In this paper, we report that we have solved the SVP Challenge over
a 128-dimensional lattice in Ideal Lattice Challenge from TU Darmstadt,
which is currently the highest dimension in the challenge that has ever
been solved. The security of lattice-based cryptography is based on the
hardness of solving the shortest vector problem (SVP) in lattices.
In 2010, Micciancio and Voulgaris proposed a Gauss Sieve algorithm
for heuristically solving the SVP using a list $L$ of Gauss-reduced
vectors. Milde and Schneider proposed a parallel
implementation method for the Gauss Sieve algorithm.
However, the efficiency of the more than 10 threads in their implementation
decreased due to the large number of non-Gauss-reduced vectors appearing
in the distributed list of each thread. In this paper, we propose a more
practical parallelized Gauss Sieve algorithm. Our algorithm deploys an
additional Gauss-reduced list $V$ of sample vectors assigned to each
thread, and all vectors in list $L$ remain Gauss-reduced by mutually
reducing them using all sample vectors in $V$. Therefore, our algorithm
allows the Gauss Sieve algorithm to run for large dimensions with a small communication overhead.
Finally, we succeeded in solving the SVP Challenge over a 128-dimensional
ideal lattice generated by the cyclotomic polynomial $x^{128}+1$ using
about 30,000 CPU hours.
↧