Flags and Lattice Basis Reduction

ACM Transactions on Algorithms, 2009

Lattice reduction is a geometric generalization of the problem of computing greatest common divisors. Most of the interesting algorithmic problems related to lattice reduction are NP-hard as the lattice dimension increases. This article deals with the low-dimensional case. We study a greedy lattice basis reduction algorithm for the Euclidean norm, which is arguably the most natural lattice basis reduction algorithm, because it is a straightforward generalization of an old two-dimensional algorithm of Lagrange, usually known as Gauss' algorithm, and which is very similar to Euclid's gcd algorithm. Our results are two-fold. From a mathematical point of view, we show that up to dimension four, the output of the greedy algorithm is optimal: the output basis reaches all the successive minima of the lattice. However, as soon as the lattice dimension is strictly higher than four, the output basis may be arbitrarily bad as it may not even reach the first minimum. More importantly, from a computational point of view, we show that up to dimension four, the bit-complexity of the greedy algorithm is quadratic without fast integer arithmetic, just like Euclid's gcd algorithm. This was already proved by Semaev up to dimension three using rather technical means, but it was previously unknown whether or not the algorithm was still polynomial in dimension four. We propose two different analyzes: a global approach based on the geometry of the current basis when the length decrease stalls, and a local approach showing directly that a significant length decrease must occur every O(1) consecutive steps. Our analyzes simplify Semaev's analysis in dimensions two and three, and unify the cases of dimensions two to four. Although the global approach is much simpler, we also present the local approach because it gives further information on the behavior of the algorithm. 2 · P. Q. Nguyen and D. Stehlé 2008; and in practice for high-dimensional lattices are based on a repeated use of low-dimensional HKZ-reduction.

Basis reduction for layered lattices, 2011

In this thesis we develop a generalized theory of lattices (discrete subgroups of an Euclidean space) and the associated algorithmic theory of basis reduction. This generalized setting is motivated and better suited for solving problems like linear algebra of the integers and related problems as explained in the introduction. It is also of theoretical interest. For example, in the problem of the compactification of the moduli space of lattices of given rank.

Proceedings of the 2019 on International Symposium on Symbolic and Algebraic Computation, 2019

Given (a, b) ∈ Z 2 , Euclid's algorithm outputs the generator gcd(a, b) of the ideal aZ + bZ. Computing a lattice basis is a high-dimensional generalization: given a 1 ,. .. , a n ∈ Z m , find a Z-basis of the lattice L = { n i=1 x i a i , x i ∈ Z} generated by the a i 's. The fastest algorithms known are HNF algorithms, but are not adapted to all applications, such as when the output should not be much longer than the input. We present an algorithm which extracts such a short basis within the same time as an HNF, by reduction to HNF. We also present an HNF-less algorithm, which reduces to Euclid's extended algorithm and can be generalized to quadratic forms. Both algorithms can extend primitive sets into bases.

Encyclopedia of Cryptography and Security, 2011

International Journal of Applied and Computational Mathematics, 2015

In this paper we experimentally compare the performance of the L 2 lattice basis reduction algorithm, whose importance recently became evident, with our own Gram-based lattice basis reduction algorithm, which is a variant of the Schnorr-Euchner algorithm. We conclude with observations about the algorithms under investigation for lattice basis dimensions up to the theoretical limit. We also reexamine the notion of "buffered transformations" and its impact on performance of lattice basis reduction algorithms. We experimentally compare four different algorithms directly in the Sage Mathematics Software: our own algorithm, the L 2 algorithm and "buffered" versions of them resulting in a total of four algorithms.

IEEE Signal Processing Magazine, 2011

attice reduction is a powerful concept for solving diverse problems involving point lattices. Signal processing applications where lattice reduction has been successfully used include global positioning system (GPS), frequency estimation, color space estimation in JPEG pictures, and particularly data detection and precoding in wireless communication systems. In this article, we first provide some background on point lattices and then give a tutorial-style introduction to the theoretical and practical aspects of lattice reduction. We describe the most important lattice reduction algorithms and comment on their performance and computational complexity. Finally, we discuss the application of lattice reduction in wireless communications and statistical signal processing. Throughout the article, we point out open problems and interesting questions for future research.

