research-article

Free access

An LLL-reduction algorithm with quasi-linear time complexity: extended abstract

Authors:

Andrew Novocin,

Damien Stehlé,

Gilles VillardAuthors Info & Claims

STOC '11: Proceedings of the forty-third annual ACM symposium on Theory of computing

Pages 403 - 412

https://doi.org/10.1145/1993636.1993691

Published: 06 June 2011 Publication History

Abstract

We devise an algorithm, L1, with the following specifications: It takes as input an arbitrary basis B=(b_i)_i ∈ Z^{d x d} of a Euclidean lattice L; It computes a basis of L which is reduced for a mild modification of the Lenstra-Lenstra-Lovász reduction; It terminates in time O(d^5+ε β + d^ω+1+ε β^1+ε) where β = log max |b_i| (for any ε>0 and ω is a valid exponent for matrix multiplication). This is the first LLL-reducing algorithm with a time complexity that is quasi-linear in β and polynomial in d.

The backbone structure of L1 is able to mimic the Knuth-Schönhage fast gcd algorithm thanks to a combination of cutting-edge ingredients. First the bit-size of our lattice bases can be decreased via truncations whose validity are backed by recent numerical stability results on the QR matrix factorization. Also we establish a new framework for analyzing unimodular transformation matrices which reduce shifts of reduced bases, this includes bit-size control and new perturbation tools. We illustrate the power of this framework by generating a family of reduction algorithms.

Supplementary Material

JPG File (stoc_7b_1.jpg)

Download
13.30 KB

MP4 File (stoc_7b_1.mp4)

Download
89.96 MB

References

[1]

Karim Belabas. A relative van Hoeij algorithm over number fields. Journal of Symbolic Computation, 37(5):641--668, 2004.

[2]

X.-W. Chang, D. Stehlé, and G. Villard. Perturbation analysis of the QR Factor $R$ in the context of LLL lattice basis reduction. To appear in Mathematics of Computation. HAL Report ensl-00529425, http://prunel.ccsd.cnrs.fr/ensl-00529425/en, École Normale Supérieure de Lyon, France, 2010.

[3]

D. Coppersmith. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. Journal of Cryptology, 10(4):233--260, 1997.

Digital Library

[4]

D. Coppersmith and S. Winograd. Matrix multiplication via arithmetic progressions. Journal of Symbolic Computation, 9(3):251--280, 1990.

Digital Library

[5]

F. Eisenbrand. Short vectors of planar lattices via continued fractions. Inf. Process. Lett., 79(3):121--126, 2001.

Digital Library

[6]

F. Eisenbrand. 50 Years of Integer Programming 1958--2008, From the Early Years to the State-of-the-Art, chapter Integer Programming and Algorithmic Geometry of Numbers. Springer-Verlag, 2009.

[7]

F. Eisenbrand and G. Rote. Fast reduction of ternary quadratic forms. In Proceedings of the 2001 Cryptography and Lattices Conference (CALC'01), volume 2146 of Lecture Notes in Computer Science, pages 32--44. Springer-Verlag, 2001.

Digital Library

[8]

N. Higham. Accuracy and Stability of Numerical Algorithms. SIAM Publications, 2002.

Digital Library

[9]

M. Hoeijvan Hoeij. Factoring polynomials and 0--1 vectors. In Proceedings of the 2001 Cryptography and Lattices Conference (CALC'01), volume 2146 of Lecture Notes in Computer Science, pages 45--50. Springer-Verlag, 2001.

Digital Library

[10]

M. Hoeijvan Hoeij and A. Novocin. Gradual sub-lattice reduction and a new complexity for factoring polynomials. In Proceedings of the 9th Latin American Theoretical Informatics Symposium LATIN 2010, volume 6034 of Lecture Notes in Computer Science, pages 539--553. Springer-Verlag, 2010.

Digital Library

[11]

E. Kaltofen. On the complexity of finding short vectors in integer lattices. In Proceedings of EUROCAL'83, volume 162 of Lecture Notes in Computer Science, pages 236--244. Springer-Verlag, 1983.

Digital Library

[12]

R. Kannan, A. K. Lenstra, and L. Lovász. Polynomial factorization and nonrandomness of bits of algebraic and some transcendental numbers. In Proceedings of STOC 1984, pages 191--200. ACM Press, 1984.

Digital Library

[13]

D. Knuth. The analysis of algorithms. In Actes du Congrès International des Mathématiciens (Nice, 1970), volume 3, pages 269--274. Gauthiers-Villars, 1971.

[14]

H. Koy and C. P. Schnorr. Segment LLL-reduction of lattice bases. In Proceedings of the 2001 Cryptography and Lattices Conference (CALC'01), volume 2146 of Lecture Notes in Computer Science, pages 67--80. Springer-Verlag, 2001.

