Smallest Reduction Matrix of Binary Quadratic Forms

And Cryptographic Applications
  • Aurore Bernard
  • Nicolas Gama
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6197)


We present a variant of the Lagrange-Gauss reduction of quadratic forms designed to minimize the norm of the reduction matrix within a quadratic complexity. The matrix computed by our algorithm on the input f has norm \(O(\parallel f \parallel^{1/2}/\Delta_{f}^{1/4})\), which is the square root of the best previously known bounds using classical algorithms. This new bound allows us to fully prove the heuristic lattice based attack against NICE Cryptosystems, which consists in factoring a particular subclass of integers of the form pq 2. In the process, we set up a homogeneous variant of Boneh-Durfee-HowgraveGraham’s algorithm which finds small rational roots of a polynomial modulo unknown divisors. Such algorithm can also be used to speed-up factorization of pq r for large r.


Reduction Algorithm Real Form Convexity Inequality Binary Quadratic Form Quadratic Complexity 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Biehl, I., Buchmann, J.: An analysis of the reduction algorithms for binary quadratic forms. In: Voronoi’s Impact on Modern Science, pp. 71–98 (1999)Google Scholar
  2. 2.
    Boneh, D., Durfee, G., Howgrave-Graham, N.A.: Factoring n = p r q for large r. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 326. Springer, Heidelberg (1999)Google Scholar
  3. 3.
    Buchmann, J., Thiel, C., Williams, H.: Short representation of quadratic integers. Proc. of CANT 1992, Math. Appl. 325, 159–185 (1995)MathSciNetGoogle Scholar
  4. 4.
    Buchmann, J., Vollmer, U.: Binary Quadratic Forms An Algorithmic Approach. Springer, Heidelberg (2007)zbMATHGoogle Scholar
  5. 5.
    Buell, D.A.: Binary Quadratic Forms Classical Theory and Modern Computations. Springer, Heidelberg (1989)zbMATHGoogle Scholar
  6. 6.
    Castagnos, G., Joux, A., Laguillaumie, F., Nguyen, P.Q.: Factoring pq 2 with quadratic forms: Nice cryptanalyses. In: Matsui, M. (ed.) ASIACRYPT 2009. LNCS, vol. 5912, pp. 469–486. Springer, Heidelberg (2009)Google Scholar
  7. 7.
    Castagnos, G., Laguillaumie, F.: On the security of cryptosystems with quadratic decryption: The nicest cryptanalysis. In: Joux, A. (ed.) EUROCRYPT 2009. LNCS, vol. 5479, pp. 260–277. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  8. 8.
    Cheng, K.H.F., Williams, H.C.: Some results concerning certain periodic continued fractions. Acta Arith. 117, 247–264 (2005)zbMATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Cohen, H.: A Course in Computational Algebraic Number Theory, 2nd edn. Springer, Heidelberg (1995)Google Scholar
  10. 10.
    Coppersmith, D.: Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J. of Cryptology 10(4), 233–260 (1997); Revised version of two articles from Eurocrypt 1996 (1996) Google Scholar
  11. 11.
    Gauss, C.F.: Disquisitiones Arithrneticae. PhD thesis (1801)Google Scholar
  12. 12.
    Hartmann, M., Paulus, S., Takagi, T.: NICE - New Ideal Coset Encryption. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 328–339. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  13. 13.
    Jacobson, M.J., Scheidler, R., Weimer, D.: An adaptation of the NICE cryptosystem to real quadratic orders. In: Vaudenay, S. (ed.) AFRICACRYPT 2008. LNCS, vol. 5023, pp. 191–208. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  14. 14.
    Lagarias, J.C.: Worst-case complexity bounds for algorithms in the theory of integral quadratic forms. Journal of Algorithm 1, 142–186 (1980)zbMATHCrossRefMathSciNetGoogle Scholar
  15. 15.
    Lagrange, J.L.: Recherches d’arithmétique. Nouveaux Mémoires de l’Académie de Berlin (1773)Google Scholar
  16. 16.
    Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Ann. 261, 513–534 (1982)Google Scholar
  17. 17.
    May, A.: Using LLL-reduction for solving RSA and factorization problems: A survey. In: Nguyen, P., Vallee, B. (eds.) The LLL algorithm, survey and Applications, Information Security and Cryptography, pp. 315–348 (2010)Google Scholar
  18. 18.
    Nguyen, P.Q., Stehlé, D.: Low-dimensional lattice basis reduction revisited (extended abstract). In: Proceedings of ANTS VI. LNCS, Springer, Heidelberg (2004)Google Scholar
  19. 19.
    Schinzel, A.: On some problems of the arithmetical theory of continued fractions. Acta Arithmetica 6, 393–413 (1961)zbMATHMathSciNetGoogle Scholar
  20. 20.
    Shanks, D.: The infrastructure of a real quadratic field and its applications. In: Proc. NTC 1992, pp. 217–224 (1972)Google Scholar
  21. 21.
    Vallee, B., Vera, A.: Lattice reduction in two dimensions: Analyses under realistic probalistic models. In: Proc. of AofA 2007, DMTCS AH, pp. 181–216 (2007)Google Scholar
  22. 22.
    Weimer, D.: An Adaptation of the NICE Cryptosystem to Real Quadratic Orders, Master’s thesis. PhD thesis, Technische Universitat Darmstadt (2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Aurore Bernard
    • 1
  • Nicolas Gama
    • 2
  1. 1.XLIM, LimogesFrance
  2. 2.GREYC Ensicaen, CaenFrance

Personalised recommendations