An LLL-Reduction Algorithm with Quasi-Linear Time Complexity (original) (raw)

We devise an algorithm, L1, with the following specifications: It takes as input an arbitrary basis of a Euclidean lattice L; It computes a basis of L which is reduced for a mild modification of the Lenstra-Lenstra-Lovász reduction; It terminates in time O(d^(5+ε)β +d^(ω+1+ε)β^(1+ε)) where β = log max bits of a basis vector (for any ε > 0 and ω is a valid exponent for matrix multiplication). This is the first LLL-reducing algorithm with a time complexity that is quasi-linear in β and polynomial in d. The backbone structure of L1 is able to mimic the Knuth-Schönhage fast gcd algorithm thanks to a combination of cutting-edge ingredients. First the bit-size of our lattice bases can be decreased via truncations whose validity are backed by recent numerical stability results on the QR matrix factorization. Also we establish a new framework for analyzing unimodular transformation matrices which reduce shifts of reduced bases, this includes bit-size control and new perturbation tools. We illustrate the power of this framework by generating a family of reduction algorithms.