P. Lindner and . In, Lindner and Peikert propose new attacks and parameters for LWE Table 2 lists concrete costs of the BKW algorithm for solving LWE under the parameter choices from [21] as interpreted in [6] In our computations t = 2.7 produced the best results, i.e., higher values of t resulted in m growing too fast, m log 2 #Zq in log 2 #Z2 log 2 #Ls

M. Ajtai, R. Kumar, and D. Sivakumar, Sampling short lattice vectors and the closest lattice vector problem, Proceedings 17th IEEE Annual Conference on Computational Complexity, pp.53-57, 2002.
DOI : 10.1109/CCC.2002.1004339

M. Albrecht, C. Cid, J. Faugère, R. Fitzpatrick, and L. Perret, On the complexity of the Arora-Ge algorithm against LWE, SCC '12: Proceedings of the 3nd International Conference on Symbolic Computation and Cryptography, pp.93-99, 2012.
URL : https://hal.archives-ouvertes.fr/hal-00776434

R. Martin and . Albrecht, bkw-estimator.py, 2012. available at https://bitbucket.org/malb/research-snippets

M. R. Albrecht, P. Farshim, J. Faugère, and L. Perret, Polly Cracker, revisited, Advances in Cryptology ? ASIACRYPT 2011. full version available as Cryptology ePrint Archive, pp.179-196, 2011.
DOI : 10.1007/978-3-642-25385-0_10
URL : https://hal.archives-ouvertes.fr/hal-01112976

M. R. Albrecht, R. Fitzpatrick, D. Cabracas, F. Göpfert, and M. Schneider, A generator for LWE and Ring-LWE instances, 2013

S. Arora and R. Ge, New Algorithms for Learning in Presence of Errors, Lecture Notes in Computer Science, vol.6755, pp.403-415, 2011.
DOI : 10.1007/978-3-540-85174-5_31

T. Baigneres, P. Junod, and S. Vaudenay, How Far Can We Go Beyond Linear Cryptanalysis?, Advances in Cryptology ? ASIACRYPT 2004, pp.432-450, 2004.
DOI : 10.1007/978-3-540-30539-2_31

A. Blum, A. Kalai, and H. Wasserman, Noise-tolerant learning, the parity problem, and the statistical query model, Journal of the ACM, vol.50, issue.4, pp.506-519, 2003.
DOI : 10.1145/792538.792543

Z. Brakerski, A. Langlois, C. Peikert, O. Regev, and D. Stehlé, Classical hardness of learning with errors, Proceedings of the 45th annual ACM symposium on Symposium on theory of computing, STOC '13, 2013.
DOI : 10.1145/2488608.2488680
URL : https://hal.archives-ouvertes.fr/hal-00922194

Z. Brakerski and V. Vaikuntanathan, Efficient Fully Homomorphic Encryption from (Standard) LWE, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science, pp.97-106, 2011.
DOI : 10.1109/FOCS.2011.12

Y. Chen and P. Q. Nguyen, BKZ 2.0: Better Lattice Security Estimates, Advances in Cryptology - ASIACRYPT 2011, pp.1-20, 2011.
DOI : 10.1007/978-3-642-25385-0_1
URL : https://hal.archives-ouvertes.fr/hal-01109961

L. Duembgen, Bounding standard gaussian tail probabilities, 2010.

P. Fouque, An improved LPN algorithm, Security and Cryptography for Networks, 5th International Conference, pp.348-359, 2006.
URL : https://hal.archives-ouvertes.fr/inria-00563959

N. Gama, P. Q. Nguyen, and O. Regev, Lattice Enumeration Using Extreme Pruning, Advances in Cryptology ? EUROCRYPT 2010, pp.257-278, 2010.
DOI : 10.1007/978-3-642-13190-5_13
URL : https://hal.archives-ouvertes.fr/hal-01083526

C. Gentry, A fully homomorphic encryption scheme, 2009.

C. Gentry, C. Peikert, and V. Vaikuntanathan, Trapdoors for hard lattices and new cryptographic constructions, Proceedings of the fourtieth annual ACM symposium on Theory of computing, STOC 08, pp.197-206, 2008.
DOI : 10.1145/1374376.1374407

G. Hanrot, X. Pujol, and D. Stehlé, Algorithms for the Shortest and Closest Lattice Vector Problems, Lecture Notes in Computer Science, vol.134, issue.2, pp.159-190, 2011.
DOI : 10.1007/978-3-642-14518-6_27
URL : https://hal.archives-ouvertes.fr/hal-00640637

G. Hanrot, X. Pujol, and D. Stehlé, Analyzing Blockwise Lattice Algorithms Using Dynamical Systems, Advances in Cryptology ? CRYPTO 2011, pp.447-464, 2011.
DOI : 10.1007/978-3-642-22792-9_25
URL : https://hal.archives-ouvertes.fr/hal-00640638

F. Johansson, mpmath: a Python library for arbitrary-precision floating-point arithmetic (version 0.17), 2011.

R. Lindner and C. Peikert, Better Key Sizes (and Attacks) for LWE-Based Encryption, Topics in Cryptology ? CT-RSA 2011, pp.319-339, 2011.
DOI : 10.1007/3-540-45708-9_19

M. Liu and P. Q. Nguyen, Solving BDD by Enumeration: An Update, Lecture Notes in Computer Science, vol.7779, pp.293-309, 2013.
DOI : 10.1007/978-3-642-36095-4_19
URL : https://hal.archives-ouvertes.fr/hal-00864361

V. Lyubashevsky, D. Micciancio, C. Peikert, and A. Rosen, SWIFFT: A Modest Proposal for FFT Hashing, Fast Software Encryption, pp.54-72, 2008.
DOI : 10.1007/978-3-540-71039-4_4

D. Micciancio and O. Regev, Lattice-based cryptography, Post-Quantum Cryptography, pp.147-191, 2009.

I. Morel, D. Stehlé, and G. Villard, H-LLL, Proceedings of the 2009 international symposium on Symbolic and algebraic computation, ISSAC '09, pp.271-278, 2009.
DOI : 10.1145/1576702.1576740
URL : https://hal.archives-ouvertes.fr/hal-00550979

Q. Phong and . Nguyen, Lattice reduction algorithms: Theory and practice, Advances in Cryptology -EUROCRYPT 2011, pp.2-6, 2011.

Q. Phong, D. Nguyen, and . Stehlé, Low-dimensional lattice basis reduction revisited, ACM Transactions on Algorithms, vol.5, issue.4, 2009.

X. Pujol and D. Stehlé, Solving the shortest lattice vector problem in time 2 2.465n . IACR Cryptology ePrint Archive, p.605, 2009.
URL : https://hal.archives-ouvertes.fr/hal-00550976

O. Regev, On lattices, learning with errors, random linear codes, and cryptography, J. ACM, vol.56, issue.6, 2009.

O. Regev, The Learning with Errors Problem (Invited Survey), 2010 IEEE 25th Annual Conference on Computational Complexity, pp.191-204, 2010.
DOI : 10.1109/CCC.2010.26

M. Rückert and M. Schneider, Estimating the security of lattice-based cryptosystems, IACR Cryptology ePrint Archive, p.137, 2010.