Floating-Point LLL Revisited
Identifieur interne : 006486 ( Main/Merge ); précédent : 006485; suivant : 006487Floating-Point LLL Revisited
Auteurs : Phong Q. Nguên [France] ; Damien Stehlé [France]Source :
- Lecture Notes in Computer Science [ 0302-9743 ]
Abstract
Abstract: The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L3) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L3 outputs a so-called L3-reduced basis in polynomial time O(d 5 n log3 B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L3 is almost never used in practice. Instead, one applies floating-point variants of L3, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L3) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L3 is not even guaranteed to terminate, and the output basis may not be L3-reduced at all. In this article, we introduce the L2 algorithm, a new and natural floating-point variant of L3 which provably outputs L3-reduced bases in polynomial time O(d 4 n (d + log B) log B). This is the first L3 algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.
Url:
DOI: 10.1007/11426639_13
Links toward previous steps (curation, corpus...)
- to stream Istex, to step Corpus: 002471
- to stream Istex, to step Curation: 002440
- to stream Istex, to step Checkpoint: 001575
Links to Exploration step
ISTEX:9CD6779A71CD1A56FD89A716A2C2CF047A672CB1Le document en format XML
<record><TEI wicri:istexFullTextTei="biblStruct"><teiHeader><fileDesc><titleStmt><title xml:lang="en">Floating-Point LLL Revisited</title><author><name sortKey="Nguen, Phong Q" sort="Nguen, Phong Q" uniqKey="Nguen P" first="Phong Q." last="Nguên">Phong Q. Nguên</name></author><author><name sortKey="Stehle, Damien" sort="Stehle, Damien" uniqKey="Stehle D" first="Damien" last="Stehlé">Damien Stehlé</name></author></titleStmt><publicationStmt><idno type="wicri:source">ISTEX</idno><idno type="RBID">ISTEX:9CD6779A71CD1A56FD89A716A2C2CF047A672CB1</idno><date when="2005" year="2005">2005</date><idno type="doi">10.1007/11426639_13</idno><idno type="url">https://api.istex.fr/ark:/67375/HCB-VF0KK9W1-H/fulltext.pdf</idno><idno type="wicri:Area/Istex/Corpus">002471</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Corpus" wicri:corpus="ISTEX">002471</idno><idno type="wicri:Area/Istex/Curation">002440</idno><idno type="wicri:Area/Istex/Checkpoint">001575</idno><idno type="wicri:explorRef" wicri:stream="Istex" wicri:step="Checkpoint">001575</idno><idno type="wicri:doubleKey">0302-9743:2005:Nguen P:floating:point:lll</idno><idno type="wicri:Area/Main/Merge">006486</idno></publicationStmt><sourceDesc><biblStruct><analytic><title level="a" type="main" xml:lang="en">Floating-Point LLL Revisited</title><author><name sortKey="Nguen, Phong Q" sort="Nguen, Phong Q" uniqKey="Nguen P" first="Phong Q." last="Nguên">Phong Q. Nguên</name><affiliation wicri:level="3"><country xml:lang="fr">France</country><wicri:regionArea>CNRS/École normale supérieure, DI, 45 rue d’Ulm, 75005, Paris</wicri:regionArea><placeName><region type="region" nuts="2">Île-de-France</region><settlement type="city">Paris</settlement></placeName></affiliation><affiliation wicri:level="1"><country wicri:rule="url">France</country></affiliation></author><author><name sortKey="Stehle, Damien" sort="Stehle, Damien" uniqKey="Stehle D" first="Damien" last="Stehlé">Damien Stehlé</name><affiliation wicri:level="3"><country xml:lang="fr">France</country><wicri:regionArea>Univ. Nancy 1/LORIA, 615 rue du J. Botanique, 54602, Villers-lès-Nancy</wicri:regionArea><placeName><region type="region" nuts="2">Grand Est</region><region type="old region" nuts="2">Lorraine (région)</region><settlement type="city">Villers-lès-Nancy</settlement></placeName></affiliation><affiliation wicri:level="1"><country wicri:rule="url">France</country></affiliation></author></analytic><monogr></monogr><series><title level="s" type="main" xml:lang="en">Lecture Notes in Computer Science</title><idno type="ISSN">0302-9743</idno><idno type="eISSN">1611-3349</idno><idno type="ISSN">0302-9743</idno></series></biblStruct></sourceDesc><seriesStmt><idno type="ISSN">0302-9743</idno></seriesStmt></fileDesc><profileDesc><textClass></textClass></profileDesc></teiHeader><front><div type="abstract" xml:lang="en">Abstract: The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L3) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L3 outputs a so-called L3-reduced basis in polynomial time O(d 5 n log3 B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L3 is almost never used in practice. Instead, one applies floating-point variants of L3, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L3) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L3 is not even guaranteed to terminate, and the output basis may not be L3-reduced at all. In this article, we introduce the L2 algorithm, a new and natural floating-point variant of L3 which provably outputs L3-reduced bases in polynomial time O(d 4 n (d + log B) log B). This is the first L3 algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.</div></front></TEI></record>Pour manipuler ce document sous Unix (Dilib)
EXPLOR_STEP=$WICRI_ROOT/Wicri/Lorraine/explor/InforLorV4/Data/Main/Merge
HfdSelect -h $EXPLOR_STEP/biblio.hfd -nk 006486 | SxmlIndent | more
Ou
HfdSelect -h $EXPLOR_AREA/Data/Main/Merge/biblio.hfd -nk 006486 | SxmlIndent | more
Pour mettre un lien sur cette page dans le réseau Wicri
{{Explor lien
|wiki= Wicri/Lorraine
|area= InforLorV4
|flux= Main
|étape= Merge
|type= RBID
|clé= ISTEX:9CD6779A71CD1A56FD89A716A2C2CF047A672CB1
|texte= Floating-Point LLL Revisited
}}
| This area was generated with Dilib version V0.6.33. |  |