論文使用權限 Thesis access permission:自定論文開放時間 user define
開放時間 Available:
校內 Campus: 已公開 available
校外 Off-campus: 已公開 available
博碩士論文 etd-0729116-132326 詳細資訊
Title page for etd-0729116-132326
論文名稱 Title |
最短向量問題之高效率演算法 An Efficient Algorithm for the Shortest Vector Problem. |
||
系所名稱 Department |
|||
畢業學年期 Year, semester |
語文別 Language |
||
學位類別 Degree |
頁數 Number of pages |
45 |
|
研究生 Author |
|||
指導教授 Advisor |
|||
召集委員 Convenor |
|||
口試委員 Advisory Committee |
|||
口試日期 Date of Exam |
2016-07-05 |
繳交日期 Date of Submission |
2016-08-29 |
關鍵字 Keywords |
演算法分析、最短向量問題、最佳化理論、晶格點、植基於晶格點之密碼學 Lattice, Algorithm Analysis, Optimization Theory, Lattice-Based Cryptography, Shortest Vector Problem |
||
統計 Statistics |
本論文已被瀏覽 5885 次,被下載 187 次 The thesis/dissertation has been browsed 5885 times, has been downloaded 187 times. |
中文摘要 |
晶格點在密碼學上是一被廣泛討論的一個議題,其中主要的原因在於此類機制具 有抵擋量子攻擊的可能性。而在晶格點上有一很著名的問題,即給定一個基底,在此 基底所生成的晶格點中尋找一長度非零的最短向量(SVP)。有許多加密或簽章機制的安全性是基於SVP,如NTRU等。因此,其演算法的研究將能幫助我們訂定安全參數的標準。在另一方面,有許多機制中需使用到相對較短的向量,故演算法時間複雜度的改善能增進整體機制運行的效率。 我們將嘗試以新的概念設計SVP近似演算法,透過距離最佳化的模型,找出平面上 的最佳解,並將其解從有理數還原成整數,進而找出最短向量。我們也證明此演算法 的時間複雜度為O(n^3)以及其Hermite Factor有多項式上界。 |
Abstract |
Lattice is widely used in cryptography since it has potential for defending quantum attacks. One of the significant problems in such cryptography is the shortest vector problem (SVP). This problem is to find the non-zero shortest vector in lattice. SVP is an NP-hard problem proven by Ajtai, and many cryptosystems are secure under the assumption that SVP is hard, such as NTRU. On the other hand, some primitives of lattice-based cryptography require relatively short vectors. In this thesis, we propose a new SVP algorithm which can be performed in time complexity O(n^3). We also prove that the Hermite factor of the proposed algorithm is polynomial-bounded. |
目次 Table of Contents |
論文審定書i Acknowledgments iv 摘要v Abstract vi List of Figures ix List of Tables x Chapter 1 Introduction 1 1.1 Related works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 1.2 Contribution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 Chapter 2 Preliminary 4 2.1 Lattice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2 The Shortest Vector Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.3 Minkowski’s Theorem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.4 Norm Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Chapter 3 Our Algorithm 8 3.1 Algorithm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 3.2 Discussion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.2.1 Cost of Step 3 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 3.2.2 The upper bound of coefficient . . . . . . . . . . . . . . . . . . . . . . . 11 3.2.3 Change the sign in Step 5 . . . . . . . . . . . . . . . . . . . . . . . . . . 11 3.2.4 The sum of ciei is in [0; 1] . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Chapter 4 Analysis 15 4.1 Correctness . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 4.2 Quality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 4.3 Time Complexity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20 Chapter 5 Comparison 26 Chapter 6 Implementation 28 Chapter 7 Conclusion 30 Bibliography 31 |
參考文獻 References |
[1] Miklós Ajtai. The shortest vector problem in l2 is np-hard for randomized reductions. In Proceedings of the thirtieth annual ACM symposium on Theory of computing, pages 10–19. ACM, 1998. [2] Miklós Ajtai, Ravi Kumar, and Dandapani Sivakumar. A sieve algorithm for the shortest lattice vector problem. In Proceedings of the thirty-third annual ACM symposium on Theory of computing, pages 601–610. ACM, 2001. [3] Yuanmi Chen and Phong Q Nguyen. Bkz 2.0: Better lattice security estimates. In Advances in Cryptology–ASIACRYPT 2011, pages 1–20. Springer, 2011. [4] Nicolas Gama and Phong Q Nguyen. Finding short lattice vectors