A New Angle on Lattice Sieving for the Number Field Sieve

TL;DR

This paper introduces a novel three-dimensional lattice enumeration method that significantly accelerates lattice sieving in the number field sieve, demonstrated by a record computation in a large finite field.

Contribution

It presents a new lattice enumeration technique using successive minima and shortest vectors, enabling faster computations in higher dimensions for the number field sieve.

Findings

Nearly 3 times faster than previous record

Successful application to a 133-bit subgroup in a 423-bit field

Method generalizes to higher dimensions

Abstract

Lattice sieving in two or more dimensions has proven to be an indispensable practical aid in integer factorization and discrete log computations involving the number field sieve. The main contribution of this article is to show that a different method of lattice enumeration in three dimensions will provide a significant speedup. We use the successive minima and shortest vectors of the lattice instead of transition vectors to iterate through lattice points. We showcase the new method by a record computation in a 133-bit subgroup of $\mathbb{F}_{p^6}$, with $p^6$ having 423 bits. Our overall timing nearly $3$ times faster than the previous record of a 132-bit subgroup in a 422-bit field. The approach generalizes to dimensions 4 or more, overcoming a key obstruction to the implementation of the tower number field sieve.