Corpus
PascalFrancis
Racine
Corpus
Checkpoint
PascalFrancis
Racine
PascalFrancis
Exploration
Accueil
Racine
Racine

Serveur d'exploration sur la recherche en informatique en Lorraine

Attention, ce site est en cours de développement !
Attention, site généré par des moyens informatiques à partir de corpus bruts.
Les informations ne sont donc pas validées.

Floating-point LLL revisited

Identifieur interne : 000538 ( PascalFrancis/Corpus ); précédent : 000537; suivant : 000539

Floating-point LLL revisited

Auteurs : Phong Q. Nguyen ; Damien Stehle

Source :

RBID : Pascal:05-0355690

Descripteurs français

English descriptors

Abstract

The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L3) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L3 outputs a so-called L3-reduced basis in polynomial time O(d5n log3 B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L3 is almost never used in practice. Instead, one applies floating-point variants of L3, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L3) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L3 is not even guaranteed to terminate, and the output basis may not be L3-reduced at all. In this article, we introduce the L2 algorithm, a new and natural floating-point variant of L3 which provably outputs L3-reduced bases in polynomial time O(d4n(d + log B) log B). This is the first L3 algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.

Notice en format standard (ISO 2709)

Pour connaître la documentation sur le format Inist Standard.

pA  
A01 01  1    @0 0302-9743
A05       @2 3494
A08 01  1  ENG  @1 Floating-point LLL revisited
A09 01  1  ENG  @1 Advances in cryptology - EUROCRYPT 2005 : Aarhus, 22-26 May 2005
A11 01  1    @1 NGUYEN (Phong Q.)
A11 02  1    @1 STEHLE (Damien)
A12 01  1    @1 CRAMER (Ronald) @9 ed.
A14 01      @1 CNRS/École normale supérieure, DI, 45 rue d'Ulm @2 75005 Paris @3 FRA @Z 1 aut.
A14 02      @1 Univ. Nancy 1/LORIA, 615 rue du J. Botanique @2 54602 Villers-lès-Nancy @3 FRA @Z 2 aut.
A20       @1 215-233
A21       @1 2005
A23 01      @0 ENG
A26 01      @0 3-540-25910-4
A43 01      @1 INIST @2 16343 @5 354000124475470130
A44       @0 0000 @1 © 2005 INIST-CNRS. All rights reserved.
A45       @0 44 ref.
A47 01  1    @0 05-0355690
A60       @1 P @2 C
A61       @0 A
A64 01  1    @0 Lecture notes in computer science
A66 01      @0 DEU
C01 01    ENG  @0 The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L3) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L3 outputs a so-called L3-reduced basis in polynomial time O(d5n log3 B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L3 is almost never used in practice. Instead, one applies floating-point variants of L3, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L3) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L3 is not even guaranteed to terminate, and the output basis may not be L3-reduced at all. In this article, we introduce the L2 algorithm, a new and natural floating-point variant of L3 which provably outputs L3-reduced bases in polynomial time O(d4n(d + log B) log B). This is the first L3 algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.
C02 01  X    @0 001D02B07C
C02 02  X    @0 001D04A04E
C03 01  X  FRE  @0 Cryptographie @5 01
C03 01  X  ENG  @0 Cryptography @5 01
C03 01  X  SPA  @0 Criptografía @5 01
C03 02  X  FRE  @0 Treillis @5 06
C03 02  X  ENG  @0 Lattice @5 06
C03 02  X  SPA  @0 Enrejado @5 06
C03 03  X  FRE  @0 Cryptanalyse @5 07
C03 03  X  ENG  @0 Cryptanalysis @5 07
C03 03  X  SPA  @0 Criptoanálisis @5 07
C03 04  X  FRE  @0 Temps polynomial @5 08
C03 04  X  ENG  @0 Polynomial time @5 08
C03 04  X  SPA  @0 Tiempo polinomial @5 08
C03 05  X  FRE  @0 Clé publique @5 18
C03 05  X  ENG  @0 Public key @5 18
C03 05  X  SPA  @0 Llave pública @5 18
C03 06  X  FRE  @0 Réseau arithmétique @5 19
C03 06  X  ENG  @0 Integer lattice @5 19
C03 06  X  SPA  @0 Red aritmética @5 19
C03 07  X  FRE  @0 Opération arithmétique @5 20
C03 07  X  ENG  @0 Arithmetic operation @5 20
C03 07  X  SPA  @0 Operación aritmética @5 20
C03 08  3  FRE  @0 Arithmétique virgule flottante @5 21
C03 08  3  ENG  @0 Floating point arithmetic @5 21
C03 09  X  FRE  @0 Virgule flottante @5 23
C03 09  X  ENG  @0 Floating point @5 23
C03 09  X  SPA  @0 Coma flotante @5 23
C03 10  X  FRE  @0 Méthode cas pire @5 24
C03 10  X  ENG  @0 Worst case method @5 24
C03 10  X  SPA  @0 Método caso peor @5 24
C03 11  X  FRE  @0 Méthode Gram Schmidt @5 25
C03 11  X  ENG  @0 Gram Schmidt method @5 25
C03 11  X  SPA  @0 Método Gram Schmidt @5 25
C03 12  X  FRE  @0 Théorie euclidienne @5 26
C03 12  X  ENG  @0 Euclidean theory @5 26
C03 12  X  SPA  @0 Teoría euclidiana @5 26
C03 13  X  FRE  @0 Processus Gauss @5 27
C03 13  X  ENG  @0 Gaussian process @5 27
C03 13  X  SPA  @0 Proceso Gauss @5 27
N21       @1 248
N44 01      @1 OTO
N82       @1 OTO
pR  
A30 01  1  ENG  @1 Annual international conference on the theory and applications of cryptographic techniques @2 24 @3 Aarhus DNK @4 2005-05-22

