An Experimental Comparison of Some LLL-Type Lattice Basis Reduction Algorithms (original) (raw)
Related papers
Techniques in Lattice Basis Reduction
2017
The credit on {\it reduction theory} goes back to the work of Lagrange, Gauss, Hermite, Korkin, Zolotarev, and Minkowski. Modern reduction theory is voluminous and includes the work of A. Lenstra, H. Lenstra and L. Lovasz who created the well known LLL algorithm, and many other researchers such as L. Babai and C. P. Schnorr who created significant new variants of basis reduction algorithms. In this paper, we propose and investigate the efficacy of new optimization techniques to be used along with LLL algorithm. The techniques we have proposed are: i) {\it hill climbing (HC)}, ii) {\it lattice diffusion-sub lattice fusion (LDSF)}, and iii) {\it multistage hybrid LDSF-HC}. The first technique relies on the sensitivity of LLL to permutations of the input basis BBB, and optimization ideas over the symmetric group SmS_mSm viewed as a metric space. The second technique relies on partitioning the lattice into sublattices, performing basis reduction in the partition sublattice blocks, fusing ...
Low-dimensional lattice basis reduction revisited
ACM Transactions on Algorithms, 2009
Lattice reduction is a geometric generalization of the problem of computing greatest common divisors. Most of the interesting algorithmic problems related to lattice reduction are NP-hard as the lattice dimension increases. This article deals with the low-dimensional case. We study a greedy lattice basis reduction algorithm for the Euclidean norm, which is arguably the most natural lattice basis reduction algorithm, because it is a straightforward generalization of an old two-dimensional algorithm of Lagrange, usually known as Gauss' algorithm, and which is very similar to Euclid's gcd algorithm. Our results are two-fold. From a mathematical point of view, we show that up to dimension four, the output of the greedy algorithm is optimal: the output basis reaches all the successive minima of the lattice. However, as soon as the lattice dimension is strictly higher than four, the output basis may be arbitrarily bad as it may not even reach the first minimum. More importantly, from a computational point of view, we show that up to dimension four, the bit-complexity of the greedy algorithm is quadratic without fast integer arithmetic, just like Euclid's gcd algorithm. This was already proved by Semaev up to dimension three using rather technical means, but it was previously unknown whether or not the algorithm was still polynomial in dimension four. We propose two different analyzes: a global approach based on the geometry of the current basis when the length decrease stalls, and a local approach showing directly that a significant length decrease must occur every O(1) consecutive steps. Our analyzes simplify Semaev's analysis in dimensions two and three, and unify the cases of dimensions two to four. Although the global approach is much simpler, we also present the local approach because it gives further information on the behavior of the algorithm. 2 · P. Q. Nguyen and D. Stehlé 2008; and in practice for high-dimensional lattices are based on a repeated use of low-dimensional HKZ-reduction.
Towards an efficient lattice basis reduction implementation
The security of most digital systems is under serious threats due to major technology breakthroughs we are experienced in nowadays. Lattice-based cryptosystems are one of the most promising post-quantum types of cryptography, since it is believed to be secure against quantum computer attacks. Their security is based on the hardness of the Shortest Vector Problem and Closest Vector Problem. Lattice basis reduction algorithms are used in several fields, such as lattice-based cryptography and signal processing. They aim to make the problem easier to solve by obtaining shorter and more orthogonal basis. Some case studies work with numbers with hundreds of digits to ensure harder problems, which require Multiple Precision (MP) arithmetic. This dissertation presents a novel integer representation for MP arithmetic and the algorithms for the associated operations, MpIM. It also compares these implementations with other libraries, such as GNU Multiple Precision Arithmetic Library, where our experimental results display a similar performance and for some operations better performances. This dissertation also describes a novel lattice basis reduction module, LattBRed, which included a novel efficient implementation of the Qiao’s Jacobi method, a Lenstra-Lenstra-Lovász (LLL) algorithm and associated parallel implementations, a parallel variant of the Block Korkine-Zolotarev (BKZ) algorithm and its implementation and MP versions of the the Qiao’s Jacobi method, the LLL and BKZ algorithms. Experimental performances measurements with the set of implemented modifications of the Qiao’s Jacobi method show some performance improvements and some degradations but speedups greater than 100 in Ajtai-type bases.
