Floating-point LLL revisited
Identifieur interne :
000538 ( PascalFrancis/Corpus );
précédent :
000537;
suivant :
000539
Floating-point LLL revisited
Auteurs : Phong Q. Nguyen ;
Damien StehleSource :
-
Lecture notes in computer science [ 0302-9743 ] ; 2005.
RBID : Pascal:05-0355690
Descripteurs français
- Pascal (Inist)
- Cryptographie,
Treillis,
Cryptanalyse,
Temps polynomial,
Clé publique,
Réseau arithmétique,
Opération arithmétique,
Arithmétique virgule flottante,
Virgule flottante,
Méthode cas pire,
Méthode Gram Schmidt,
Théorie euclidienne,
Processus Gauss.
English descriptors
- KwdEn :
- Arithmetic operation,
Cryptanalysis,
Cryptography,
Euclidean theory,
Floating point,
Floating point arithmetic,
Gaussian process,
Gram Schmidt method,
Integer lattice,
Lattice,
Polynomial time,
Public key,
Worst case method.
Abstract
The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L3) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L3 outputs a so-called L3-reduced basis in polynomial time O(d5n log3 B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L3 is almost never used in practice. Instead, one applies floating-point variants of L3, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L3) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L3 is not even guaranteed to terminate, and the output basis may not be L3-reduced at all. In this article, we introduce the L2 algorithm, a new and natural floating-point variant of L3 which provably outputs L3-reduced bases in polynomial time O(d4n(d + log B) log B). This is the first L3 algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.
Notice en format standard (ISO 2709)
Pour connaître la documentation sur le format Inist Standard.
pA |
A01 | 01 | 1 | | @0 0302-9743 |
---|
A05 | | | | @2 3494 |
---|
A08 | 01 | 1 | ENG | @1 Floating-point LLL revisited |
---|
A09 | 01 | 1 | ENG | @1 Advances in cryptology - EUROCRYPT 2005 : Aarhus, 22-26 May 2005 |
---|
A11 | 01 | 1 | | @1 NGUYEN (Phong Q.) |
---|
A11 | 02 | 1 | | @1 STEHLE (Damien) |
---|
A12 | 01 | 1 | | @1 CRAMER (Ronald) @9 ed. |
---|
A14 | 01 | | | @1 CNRS/École normale supérieure, DI, 45 rue d'Ulm @2 75005 Paris @3 FRA @Z 1 aut. |
---|
A14 | 02 | | | @1 Univ. Nancy 1/LORIA, 615 rue du J. Botanique @2 54602 Villers-lès-Nancy @3 FRA @Z 2 aut. |
---|
A20 | | | | @1 215-233 |
---|
A21 | | | | @1 2005 |
---|
A23 | 01 | | | @0 ENG |
---|
A26 | 01 | | | @0 3-540-25910-4 |
---|
A43 | 01 | | | @1 INIST @2 16343 @5 354000124475470130 |
---|
A44 | | | | @0 0000 @1 © 2005 INIST-CNRS. All rights reserved. |
---|
A45 | | | | @0 44 ref. |
---|
A47 | 01 | 1 | | @0 05-0355690 |
---|
A60 | | | | @1 P @2 C |
---|
A61 | | | | @0 A |
---|
A64 | 01 | 1 | | @0 Lecture notes in computer science |
---|
A66 | 01 | | | @0 DEU |
---|
C01 | 01 | | ENG | @0 The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L3) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L3 outputs a so-called L3-reduced basis in polynomial time O(d5n log3 B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L3 is almost never used in practice. Instead, one applies floating-point variants of L3, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L3) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L3 is not even guaranteed to terminate, and the output basis may not be L3-reduced at all. In this article, we introduce the L2 algorithm, a new and natural floating-point variant of L3 which provably outputs L3-reduced bases in polynomial time O(d4n(d + log B) log B). This is the first L3 algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes. |
