Algorithms to construct Minkowski reduced and Hermite reduced lattice bases
Theoretical Computer Science
Sphere-packings, lattices, and groups
Sphere-packings, lattices, and groups
A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
Journal of Algorithms
Lattice basis reduction: improved practical algorithms and solving subset sum problems
Mathematical Programming: Series A and B
Generating hard instances of lattice problems (extended abstract)
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
The generalized Gauss reduction algorithm
Journal of Algorithms
The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract)
STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
Complexity of Lattice Problems
Complexity of Lattice Problems
Worst-Case Complexity of the Optimal LLL Algorithm
LATIN '00 Proceedings of the 4th Latin American Symposium on Theoretical Informatics
Improved algorithms for integer programming and related lattice problems
STOC '83 Proceedings of the fifteenth annual ACM symposium on Theory of computing
Finding short lattice vectors within mordell's inequality
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Attacking the Chor-Rivest cryptosystem by improved lattice reduction
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Exact polynomial factorization by approximate high degree algebraic numbers
Proceedings of the 2009 conference on Symbolic numeric computation
A non-associative lattice-based public key cryptosystem
Security and Communication Networks
A complexity analysis of a Jacobi method for lattice basis reduction
Proceedings of the Fifth International C* Conference on Computer Science and Software Engineering
Sparse Non-negative Stencils for Anisotropic Diffusion
Journal of Mathematical Imaging and Vision
| Hi-index | 0.00 |
Lattice reduction is a geometric generalization of the problem of computing greatest common divisors. Most of the interesting algorithmic problems related to lattice reduction are NP-hard as the lattice dimension increases. This article deals with the low-dimensional case. We study a greedy lattice basis reduction algorithm for the Euclidean norm, which is arguably the most natural lattice basis reduction algorithm because it is a straightforward generalization of an old two-dimensional algorithm of Lagrange, usually known as Gauss' algorithm, and which is very similar to Euclid's gcd algorithm. Our results are twofold. From a mathematical point of view, we show that up to dimension four, the output of the greedy algorithm is optimal: The output basis reaches all the successive minima of the lattice. However, as soon as the lattice dimension is strictly higher than four, the output basis may be arbitrarily bad as it may not even reach the first minimum. More importantly, from a computational point of view, we show that up to dimension four, the bit-complexity of the greedy algorithm is quadratic without fast integer arithmetic, just like Euclid's gcd algorithm. This was already proved by Semaev up to dimension three using rather technical means, but it was previously unknown whether or not the algorithm was still polynomial in dimension four. We propose two different analyzes: a global approach based on the geometry of the current basis when the length decrease stalls, and a local approach showing directly that a significant length decrease must occur every O(1) consecutive steps. Our analyzes simplify Semaev's analysis in dimensions two and three, and unify the cases of dimensions two to four. Although the global approach is much simpler, we also present the local approach because it gives further information on the behavior of the algorithm.