CryptoDB
Concrete Analysis of Quantum Lattice Enumeration
| Authors: |
|
|---|---|
| Download: | |
| Presentation: | Slides |
| Conference: | ASIACRYPT 2023 |
| Abstract: | Lattice reduction algorithms such as BKZ (Block-Korkine-Zolotarev) play a central role in estimating the security of lattice-based cryptography. The subroutine in BKZ which needs to find the shortest vector in a projected sublattice can be instantiated with enumeration algorithms. The enumeration procedure can be seen as a depth-first search on some ``enumeration tree'' whose nodes denote a partial assignment of the coefficients, corresponding to lattice points as a linear combination of the lattice basis with the coefficients. This work provides a concrete analysis for the cost of quantum lattice enumeration based on the quantum tree backtracking algorithm of Montanaro (ToC, '18). More precisely, we give a concrete implementation of Montanaro's algorithm for lattice enumeration based on the quantum circuit model. We also show how to optimize the circuit depth by parallelizing the components. Based on the circuit designed, we discuss the concrete quantum resource estimates required for lattice enumeration. |
BibTeX
@inproceedings{asiacrypt-2023-33443,
title={Concrete Analysis of Quantum Lattice Enumeration},
publisher={Springer-Verlag},
author={Shi Bai and Maya-Iggy van Hoof and Floyd B. Johnson and Tanja Lange and Tran Ngo},
year=2023
}