---|
C02 | 01 | X | | @0 001D02B07C |
---|
C02 | 02 | X | | @0 001D04A04E |
---|
C03 | 01 | X | FRE | @0 Cryptographie @5 01 |
---|
C03 | 01 | X | ENG | @0 Cryptography @5 01 |
---|
C03 | 01 | X | SPA | @0 Criptografía @5 01 |
---|
C03 | 02 | X | FRE | @0 Treillis @5 06 |
---|
C03 | 02 | X | ENG | @0 Lattice @5 06 |
---|
C03 | 02 | X | SPA | @0 Enrejado @5 06 |
---|
C03 | 03 | X | FRE | @0 Cryptanalyse @5 07 |
---|
C03 | 03 | X | ENG | @0 Cryptanalysis @5 07 |
---|
C03 | 03 | X | SPA | @0 Criptoanálisis @5 07 |
---|
C03 | 04 | X | FRE | @0 Temps polynomial @5 08 |
---|
C03 | 04 | X | ENG | @0 Polynomial time @5 08 |
---|
C03 | 04 | X | SPA | @0 Tiempo polinomial @5 08 |
---|
C03 | 05 | X | FRE | @0 Clé publique @5 18 |
---|
C03 | 05 | X | ENG | @0 Public key @5 18 |
---|
C03 | 05 | X | SPA | @0 Llave pública @5 18 |
---|
C03 | 06 | X | FRE | @0 Réseau arithmétique @5 19 |
---|
C03 | 06 | X | ENG | @0 Integer lattice @5 19 |
---|
C03 | 06 | X | SPA | @0 Red aritmética @5 19 |
---|
C03 | 07 | X | FRE | @0 Opération arithmétique @5 20 |
---|
C03 | 07 | X | ENG | @0 Arithmetic operation @5 20 |
---|
C03 | 07 | X | SPA | @0 Operación aritmética @5 20 |
---|
C03 | 08 | 3 | FRE | @0 Arithmétique virgule flottante @5 21 |
---|
C03 | 08 | 3 | ENG | @0 Floating point arithmetic @5 21 |
---|
C03 | 09 | X | FRE | @0 Virgule flottante @5 23 |
---|
C03 | 09 | X | ENG | @0 Floating point @5 23 |
---|
C03 | 09 | X | SPA | @0 Coma flotante @5 23 |
---|
C03 | 10 | X | FRE | @0 Méthode cas pire @5 24 |
---|
C03 | 10 | X | ENG | @0 Worst case method @5 24 |
---|
C03 | 10 | X | SPA | @0 Método caso peor @5 24 |
---|
C03 | 11 | X | FRE | @0 Méthode Gram Schmidt @5 25 |
---|
C03 | 11 | X | ENG | @0 Gram Schmidt method @5 25 |
---|
C03 | 11 | X | SPA | @0 Método Gram Schmidt @5 25 |
---|
C03 | 12 | X | FRE | @0 Théorie euclidienne @5 26 |
---|
C03 | 12 | X | ENG | @0 Euclidean theory @5 26 |
---|
C03 | 12 | X | SPA | @0 Teoría euclidiana @5 26 |
---|
C03 | 13 | X | FRE | @0 Processus Gauss @5 27 |
---|
C03 | 13 | X | ENG | @0 Gaussian process @5 27 |
---|
C03 | 13 | X | SPA | @0 Proceso Gauss @5 27 |
---|
N21 | | | | @1 248 |
---|
N44 | 01 | | | @1 OTO |
---|
N82 | | | | @1 OTO |
---|
|
pR |
A30 | 01 | 1 | ENG | @1 Annual international conference on the theory and applications of cryptographic techniques @2 24 @3 Aarhus DNK @4 2005-05-22 |
---|
|
Format Inist (serveur)
NO : | PASCAL 05-0355690 INIST |
ET : | Floating-point LLL revisited |
AU : | NGUYEN (Phong Q.); STEHLE (Damien); CRAMER (Ronald) |
AF : | CNRS/École normale supérieure, DI, 45 rue d'Ulm/75005 Paris/France (1 aut.); Univ. Nancy 1/LORIA, 615 rue du J. Botanique/54602 Villers-lès-Nancy/France (2 aut.) |
DT : | Publication en série; Congrès; Niveau analytique |
SO : | Lecture notes in computer science; ISSN 0302-9743; Allemagne; Da. 2005; Vol. 3494; Pp. 215-233; Bibl. 44 ref. |
LA : | Anglais |
