Lattices (W2–W4) — read upstream

Lattices (W2–W4) — read upstream#

Weeks 2, 3, and 4 follow chapters from the upstream cryptanalysis book Elements of Cryptanalysis. Read them in order before each Tuesday.

Week

Chapter

Direct link

W2

Ch 40 — Lattice Problems — SVP, CVP, and LWE

https://bnaskrecki.faculty.wmi.amu.edu.pl/crypto/book/part14_lattice_crypto/ch40_lattice_problems.html

W3

Ch 41 — ML-KEM (Kyber) — Design and Implementation

https://bnaskrecki.faculty.wmi.amu.edu.pl/crypto/book/part14_lattice_crypto/ch41_ml_kem_kyber.html

W4

Ch 42 — Attacks on Lattice-Based Schemes

https://bnaskrecki.faculty.wmi.amu.edu.pl/crypto/book/part14_lattice_crypto/ch42_attacks_lattice.html

Lab focus per week#

  • W2 lab. Implement LLL from scratch on small bases. Use it to break the Merkle–Hellman knapsack you built in W1 (Chapter 46, Exercise 46.5).

  • W3 lab. Toy LWE keygen / encrypt / decrypt. Run a reference Kyber implementation (pip install pqcrypto); measure key/ciphertext sizes and timings for ML-KEM-512, 768, 1024.

  • W4 lab. Sign / verify with a Dilithium reference implementation. Run a small Kannan-embedding attack on toy LWE (the code in Ch 42 §42.3 is ready to use). Then run Albrecht’s lattice-estimator against the three ML-KEM parameter sets and reproduce the published “core-SVP” security levels.

What to skim vs. read carefully#

  • Skim the historical Ajtai/Regev recap in Ch 40 §40.1 — Adam covered the worst-case/average-case reduction in his complexity lecture.

  • Read carefully the Gram–Schmidt / LLL construction in Ch 40 §40.3–40.7, the NTT in Ch 41 §41.3, and the primal/dual attack analyses in Ch 42 §42.3–42.4.

  • Try the exercises Ex 40.4 (knapsack-via-SVP) and Ex 42.3 (decryption-failure boundary) — both will appear, paraphrased, on the exam.

Contents