Skip to main content

PotLLL: a polynomial time version of LLL with deep insertions


Lattice reduction algorithms have numerous applications in number theory, algebra, as well as in cryptanalysis. The most famous algorithm for lattice reduction is the LLL algorithm. In polynomial time it computes a reduced basis with provable output quality. One early improvement of the LLL algorithm was LLL with deep insertions (DeepLLL). The output of this version of LLL has higher quality in practice but the running time seems to explode. Weaker variants of DeepLLL, where the insertions are restricted to blocks, behave nicely in practice concerning the running time. However no proof of polynomial running time is known. In this paper PotLLL, a new variant of DeepLLL with provably polynomial running time, is presented. We compare the practical behavior of the new algorithm to classical LLL, BKZ as well as blockwise variants of DeepLLL regarding both the output quality and running time.

This is a preview of subscription content, access via your institution.

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5


  1. 1.

  2. 2.

    To be able to compute confidence intervals, we assume that the data is distributed normally. We did some more experiments in dimensions 40, 50 and 60 to verify this conjecture: in case of the logarithm of the running time, this conjecture is quite accurate for most experiments; in case of the \(n\)-th root Hermite factor, it seems to be fine for most values, but there is some deviation at the tails.

    Fig. 1

    Average \(n\)-th root Hermite factor (\(y\) axis) for dimension \(n\) (\(x\) axis) from 40 to 400

  3. 3.


  1. 1.

    Chen Y., Nguyen P.Q.: BKZ 2.0: better lattice security estimates. In: Lee D.H., Wang X. (eds.) Advances in Cryptology—ASIACRYPT 2011. Lecture Notes in Computer Science, vol. 7073, pp. 1–20. Springer, Heidelberg (2011).

  2. 2.

    Cong L., Mow W.H., Howgrave-Graham N.: Reduced and fixed-complexity variants of the lll algorithm for communications. IEEE Trans. Commun. 61(3), 1040–1050 (2013).

    Google Scholar 

  3. 3.

    Fontein F., Schneider M., Wagner U.: A polynomial time version of LLL with deep insertions. In: Preproceedings of the International Workshop on Coding and Cryptography, WCC ’13 (2013).

  4. 4.

    Gama N., Nguyen P.Q.: Predicting lattice reduction. In: Smart N. (ed.) Advances in Cryptology—EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008).

  5. 5.

    Hanrot G., Pujol X., Stehlé D.: Analyzing blockwise lattice algorithms using dynamical systems. In: Rogaway P. (ed.) CRYPTO. Lecture Notes in Computer Science, vol. 6841, pp. 447–464. Springer, Heidelberg (2011).

  6. 6.

    Lenstra A.K., Lenstra Jr H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982).

    Google Scholar 

  7. 7.

    Martinet J.: Perfect lattices in Euclidean Spaces. Grundlehren der Mathematischen Wissenschaften (Fundamental Principles of Mathematical Sciences), vol. 327. Springer-Verlag, Berlin (2003).

  8. 8.

    Micciancio D., Goldwasser S.: Complexity of Lattice Problems: A Cryptographic Perspective. The Kluwer International Series in Engineering and Computer Science, vol. 671. Kluwer Academic Publishers, Boston (2002).

  9. 9.

    Micciancio D., Regev O.: Lattice-based cryptography. In: Bernstein D.J., Buchmann J., Dahmen E. (eds.) Post-quantum Cryptography, pp. 147–191. Springer, Heidelberg (2008).

  10. 10.

    Nguyen P.Q., Stehlé D.: Floating-point LLL revisited. In: Cramer R. (ed.) Advances in Cryptology—EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005).

  11. 11.

    Nguyen P.Q., Stehlé D.: LLL on the average. In: Hess F., Pauli S., Pohst M.E. (eds.) ANTS. Lecture Notes in Computer Science, vol. 4076, pp. 238–256. Springer, Heidelberg (2006).

  12. 12.

    Nguyen P.Q., Vallée B.: The LLL Algorithm: Survey and Applications. Information Security and Cryptography. Springer, Heidelberg (2010).

  13. 13.

    Novocin A., Stehlé D., Villard G.: An LLL-reduction algorithm with quasi-linear time complexity: extended abstract. In: STOC, pp. 403–412. ACM, New York (2011).

  14. 14.

    Schnorr C.-P., Euchner M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(2), 181–199 (1994).

    Google Scholar 

  15. 15.

    Schnorr C.-P.: Block reduced lattice bases and successive minima. Comb. Prob. Comput. 3, 507–522 (1994).

    Google Scholar 

Download references


This work was supported by CASED ( Michael Schneider was supported by project BU 630/23-1 of the German Research Foundation (DFG). Urs Wagner and Felix Fontein are supported by SNF Grant no. 132256. The authors would like to thank the anonymous referees for their helpful comments. F. F. would also like to thank Kornelius Walter for the helpful discussions about statistics.

Author information



Corresponding author

Correspondence to Felix Fontein.

Additional information

This is one of several papers published in Designs, Codes and Cryptography comprising the “Special Issue on Coding and Cryptography”.

Rights and permissions

Reprints and Permissions

About this article

Cite this article

Fontein, F., Schneider, M. & Wagner, U. PotLLL: a polynomial time version of LLL with deep insertions. Des. Codes Cryptogr. 73, 355–368 (2014).

Download citation


  • Lattice reduction
  • LLL algorithm
  • Deep insertion

Mathematics Subject Classification

  • 68R05
  • 94A60