Format Inist (serveur)

NO : PASCAL 05-0355690 INIST
ET : Floating-point LLL revisited
AU : NGUYEN (Phong Q.); STEHLE (Damien); CRAMER (Ronald)
AF : CNRS/École normale supérieure, DI, 45 rue d'Ulm/75005 Paris/France (1 aut.); Univ. Nancy 1/LORIA, 615 rue du J. Botanique/54602 Villers-lès-Nancy/France (2 aut.)
DT : Publication en série; Congrès; Niveau analytique
SO : Lecture notes in computer science; ISSN 0302-9743; Allemagne; Da. 2005; Vol. 3494; Pp. 215-233; Bibl. 44 ref.
LA : Anglais
EA : The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L3) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L3 outputs a so-called L3-reduced basis in polynomial time O(d5n log3 B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L3 is almost never used in practice. Instead, one applies floating-point variants of L3, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L3) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L3 is not even guaranteed to terminate, and the output basis may not be L3-reduced at all. In this article, we introduce the L2 algorithm, a new and natural floating-point variant of L3 which provably outputs L3-reduced bases in polynomial time O(d4n(d + log B) log B). This is the first L3 algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.
CC : 001D02B07C; 001D04A04E
FD : Cryptographie; Treillis; Cryptanalyse; Temps polynomial; Clé publique; Réseau arithmétique; Opération arithmétique; Arithmétique virgule flottante; Virgule flottante; Méthode cas pire; Méthode Gram Schmidt; Théorie euclidienne; Processus Gauss
ED : Cryptography; Lattice; Cryptanalysis; Polynomial time; Public key; Integer lattice; Arithmetic operation; Floating point arithmetic; Floating point; Worst case method; Gram Schmidt method; Euclidean theory; Gaussian process
SD : Criptografía; Enrejado; Criptoanálisis; Tiempo polinomial; Llave pública; Red aritmética; Operación aritmética; Coma flotante; Método caso peor; Método Gram Schmidt; Teoría euclidiana; Proceso Gauss
LO : INIST-16343.354000124475470130
ID : 05-0355690

