Algorithms for CRT-variant of Approximate Greatest Common Divisor Problem

The approximate greatest common divisor problem (ACD) and its variants have been used to construct many cryptographic primitives. In particular, the variants of the ACD problem based on Chinese remainder theorem (CRT) are being used in the constructions of a batch fully homomorphic encryption to encrypt multiple messages in one ciphertext. Despite the utility of the CRT-variant scheme, the algorithms that secures its security foundation have not been probed well enough. In this paper, we propose two algorithms and the results of experiments in which the proposed algorithms were used to solve the variant problem. Both algorithms take the same time complexity 2O~(γ(η-ρ)2) $\begin{array}{} \displaystyle 2^{\tilde{O}(\frac{\gamma}{(\eta-\rho)^2})} \end{array}$ up to a polynomial factor to solve the variant problem for the bit size of samples γ, secret primes η, and error bound ρ. Our algorithm gives the first parameter condition related to η and γsize. From the results of the experiments, it has been proved that the proposed algorithms work well both in theoretical and experimental terms.