EA : | The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L3) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L3 outputs a so-called L3-reduced basis in polynomial time O(d5n log3 B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L3 is almost never used in practice. Instead, one applies floating-point variants of L3, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L3) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L3 is not even guaranteed to terminate, and the output basis may not be L3-reduced at all. In this article, we introduce the L2 algorithm, a new and natural floating-point variant of L3 which provably outputs L3-reduced bases in polynomial time O(d4n(d + log B) log B). This is the first L3 algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes. |
CC : | 001D02B07C; 001D04A04E |
FD : | Cryptographie; Treillis; Cryptanalyse; Temps polynomial; Clé publique; Réseau arithmétique; Opération arithmétique; Arithmétique virgule flottante; Virgule flottante; Méthode cas pire; Méthode Gram Schmidt; Théorie euclidienne; Processus Gauss |
ED : | Cryptography; Lattice; Cryptanalysis; Polynomial time; Public key; Integer lattice; Arithmetic operation; Floating point arithmetic; Floating point; Worst case method; Gram Schmidt method; Euclidean theory; Gaussian process |
SD : | Criptografía; Enrejado; Criptoanálisis; Tiempo polinomial; Llave pública; Red aritmética; Operación aritmética; Coma flotante; Método caso peor; Método Gram Schmidt; Teoría euclidiana; Proceso Gauss |
LO : | INIST-16343.354000124475470130 |
ID : | 05-0355690 |
Links to Exploration step
Pascal:05-0355690
Le document en format XML
<record><TEI><teiHeader><fileDesc><titleStmt><title xml:lang="en" level="a">Floating-point LLL revisited</title>
<author><name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name>
<affiliation><inist:fA14 i1="01"><s1>CNRS/École normale supérieure, DI, 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author><name sortKey="Stehle, Damien" sort="Stehle, Damien" uniqKey="Stehle D" first="Damien" last="Stehle">Damien Stehle</name>
<affiliation><inist:fA14 i1="02"><s1>Univ. Nancy 1/LORIA, 615 rue du J. Botanique</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</titleStmt>
<publicationStmt><idno type="wicri:source">INIST</idno>
<idno type="inist">05-0355690</idno>
<date when="2005">2005</date>
<idno type="stanalyst">PASCAL 05-0355690 INIST</idno>
<idno type="RBID">Pascal:05-0355690</idno>
<idno type="wicri:Area/PascalFrancis/Corpus">000538</idno>
</publicationStmt>
<sourceDesc><biblStruct><analytic><title xml:lang="en" level="a">Floating-point LLL revisited</title>
<author><name sortKey="Nguyen, Phong Q" sort="Nguyen, Phong Q" uniqKey="Nguyen P" first="Phong Q." last="Nguyen">Phong Q. Nguyen</name>
<affiliation><inist:fA14 i1="01"><s1>CNRS/École normale supérieure, DI, 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
<author><name sortKey="Stehle, Damien" sort="Stehle, Damien" uniqKey="Stehle D" first="Damien" last="Stehle">Damien Stehle</name>
<affiliation><inist:fA14 i1="02"><s1>Univ. Nancy 1/LORIA, 615 rue du J. Botanique</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</inist:fA14>
</affiliation>
</author>
</analytic>
<series><title level="j" type="main">Lecture notes in computer science</title>
<idno type="ISSN">0302-9743</idno>
<imprint><date when="2005">2005</date>
</imprint>
</series>
</biblStruct>
</sourceDesc>
<seriesStmt><title level="j" type="main">Lecture notes in computer science</title>
<idno type="ISSN">0302-9743</idno>
</seriesStmt>
</fileDesc>
<profileDesc><textClass><keywords scheme="KwdEn" xml:lang="en"><term>Arithmetic operation</term>
<term>Cryptanalysis</term>
<term>Cryptography</term>
