Worst Cases and Lattice Reduction
نویسندگان
چکیده
We propose a new algorithm to find worst cases for correct rounding of an analytic function. We first reduce this problem to the real small value problem — i.e. for polynomials with real coefficients. Then we show that this second problem can be solved efficiently, by extending Coppersmith’s work on the integer small value problem — for polynomials with integer coefficients — using lattice reduction [4, 5, 6]. For floating-point numbers with a mantissa less than , and a polynomial approximation of degree , our algorithm finds all worst cases at distance from a machine number in time . For , this improves on the complexity from Lefèvre’s algorithm [15, 16] to "! . We exhibit some new worst cases found using our algorithm, for double-extended and quadruple precision. For larger , our algorithm can be used to check that there exist no worst cases at distance $# % in time '&)( *,+ .
منابع مشابه
LLL on the Average
Despite their popularity, lattice reduction algorithms remain mysterious in many ways. It has been widely reported that they behave much more nicely than what was expected from the worst-case proved bounds, both in terms of the running time and the output quality. In this article, we investigate this puzzling statement by trying to model the average case of lattice reduction algorithms, startin...
متن کاملAnother View of the Gaussian Algorithm
We introduce here a new method for extracting worst–cases of algorithms by using rewrite systems over automorphisms groups of inputs. We propose a canonical description of an algorithm, that is also related to the problem it solves. The description identifies an algorithm with a set of a rewrite systems over the automorphisms groups of inputs. All possible execution of the algorithm will then b...
متن کاملPredicting Lattice Reduction
Despite their popularity, lattice reduction algorithms remain mysterious cryptanalytical tools. Though it has been widely reported that they behave better than their proved worst-case theoretical bounds, no precise assessment has ever been given. Such an assessment would be very helpful to predict the behaviour of lattice-based attacks, as well as to select keysizes for lattice-based cryptosyst...
متن کاملSegment LLL Reduction of Lattice Bases Using Modular Arithmetic
The algorithm of Lenstra, Lenstra, and Lovász (LLL) transforms a given integer lattice basis into a reduced basis. Storjohann improved the worst case complexity of LLL algorithms by a factor of O(n) using modular arithmetic. Koy and Schnorr developed a segment-LLL basis reduction algorithm that generates lattice basis satisfying a weaker condition than the LLL reduced basis with O(n) improvemen...
متن کاملStructural Lattice Reduction: Generalized Worst-Case to Average-Case Reductions and Homomorphic Cryptosystems
In lattice cryptography, worst-case to average-case reductions rely on two problems: Ajtai’s SIS and Regev’s LWE, which both refer to a very small class of random lattices related to the group G = Zq . We generalize worst-case to average-case reductions to all integer lattices of sufficiently large determinant, by allowing G to be any (sufficiently large) finite abelian group. In particular, we...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2003