Fast library for number theory: an introduction
ICMS'10 Proceedings of the Third international congress conference on Mathematical software
An LLL-reduction algorithm with quasi-linear time complexity: extended abstract
Proceedings of the forty-third annual ACM symposium on Theory of computing
Vector rational number reconstruction
Proceedings of the 36th international symposium on Symbolic and algebraic computation
Lattice reduction algorithms: theory and practice
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Analyzing blockwise lattice algorithms using dynamical systems
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Improving the parallel schnorr-euchner lll algorithm
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part I
Rigorous Perturbation Bounds of Some Matrix Factorizations
SIAM Journal on Matrix Analysis and Applications
Gradual sub-lattice reduction and a new complexity for factoring polynomials
LATIN'10 Proceedings of the 9th Latin American conference on Theoretical Informatics
On the modular inversion hidden number problem
Journal of Symbolic Computation
Maximizing small root bounds by linearization and applications to small secret exponent RSA
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Random walks and bisections in random circulant graphs
LATIN'12 Proceedings of the 10th Latin American international conference on Theoretical Informatics
Full lattice basis reduction on graphics cards
WEWoRC'11 Proceedings of the 4th Western European conference on Research in Cryptology
Faster gaussian lattice sampling using lazy floating-point arithmetic
ASIACRYPT'12 Proceedings of the 18th international conference on The Theory and Application of Cryptology and Information Security
A polynomial time algorithm for computing the HNF of a module over the integers of a number field
Proceedings of the 37th International Symposium on Symbolic and Algebraic Computation
| Hi-index | 0.00 |
The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (called LLL or ${\rm L}^3$) is a fundamental tool in computational number theory and theoretical computer science, which can be viewed as an efficient algorithmic version of Hermite's inequality on Hermite's constant. Given an integer $d$-dimensional lattice basis with vectors of Euclidean norm less than $B$ in an $n$-dimensional space, the ${\rm L}^3$ algorithm outputs a reduced basis in $O(d^3n\,{\rm log}\,B\cdot\mathcal{M}(d\,{\rm log}\,B))$ bit operations, where $\mathcal{M}(k)$ denotes the time required to multiply $k$-bit integers. This worst-case complexity is problematic for applications where $d$ or/and ${\rm log}\,B$ are often large. As a result, the original ${\rm L}^3$ algorithm is almost never used in practice, except in tiny dimension. Instead, one applies floating-point variants where the long-integer arithmetic required by Gram-Schmidt orthogonalization is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst case: the usual floating-point ${\rm L}^3$ algorithm is not even guaranteed to terminate, and the output basis may not be ${\rm L}^3$-reduced at all. In this article, we introduce the ${\rm L}^2$ algorithm, a new and natural floating-point variant of the ${\rm L}^3$ algorithm which provably outputs ${\rm L}^3$-reduced bases in polynomial time $O(d^2n(d+{\rm log}\,B)\,{\rm log}\,B\cdot\mathcal{M}(d))$. This is the first ${\rm L}^3$ algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to ${\rm log}\,B$, like Euclid's gcd algorithm and Lagrange's two-dimensional algorithm.