Digital Library

[15]

D. H. Lehmer. Euclid's algorithm for large numbers. American Mathematical Monthly, 45:227--233, 1938.

[16]

A. K. Lenstra, H. W. Lenstra, Jr., and L. Lovász. Factoring polynomials with rational coefficients. Mathematische Annalen, 261:515--534, 1982.

[17]

K. S. McCurley and J. L. Hafner. Asymptotically fast triangularization of matrices over rings. SIAM Journal on Computing, 20:1068--1083, 1991.

Digital Library

[18]

D. Micciancio and S. Goldwasser. Complexity of lattice problems: a cryptographic perspective. Kluwer Academic Press, 2002.

Digital Library

[19]

I. Morel, D. Stehlé, and G. Villard. From an LLL-reduced basis to another. In progress.

[20]

I. Morel, D. Stehlé, and G. Villard. H-LLL: using Householder inside LLL. In Proceedings of the 2009 international symposium on Symbolic and algebraic computation (ISSAC'09), pages 271--278. ACM Press, 2009.

Digital Library

[21]

P. Q. Nguyen and D. Stehlé. An LLL algorithm with quadratic complexity. SIAM Journal on Computing, 39(3):874--903, 2009.

Digital Library

[22]

P. Q. Nguyen and B. Vallée (editors). The LLL Algorithm: Survey and Applications. Information Security and Cryptography. Springer-Verlag, 2009. Published after the LLL25 conference held in Caen in June 2007, in honour of the 25th anniversary of the LLL algorithm.

Digital Library

[23]

A. Novocin. Factoring Univariate Polynomials over the Rationals. PhD thesis, Florida State University, 2008.

Digital Library

[24]

A. Novocin, D. Stehlé, and G. Villard. An LLL-reduction algorithm with quasi-linear time complexity. HAL Report ensl-00534899, http://prunel.ccsd.cnrs.fr/ensl-00534899/en, École Normale Supérieure de Lyon, France, 2010.

[25]

C. P. Schnorr. A more efficient algorithm for lattice basis reduction. Journal of Algorithms, 9(1):47--62, 1988.

Digital Library

[26]

C. P. Schnorr. Fast LLL-type lattice reduction. Information and Computation, 204:1--25, 2005.

Digital Library

[27]

A. Schönhage. Schnelle Berechnung von Kettenbruchentwicklungen. Acta Informatica, 1:139--144, 1971.

Digital Library

[28]

A. Schönhage. Factorization of univariate integer polynomials by Diophantine approximation and improved basis reduction algorithm. In Proceedings of the 1984 International Colloquium on Automata, Languages and Programming (ICALP 1984), volume 172 of Lecture Notes in Computer Science, pages 436--447. Springer-Verlag, 1984.

Digital Library

[29]

A. Schönhage. Fast reduction and composition of binary quadratic forms. In Proceedings of the 1991 International Symposium on Symbolic and Algebraic Computation (ISSAC'91), pages 128--133. ACM Press, 1991.

Digital Library

[30]

D. Stehlé. Floating-point LLL: theoretical and practical aspects. Chapter of {25}.

[31]

A. Storjohann. Faster Algorithms for Integer Lattice Basis Reduction. Technical Report TR 249, ETH, Dpt. Comp. Sc., Zürich, Switzerland, 1996.

[32]

A. Storjohann and G. Labahn. Asymptotically fast computation of Hermite normal forms of integer matrices. In Proceedings of the 1996 international symposium on Symbolic and algebraic computation (ISSAC'96), pages 259--266. ACM Press, 1996.

Digital Library

[33]

C. K. Yap. Fast unimodular reduction: planar integer lattices. In Proceedings of the 1992 Symposium on the Foundations of Computer Science (FOCS 1992), pages 437--446. IEEE Computer Society Press, 1992.

Digital Library

Cited By

Ryan KHeninger N(2023)Fast Practical Lattice Reduction Through Iterated CompressionAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38548-3_1(3-36)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38548-3_1
Kauers MKoutschan CMaza MZhi L(2022)Guessing with Little DataProceedings of the 2022 International Symposium on Symbolic and Algebraic Computation10.1145/3476446.3535486(83-90)Online publication date: 4-Jul-2022
https://dl.acm.org/doi/10.1145/3476446.3535486
Xu JSarkar SHu L(2022)Revisiting orthogonal lattice attacks on approximate common divisor problemsTheoretical Computer Science10.1016/j.tcs.2022.02.005Online publication date: Feb-2022
https://doi.org/10.1016/j.tcs.2022.02.005
Show More Cited By

Index Terms

An LLL-reduction algorithm with quasi-linear time complexity: extended abstract

Recommendations

Faster LLL-type Reduction of Lattice Bases
ISSAC '16: Proceedings of the 2016 ACM International Symposium on Symbolic and Algebraic Computation

