Mathematical Programming

, Volume 66, Issue 1–3, pp 181–199 | Cite as

Lattice basis reduction: Improved practical algorithms and solving subset sum problems

  • C. P. Schnorr
  • M. Euchner
Article

Abstract

We report on improved practical algorithms for lattice basis reduction. We propose a practical floating point version of theL3-algorithm of Lenstra, Lenstra, Lovász (1982). We present a variant of theL3-algorithm with “deep insertions” and a practical algorithm for block Korkin—Zolotarev reduction, a concept introduced by Schnorr (1987). Empirical tests show that the strongest of these algorithms solves almost all subset sum problems with up to 66 random weights of arbitrary bit length within at most a few hours on a UNISYS 6000/70 or within a couple of minutes on a SPARC1 + computer.

Keywords

Lattice basis reduction LLL-reduction Korkin—Zolotarev reduction Block Korkin—Zolotarev reduction Shortest lattice vector problem Subset sum problem Low density subset sum algorithm Knapsack problem Stable reduction algorithm 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    E.F. Brickell, “Solving low density knapsacks,” in:Advances in Cryptology, Proceedings of CRYPTO'83 (Plenum Press, New York, 1984) pp. 25–37.Google Scholar
  2. [2]
    B. Chor and R. Rivest, “A knapsack-type public key cryptosystem based on arithmetic in finite fields,”IEEE Transactions on Information Theory IT-34 (1988) 901–909.Google Scholar
  3. [3]
    M.J. Coster, A. Joux, B.A. La Macchia, A.M. Odlyzko, C.P. Schnorr and J. Stern, “An improved lowdensity subset sum algorithm,”Computational Complexity 2 (1992) 97–186.Google Scholar
  4. [4]
    P. van Emde Boas, Another NP-complete partition problem and the complexity of computing short vectors in a lattice, Rept. 81-04, Dept. of Mathematics, Univ. of Amsterdam, 1981.Google Scholar
  5. [5]
    M. Euchner, Praktische Algorithmen zur Gitterreduktion und Faktorisierung, Diplomarbeit Uni. Frankfurt (1991).Google Scholar
  6. [6]
    A.M. Frieze, “On the Lagarias—Odlyzko algorithm for the subset sum problem,”SIAM Journal on Computing 15 (2) (1986) 536–539.Google Scholar
  7. [7]
    M.R. Garey and D.S. Johnson,Computers and Intractability: A Guide to the Theory of NP-Completeness (W.H. Freeman and Company, New York, 1979).Google Scholar
  8. [8]
    J. Hastad, B. Just, J.C. Lagarias and C.P. Schnorr, “Polynomial time algorithms for finding integer relations among real numbers,”SIAM Journal on Computing 18 (5) (October 1989) 859–881.Google Scholar
  9. [9]
    C. Hermite, “Extraits de lettres de M.Ch. Hermite à M. Jacobi sur différents objects de la théorie des nombres. Deuxième lettre du 6 août 1845,”Journal für die Reine und Angewandte Mathematik 40 (1850) 279–290.Google Scholar
  10. [10]
    A. Joux and J. Stern, “Improving the critical density of the Lagarias—Odlyzko attack against subset sum problems,”Proceedings of Fundamentals of Computation Theory, FCT'91, Ed. L. Budach, Springer LNCS 529 (1991) pp. 258–264.Google Scholar
  11. [11]
    R. Kannan, “Minkowski's convex body theory and integer programming,”Mathematics of Operations Research 12 (1987) 415–440.Google Scholar
  12. [12]
    A. Korkine and G. Zolotareff, “Sur les formes quadratiques,”Mathematische Annalen 6 (1873) 366–389.Google Scholar
  13. [13]
    J.C. Lagarias, H.W. Lenstra, Jr. and C.P. Schnorr, “Korkin—Zolotarev bases and successive minima of a lattice and its reciprocal lattice,”Combinatorica 10 (1990) 333–348.Google Scholar
  14. [14]
    J.C. Lagarias and A.M. Odlyzko, “Solving low-density subset sum problems,”Journal of the Association for Computing Machinery 32(1) (1985) 229–246.Google Scholar
  15. [15]
    B.A. La Macchia, Basis reduction algorithms and subset sum problems, SM Thesis, Dept. of Elect. Eng. and Comp. Sci., Massachusetts Institute of Technology, Cambridge, MA (1991).Google Scholar
  16. [16]
    H.W. Lenstra, Jr., “Integer programming with a fixed number of variables,”Mathematics of Operations Research 8 (1983) 538–548.Google Scholar
  17. [17]
    A.K. Lenstra, H.W. Lenstra and L. Lovász, “Factoring polynomials with rational coefficients,”Mathematische Annalen 261 (1982) 515–534.Google Scholar
  18. [18]
    L. Lovász,An Algorithmic Theory of Numbers, Graphs and Convexity (SIAM Publications, Philadelphia, 1986).Google Scholar
  19. [19]
    L. Lovász and H. Scarf, “The generalized basis reduction algorithm,”Mathematics of Operations Research (1992).Google Scholar
  20. [20]
    A. M. Odlyzko, “The rise and fall of knapsack cryptosystems. Cryptology and computational number theory,” in: C. Pomerance, ed.,American Mathematical Society, Proceedings of the Symposium on Applied Mathematics 42 (1990) 75–88.Google Scholar
  21. [21]
    A. Paz and C.P. Schnorr, Approximating integer lattices by lattices with cyclic factor groups,Automata, Languages, and Programming: 14th ICALP, Lecture Notes in Computer Science 267 (Springer-Verlag, NY, 1987) 386–393.Google Scholar
  22. [22]
    S. Radziszowski and D. Kreher, “Solving subset sum problems with theL 3 algorithm,”J. Combin. Math. Combin. Comput. 3 (1988) 49–63.Google Scholar
  23. [23]
    C.P. Schnorr, “A hierarchy of polynomial time lattice basis reduction algorithms,”Theoretical Computer Science 53 (1987) 201–224.Google Scholar
  24. [24]
    C.P. Schnorr, “A more efficient algorithm for lattice basis reduction,”Journal of Algorithms 9 (1988) 47–62.Google Scholar
  25. [25]
    C.P. Schnorr, “Factoring integers and computing discrete logarithms via diophantine approximation,”Proceedings EUROCRYPT'91, Brighton, May 1991, Springer LNCS 547 (1991) pp. 281–293. Final paper:DIMACS Series in discrete Mathematics and Theoretical Computer Science 13 (1993) pp. 172–181.Google Scholar
  26. [26]
    C.P. Schnorr and M. Euchner, “Lattice basis reduction: improved algorithms and solving subset sum problems,”Proceedings of Fundamentals of Computation Theory, FCT'91, Ed. L. Budach, Springer LNCS 529 (1991) pp. 68–85 (preliminary version of this paper).Google Scholar
  27. [27]
    M. Seysen, “Simultaneous reduction of a lattice basis and its reciprocal basis,”Combinatorica 13 (1993) 363–376.Google Scholar

Copyright information

© The Mathematical Programming Society, Inc. 1994

Authors and Affiliations

  • C. P. Schnorr
    • 1
  • M. Euchner
    • 1
  1. 1.Fachbereich Mathematik/InformatikUniversität FrankfurtFrankfurt am MainGermany

Personalised recommendations