CWI Cryptology Group

Abstract: We will show how recent advances about random ideals in number fields unlock long-standing obstacles in computational number theory. In particular, we present the first algorithm for computing class groups and unit groups of arbitrary number fields that provably runs in probabilistic subexponential time, assuming the Extended Riemann Hypothesis (ERH). Previous subexponential algorithms were either restricted to imaginary quadratic fields, or relied on several heuristic assumptions that have long resisted rigorous analysis. The key ingredient is a rapid-equidistribution theorem for random walks in the space of ideal lattices – the Arakelov class group.

Abstract: In joint work with Koen de Boer, Aurel Page, and Benjamin Wesolowski, we study the hardness of the approximate Shortest Independent Vectors Problem (SIVP) for random module lattices. We use here a natural notion of randomness as defined originally by Siegel through Haar measures. The main result is a worst-case to average-case reduction for varying number fields and arbitrary fixed rank. While this was previously known for ideal lattices (those of rank 1), it is the first such result in higher rank. I will give an overview of the reduction and discuss some of the challenges. The work involves deep number theoretic techniques and results, such as the equidistribution of Hecke points, which we study using the spectral theory of automorphic forms. This talk should be accessible to both cryptographers and number theorists.