A complexity analysis of a Jacobi method for lattice basis reduction
Proceedings of the Fifth International C* Conference on Computer Science and Software Engineering - C3S2E '12, 2012
The famous LLL algorithm is the first polynomial time lattice reduction algorithm which is widely used in many applications. In this paper, we prove the convergence of a novel polynomial time lattice reduction algorithm, called the Jacobi method introduced by S. Qiao [23], and show that it has the same complexity as the LLL algorithm. Our experimental results show that the Jacobi method outperforms the LLL algorithm in not only efficiency, but also orthogonality defect of the bases it produces.
An LLL-Reduction Algorithm with Quasi-Linear Time Complexity
We devise an algorithm, L1, with the following specifications: It takes as input an arbitrary basis of a Euclidean lattice L; It computes a basis of L which is reduced for a mild modification of the Lenstra-Lenstra-Lovász reduction; It terminates in time O(d^(5+ε)β +d^(ω+1+ε)β^(1+ε)) where β = log max bits of a basis vector (for any ε > 0 and ω is a valid exponent for matrix multiplication). This is the first LLL-reducing algorithm with a time complexity that is quasi-linear in β and polynomial in d. The backbone structure of L1 is able to mimic the Knuth-Schönhage fast gcd algorithm thanks to a combination of cutting-edge ingredients. First the bit-size of our lattice bases can be decreased via truncations whose validity are backed by recent numerical stability results on the QR matrix factorization. Also we establish a new framework for analyzing unimodular transformation matrices which reduce shifts of reduced bases, this includes bit-size control and new perturbation tools. We illustrate the power of this framework by generating a family of reduction algorithms.
A Complete Analysis of the BKZ Lattice Reduction Algorithm
IACR Cryptol. ePrint Arch., 2020
We present the first rigorous dynamic analysis of BKZ, the most widely used lattice reduction algorithm besides LLL: previous analyses were either heuristic or only applied to variants of BKZ. Namely, we provide guarantees on the quality of the current lattice basis during execution. Our analysis extends to a generic BKZ algorithm where the SVP-oracle is replaced by an approximate oracle and/or the basis update is not necessarily performed by LLL. Interestingly, it also provides quantitative improvements, such as better and simpler bounds for both the output quality and the running time. As an application, we observe that in certain approximation regimes, it is more efficient to use BKZ with an approximate rather than exact SVP-oracle.
A Polynomial Time Jacobi Method for Lattice Basis Reduction
2012
Among all lattice reduction algorithms, the LLL algorithm is the first and perhaps the most famous polynomial time algorithm, and it is widely used in many applications. In 2012, S. Qiao [24] introduced another algorithm, the Jacobi method, for lattice basis reduction. S. Qiao and Z. Tian [25] improved the Jacobi method further to be polynomial time but only produces a Quasi-Reduced basis. In this paper, we present a polynomial time Jacobi method for lattice basis reduction (short as Poly-Jacobi method) that can produce a reduced basis. Our experimental results indicate that the bases produced by Poly-Jacobi method have almost equally good orthogonality defect as the bases produced by the Jacobi method.
IEEE Signal Processing Magazine, 2011
attice reduction is a powerful concept for solving diverse problems involving point lattices. Signal processing applications where lattice reduction has been successfully used include global positioning system (GPS), frequency estimation, color space estimation in JPEG pictures, and particularly data detection and precoding in wireless communication systems. In this article, we first provide some background on point lattices and then give a tutorial-style introduction to the theoretical and practical aspects of lattice reduction. We describe the most important lattice reduction algorithms and comment on their performance and computational complexity. Finally, we discuss the application of lattice reduction in wireless communications and statistical signal processing. Throughout the article, we point out open problems and interesting questions for future research.