We describe an asymptotically fast variant of the LLL lattice reduction algorithm. It takes as input a basis B ∈ Z^{n x n} and returns a (reduced) basis C of the Euclidean lattice L spanned by B, whose first vector satisfies |c₁| ≤ (1+c) (4/3)^(n-1)/4 (det L)...
Recent progress in linear algebra and lattice basis reduction
ISSAC '11: Proceedings of the 36th international symposium on Symbolic and algebraic computation

A general goal concerning fundamental linear algebra problems is to reduce the complexity estimates to essentially the same as that of multiplying two matrices (plus possibly a cost related to the input and output sizes). Among the bottlenecks one ...
Fast LLL-type lattice reduction

We modify the concept of LLL-reduction of lattice bases in the sense of Lenstra, Lenstra, Lovasz, Factoring polynomials with rational coefficients, Math. Ann. 261 (1982) 515-534 towards a faster reduction algorithm. We organize LLL-reduction in segments ...

Comments

Information & Contributors

Information

Published In

cover image ACM Conferences

STOC '11: Proceedings of the forty-third annual ACM symposium on Theory of computing

June 2011

840 pages

ISBN:9781450306911

DOI:10.1145/1993636

General Chair:
Lance Fortnow
Northwestern University
,
Program Chair:
Salil Vadhan
Harvard University

Copyright © 2011 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

SIGACT: ACM Special Interest Group on Algorithms and Computation Theory

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 06 June 2011

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

STOC'11

Sponsor:

SIGACT

STOC'11: Symposium on Theory of Computing

June 6 - 8, 2011

California, San Jose, USA

Acceptance Rates

STOC '11 Paper Acceptance Rate 84 of 304 submissions, 28%;

Overall Acceptance Rate 1,469 of 4,586 submissions, 32%

Upcoming Conference

STOC '25

Sponsor:
sigact

57th Annual ACM Symposium on Theory of Computing (STOC 2025)

June 23 - 27, 2025

Prague , Czech Republic

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

37
Total Citations
View Citations
731
Total Downloads

Downloads (Last 12 months)117
Downloads (Last 6 weeks)15

Reflects downloads up to 12 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

Ryan KHeninger N(2023)Fast Practical Lattice Reduction Through Iterated CompressionAdvances in Cryptology – CRYPTO 202310.1007/978-3-031-38548-3_1(3-36)Online publication date: 20-Aug-2023
https://dl.acm.org/doi/10.1007/978-3-031-38548-3_1
Kauers MKoutschan CMaza MZhi L(2022)Guessing with Little DataProceedings of the 2022 International Symposium on Symbolic and Algebraic Computation10.1145/3476446.3535486(83-90)Online publication date: 4-Jul-2022
https://dl.acm.org/doi/10.1145/3476446.3535486
Xu JSarkar SHu L(2022)Revisiting orthogonal lattice attacks on approximate common divisor problemsTheoretical Computer Science10.1016/j.tcs.2022.02.005Online publication date: Feb-2022
https://doi.org/10.1016/j.tcs.2022.02.005
Checcoli SFehm A(2021)Constructing totally p-adic numbers of small heightInternational Journal of Number Theory10.1142/S179304212250029418:03(501-514)Online publication date: 31-Aug-2021
https://doi.org/10.1142/S1793042122500294
Harvey DHittmeir M(2021)A log-log speedup for exponent one-fifth deterministic integer factorisationMathematics of Computation10.1090/mcom/3708Online publication date: 15-Dec-2021
https://doi.org/10.1090/mcom/3708
Morain FRenault GSmith B(2021)Deterministic factoring with oraclesApplicable Algebra in Engineering, Communication and Computing10.1007/s00200-021-00521-834:4(663-690)Online publication date: 16-Sep-2021
https://doi.org/10.1007/s00200-021-00521-8
Kirchner PEspitau TFouque P(2021)Towards Faster Polynomial-Time Lattice ReductionAdvances in Cryptology – CRYPTO 202110.1007/978-3-030-84245-1_26(760-790)Online publication date: 11-Aug-2021
https://doi.org/10.1007/978-3-030-84245-1_26
Cho GLee HLim S(2020)Storage efficient algorithm for Hermite Normal Form using LLLLinear Algebra and its Applications10.1016/j.laa.2020.12.022Online publication date: Dec-2020
https://doi.org/10.1016/j.laa.2020.12.022
Milio ERobert D(2020)Modular polynomials on Hilbert surfacesJournal of Number Theory10.1016/j.jnt.2020.04.014Online publication date: May-2020
https://doi.org/10.1016/j.jnt.2020.04.014
Kirchner PEspitau TFouque P(2020)Fast Reduction of Algebraic Lattices over Cyclotomic FieldsAdvances in Cryptology – CRYPTO 202010.1007/978-3-030-56880-1_6(155-185)Online publication date: 17-Aug-2020
https://dl.acm.org/doi/10.1007/978-3-030-56880-1_6
Show More Cited By

View Options

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

Figures

Tables

Media

View Table of Conten