Lattice Reduction for Modular Knapsack

  • Thomas Plantard
  • Willy Susilo
  • Zhenfei Zhang
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7707)


In this paper, we present a new methodology to adapt any kind of lattice reduction algorithms to deal with the modular knapsack problem. In general, the modular knapsack problem can be solved using a lattice reduction algorithm, when its density is low. The complexity of lattice reduction algorithms to solve those problems is upper-bounded in the function of the lattice dimension and the maximum norm of the input basis. In the case of a low density modular knapsack-type basis, the weight of maximum norm is mainly from its first column. Therefore, by distributing the weight into multiple columns, we are able to reduce the maximum norm of the input basis. Consequently, the upper bound of the time complexity is reduced.

To show the advantage of our methodology, we apply our idea over the floating-point LLL (L2) algorithm. We bring the complexity from O(d 3 + ε β 2 + d 4 + ε β) to O(d 2 + ε β 2 + d 4 + ε β) for ε < 1 for the low density knapsack problem, assuming a uniform distribution, where d is the dimension of the lattice, β is the bit length of the maximum norm of knapsack-type basis.

We also provide some techniques when dealing with a principal ideal lattice basis, which can be seen as a special case of a low density modular knapsack-type basis.


Lattice Theory Lattice Reduction Knapsack Problem LLL Recursive Reduction Ideal Lattice 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Ajtai, M.: The shortest vector problem in l 2 is NP-hard for randomized reductions (extended abstract). In: Thirtieth Annual ACM Symposium on the Theory of Computing (STOC 1998), pp. 10–19 (1998)Google Scholar
  2. 2.
    Chen, Y., Nguyên, P.Q.: BKZ 2.0: Better Lattice Security Estimates. In: Lee, D.H. (ed.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011)CrossRefGoogle Scholar
  3. 3.
    Coster, M.J., Joux, A., LaMacchia, B.A., Odlyzko, A.M., Schnorr, C.-P., Stern, J.: Improved low-density subset sum algorithms. Computational Complexity 2, 111–128 (1992)MathSciNetMATHCrossRefGoogle Scholar
  4. 4.
    Gama, N., Nguyên, P.Q.: Predicting Lattice Reduction. In: Smart, N.P. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008)CrossRefGoogle Scholar
  5. 5.
    Gentry, C.: Fully homomorphic encryption using ideal lattices. In: Mitzenmacher, M. (ed.) STOC, pp. 169–178. ACM (2009)Google Scholar
  6. 6.
    Goldstein, D., Mayer, A.: On the equidistribution of Hecke points. Forum Mathematicum 15, 165–189 (2006)MathSciNetCrossRefGoogle Scholar
  7. 7.
    Hanrot, G., Pujol, X., Stehlé, D.: Analyzing Blockwise Lattice Algorithms Using Dynamical Systems. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 447–464. Springer, Heidelberg (2011)Google Scholar
  8. 8.
    Kannan, R.: Improved algorithms for integer programming and related lattice problems. In: Proceedings of the Fifteenth Annual ACM Symposium on Theory of Computing, STOC 1983, pp. 193–206. ACM, New York (1983)CrossRefGoogle Scholar
  9. 9.
    Karp, R.M.: Reducibility among combinatorial problems. In: Miller, R.E., Thatcher, J.W. (eds.) Complexity of Computer Computations. The IBM Research Symposia Series, pp. 85–103. Plenum Press, New York (1972)CrossRefGoogle Scholar
  10. 10.
    Koy, H., Schnorr, C.-P.: Segment LLL-Reduction of Lattice Bases. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 67–80. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Koy, H., Schnorr, C.-P.: Segment LLL-Reduction with Floating Point Orthogonalization. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 81–96. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  12. 12.
    Lagarias, J.C., Odlyzko, A.M.: Solving low-density subset sum problems. J. ACM 32(1), 229–246 (1985)MathSciNetMATHCrossRefGoogle Scholar
  13. 13.
    Lai, M.K.: Knapsack cryptosystems: The past and the future (2001)Google Scholar
  14. 14.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 513–534 (1982)CrossRefGoogle Scholar
  15. 15.
    Lovász, L.: An Algorithmic Theory of Numbers, Graphs and Convexity. In: CBMS-NSF Regional Conference Series in Applied Mathematics, vol. 50. SIAM Publications (1986)Google Scholar
  16. 16.
    Micciancio, D., Goldwasser, S.: Complexity of Lattice Problems, A Cryptographic Perspective. Kluwer Academic Publishers (2002)Google Scholar
  17. 17.
    Minkowski, H.: Geometrie der Zahlen. B. G. Teubner, Leipzig (1896)Google Scholar
  18. 18.
    Morel, I., Stehlé, D., Villard, G.: H-LLL: using householder inside LLL. In: ISSAC, pp. 271–278 (2009)Google Scholar
  19. 19.
    Nguyên, P.Q., Stehlé, D.: Floating-Point LLL Revisited. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  20. 20.
    Nguyên, P.Q., Stehlé, D.: LLL on the Average. In: Hess, F., Pauli, S., Pohst, M. (eds.) ANTS 2006. LNCS, vol. 4076, pp. 238–256. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  21. 21.
    Nguyên, P.Q., Stern, J.: Adapting Density Attacks to Low-Weight Knapsacks. In: Roy, B. (ed.) ASIACRYPT 2005. LNCS, vol. 3788, pp. 41–58. Springer, Heidelberg (2005)CrossRefGoogle Scholar
  22. 22.
    Novocin, A., Stehlé, D., Villard, G.: An LLL-reduction algorithm with quasi-linear time complexity: extended abstract. In: Fortnow, L., Vadhan, S.P. (eds.) STOC, pp. 403–412. ACM (2011)Google Scholar
  23. 23.
    Pujol, X., Stehlé, D., Cade, D.: fplll library,
  24. 24.
    Schnorr, C.-P.: A more efficient algorithm for lattice basis reduction. J. Algorithms 9(1), 47–62 (1988)MathSciNetMATHCrossRefGoogle Scholar
  25. 25.
    Schnorr, C.-P.: Fast LLL-type lattice reduction. Inf. Comput. 204(1), 1–25 (2006)MathSciNetMATHCrossRefGoogle Scholar
  26. 26.
    Smart, N.P., Vercauteren, F.: Fully Homomorphic Encryption with Relatively Small Key and Ciphertext Sizes. In: Nguyên, P.Q., Pointcheval, D. (eds.) PKC 2010. LNCS, vol. 6056, pp. 420–443. Springer, Heidelberg (2010)CrossRefGoogle Scholar
  27. 27.
    van Hoeij, M., Novocin, A.: Gradual sub-lattice reduction and a new complexity for factoring polynomials. Algorithmica 63(3), 616–633 (2012)MathSciNetMATHCrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  • Thomas Plantard
    • 1
  • Willy Susilo
    • 1
  • Zhenfei Zhang
    • 1
  1. 1.Centre for Computer and Information Security Research, School of Computer Science & Software Engineering (SCSSE)University of WollongongAustralia

Personalised recommendations