Lattice basis reduction: Improved practical algorithms and solving subset sum problems

  • C. P. Schnorr
  • M. Euchner
Invited Lectures
Part of the Lecture Notes in Computer Science book series (LNCS, volume 529)

Abstract

We report on improved practical algorithms for lattice basis reduction. We present a variant of the L3-algorithm with “deep insertions” and a practical algorithm for blockwise Korkine-Zolotarev reduction, a concept extending L3-reduction, that has been introduced by Schnorr (1987). Empirical tests show that the strongest of these algorithms solves almost all subset sum problems with up to 58 random weights of arbitrary bit length within at most a few hours on a UNISYS 6000/70 or within a couple of minutes on a SPARC 2 computer.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. [1]
    E.F. Brickell: Solving low density knapsacks. Advances in Crypto logy, Proceedings of CRYPTO'83, Plenum Press, New Yjork (1984), 25–37.Google Scholar
  2. [2]
    B. Chor and R. Rivest: A knapsack-type public key cryptosystem based on arithmetic in finite fields, IEEE Trans. Information Theory IT-34 (1988), 901–909.Google Scholar
  3. [3]
    M.J. Coster, B.A. LaMacchia, A.M. Odlyzko and C.P. Schnorr: An improved low-density subset sum algorithm. Proceedings EUROCRYPT'91, Brighton, May 1991, to appear in Springer LNCS.Google Scholar
  4. [4]
    P. van Emde Boas: Another NP-complete partition problem and the complexity of computing short vectors in a lattice. Rept. 81-04, Dept. of Mathematics, Univ. of Amsterdam, 1981.Google Scholar
  5. [5]
    M. Euchner: Praktische Algorithmen zur Gitterreduktion und Faktorisierung. Diplomarbeit Uni. Frankfurt (1991).Google Scholar
  6. [6]
    A. M. Frieze: On the Lagarias-Odlyzko algorithm for the subset sum problem. SIAM J. Comput. 15 (2) (1986), 536–539.Google Scholar
  7. [7]
    M. R. Garey and D. S. Johnson: Computers and Intractability: A Guide to the Theory of NP-Completeness. W. H. Freeman and Company (1979).Google Scholar
  8. [8]
    J. Hastad, B. Just, J. C. Lagarias and C. P. Schnorr: Polynomial time algorithms for finding integer relations among real numbers. SIAM J. Comput. 18 (5) (October 1989), 859–881.Google Scholar
  9. [9]
    A. Joux and J. Stern: Improving the critical density of the Lagarias-Odlyzko attack against subset sum problems. Proceedings of FCT symposium, Brandenburg, Germany, September (1991).Google Scholar
  10. [10]
    R. Kannan: Minkowski's Convex Body Theory and Integer Programming. Math. Oper. Res. 12 (1987), 415–440.Google Scholar
  11. [11]
    J.C. Lagarias, H.W. Lenstra, Jr. and C.P. Schnorr: Korkine-Zolotarev Bases and Successive Minima of a Lattice and its Reciprocal Lattice. To appear in Combinatorica.Google Scholar
  12. [12]
    J. C. Lagarias and A. M. Odlyzko: Solving low-density subset sum problems. J. Assoc. Comp. Mach. 32(1) (1985), 229–246.Google Scholar
  13. [13]
    B. A. LaMacchia: Basis Reduction Algorithms and Subset Sum Problems. SM Thesis, Dept. of Elect. Eng. and Comp. Sci., Massachusetts Institute of Technoliogy, Cambridge, MA (1991). In preparation.Google Scholar
  14. [14]
    A.K. Lenstra, H.W. Lenstra, and L. Lovász: Factoring polynomials with rational coefficients. Math. Ann. 261 (1982), 515–534.Google Scholar
  15. [15]
    A. M. Odlyzko: The rise and fall of knapsack cryptosystems. Cryptology and Computational Number Theory, C. Pomerance, ed., Am. Math. Soc., Proc. Symp. Appl. Math. 42 (1990), 75–88.Google Scholar
  16. [16]
    A. Paz and C. P. Schnorr: Approximating integer lattices by lattices with cyclic factor groups. Automata, Languages, and Programming: 14th ICALP, Lecture Notes in Computer Science 267, Springer-Verlag, NY (1987), 386–393.Google Scholar
  17. [17]
    S. Radziszowski and D. Kreher: Solving subset sum problems with the L3 algorithm. J. Combin. Math. Combin. Comput. 3 (1988), 49–63.Google Scholar
  18. [18]
    C. P. Schnorr: A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical Computer Science 53 (1987), 201–224.Google Scholar
  19. [19]
    C. P. Schnorr: A more efficient algorithm for lattice basis reduction. J. Algorithms 9 (1988), 47–62.Google Scholar
  20. [20]
    C. P. Schnorr: Factoring integers and computing discrete logarithms via diophantine approximation. Proceedings EUROCRYPT'91, Brighton, May 1991, to appear in Springer LNCS.Google Scholar
  21. [21]
    M. Seysen: Simultaneous reduction of a lattice basis and its reciprocal basis. To appear in Combinatorica.Google Scholar

Copyright information

© Springer-Verlag 1991

Authors and Affiliations

  • C. P. Schnorr
    • 1
  • M. Euchner
    • 1
  1. 1.Fachbereich Mathematik/InformatikUniversität FrankfurtFrankfurt am MainGermany

Personalised recommendations