Links to Exploration step

Pascal:05-0355690

Le document en format XML

<record>
<TEI>
<teiHeader>
<fileDesc>
<titleStmt>
<title xml:lang="en" level="a">Floating-point LLL revisited</title>
<author>
<name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name>
<affiliation>
<inist:fA14 i1="01">
<s1>CNRS/École normale supérieure, DI, 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author>
<name sortKey="Stehle, Damien" sort="Stehle, Damien" uniqKey="Stehle D" first="Damien" last="Stehle">Damien Stehle</name>
<affiliation>
<inist:fA14 i1="02">
<s1>Univ. Nancy 1/LORIA, 615 rue du J. Botanique</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</titleStmt>
<publicationStmt>
<idno type="wicri:source">INIST</idno>
<idno type="inist">05-0355690</idno>
<date when="2005">2005</date>
<idno type="stanalyst">PASCAL 05-0355690 INIST</idno>
<idno type="RBID">Pascal:05-0355690</idno>
<idno type="wicri:Area/PascalFrancis/Corpus">000538</idno>
</publicationStmt>
<sourceDesc>
<biblStruct>
<analytic>
<title xml:lang="en" level="a">Floating-point LLL revisited</title>
<author>
<name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name>
<affiliation>
<inist:fA14 i1="01">
<s1>CNRS/École normale supérieure, DI, 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author>
<name sortKey="Stehle, Damien" sort="Stehle, Damien" uniqKey="Stehle D" first="Damien" last="Stehle">Damien Stehle</name>
<affiliation>
<inist:fA14 i1="02">
<s1>Univ. Nancy 1/LORIA, 615 rue du J. Botanique</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</analytic>
<series>
<title level="j" type="main">Lecture notes in computer science</title>
<idno type="ISSN">0302-9743</idno>
<imprint>
<date when="2005">2005</date>
</imprint>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt>
<title level="j" type="main">Lecture notes in computer science</title>
<idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc>
<textClass>
<keywords scheme="KwdEn" xml:lang="en">
<term>Arithmetic operation</term>
<term>Cryptanalysis</term>
<term>Cryptography</term>
<term>Euclidean theory</term>
<term>Floating point</term>
<term>Floating point arithmetic</term>
<term>Gaussian process</term>
<term>Gram Schmidt method</term>
<term>Integer lattice</term>
<term>Lattice</term>
<term>Polynomial time</term>
<term>Public key</term>
<term>Worst case method</term>
</keywords>
<keywords scheme="Pascal" xml:lang="fr">
<term>Cryptographie</term>
<term>Treillis</term>
<term>Cryptanalyse</term>
<term>Temps polynomial</term>
<term>Clé publique</term>
<term>Réseau arithmétique</term>
<term>Opération arithmétique</term>
<term>Arithmétique virgule flottante</term>
<term>Virgule flottante</term>
<term>Méthode cas pire</term>
<term>Méthode Gram Schmidt</term>
<term>Théorie euclidienne</term>
<term>Processus Gauss</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front>
<div type="abstract" xml:lang="en">The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L
<sup>3</sup>
) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L
<sup>3</sup>
outputs a so-called L
<sup>3</sup>
-reduced basis in polynomial time O(d
<sup>5</sup>
n log
