Responsive image
博碩士論文 etd-0729116-132326 詳細資訊
Title page for etd-0729116-132326
論文名稱
Title
最短向量問題之高效率演算法
An Efficient Algorithm for the Shortest Vector Problem.
系所名稱
Department
畢業學年期
Year, semester
語文別
Language
學位類別
Degree
頁數
Number of pages
45
研究生
Author
指導教授
Advisor
召集委員
Convenor
口試委員
Advisory Committee
口試日期
Date of Exam
2016-07-05
繳交日期
Date of Submission
2016-08-29
關鍵字
Keywords
演算法分析、最短向量問題、最佳化理論、晶格點、植基於晶格點之密碼學
Lattice, Algorithm Analysis, Optimization Theory, Lattice-Based Cryptography, Shortest Vector Problem
統計
Statistics
本論文已被瀏覽 5740 次,被下載 184
The thesis/dissertation has been browsed 5740 times, has been downloaded 184 times.
中文摘要
晶格點在密碼學上是一被廣泛討論的一個議題,其中主要的原因在於此類機制具
有抵擋量子攻擊的可能性。而在晶格點上有一很著名的問題,即給定一個基底,在此
基底所生成的晶格點中尋找一長度非零的最短向量(SVP)。有許多加密或簽章機制的安全性是基於SVP,如NTRU等。因此,其演算法的研究將能幫助我們訂定安全參數的標準。在另一方面,有許多機制中需使用到相對較短的向量,故演算法時間複雜度的改善能增進整體機制運行的效率。
我們將嘗試以新的概念設計SVP近似演算法,透過距離最佳化的模型,找出平面上
的最佳解,並將其解從有理數還原成整數,進而找出最短向量。我們也證明此演算法
的時間複雜度為O(n^3)以及其Hermite Factor有多項式上界。
Abstract
Lattice is widely used in cryptography since it has potential for defending quantum attacks.
One of the significant problems in such cryptography is the shortest vector problem (SVP). This problem is to find the non-zero shortest vector in lattice. SVP is an NP-hard problem proven by Ajtai, and many cryptosystems are secure under the assumption that SVP is hard, such as NTRU. On the other hand, some primitives of lattice-based cryptography require relatively short vectors. In this thesis, we propose a new SVP algorithm which can be performed in time complexity O(n^3). We also prove that the Hermite factor of the proposed algorithm is polynomial-bounded.
目次 Table of Contents
論文審定書i
Acknowledgments iv
摘要v
Abstract vi
List of Figures ix
List of Tables x
Chapter 1 Introduction 1
1.1 Related works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1.2 Contribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Chapter 2 Preliminary 4
2.1 Lattice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.2 The Shortest Vector Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
2.3 Minkowski’s Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2.4 Norm Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Chapter 3 Our Algorithm 8
3.1 Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
3.2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2.1 Cost of Step 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.2.2 The upper bound of coefficient . . . . . . . . . . . . . . . . . . . . . . . 11
3.2.3 Change the sign in Step 5 . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2.4 The sum of ciei is in [0; 1] . . . . . . . . . . . . . . . . . . . . . . . . . . 12
Chapter 4 Analysis 15
4.1 Correctness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2 Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
4.3 Time Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Chapter 5 Comparison 26
Chapter 6 Implementation 28
Chapter 7 Conclusion 30
Bibliography 31
參考文獻 References
[1] Miklós Ajtai. The shortest vector problem in l2 is np-hard for randomized reductions. In Proceedings of the thirtieth annual ACM symposium on Theory of computing, pages 10–19. ACM, 1998.
[2] Miklós Ajtai, Ravi Kumar, and Dandapani Sivakumar. A sieve algorithm for the shortest lattice vector problem. In Proceedings of the thirty-third annual ACM symposium on Theory of computing, pages 601–610. ACM, 2001.
[3] Yuanmi Chen and Phong Q Nguyen. Bkz 2.0: Better lattice security estimates. In Advances in Cryptology–ASIACRYPT 2011, pages 1–20. Springer, 2011.