<term>Euclidean theory</term>
<term>Floating point</term>
<term>Floating point arithmetic</term>
<term>Gaussian process</term>
<term>Gram Schmidt method</term>
<term>Integer lattice</term>
<term>Lattice</term>
<term>Polynomial time</term>
<term>Public key</term>
<term>Worst case method</term>
</keywords>
<keywords scheme="Pascal" xml:lang="fr"><term>Cryptographie</term>
<term>Treillis</term>
<term>Cryptanalyse</term>
<term>Temps polynomial</term>
<term>Clé publique</term>
<term>Réseau arithmétique</term>
<term>Opération arithmétique</term>
<term>Arithmétique virgule flottante</term>
<term>Virgule flottante</term>
<term>Méthode cas pire</term>
<term>Méthode Gram Schmidt</term>
<term>Théorie euclidienne</term>
<term>Processus Gauss</term>
</keywords>
</textClass>
</profileDesc>
</teiHeader>
<front><div type="abstract" xml:lang="en">The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L<sup>3</sup>
) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L<sup>3</sup>
outputs a so-called L<sup>3</sup>
-reduced basis in polynomial time O(d<sup>5</sup>
n log<sup>3</sup>
B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L<sup>3</sup>
is almost never used in practice. Instead, one applies floating-point variants of L<sup>3</sup>
, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L<sup>3</sup>
) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L<sup>3</sup>
is not even guaranteed to terminate, and the output basis may not be L<sup>3</sup>
-reduced at all. In this article, we introduce the L<sup>2</sup>
algorithm, a new and natural floating-point variant of L<sup>3</sup>
which provably outputs L<sup>3</sup>
-reduced bases in polynomial time O(d<sup>4</sup>
n(d + log B) log B). This is the first L<sup>3</sup>
algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.</div>
</front>
</TEI>
<inist><standard h6="B"><pA><fA01 i1="01" i2="1"><s0>0302-9743</s0>
</fA01>
<fA05><s2>3494</s2>
</fA05>
<fA08 i1="01" i2="1" l="ENG"><s1>Floating-point LLL revisited</s1>
</fA08>
<fA09 i1="01" i2="1" l="ENG"><s1>Advances in cryptology - EUROCRYPT 2005 : Aarhus, 22-26 May 2005</s1>
</fA09>
<fA11 i1="01" i2="1"><s1>NGUYEN (Phong Q.)</s1>
</fA11>
<fA11 i1="02" i2="1"><s1>STEHLE (Damien)</s1>
</fA11>
<fA12 i1="01" i2="1"><s1>CRAMER (Ronald)</s1>
<s9>ed.</s9>
</fA12>
<fA14 i1="01"><s1>CNRS/École normale supérieure, DI, 45 rue d'Ulm</s1>
<s2>75005 Paris</s2>
<s3>FRA</s3>
<sZ>1 aut.</sZ>
</fA14>
<fA14 i1="02"><s1>Univ. Nancy 1/LORIA, 615 rue du J. Botanique</s1>
<s2>54602 Villers-lès-Nancy</s2>
<s3>FRA</s3>
<sZ>2 aut.</sZ>
</fA14>
<fA20><s1>215-233</s1>
</fA20>
<fA21><s1>2005</s1>
</fA21>
<fA23 i1="01"><s0>ENG</s0>
</fA23>
<fA26 i1="01"><s0>3-540-25910-4</s0>
</fA26>
<fA43 i1="01"><s1>INIST</s1>
<s2>16343</s2>
<s5>354000124475470130</s5>
</fA43>
<fA44><s0>0000</s0>
<s1>© 2005 INIST-CNRS. All rights reserved.</s1>
</fA44>
<fA45><s0>44 ref.</s0>
</fA45>
<fA47 i1="01" i2="1"><s0>05-0355690</s0>
</fA47>
<fA60><s1>P</s1>
<s2>C</s2>
</fA60>
<fA64 i1="01" i2="1"><s0>Lecture notes in computer science</s0>
</fA64>
<fA66 i1="01"><s0>DEU</s0>
</fA66>
<fC01 i1="01" l="ENG"><s0>The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L<sup>3</sup>
) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L<sup>3</sup>
outputs a so-called L<sup>3</sup>
-reduced basis in polynomial time O(d<sup>5</sup>
n log<sup>3</sup>
B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L<sup>3</sup>
