A : Lattice Algorithms and Applications Spring 2007 Lecture 4 : The LLL Algorithm

No efficient algorithm is known to find the shortest vector in a lattice (in arbitrary dimension), or even just computing its length λ1. A central tool in the algorithmic study of lattices (and their applications) is the LLL algorithm of Lenstra, Lenstra and Lovasz. The LLL algorithm runs in polynomial time and finds an approximate solution x to the shortest vector problem, in the sense that the length of the solution x found by the algorithm is at most γ ·λ1, for some approximation factor γ. The approximation factor γ = 2O(n) achieved by LLL is exponential in the dimension of the lattice. Later in the course, we will study algorithms that achieve (slightly) better factors. Still, the approximate solutions found by LLL are enough in many applications. For example, in the last lecture we proved that any prime p congruent to 1 modulo 4 can be written as the sum of two squares, but the proof was not effective, in the sense that it didn’t give an efficient way to find the two squares. We will show that using LLL one can efficiently find a and b such that p = a2 + b2. We design and analyze the LLL algorithm in two steps: