Abstract
Lattice reduction algorithms have numerous applications in number theory, algebra, as well as in cryptanalysis. The most famous algorithm for lattice reduction is the LLL algorithm. In polynomial time it computes a reduced basis with provable output quality. One early improvement of the LLL algorithm was LLL with deep insertions (DeepLLL). The output of this version of LLL has higher quality in practice but the running time seems to explode. Weaker variants of DeepLLL, where the insertions are restricted to blocks, behave nicely in practice concerning the running time. However no proof of polynomial running time is known. In this paper PotLLL, a new variant of DeepLLL with provably polynomial running time, is presented. We compare the practical behavior of the new algorithm to classical LLL, BKZ as well as blockwise variants of DeepLLL regarding both the output quality and running time.
This is a preview of subscription content, log in via an institution to check access.
Similar content being viewed by others
Notes
To be able to compute confidence intervals, we assume that the data is distributed normally. We did some more experiments in dimensions 40, 50 and 60 to verify this conjecture: in case of the logarithm of the running time, this conjecture is quite accurate for most experiments; in case of the \(n\)-th root Hermite factor, it seems to be fine for most values, but there is some deviation at the tails.
Fig. 1 
Average \(n\)-th root Hermite factor (\(y\) axis) for dimension \(n\) (\(x\) axis) from 40 to 400
References
Chen Y., Nguyen P.Q.: BKZ 2.0: better lattice security estimates. In: Lee D.H., Wang X. (eds.) Advances in Cryptology—ASIACRYPT 2011. Lecture Notes in Computer Science, vol. 7073, pp. 1–20. Springer, Heidelberg (2011).
Cong L., Mow W.H., Howgrave-Graham N.: Reduced and fixed-complexity variants of the lll algorithm for communications. IEEE Trans. Commun. 61(3), 1040–1050 (2013).
Fontein F., Schneider M., Wagner U.: A polynomial time version of LLL with deep insertions. In: Preproceedings of the International Workshop on Coding and Cryptography, WCC ’13 (2013).
Gama N., Nguyen P.Q.: Predicting lattice reduction. In: Smart N. (ed.) Advances in Cryptology—EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008).
Hanrot G., Pujol X., Stehlé D.: Analyzing blockwise lattice algorithms using dynamical systems. In: Rogaway P. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 6841, pp. 447–464. Springer, Heidelberg (2011).
Lenstra A.K., Lenstra Jr H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982).
Martinet J.: Perfect lattices in Euclidean Spaces. Grundlehren der Mathematischen Wissenschaften (Fundamental Principles of Mathematical Sciences), vol. 327. Springer-Verlag, Berlin (2003).
Micciancio D., Goldwasser S.: Complexity of Lattice Problems: A Cryptographic Perspective. The Kluwer International Series in Engineering and Computer Science, vol. 671. Kluwer Academic Publishers, Boston (2002).
Micciancio D., Regev O.: Lattice-based cryptography. In: Bernstein D.J., Buchmann J., Dahmen E. (eds.) Post-quantum Cryptography, pp. 147–191. Springer, Heidelberg (2008).
Nguyen P.Q., Stehlé D.: Floating-point LLL revisited. In: Cramer R. (ed.) Advances in Cryptology—EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005).
Nguyen P.Q., Stehlé D.: LLL on the average. In: Hess F., Pauli S., Pohst M.E. (eds.) ANTS. Lecture Notes in Computer Science, vol. 4076, pp. 238–256. Springer, Heidelberg (2006).
Nguyen P.Q., Vallée B.: The LLL Algorithm: Survey and Applications. Information Security and Cryptography. Springer, Heidelberg (2010).
Novocin A., Stehlé D., Villard G.: An LLL-reduction algorithm with quasi-linear time complexity: extended abstract. In: STOC, pp. 403–412. ACM, New York (2011).
Schnorr C.-P., Euchner M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(2), 181–199 (1994).
Schnorr C.-P.: Block reduced lattice bases and successive minima. Comb. Prob. Comput. 3, 507–522 (1994).
Acknowledgments
This work was supported by CASED (http://www.cased.de). Michael Schneider was supported by project BU 630/23-1 of the German Research Foundation (DFG). Urs Wagner and Felix Fontein are supported by SNF Grant no. 132256. The authors would like to thank the anonymous referees for their helpful comments. F. F. would also like to thank Kornelius Walter for the helpful discussions about statistics.
Author information
Authors and Affiliations
Corresponding author
Additional information
This is one of several papers published in Designs, Codes and Cryptography comprising the “Special Issue on Coding and Cryptography”.
Rights and permissions
About this article
Cite this article
Fontein, F., Schneider, M. & Wagner, U. PotLLL: a polynomial time version of LLL with deep insertions. Des. Codes Cryptogr. 73, 355–368 (2014). https://doi.org/10.1007/s10623-014-9918-8
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-014-9918-8