Lindner and Peikert propose new attacks and parameters for LWE Table 2 lists concrete costs of the BKW algorithm for solving LWE under the parameter choices from [21] as interpreted in [6] In our computations t = 2.7 produced the best results, i.e., higher values of t resulted in m growing too fast, m log 2 #Zq in log 2 #Z2 log 2 #Ls ,
Sampling short lattice vectors and the closest lattice vector problem, Proceedings 17th IEEE Annual Conference on Computational Complexity, pp.53-57, 2002. ,
DOI : 10.1109/CCC.2002.1004339
On the complexity of the Arora-Ge algorithm against LWE, SCC '12: Proceedings of the 3nd International Conference on Symbolic Computation and Cryptography, pp.93-99, 2012. ,
URL : https://hal.archives-ouvertes.fr/hal-00776434
bkw-estimator.py, 2012. available at https://bitbucket.org/malb/research-snippets ,
Polly Cracker, revisited, Advances in Cryptology ? ASIACRYPT 2011. full version available as Cryptology ePrint Archive, pp.179-196, 2011. ,
DOI : 10.1007/978-3-642-25385-0_10
URL : https://hal.archives-ouvertes.fr/hal-01112976
A generator for LWE and Ring-LWE instances, 2013 ,
New Algorithms for Learning in Presence of Errors, Lecture Notes in Computer Science, vol.6755, pp.403-415, 2011. ,
DOI : 10.1007/978-3-540-85174-5_31
How Far Can We Go Beyond Linear Cryptanalysis?, Advances in Cryptology ? ASIACRYPT 2004, pp.432-450, 2004. ,
DOI : 10.1007/978-3-540-30539-2_31
Noise-tolerant learning, the parity problem, and the statistical query model, Journal of the ACM, vol.50, issue.4, pp.506-519, 2003. ,
DOI : 10.1145/792538.792543
Classical hardness of learning with errors, Proceedings of the 45th annual ACM symposium on Symposium on theory of computing, STOC '13, 2013. ,
DOI : 10.1145/2488608.2488680
URL : https://hal.archives-ouvertes.fr/hal-00922194
Efficient Fully Homomorphic Encryption from (Standard) LWE, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science, pp.97-106, 2011. ,
DOI : 10.1109/FOCS.2011.12
BKZ 2.0: Better Lattice Security Estimates, Advances in Cryptology - ASIACRYPT 2011, pp.1-20, 2011. ,
DOI : 10.1007/978-3-642-25385-0_1
URL : https://hal.archives-ouvertes.fr/hal-01109961
Bounding standard gaussian tail probabilities, 2010. ,
An improved LPN algorithm, Security and Cryptography for Networks, 5th International Conference, pp.348-359, 2006. ,
URL : https://hal.archives-ouvertes.fr/inria-00563959
Lattice Enumeration Using Extreme Pruning, Advances in Cryptology ? EUROCRYPT 2010, pp.257-278, 2010. ,
DOI : 10.1007/978-3-642-13190-5_13
URL : https://hal.archives-ouvertes.fr/hal-01083526
A fully homomorphic encryption scheme, 2009. ,
Trapdoors for hard lattices and new cryptographic constructions, Proceedings of the fourtieth annual ACM symposium on Theory of computing, STOC 08, pp.197-206, 2008. ,
DOI : 10.1145/1374376.1374407
Algorithms for the Shortest and Closest Lattice Vector Problems, Lecture Notes in Computer Science, vol.134, issue.2, pp.159-190, 2011. ,
DOI : 10.1007/978-3-642-14518-6_27
URL : https://hal.archives-ouvertes.fr/hal-00640637
Analyzing Blockwise Lattice Algorithms Using Dynamical Systems, Advances in Cryptology ? CRYPTO 2011, pp.447-464, 2011. ,
DOI : 10.1007/978-3-642-22792-9_25
URL : https://hal.archives-ouvertes.fr/hal-00640638
mpmath: a Python library for arbitrary-precision floating-point arithmetic (version 0.17), 2011. ,
Better Key Sizes (and Attacks) for LWE-Based Encryption, Topics in Cryptology ? CT-RSA 2011, pp.319-339, 2011. ,
DOI : 10.1007/3-540-45708-9_19
Solving BDD by Enumeration: An Update, Lecture Notes in Computer Science, vol.7779, pp.293-309, 2013. ,
DOI : 10.1007/978-3-642-36095-4_19
URL : https://hal.archives-ouvertes.fr/hal-00864361
SWIFFT: A Modest Proposal for FFT Hashing, Fast Software Encryption, pp.54-72, 2008. ,
DOI : 10.1007/978-3-540-71039-4_4
Lattice-based cryptography, Post-Quantum Cryptography, pp.147-191, 2009. ,
H-LLL, Proceedings of the 2009 international symposium on Symbolic and algebraic computation, ISSAC '09, pp.271-278, 2009. ,
DOI : 10.1145/1576702.1576740
URL : https://hal.archives-ouvertes.fr/hal-00550979
Lattice reduction algorithms: Theory and practice, Advances in Cryptology -EUROCRYPT 2011, pp.2-6, 2011. ,
Low-dimensional lattice basis reduction revisited, ACM Transactions on Algorithms, vol.5, issue.4, 2009. ,
Solving the shortest lattice vector problem in time 2 2.465n . IACR Cryptology ePrint Archive, p.605, 2009. ,
URL : https://hal.archives-ouvertes.fr/hal-00550976
On lattices, learning with errors, random linear codes, and cryptography, J. ACM, vol.56, issue.6, 2009. ,
The Learning with Errors Problem (Invited Survey), 2010 IEEE 25th Annual Conference on Computational Complexity, pp.191-204, 2010. ,
DOI : 10.1109/CCC.2010.26
Estimating the security of lattice-based cryptosystems, IACR Cryptology ePrint Archive, p.137, 2010. ,