Finding short integer solutions when the modulus Is small
We present cryptanalysis of the inhomogenous short integer solution (ISIS ) problem for anomalously small moduli q by exploiting the geometry of BKZ reduced bases of q-ary lattices. We apply this cryptanalysis to examples from the literature where taking such small moduli has been suggested. A recent work [Espitau–Tibouchi–Wallet–Yu, CRYPTO 2022] suggests small q versions of the lattice signature scheme Falcon and its variant Mitaka. For one small q parametrisation of Falcon we reduce the estimated security against signature forgery by approximately 26 bits. For one small q parametrisation of Mitaka we successfully forge a signature in 15 s.
|Lecture Notes in Computer Science|
|A Reduction Theory for Codes and Lattices in Cryptography|
|43rd Annual International Cryptology Conference, CRYPTO 2023|
Ducas, L, Espitau, T, & Postlethwaite, E.W. (2023). Finding short integer solutions when the modulus Is small. In Advances in Cryptology (pp. 150–176). doi:10.1007/978-3-031-38548-3_6