Explicit Formula for Gram-Schmidt Vectors in LLL with Deep Insertions and Its Applications

Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10737)


Lattice basis reduction algorithms have been used as a strong tool for cryptanalysis. The most famous one is LLL, and its typical improvements are BKZ and LLL with deep insertions (DeepLLL). In LLL and DeepLLL, at every time to replace a lattice basis, we need to recompute the Gram-Schmidt orthogonalization (GSO) for the new basis. Compared with LLL, the form of the new GSO vectors is complicated in DeepLLL, and no formula has been known. In this paper, we give an explicit formula for GSO in DeepLLL, and also propose an efficient method to update GSO in DeepLLL. As another work, we embed DeepLLL into BKZ as a subroutine instead of LLL, which we call “DeepBKZ”, in order to find a more reduced basis. By using our DeepBKZ with blocksizes up to \(\beta = 50\), we have found a number of new solutions for the Darmstadt SVP challenge in dimensions from 102 to 123.


Lattice basis reduction LLL with deep insertions Shortest Vector Problem (SVP) 



This work was supported by JST CREST Grant Number JPMJCR14D6, Japan. This work was also supported by JSPS KAKENHI Grant Number 16H02830. The authors thank Takuya Hayashi for his useful advices on implementation.

Supplementary material


  1. 1.
    Aono, Y., Wang, Y., Hayashi, T., Takagi, T.: Improved progressive BKZ algorithms and their precise cost estimation by sharp simulator. In: Fischlin, M., Coron, J.-S. (eds.) EUROCRYPT 2016. LNCS, vol. 9665, pp. 789–819. Springer, Heidelberg (2016). Google Scholar
  2. 2.
    Babai, L.: On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986)MathSciNetCrossRefzbMATHGoogle Scholar
  3. 3.
    Bremner, M.R.: Lattice basis reduction: An introduction to the LLL algorithm and its applications. CRC Press, Boca Raton (2011)Google Scholar
  4. 4.
    Chen, Y.: Réduction de réseau et sécurité concrète du chiffrement complètement homomorphe. Ph.D. thesis, Paris 7 (2013)Google Scholar
  5. 5.
    Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  6. 6.
    Cohen, H.: A Course in computational Algebraic Number Theory, Graduate Texts in Mathematics, vol. 138. Springer, Heidelberg (1993). CrossRefGoogle Scholar
  7. 7.
    Darmstadt, T.U.: SVP Challenge.
  8. 8.
    Fontein, F., Schneider, M., Wagner, U.: PotLLL: a polynomial time version of LLL with deep insertions. Des. Codes Cryptogr. 73, 355–368 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  9. 9.
    Galbraith, S.D.: Mathematics of Public Key Cryptography. Cambridge University Press, Cambridge (2012)CrossRefzbMATHGoogle Scholar
  10. 10.
    Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008). CrossRefGoogle Scholar
  11. 11.
    Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257–278. Springer, Heidelberg (2010). CrossRefGoogle Scholar
  12. 12.
    Goldstein, D., Mayer, A.: On the equidistribution of Hecke points. Forum Math. 15, 165–189 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  13. 13.
    Hanrot, G., Stehlé, D.: Worst-case Hermite-Korkine-Zolotarev reduced lattice bases. RR-6422, INRIA, pp. 1–25 (2008)Google Scholar
  14. 14.
    Hanrot, G., Pujol, X., Stehlé, D.: Analyzing blockwise lattice algorithms using dynamical systems. In: Rogaway, P. (ed.) CRYPTO 2011. LNCS, vol. 6841, pp. 447–464. Springer, Heidelberg (2011). CrossRefGoogle Scholar
  15. 15.
    Korkine, A., Zolotarev, G.: Sur les formes quadratiques. Math. Ann. 6, 366–389 (1873)MathSciNetCrossRefzbMATHGoogle Scholar
  16. 16.
    Lagarias, J.C., Lenstra, H.W., Schnorr, C.P.: Korkine-Zolotarev bases and successive minima of a lattice and its reciprocal lattice. Combinatorica 10(4), 333–348 (1990)MathSciNetCrossRefzbMATHGoogle Scholar
  17. 17.
    Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)MathSciNetCrossRefzbMATHGoogle Scholar
  18. 18.
    Nguyen, P.Q., Vallée, B.: The LLL Algorithm, Information Security and Cryptography. Springer, Heidelberg (2010). Google Scholar
  19. 19.
    Pohst, M.E.: A modification of the LLL reduction algorithm. J. Symb. Comput. 4, 123–127 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    Schnorr, C.P.: A hierarchy of polynomial time lattice basis reduction algorithms. Theoret. Comput. Sci. 53, 201–224 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  21. 21.
    Schnorr, C.P.: Lattice reduction by random sampling and birthday methods. In: Alt, H., Habib, M. (eds.) STACS 2003. LNCS, vol. 2607, pp. 145–156. Springer, Heidelberg (2003). CrossRefGoogle Scholar
  22. 22.
    Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  23. 23.
    Shoup, V.: NTL: a library for doing number theory.
  24. 24.
    The FPLLL development team: FPLLL, a lattice reduction library. (2016)
  25. 25.
    Yasuda, M., Yokoyama, K., Shimoyama, T., Kogure, J., Koshiba, T.: Analysis of decreasing squared-sum of Gram-Schmidt lengths for short lattice vectors. J. Math. Cryptol. 11(1), 1–24 (2017)MathSciNetCrossRefzbMATHGoogle Scholar

Copyright information

© Springer International Publishing AG, part of Springer Nature 2018

Authors and Affiliations

  1. 1.Graduate School of MathematicsKyushu UniversityFukuokaJapan
  2. 2.Institute of Mathematics for IndustryKyushu UniversityFukuokaJapan

Personalised recommendations