within mordell’s inequality. In Proceedings of the fortieth annual ACM symposium on Theory of computing, pages 207–216. ACM, 2008. [5] Nicolas Gama and Phong Q Nguyen. Predicting lattice reduction. In Advances in Cryptology–EUROCRYPT 2008, pages 31–51. Springer, 2008. [6] Nicolas Gama, Phong Q Nguyen, and Oded Regev. Lattice enumeration using extreme pruning. In Advances in Cryptology–EUROCRYPT 2010, pages 257–278. Springer, 2010. [7] Sanjam Garg, Craig Gentry, and Shai Halevi. Candidate multilinear maps from ideal lattices. In Eurocrypt, volume 7881, pages 1–17. Springer, 2013. [8] Jeffrey Hoffstein, Jill Pipher, and Joseph H Silverman. Ntru: A ring-based public key cryptosystem. In Algorithmic number theory, pages 267–288. Springer, 1998. [9] Ravi Kannan. Improved algorithms for integer programming and related lattice problems. In Proceedings of the fifteenth annual ACM symposium on Theory of computing, pages 193–206. ACM, 1983. [10] Ravi Kannan. Minkowski’s convex body theorem and integer programming. Mathematics of operations research, 12(3):415–440, 1987. [11] Henrik Koy and Claus Peter Schnorr. Segment lll-reduction of lattice bases. In Cryptography and lattices, pages 67–80. Springer, 2001. [12] Arjen Klaas Lenstra, HendrikWillem Lenstra, and László Lovász. Factoring polynomials with rational coefficients. Mathematische Annalen, 261(4):515–534, 1982. [13] Daniele Micciancio and Panagiotis Voulgaris. Faster exponential time algorithms for the shortest vector problem. In Proceedings of the twenty-first annual ACM-SIAM symposium on Discrete Algorithms, pages 1468–1480. Society for Industrial and Applied Mathematics, 2010. [14] Daniele Micciancio and Panagiotis Voulgaris. A deterministic single exponential time algorithm for most lattice problems based on voronoi cell computations. SIAM Journal on Computing, 42(3):1364–1391, 2013. [15] Phong Q Nguyen and Jacques Stern. The two faces of lattices in cryptology. In Cryptography and lattices, pages 146–180. Springer, 2001. [16] Phong Q Nguyen and Brigitte Vallée. The lll algorithm. Information Security and, 2010. [17] Phong Q Nguyen and Thomas Vidick. Sieve algorithms for the shortest vector problem are practical. Journal of Mathematical Cryptology, 2(2):181–207, 2008. [18] Thomas Plantard and Willy Susilo. Recursive lattice reduction. In Security and Cryptography for Networks, pages 329–344. Springer, 2010. [19] Michael Schneider and Johannes A Buchmann. Extended lattice reduction experiments using the bkz algorithm. In Sicherheit, volume 170, pages 241–252, 2010. [20] Claus-Peter Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical computer science, 53(2):201–224, 1987. [21] Claus-Peter Schnorr and Martin Euchner. Lattice basis reduction: improved practical algorithms and solving subset sum problems. Mathematical programming, 66(1-3):181– 199, 1994. [22] Victor Shoup. Number theory c++ library (ntl) version 5.4. 1. Available at www.shoup. net, 2003. [23] Xiaoyun Wang, Mingjie Liu, Chengliang Tian, and Jingguo Bi. Improved nguyen-vidick heuristic sieve algorithm for shortest vector problem. In Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security, pages 1–9. ACM, 2011. [24] Feng Zhang, Yanbin Pan, and Gengran Hu. A three-level sieve algorithm for the shortest vector problem. In Selected Areas in Cryptography–SAC 2013, pages 29–47. Springer, 2013. |
電子全文 Fulltext |
本電子全文僅授權使用者為學術研究之目的,進行個人非營利性質之檢索、閱讀、列印。請遵守中華民國著作權法之相關規定,切勿任意重製、散佈、改作、轉貼、播送,以免觸法。 |
紙本論文 Printed copies |
紙本論文的公開資訊在102學年度以後相對較為完整。如果需要查詢101學年度以前的紙本論文公開資訊,請聯繫圖資處紙本論文服務櫃台。如有不便之處敬請見諒。 開放時間 available 已公開 available |
QR Code |
國立中山大學 圖書與資訊處 │ 諮詢服務:2452 論文審查小組 │ 服務信箱 │ 系統開發維運:圖資處知識創新組
Office of Library and Information Services, National Sun Yat-sen University │ Contact Us : 2452 Thesis Format Review Team , Mail │ Development and operations : Knowledge Innovation Division, LIS