is almost never used in practice. Instead, one applies floating-point variants of L<sup>3</sup>
, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L<sup>3</sup>
) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L<sup>3</sup>
is not even guaranteed to terminate, and the output basis may not be L<sup>3</sup>
-reduced at all. In this article, we introduce the L<sup>2</sup>
algorithm, a new and natural floating-point variant of L<sup>3</sup>
which provably outputs L<sup>3</sup>
-reduced bases in polynomial time O(d<sup>4</sup>
n(d + log B) log B). This is the first L<sup>3</sup>
algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.</s0>
</fC01>
<fC02 i1="01" i2="X"><s0>001D02B07C</s0>
</fC02>
<fC02 i1="02" i2="X"><s0>001D04A04E</s0>
</fC02>
<fC03 i1="01" i2="X" l="FRE"><s0>Cryptographie</s0>
<s5>01</s5>
</fC03>
<fC03 i1="01" i2="X" l="ENG"><s0>Cryptography</s0>
<s5>01</s5>
</fC03>
<fC03 i1="01" i2="X" l="SPA"><s0>Criptografía</s0>
<s5>01</s5>
</fC03>
<fC03 i1="02" i2="X" l="FRE"><s0>Treillis</s0>
<s5>06</s5>
</fC03>
<fC03 i1="02" i2="X" l="ENG"><s0>Lattice</s0>
<s5>06</s5>
</fC03>
<fC03 i1="02" i2="X" l="SPA"><s0>Enrejado</s0>
<s5>06</s5>
</fC03>
<fC03 i1="03" i2="X" l="FRE"><s0>Cryptanalyse</s0>
<s5>07</s5>
</fC03>
<fC03 i1="03" i2="X" l="ENG"><s0>Cryptanalysis</s0>
<s5>07</s5>
</fC03>
<fC03 i1="03" i2="X" l="SPA"><s0>Criptoanálisis</s0>
<s5>07</s5>
</fC03>
<fC03 i1="04" i2="X" l="FRE"><s0>Temps polynomial</s0>
<s5>08</s5>
</fC03>
<fC03 i1="04" i2="X" l="ENG"><s0>Polynomial time</s0>
<s5>08</s5>
</fC03>
<fC03 i1="04" i2="X" l="SPA"><s0>Tiempo polinomial</s0>
<s5>08</s5>
</fC03>
<fC03 i1="05" i2="X" l="FRE"><s0>Clé publique</s0>
<s5>18</s5>
</fC03>
<fC03 i1="05" i2="X" l="ENG"><s0>Public key</s0>
<s5>18</s5>
</fC03>
<fC03 i1="05" i2="X" l="SPA"><s0>Llave pública</s0>
<s5>18</s5>
</fC03>
<fC03 i1="06" i2="X" l="FRE"><s0>Réseau arithmétique</s0>
<s5>19</s5>
</fC03>
<fC03 i1="06" i2="X" l="ENG"><s0>Integer lattice</s0>
<s5>19</s5>
</fC03>
<fC03 i1="06" i2="X" l="SPA"><s0>Red aritmética</s0>
<s5>19</s5>
</fC03>
<fC03 i1="07" i2="X" l="FRE"><s0>Opération arithmétique</s0>
<s5>20</s5>
</fC03>
<fC03 i1="07" i2="X" l="ENG"><s0>Arithmetic operation</s0>
<s5>20</s5>
</fC03>
<fC03 i1="07" i2="X" l="SPA"><s0>Operación aritmética</s0>
<s5>20</s5>
</fC03>
<fC03 i1="08" i2="3" l="FRE"><s0>Arithmétique virgule flottante</s0>
<s5>21</s5>
</fC03>
<fC03 i1="08" i2="3" l="ENG"><s0>Floating point arithmetic</s0>
<s5>21</s5>
</fC03>
<fC03 i1="09" i2="X" l="FRE"><s0>Virgule flottante</s0>
<s5>23</s5>
</fC03>
<fC03 i1="09" i2="X" l="ENG"><s0>Floating point</s0>
<s5>23</s5>
</fC03>
<fC03 i1="09" i2="X" l="SPA"><s0>Coma flotante</s0>
<s5>23</s5>
</fC03>
<fC03 i1="10" i2="X" l="FRE"><s0>Méthode cas pire</s0>
<s5>24</s5>
</fC03>
<fC03 i1="10" i2="X" l="ENG"><s0>Worst case method</s0>
<s5>24</s5>
</fC03>
<fC03 i1="10" i2="X" l="SPA"><s0>Método caso peor</s0>
<s5>24</s5>
</fC03>
<fC03 i1="11" i2="X" l="FRE"><s0>Méthode Gram Schmidt</s0>
<s5>25</s5>
</fC03>
<fC03 i1="11" i2="X" l="ENG"><s0>Gram Schmidt method</s0>
<s5>25</s5>
</fC03>
<fC03 i1="11" i2="X" l="SPA"><s0>Método Gram Schmidt</s0>
<s5>25</s5>
</fC03>
<fC03 i1="12" i2="X" l="FRE"><s0>Théorie euclidienne</s0>
<s5>26</s5>
</fC03>
<fC03 i1="12" i2="X" l="ENG"><s0>Euclidean theory</s0>
<s5>26</s5>
</fC03>
<fC03 i1="12" i2="X" l="SPA"><s0>Teoría euclidiana</s0>
<s5>26</s5>
</fC03>