<sup>3</sup>
B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L
<sup>3</sup>
is almost never used in practice. Instead, one applies floating-point variants of L
<sup>3</sup>
, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L
<sup>3</sup>
) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L
<sup>3</sup>
is not even guaranteed to terminate, and the output basis may not be L
<sup>3</sup>
-reduced at all. In this article, we introduce the L
<sup>2</sup>
algorithm, a new and natural floating-point variant of L
<sup>3</sup>
which provably outputs L
<sup>3</sup>
-reduced bases in polynomial time O(d
<sup>4</sup>
n(d + log B) log B). This is the first L
<sup>3</sup>
algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.</div>
</front>
</TEI>
<inist>
<standard h6="B">
<pA>
<fA01 i1="01" i2="1">
<s0>0302-9743</s0>
</fA01>
<fA05>
<s2>3494</s2>
</fA05>
<fA08 i1="01" i2="1" l="ENG">
<s1>Floating-point LLL revisited</s1>
</fA08>
<fA09 i1="01" i2="1" l="ENG">
<s1>Advances in cryptology - EUROCRYPT 2005 : Aarhus, 22-26 May 2005</s1>
</fA09>
<fA11 i1="01" i2="1">
<s1>NGUYEN (Phong Q.)</s1>
</fA11>
<fA11 i1="02" i2="1">
<s1>STEHLE (Damien)</s1>
</fA11>
<fA12 i1="01" i2="1">
<s1>CRAMER (Ronald)</s1>
<s9>ed.</s9>
</fA12>
<fA14 i1="01">
<s1>CNRS/École normale supérieure, DI, 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
</fA14>
<fA14 i1="02">
<s1>Univ. Nancy 1/LORIA, 615 rue du J. Botanique</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</fA14>
<fA20>
<s1>215-233</s1>
</fA20>
<fA21>
<s1>2005</s1>
</fA21>
<fA23 i1="01">
<s0>ENG</s0>
</fA23>
<fA26 i1="01">
<s0>3-540-25910-4</s0>
</fA26>
<fA43 i1="01">
<s1>INIST</s1>
<s2>16343</s2>
<s5>354000124475470130</s5>
</fA43>
<fA44>
<s0>0000</s0>
<s1>© 2005 INIST-CNRS. All rights reserved.</s1>
</fA44>
<fA45>
<s0>44 ref.</s0>
</fA45>
<fA47 i1="01" i2="1">
<s0>05-0355690</s0>
</fA47>
<fA60>
<s1>P</s1>
<s2>C</s2>
</fA60>
<fA61>
<s0>A</s0>
</fA61>
<fA64 i1="01" i2="1">
<s0>Lecture notes in computer science</s0>
</fA64>
<fA66 i1="01">
<s0>DEU</s0>
</fA66>
<fC01 i1="01" l="ENG">
<s0>The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L
<sup>3</sup>
) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L
<sup>3</sup>
outputs a so-called L
<sup>3</sup>
-reduced basis in polynomial time O(d
<sup>5</sup>
n log
<sup>3</sup>
B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L
<sup>3</sup>
is almost never used in practice. Instead, one applies floating-point variants of L
<sup>3</sup>
, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L
<sup>3</sup>
) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L
<sup>3</sup>
is not even guaranteed to terminate, and the output basis may not be L
<sup>3</sup>
-reduced at all. In this article, we introduce the L
<sup>2</sup>
algorithm, a new and natural floating-point variant of L
<sup>3</sup>
which provably outputs L
<sup>3</sup>
-reduced bases in polynomial time O(d
<sup>4</sup>
n(d + log B) log B). This is the first L
<sup>3</sup>
algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.</s0>
</fC01>
<fC02 i1="01" i2="X">
<s0>001D02B07C</s0>
</fC02>
<fC02 i1="02" i2="X">
