Floating-Point LLL: Theoretical and Practical Aspects
نویسنده
چکیده
The text-book LLL algorithm can be sped up considerably by replacing the underlying rational arithmetic used for the Gram-Schmidt orthogonalisation by floating-point approximations. We review how this modification has been and is currently implemented, both in theory and in practice. Using floating-point approximations seems to be natural for LLL even from the theoretical point of view: it is the key to reach a bit-complexity which is quadratic with respect to the bit-length of the input vectors entries, without fast integer multiplication. The latter bit-complexity strengthens the connection between LLL and Euclid’s gcd algorithm. On the practical side, the LLL implementer may weaken the provable variants in order to further improve their efficiency: we emphasise on these techniques. We also consider the practical behaviour of the floating-point LLL algorithms, in particular their output distribution, their running-time and their numerical behaviour. After 25 years of implementation, many questions motivated by the practical side of LLL remain open.
منابع مشابه
Adaptive precision LLL and Potential-LLL reductions with Interval arithmetic
Lattice reduction is fundamental in computational number theory and in computer science, especially in cryptography. The celebrated Lenstra–Lenstra–Lovász reduction algorithm (called LLL or L) has been improved in many ways through the past decades and remains one of the central tool for reducing lattice basis. In particular, its floating-point variants — where the long-integer arithmetic requi...
متن کاملAn LLL Algorithm with Quadratic Complexity
The Lenstra–Lenstra–Lovász lattice basis reduction algorithm (called LLL or L3) is a fundamental tool in computational number theory and theoretical computer science, which can be viewed as an efficient algorithmic version of Hermite’s inequality on Hermite’s constant. Given an integer d-dimensional lattice basis with vectors of Euclidean norm less than B in an ndimensional space, the L3 algori...
متن کاملPerturbation Analysis of the QR factor R in the context of LLL lattice basis reduction
In 1982, Arjen Lenstra, Hendrik Lenstra Jr. and László Lovász introduced an efficiently computable notion of reduction of basis of a Euclidean lattice that is now commonly referred to as LLL-reduction. The precise definition involves the R-factor of the QR factorization of the basis matrix. In order to circumvent the use of rational/exact arithmetic with large bit-sizes, it is tempting to consi...
متن کاملA Parallel LLL using POSIX Threads
In this paper we introduce a new parallel variant of the LLL lattice basis reduction algorithm. Lattice theory and in particular lattice basis reduction continues to play an integral role in cryptography. Not only does it provide effective cryptanalysis tools but it is also believed to bring about new cryptographic primitives that exhibit strong security even in the presence of quantum computer...
متن کامل