Quantum Lattice Sieving

TL;DR

This paper introduces a heuristic quantum lattice sieving algorithm that significantly reduces memory requirements from exponential to polynomial, potentially advancing quantum-resistant lattice cryptography.

Contribution

It presents a novel quantum sieving method with polynomial memory complexity, contrasting with traditional exponential-memory sieving algorithms.

Findings

Memory complexity is polynomial in vector length.

The algorithm offers a heuristic approach to lattice sieving.

Potential for improved quantum-resistant cryptographic primitives.

Abstract

Lattices are very important objects in the effort to construct cryptographic primitives that are secure against quantum attacks. A central problem in the study of lattices is that of finding the shortest non-zero vector in the lattice. Asymptotically, sieving is the best known technique for solving the shortest vector problem, however, sieving requires memory exponential in the dimension of the lattice. As a consequence, enumeration algorithms are often used in place of sieving due to their linear memory complexity, despite their super-exponential runtime. In this work, we present a heuristic quantum sieving algorithm that has memory complexity polynomial in the size of the length of the sampled vectors at the initial step of the sieve. In other words, unlike most sieving algorithms, the memory complexity of our algorithm does not depend on the number of sampled vectors at the initial step of the sieve.