<s0>001D04A04E</s0>
</fC02>
<fC03 i1="01" i2="X" l="FRE">
<s0>Cryptographie</s0>
<s5>01</s5>
</fC03>
<fC03 i1="01" i2="X" l="ENG">
<s0>Cryptography</s0>
<s5>01</s5>
</fC03>
<fC03 i1="01" i2="X" l="SPA">
<s0>Criptografía</s0>
<s5>01</s5>
</fC03>
<fC03 i1="02" i2="X" l="FRE">
<s0>Treillis</s0>
<s5>06</s5>
</fC03>
<fC03 i1="02" i2="X" l="ENG">
<s0>Lattice</s0>
<s5>06</s5>
</fC03>
<fC03 i1="02" i2="X" l="SPA">
<s0>Enrejado</s0>
<s5>06</s5>
</fC03>
<fC03 i1="03" i2="X" l="FRE">
<s0>Cryptanalyse</s0>
<s5>07</s5>
</fC03>
<fC03 i1="03" i2="X" l="ENG">
<s0>Cryptanalysis</s0>
<s5>07</s5>
</fC03>
<fC03 i1="03" i2="X" l="SPA">
<s0>Criptoanálisis</s0>
<s5>07</s5>
</fC03>
<fC03 i1="04" i2="X" l="FRE">
<s0>Temps polynomial</s0>
<s5>08</s5>
</fC03>
<fC03 i1="04" i2="X" l="ENG">
<s0>Polynomial time</s0>
<s5>08</s5>
</fC03>
<fC03 i1="04" i2="X" l="SPA">
<s0>Tiempo polinomial</s0>
<s5>08</s5>
</fC03>
<fC03 i1="05" i2="X" l="FRE">
<s0>Clé publique</s0>
<s5>18</s5>
</fC03>
<fC03 i1="05" i2="X" l="ENG">
<s0>Public key</s0>
<s5>18</s5>
</fC03>
<fC03 i1="05" i2="X" l="SPA">
<s0>Llave pública</s0>
<s5>18</s5>
</fC03>
<fC03 i1="06" i2="X" l="FRE">
<s0>Réseau arithmétique</s0>
<s5>19</s5>
</fC03>
<fC03 i1="06" i2="X" l="ENG">
<s0>Integer lattice</s0>
<s5>19</s5>
</fC03>
<fC03 i1="06" i2="X" l="SPA">
<s0>Red aritmética</s0>
<s5>19</s5>
</fC03>
<fC03 i1="07" i2="X" l="FRE">
<s0>Opération arithmétique</s0>
<s5>20</s5>
</fC03>
<fC03 i1="07" i2="X" l="ENG">
<s0>Arithmetic operation</s0>
<s5>20</s5>
</fC03>
<fC03 i1="07" i2="X" l="SPA">
<s0>Operación aritmética</s0>
<s5>20</s5>
</fC03>
<fC03 i1="08" i2="3" l="FRE">
<s0>Arithmétique virgule flottante</s0>
<s5>21</s5>
</fC03>
<fC03 i1="08" i2="3" l="ENG">
<s0>Floating point arithmetic</s0>
<s5>21</s5>
</fC03>
<fC03 i1="09" i2="X" l="FRE">
<s0>Virgule flottante</s0>
<s5>23</s5>
</fC03>
<fC03 i1="09" i2="X" l="ENG">
<s0>Floating point</s0>
<s5>23</s5>
</fC03>
<fC03 i1="09" i2="X" l="SPA">
<s0>Coma flotante</s0>
<s5>23</s5>
</fC03>
<fC03 i1="10" i2="X" l="FRE">
<s0>Méthode cas pire</s0>
<s5>24</s5>
</fC03>
<fC03 i1="10" i2="X" l="ENG">
<s0>Worst case method</s0>
<s5>24</s5>
</fC03>
<fC03 i1="10" i2="X" l="SPA">
<s0>Método caso peor</s0>
<s5>24</s5>
</fC03>
<fC03 i1="11" i2="X" l="FRE">
<s0>Méthode Gram Schmidt</s0>
<s5>25</s5>
</fC03>
<fC03 i1="11" i2="X" l="ENG">
<s0>Gram Schmidt method</s0>
<s5>25</s5>
</fC03>
<fC03 i1="11" i2="X" l="SPA">
<s0>Método Gram Schmidt</s0>
<s5>25</s5>
</fC03>
<fC03 i1="12" i2="X" l="FRE">
<s0>Théorie euclidienne</s0>
<s5>26</s5>
</fC03>
<fC03 i1="12" i2="X" l="ENG">
<s0>Euclidean theory</s0>
<s5>26</s5>
</fC03>
<fC03 i1="12" i2="X" l="SPA">
<s0>Teoría euclidiana</s0>
<s5>26</s5>
</fC03>
<fC03 i1="13" i2="X" l="FRE">
<s0>Processus Gauss</s0>
<s5>27</s5>
</fC03>
<fC03 i1="13" i2="X" l="ENG">
<s0>Gaussian process</s0>
<s5>27</s5>
</fC03>
<fC03 i1="13" i2="X" l="SPA">
<s0>Proceso Gauss</s0>
<s5>27</s5>
</fC03>
<fN21>
<s1>248</s1>
</fN21>
<fN44 i1="01">
<s1>OTO</s1>
</fN44>
<fN82>
<s1>OTO</s1>
</fN82>
</pA>
<pR>
<fA30 i1="01" i2="1" l="ENG">
<s1>Annual international conference on the theory and applications of cryptographic techniques</s1>
