The paper in question[1]. This will make some practical attacks faster, e.g. the recent attack on some SSH & IKE implementations[2] which misused RSA-PKCS#1v1.5.<p>[1] <a href="https://eprint.iacr.org/2023/237" rel="nofollow noreferrer">https://eprint.iacr.org/2023/237</a><p>[2] <a href="https://eprint.iacr.org/2023/1711" rel="nofollow noreferrer">https://eprint.iacr.org/2023/1711</a>
This is super helpful context for this article, and also one of the best pieces of technical writing I've ever read:<p><a href="https://kel.bz/post/lll/" rel="nofollow noreferrer">https://kel.bz/post/lll/</a><p>We talked to Martin Albrecht on the podcast a few weeks ago about the attack model on lattice cryptography (like Kyber, the NIST PQC winner); lattice basis reduction is central to that attack.
Code for the new algorithm: <a href="https://github.com/keeganryan/flatter">https://github.com/keeganryan/flatter</a><p>It does indeed perform better than traditional LLL for some classes of matrix, and serves as a nice drop-in replacement for those problems. It doesn’t always seem to yield a speedup though, and the program is prone to crashing sometimes. Such is academic code…