<fC03 i1="13" i2="X" l="FRE"><s0>Processus Gauss</s0>
<s5>27</s5>
</fC03>
<fC03 i1="13" i2="X" l="ENG"><s0>Gaussian process</s0>
<s5>27</s5>
</fC03>
<fC03 i1="13" i2="X" l="SPA"><s0>Proceso Gauss</s0>
<s5>27</s5>
</fC03>
<fN21><s1>248</s1>
</fN21>
<fN44 i1="01"><s1>OTO</s1>
</fN44>
<fN82><s1>OTO</s1>
</fN82>
</pA>
<pR><fA30 i1="01" i2="1" l="ENG"><s1>Annual international conference on the theory and applications of cryptographic techniques</s1>
<s2>24</s2>
<s3>Aarhus DNK</s3>
<s4>2005-05-22</s4>
</fA30>
</pR>
</standard>
<server><NO>PASCAL 05-0355690 INIST</NO>
<ET>Floating-point LLL revisited</ET>
<AU>NGUYEN (Phong Q.); STEHLE (Damien); CRAMER (Ronald)</AU>
<AF>CNRS/École normale supérieure, DI, 45 rue d'Ulm/75005 Paris/France (1 aut.); Univ. Nancy 1/LORIA, 615 rue du J. Botanique/54602 Villers-lès-Nancy/France (2 aut.)</AF>
<DT>Publication en série; Congrès; Niveau analytique</DT>
<SO>Lecture notes in computer science; ISSN 0302-9743; Allemagne; Da. 2005; Vol. 3494; Pp. 215-233; Bibl. 44 ref.</SO>
<LA>Anglais</LA>
<EA>The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L<sup>3</sup>
) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L<sup>3</sup>
outputs a so-called L<sup>3</sup>
-reduced basis in polynomial time O(d<sup>5</sup>
n log<sup>3</sup>
B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L<sup>3</sup>
is almost never used in practice. Instead, one applies floating-point variants of L<sup>3</sup>
, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L<sup>3</sup>
) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L<sup>3</sup>
is not even guaranteed to terminate, and the output basis may not be L<sup>3</sup>
-reduced at all. In this article, we introduce the L<sup>2</sup>
algorithm, a new and natural floating-point variant of L<sup>3</sup>
which provably outputs L<sup>3</sup>
-reduced bases in polynomial time O(d<sup>4</sup>
n(d + log B) log B). This is the first L<sup>3</sup>
algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.</EA>
<CC>001D02B07C; 001D04A04E</CC>
<FD>Cryptographie; Treillis; Cryptanalyse; Temps polynomial; Clé publique; Réseau arithmétique; Opération arithmétique; Arithmétique virgule flottante; Virgule flottante; Méthode cas pire; Méthode Gram Schmidt; Théorie euclidienne; Processus Gauss</FD>
<ED>Cryptography; Lattice; Cryptanalysis; Polynomial time; Public key; Integer lattice; Arithmetic operation; Floating point arithmetic; Floating point; Worst case method; Gram Schmidt method; Euclidean theory; Gaussian process</ED>
<SD>Criptografía; Enrejado; Criptoanálisis; Tiempo polinomial; Llave pública; Red aritmética; Operación aritmética; Coma flotante; Método caso peor; Método Gram Schmidt; Teoría euclidiana; Proceso Gauss</SD>
<LO>INIST-16343.354000124475470130</LO>
<ID>05-0355690</ID>
</server>
</inist>
</record>
Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/PascalFrancis/Corpus
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 000538 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/PascalFrancis/Corpus/biblio.hfd -nk 000538 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Lorraine
|area= InforLorV4
|flux= PascalFrancis
|étape= Corpus
|type= RBID
|clé= Pascal:05-0355690
|texte= Floating-point LLL revisited
}}
| This area was generated with Dilib version V0.6.33. Data generation: Mon Jun 10 21:56:28 2019. Site generation: Fri Feb 25 15:29:27 2022 | ![](Common/icons/LogoDilib.gif) |