A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
A more efficient algorithm for lattice basis reduction
Journal of Algorithms
Lattice basis reduction: improved practical algorithms and solving subset sum problems
Mathematical Programming: Series A and B
Generating hard instances of lattice problems (extended abstract)
STOC '96 Proceedings of the twenty-eighth annual ACM symposium on Theory of computing
Complexity of Lattice Problems
Complexity of Lattice Problems
Random Lattices and a Conjectured 0 - 1 Law about Their Polynomial Time Computable Properties
FOCS '02 Proceedings of the 43rd Symposium on Foundations of Computer Science
Public-Key Cryptosystems from Lattice Reduction Problems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
NTRU: A Ring-Based Public Key Cryptosystem
ANTS-III Proceedings of the Third International Symposium on Algorithmic Number Theory
Segment LLL-Reduction with Floating Point Orthogonalization
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Proceedings of the thirty-fifth annual ACM symposium on Theory of computing
Heuristics on lattice basis reduction in practice
Journal of Experimental Algorithmics (JEA)
A Course in Computational Algebraic Number Theory
A Course in Computational Algebraic Number Theory
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Certification of the QR factor R and of lattice basis reducedness
Proceedings of the 2007 international symposium on Symbolic and algebraic computation
Cryptanalysis of General Lu-Lee Type Systems
Information Security and Cryptology
SWIFFT: A Modest Proposal for FFT Hashing
Fast Software Encryption
Efficient lattice-based signature scheme
International Journal of Applied Cryptography
Explicit Hard Instances of the Shortest Vector Problem
PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Broadcast Attacks against Lattice-Based Cryptosystems
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
Parallel Lattice Basis Reduction Using a Multi-threaded Schnorr-Euchner LLL Algorithm
Euro-Par '09 Proceedings of the 15th International Euro-Par Conference on Parallel Processing
Cryptanalysis of the Paeng-Jung-Ha cryptosystem from PKC 2003
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Improved analysis of Kannan's shortest lattice vector algorithm
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
A digital signature scheme based on CV P∞
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Accelerating lattice reduction with FPGAs
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Analysis of gauss-sieve for solving the shortest vector problem in lattices
WALCOM'11 Proceedings of the 5th international conference on WALCOM: algorithms and computation
NTRU-like public key cryptosystems beyond dedekind domain up to alternative algebra
Transactions on computational science X
Practical polynomial factoring in polynomial time
Proceedings of the 36th international symposium on Symbolic and algebraic computation
Lattice reduction algorithms: theory and practice
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Algorithms for the shortest and closest lattice vector problems
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
Analyzing blockwise lattice algorithms using dynamical systems
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
Modelling the LLL algorithm by sandpiles
LATIN'10 Proceedings of the 9th Latin American conference on Theoretical Informatics
Lattice enumeration using extreme pruning
EUROCRYPT'10 Proceedings of the 29th Annual international conference on Theory and Applications of Cryptographic Techniques
Parallel shortest lattice vector enumeration on graphics cards
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
BKZ 2.0: better lattice security estimates
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
A non-associative lattice-based public key cryptosystem
Security and Communication Networks
Lower bounds of shortest vector lengths in random NTRU lattices
TAMC'12 Proceedings of the 9th Annual international conference on Theory and Applications of Models of Computation
On the optimality of lattices for the coppersmith technique
ACISP'12 Proceedings of the 17th Australasian conference on Information Security and Privacy
An efficient LLL gram using buffered transformations
CASC'07 Proceedings of the 10th international conference on Computer Algebra in Scientific Computing
Hi-index | 0.00 |
Despite their popularity, lattice reduction algorithms remain mysterious in many ways. It has been widely reported that they behave much more nicely than what was expected from the worst-case proved bounds, both in terms of the running time and the output quality. In this article, we investigate this puzzling statement by trying to model the average case of lattice reduction algorithms, starting with the celebrated Lenstra-Lenstra-Lovász algorithm (L3). We discuss what is meant by lattice reduction on the average, and we present extensive experiments on the average case behavior of L3, in order to give a clearer picture of the differences/similarities between the average and worst cases. Our work is intended to clarify the practical behavior of L3 and to raise theoretical questions on its average behavior.