Parallel Enumeration of Shortest Lattice Vectors

Dagdelen, Özgür; Schneider, Michael

doi:10.1007/978-3-642-15291-7_21

Cited by 25 publications

(35 citation statements)

References 11 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, after finding a sufficiently good basis for the lattice using block Korkine-Zolotareff (BKZ) reduction [32] (with a dimension parameter of about 30 -this is usually all that is useful, and takes less than 10 minutes), it only takes only a couple of cpu-months to do an exhaustive search, and parallel code for this is now available from Pujol [29] (described in [10], and see also [9]). Using 12 cpus and Pujol's code, it took about 4 days to show that our lattice has no vectors of norm 2 or 4.…”

Section: No Vectors Of Norm 2 Ormentioning

confidence: 99%

Another 80-dimensional extremal lattice

Watkins¹

2012

J. Théor. Nombres Bordeaux

View full text Add to dashboard Cite

Section: No Vectors Of Norm 2 Ormentioning

confidence: 99%

Another 80-dimensional extremal lattice

Watkins¹

2012

J. Théor. Nombres Bordeaux

View full text Add to dashboard Cite

“…Results: Our results show that enumeration-based CVP-solvers, whose scalability was never studied, can be parallelized at least as efficiently as enumerationbased SVP-solvers, based on a comparison of the CVP and SVP versions of our algorithm and the state of the art SVP implementation described in [10]. In particular, our parallel version of this algorithm achieves superlinear speedups in some instances on up to 8 cores and a speedup factor of 14.8x for 16 cores when solving the CVP on a 50-dimensional lattice, on a dual-socket machine with 16 physical cores.…”

Section: Introductionmentioning

confidence: 99%

“…On one hand, we study the practicability of the CVP, to which end we implement and assess the performance of an enhanced version of the Schnorr-Euchner enumeration routine, described in [12], a CVP-solver that can easily be modified to solve the SVP, from here on referred to as SE++. In particular, we propose a parallel version of this algorithm for sharedmemory CPU systems, implemented with OpenMP, and we analyze its performance on a 16-core CPU system against the parallel SVP-solver proposed in [10].…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Parallel Improved Schnorr-Euchner Enumeration SE++ for the CVP and SVP

Correia

Mariano

Proença

et al. 2016

2016 24th Euromicro International Conference on Parallel, Distributed, and Network-Based Processing (PDP)

View full text Add to dashboard Cite

Abstract-The Closest Vector Problem (CVP) and the Shortest Vector Problem (SVP) are prime problems in lattice-based cryptanalysis, since they underpin the security of many lattice-based cryptosystems. Despite the importance of these problems, there are only a few CVP-solvers publicly available, and their scalability was never studied.This paper presents a scalable implementation of an enumeration-based CVP-solver for multi-cores, which can be easily adapted to solve the SVP. In particular, it achieves super-linear speedups in some instances on up to 8 cores and almost linear speedups on 16 cores when solving the CVP on a 50-dimensional lattice. Our results show that enumeration-based CVP-solvers can be parallelized as effectively as enumeration-based solvers for the SVP, based on a comparison with a state of the art SVP-solver. In addition, we show that we can optimize the SVP variant of our solver in such a way that it becomes 35%-60% faster than the fastest enumeration-based SVP-solver to date.

show abstract

“…There are approaches of parallelizing LLL in the SIMD model, e.g. [30,2] and also for enumeration [9,15,10]. The combination of both however has not yet been tried.…”

Section: Introductionmentioning

confidence: 99%

Random Sampling for Short Lattice Vectors on Graphics Cards

Schneider

Göttert

2011

Cryptographic Hardware and Embedded Systems – CHES 2011

Self Cite

View full text Add to dashboard Cite

Abstract. We present a GPU implementation of the Simple Sampling Reduction (SSR) algorithm that searches for short vectors in lattices. SSR makes use of the famous BKZ algorithm. It complements an exhaustive search in a suitable search region to insert random, short vectors to the lattice basis. The sampling of short vectors can be executed in parallel.Our GPU implementation increases the number of sampled vectors per second from 5200 to more than 120, 000. With this we are the first to present a parallel implementation of SSR and we make use of the computing capability of modern graphics cards to enhance the search for short vectors even more.

show abstract

Parallel Enumeration of Shortest Lattice Vectors

Cited by 25 publications

References 11 publications

Another 80-dimensional extremal lattice

Another 80-dimensional extremal lattice

Parallel Improved Schnorr-Euchner Enumeration SE++ for the CVP and SVP

Random Sampling for Short Lattice Vectors on Graphics Cards

Contact Info

Product

Resources

About