<s2>24</s2>
<s3>Aarhus DNK</s3>
<s4>2005-05-22</s4>
</fA30>
</pR>
</standard>
<server>
<NO>PASCAL 05-0355690 INIST</NO>
<ET>Floating-point LLL revisited</ET>
<AU>NGUYEN (Phong Q.); STEHLE (Damien); CRAMER (Ronald)</AU>
<AF>CNRS/École normale supérieure, DI, 45 rue d'Ulm/75005 Paris/France (1 aut.); Univ. Nancy 1/LORIA, 615 rue du J. Botanique/54602 Villers-lès-Nancy/France (2 aut.)</AF>
<DT>Publication en série; Congrès; Niveau analytique</DT>
<SO>Lecture notes in computer science; ISSN 0302-9743; Allemagne; Da. 2005; Vol. 3494; Pp. 215-233; Bibl. 44 ref.</SO>
<LA>Anglais</LA>
<EA>The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L
<sup>3</sup>
) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L
<sup>3</sup>
outputs a so-called L
<sup>3</sup>
-reduced basis in polynomial time O(d
<sup>5</sup>
n log
<sup>3</sup>
B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L
<sup>3</sup>
is almost never used in practice. Instead, one applies floating-point variants of L
<sup>3</sup>
, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L
<sup>3</sup>
) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L
<sup>3</sup>
is not even guaranteed to terminate, and the output basis may not be L
<sup>3</sup>
-reduced at all. In this article, we introduce the L
<sup>2</sup>
algorithm, a new and natural floating-point variant of L
<sup>3</sup>
which provably outputs L
<sup>3</sup>
-reduced bases in polynomial time O(d
<sup>4</sup>
n(d + log B) log B). This is the first L
<sup>3</sup>
algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.</EA>
<CC>001D02B07C; 001D04A04E</CC>
<FD>Cryptographie; Treillis; Cryptanalyse; Temps polynomial; Clé publique; Réseau arithmétique; Opération arithmétique; Arithmétique virgule flottante; Virgule flottante; Méthode cas pire; Méthode Gram Schmidt; Théorie euclidienne; Processus Gauss</FD>
<ED>Cryptography; Lattice; Cryptanalysis; Polynomial time; Public key; Integer lattice; Arithmetic operation; Floating point arithmetic; Floating point; Worst case method; Gram Schmidt method; Euclidean theory; Gaussian process</ED>
<SD>Criptografía; Enrejado; Criptoanálisis; Tiempo polinomial; Llave pública; Red aritmética; Operación aritmética; Coma flotante; Método caso peor; Método Gram Schmidt; Teoría euclidiana; Proceso Gauss</SD>
<LO>INIST-16343.354000124475470130</LO>
<ID>05-0355690</ID>
</server>
</inist>
</record>

Pour manipuler ce document sous Unix (Dilib)

EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/PascalFrancis/Corpus

HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000538 | SxmlIndent | more

Ou

HfdSelect -h $EXPLOR_AREA/Data/PascalFrancis/Corpus/biblio.hfd -nk 000538 | SxmlIndent | more

Pour mettre un lien sur cette page dans le réseau Wicri

{{Explor lien
   |wiki=    Wicri/Lorraine
   |area=    InforLorV4
   |flux=    PascalFrancis
   |étape=   Corpus
   |type=    RBID
   |clé=     Pascal:05-0355690
   |texte=   Floating-point LLL revisited
}}
Wicri

This area was generated with Dilib version V0.6.33.
Data generation: Mon Jun 10 21:56:28 2019. Site generation: Fri Feb 25 15:29:27 2022