[4] Nicolas Gama and Phong Q Nguyen. Finding short lattice vectors within mordell’s inequality.
In Proceedings of the fortieth annual ACM symposium on Theory of computing, pages 207–216. ACM, 2008.
[5] Nicolas Gama and Phong Q Nguyen. Predicting lattice reduction. In Advances in Cryptology–EUROCRYPT 2008, pages 31–51. Springer, 2008.
[6] Nicolas Gama, Phong Q Nguyen, and Oded Regev. Lattice enumeration using extreme
pruning. In Advances in Cryptology–EUROCRYPT 2010, pages 257–278. Springer, 2010.
[7] Sanjam Garg, Craig Gentry, and Shai Halevi. Candidate multilinear maps from ideal
lattices. In Eurocrypt, volume 7881, pages 1–17. Springer, 2013.
[8] Jeffrey Hoffstein, Jill Pipher, and Joseph H Silverman. Ntru: A ring-based public key
cryptosystem. In Algorithmic number theory, pages 267–288. Springer, 1998.
[9] Ravi Kannan. Improved algorithms for integer programming and related lattice problems.
In Proceedings of the fifteenth annual ACM symposium on Theory of computing, pages
193–206. ACM, 1983.
[10] Ravi Kannan. Minkowski’s convex body theorem and integer programming. Mathematics
of operations research, 12(3):415–440, 1987.
[11] Henrik Koy and Claus Peter Schnorr. Segment lll-reduction of lattice bases. In Cryptography
and lattices, pages 67–80. Springer, 2001.
[12] Arjen Klaas Lenstra, HendrikWillem Lenstra, and László Lovász. Factoring polynomials
with rational coefficients. Mathematische Annalen, 261(4):515–534, 1982.
[13] Daniele Micciancio and Panagiotis Voulgaris. Faster exponential time algorithms for the
shortest vector problem. In Proceedings of the twenty-first annual ACM-SIAM symposium
on Discrete Algorithms, pages 1468–1480. Society for Industrial and Applied Mathematics,
2010.
[14] Daniele Micciancio and Panagiotis Voulgaris. A deterministic single exponential time
algorithm for most lattice problems based on voronoi cell computations. SIAM Journal
on Computing, 42(3):1364–1391, 2013.
[15] Phong Q Nguyen and Jacques Stern. The two faces of lattices in cryptology. In Cryptography
and lattices, pages 146–180. Springer, 2001.
[16] Phong Q Nguyen and Brigitte Vallée. The lll algorithm. Information Security and, 2010.
[17] Phong Q Nguyen and Thomas Vidick. Sieve algorithms for the shortest vector problem
are practical. Journal of Mathematical Cryptology, 2(2):181–207, 2008.
[18] Thomas Plantard and Willy Susilo. Recursive lattice reduction. In Security and Cryptography
for Networks, pages 329–344. Springer, 2010.
[19] Michael Schneider and Johannes A Buchmann. Extended lattice reduction experiments
using the bkz algorithm. In Sicherheit, volume 170, pages 241–252, 2010.
[20] Claus-Peter Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms.
Theoretical computer science, 53(2):201–224, 1987.
[21] Claus-Peter Schnorr and Martin Euchner. Lattice basis reduction: improved practical
algorithms and solving subset sum problems. Mathematical programming, 66(1-3):181–
199, 1994.
[22] Victor Shoup. Number theory c++ library (ntl) version 5.4. 1. Available at www.shoup.
net, 2003.
[23] Xiaoyun Wang, Mingjie Liu, Chengliang Tian, and Jingguo Bi. Improved nguyen-vidick
heuristic sieve algorithm for shortest vector problem. In Proceedings of the 6th ACM
Symposium on Information, Computer and Communications Security, pages 1–9. ACM,
2011.
[24] Feng Zhang, Yanbin Pan, and Gengran Hu. A three-level sieve algorithm for the shortest
vector problem. In Selected Areas in Cryptography–SAC 2013, pages 29–47. Springer,
2013.
電子全文 Fulltext
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。
論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available


紙本論文 Printed copies
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。
開放時間 available 已公開 available

QR Code