Abstract
The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L3) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L3 outputs a so-called L3-reduced basis in polynomial time O(d 5 n log3 B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L3 is almost never used in practice. Instead, one applies floating-point variants of L3, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L3) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L3 is not even guaranteed to terminate, and the output basis may not be L3-reduced at all. In this article, we introduce the L2 algorithm, a new and natural floating-point variant of L3 which provably outputs L3-reduced bases in polynomial time O(d 4 n (d + log B) log B). This is the first L3 algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.
Keywords
References
LIDIA 2.1.3. A C++ library for computational number theory, http://www.informatik.tu-darmstadt.de/TI/LiDIA/
IEEE 754. IEEE standard for binary floating-point arithmetic
Babai, L.: On Lovász lattice reduction and the nearest lattice point problem. Combinatorica 6, 1–13 (1986)
Batut, C., Belabas, K., Bernardi, D., Cohen, H., Olivier, M.: PARI/GP computer package version 2. Université de Bordeaux I, http://pari.math.u-bordeaux.fr/
Björck, Å.: Numerical Methods for Least Squares Problems. SIAM, Philadelphia (1996)
Boneh, D.: Twenty years of attacks on the RSA cryptosystem. Notices of the AMS 46(2), 203–213 (1999)
Boneh, D., Durfee, G.: Cryptanalysis of RSA with private key d less than n 0.292. In: Stern, J. (ed.) EUROCRYPT 1999. LNCS, vol. 1592, pp. 1–11. Springer, Heidelberg (1999)
Cohen, H.: A Course in Computational Algebraic Number Theory, 2nd edn. Springer, Heidelberg (1995)
Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. of Cryptology 10(4), 233–260 (1997)
Goldreich, O., Goldwasser, S., Halevi, S.: Public-key cryptosystems from lattice reduction problems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 112–131. Springer, Heidelberg (1997)
Golub, G., van Loan, C.: Matrix Computations. Johns Hopkins Univ. Press, Baltimore (1996)
Grötschel, M., Lovász, L., Schrijver, A.: Geometric Algorithms and Combinatorial Optimization. Springer, Heidelberg (1993)
Hermite, C.: Extraits de lettres de M. Hermite à M. Jacobi sur différents objets de la théorie des nombres, deuxième lettre. J. Reine Angew. Math. 40, 279–290 (1850); Also available in, The first volume of Hermite’s complete works, pp. 122–135. Gauthier-Villars
Howgrave-Graham, N.A., Smart, N.P.: Lattice attacks on digital signature schemes. Design, Codes and Cryptography 23, 283–290 (2001)
Koy, H., Schnorr, C.P.: Segment LLL-reduction of lattice bases. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 67–80. Springer, Heidelberg (2001)
Koy, H., Schnorr, C.P.: Segment LLL-reduction with floating point orthogonalization. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 81–96. Springer, Heidelberg (2001)
Lagarias, J.C., Odlyzko, A.M.: Solving low-density subset sum problems. Journal of the Association for Computing Machinery (January 1985)
Lawson, C.L., Hanson, R.J.: Solving Least Squares Problems. SIAM, Philadelphia (1995)
Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 513–534 (1982)
Lenstra Jr., H.W.: Integer programming with a fixed number of variables. Technical report, Mathematisch Instituut, Universiteit van Amsterdam, Report 81-03 (April 1981)
Lenstra Jr., H.W.: Integer programming with a fixed number of variables. Math. Oper. Res. 8(4), 538–548 (1983)
Magma. The Magma computational algebra system for algebra, number theory and geometry, http://www.maths.usyd.edu.au:8000/u/magma/
Micciancio, D.: Improving lattice-based cryptosystems using the Hermite normal form. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, p. 126. Springer, Heidelberg (2001)
Micciancio, D., Goldwasser, S.: Complexity of lattice problems: A cryptographic perspective. Kluwer Academic Publishers, Boston (2002)
Nguyên, P.Q.: Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto 1997. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 288–304. Springer, Heidelberg (1999)
Nguyên, P.Q., Shparlinski, I.E.: The insecurity of the Digital Signature Algorithm with partially known nonces. Journal of Cryptology 15(3), 151–176 (2002)
Nguyên, P.Q., Stehlé, D.: Low-dimensional lattice basis reduction revisited (extended abstract). In: Buell, D.A. (ed.) ANTS 2004. LNCS, vol. 3076, pp. 338–357. Springer, Heidelberg (2004)
Nguyên, P.Q., Stehlé, D.: A 55-dimensional lattice which makes NTL [41]’s LLL_FP (with δ= 0.99) loop forever., Available at http://www.loria.fr/~stehle/FPLLL.html
Nguyên, P.Q., Stern, J.: Cryptanalysis of the Ajtai-Dwork Cryptosystem. In: Krawczyk, H. (ed.) CRYPTO 1998. LNCS, vol. 1462, pp. 223–242. Springer, Heidelberg (1998)
Nguyên, P.Q., Stern, J.: The two faces of lattices in cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 146–180. Springer, Heidelberg (2001)
Odlyzko, A.M.: The rise and fall of knapsack cryptosystems. In: Proc. of Symposia in Applied Mathematics, Cryptology and Computational Number Theory, vol. 42, pp. 75–88. A.M.S (1990)
The SPACES Project. MPFR, a LGPL-library for multiple-precision floating-point computations with exact rounding, http://www.mpfr.org/
Schnorr, C.P.: A hierarchy of polynomial lattice basis reduction algorithms. Th. Computer Science 53, 201–224 (1987)
Schnorr, C.P.: A more efficient algorithm for lattice basis reduction. J. of algorithms 9(1), 47–62 (1988)
Schnorr, C.P.: Fast LLL-type lattice reduction (October 2004), Unpublished draft, available at http://www.mi.informatik.uni-frankfurt.de/research/papers.html
Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. In: Budach, L. (ed.) FCT 1991. LNCS, vol. 529, pp. 68–85. Springer, Heidelberg (1991)
Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Programming 66, 181–199 (1994)
Schönhage, A.: Factorization of univariate integer polynomials by diophantine aproximation and an improved basis reduction algorithm. In: Paredaens, J. (ed.) ICALP 1984. LNCS, vol. 172, pp. 436–447. Springer, Heidelberg (1984)
Schönhage, A.: Fast reduction and composition of binary quadratic forms. In: Proc. of ISSAC 1991, pp. 128–133. ACM Press, New York (1991)
Schönhage, A., Strassen, V.: Schnelle Multiplikation grosser Zahlen. Computing 7, 281–292 (1971)
Shoup, V.: NTL, Number Theory C++ Library, http://www.shoup.net/ntl/
Storjohann, A.: Faster algorithms for integer lattice basis reduction. Technical report, ETH Zurich (1996)
Wilkinson, J.H.: The algebraic eigenvalue problem. Oxford University Press, New-York (1988)
Yap, C.K.: Fast unimodular reduction: Planar integer lattices. In: Proc. of the 33rd Annual Symposium on Foundations of Computer Science, pp. 437–446. IEEE, Los Alamitos (1992)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Nguên, P.Q., Stehlé, D. (2005). Floating-Point LLL Revisited. In: Cramer, R. (eds) Advances in Cryptology – EUROCRYPT 2005. EUROCRYPT 2005. Lecture Notes in Computer Science, vol 3494. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11426639_13
Download citation
DOI: https://doi.org/10.1007/11426639_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-25910-7
Online ISBN: 978-3-540-32055-5
eBook Packages: Computer ScienceComputer Science (R0)