2017

The credit on {\it reduction theory} goes back to the work of Lagrange, Gauss, Hermite, Korkin, Zolotarev, and Minkowski. Modern reduction theory is voluminous and includes the work of A. Lenstra, H. Lenstra and L. Lovasz who created the well known LLL algorithm, and many other researchers such as L. Babai and C. P. Schnorr who created significant new variants of basis reduction algorithms. In this paper, we propose and investigate the efficacy of new optimization techniques to be used along with LLL algorithm. The techniques we have proposed are: i) {\it hill climbing (HC)}, ii) {\it lattice diffusion-sub lattice fusion (LDSF)}, and iii) {\it multistage hybrid LDSF-HC}. The first technique relies on the sensitivity of LLL to permutations of the input basis $B$, and optimization ideas over the symmetric group $S_m$ viewed as a metric space. The second technique relies on partitioning the lattice into sublattices, performing basis reduction in the partition sublattice blocks, fusing ...

ArXiv, 2019

We introduce a framework generalizing lattice reduction algorithms to module lattices in order to practically and efficiently solve the $\gamma$-Hermite Module-SVP problem over arbitrary cyclotomic fields. The core idea is to exploit the structure of the subfields for designing a doubly-recursive strategy of reduction: both recursive in the rank of the module and in the field we are working in. Besides, we demonstrate how to leverage the inherent symplectic geometry existing in the tower of fields to provide a significant speed-up of the reduction for rank two modules. The recursive strategy over the rank can also be applied to the reduction of Euclidean lattices, and we can perform a reduction in asymptotically almost the same time as matrix multiplication. As a byproduct of the design of these fast reductions, we also generalize to all cyclotomic fields and provide speedups for many previous number theoretical algorithms. Quantitatively, we show that a module of rank 2 over a cycl...

Lecture Notes in Computer Science, 2010

Lattice reduction is known to be a very powerful tool in modern cryptanalysis. In the literature, there are many lattice reduction algorithms that have been proposed with various time complexity (from quadratic to subexponential). These algorithms can be utilized to find a short vector of a lattice with a small norm. Over time, shorter vector will be found by incorporating these methods. In this paper, we take a different approach by presenting a methodology that can be applied to any lattice reduction algorithms, with the implication that enables us to find a shorter vector (i.e. a smaller solution) while requiring shorter computation time. Instead of applying a lattice reduction algorithm to a complete lattice, we work on a sublattice with a smaller dimension chosen in the function of the lattice reduction algorithm that is being used. This way, the lattice reduction algorithm will be fully utilized and hence, it will produce a better solution. Furthermore, as the dimension of the lattice becomes smaller, the time complexity will be better. Hence, our methodology provides us with a new direction to build a lattice that is resistant to lattice reduction attacks. Moreover, based on this methodology, we also propose a recursive method for producing an optimal approach for lattice reduction with optimal computational time, regardless of the lattice reduction algorithm used. We evaluate our technique by applying it to break the lattice challenge 1 by producing the shortest vector known so far. Our results outperform the existing known results and hence, our results achieve the record in the lattice challenge problem.

Proceedings of the Fifth International C* Conference on Computer Science and Software Engineering - C3S2E '12, 2012

The famous LLL algorithm is the first polynomial time lattice reduction algorithm which is widely used in many applications. In this paper, we prove the convergence of a novel polynomial time lattice reduction algorithm, called the Jacobi method introduced by S. Qiao [23], and show that it has the same complexity as the LLL algorithm. Our experimental results show that the Jacobi method outperforms the LLL algorithm in not only efficiency, but also orthogonality defect of the bases it produces.