystems based on integer factorization or discrete logarithms, but also of lattice based cryptosystems. Hough estimates based on our asymptotic improvements and experiments reported in [1] suggest that the NTRU security parameter needed to be increased from 503 to 1277 if sufficiently large quantum computer were available nowadays. © Springer-Verlag Berlin Heidelberg 2003.