Solving low-density subset sum problems
Journal of the ACM (JACM)
A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
A more efficient algorithm for lattice basis reduction
Journal of Algorithms
The algebraic eigenvalue problem
The algebraic eigenvalue problem
Fast reduction and composition of binary quadratic forms
ISSAC '91 Proceedings of the 1991 international symposium on Symbolic and algebraic computation
Lattice basis reduction: improved practical algorithms and solving subset sum problems
Mathematical Programming: Series A and B
Lattice Attacks on Digital Signature Schemes
Designs, Codes and Cryptography
Complexity of Lattice Problems
Complexity of Lattice Problems
Proceedings of the 11th Colloquium on Automata, Languages and Programming
Cryptanalysis of the Goldreich-Goldwasser-Halevi Cryptosystem from Crypto '97
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Public-Key Cryptosystems from Lattice Reduction Problems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Cryptanalysis of the Ajtai-Dwork Cryptosystem
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Lattice Basis Reduction: Improved Practical Algorithms and Solving Subset Sum Problems
FCT '91 Proceedings of the 8th International Symposium on Fundamentals of Computation Theory
Improving Lattice Based Cryptosystems Using the Hermite Normal Form
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Segment LLL-Reduction of Lattice Bases
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Segment LLL-Reduction with Floating Point Orthogonalization
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Fast unimodular reduction: planar integer lattices
SFCS '92 Proceedings of the 33rd Annual Symposium on Foundations of Computer Science
Cryptanalysis of RSA with private key d less than N0:292
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
A BLAS based C library for exact linear algebra on integer matrices
Proceedings of the 2005 international symposium on Symbolic and algebraic computation
Fast LLL-type lattice reduction
Information and Computation
MPFR: A multiple-precision binary floating-point library with correct rounding
ACM Transactions on Mathematical Software (TOMS)
Certification of the QR factor R and of lattice basis reducedness
Proceedings of the 2007 international symposium on Symbolic and algebraic computation
Cryptanalysis of General Lu-Lee Type Systems
Information Security and Cryptology
Worst Cases for the Exponential Function in the IEEE 754r decimal64 Format
Reliable Implementation of Real Number Algorithms: Theory and Practice
Efficient lattice-based signature scheme
International Journal of Applied Cryptography
Explicit Hard Instances of the Shortest Vector Problem
PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
Rigorous and Efficient Short Lattice Vectors Enumeration
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Factoring univariate polynomials over the rationals
ACM Communications in Computer Algebra
Implicit Factoring: On Polynomial Time Factoring Given Only an Implicit Hint
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
A New Lattice Construction for Partial Key Exposure Attack for RSA
Irvine Proceedings of the 12th International Conference on Practice and Theory in Public Key Cryptography: PKC '09
Broadcast Attacks against Lattice-Based Cryptosystems
ACNS '09 Proceedings of the 7th International Conference on Applied Cryptography and Network Security
H-LLL: using householder inside LLL
Proceedings of the 2009 international symposium on Symbolic and algebraic computation
Low-dimensional lattice basis reduction revisited
ACM Transactions on Algorithms (TALG)
Parallel Lattice Basis Reduction Using a Multi-threaded Schnorr-Euchner LLL Algorithm
Euro-Par '09 Proceedings of the 15th International Euro-Par Conference on Parallel Processing
Attacking Power Generators Using Unravelled Linearization: When Do We Output Too Much?
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Fast LLL-type lattice reduction
Information and Computation
Extended hidden number problem and its cryptanalytic applications
SAC'06 Proceedings of the 13th international conference on Selected areas in cryptography
Cryptanalysis of the Paeng-Jung-Ha cryptosystem from PKC 2003
PKC'07 Proceedings of the 10th international conference on Practice and theory in public-key cryptography
Finding small roots of bivariate integer polynomial equations: a direct approach
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
A polynomial time attack on RSA with private CRT-exponents smaller than N0.073
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Speeding-up lattice reduction with random projections
LATIN'08 Proceedings of the 8th Latin American conference on Theoretical informatics
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
A digital signature scheme based on CV P∞
PKC'08 Proceedings of the Practice and theory in public key cryptography, 11th international conference on Public key cryptography
Modular Las Vegas algorithms for polynomial absolute factorization
Journal of Symbolic Computation
Accelerating lattice reduction with FPGAs
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
SCN'10 Proceedings of the 7th international conference on Security and cryptography for networks
Practical polynomial factoring in polynomial time
Proceedings of the 36th international symposium on Symbolic and algebraic computation
Improving BDD cryptosystems in general lattices
ISPEC'11 Proceedings of the 7th international conference on Information security practice and experience
Improving the parallel schnorr-euchner lll algorithm
ICA3PP'11 Proceedings of the 11th international conference on Algorithms and architectures for parallel processing - Volume Part I
The 2-adic CM method for genus 2 curves with application to cryptography
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
ASIACRYPT'06 Proceedings of the 12th international conference on Theory and Application of Cryptology and Information Security
Adapting density attacks to low-weight knapsacks
ASIACRYPT'05 Proceedings of the 11th international conference on Theory and Application of Cryptology and Information Security
Practical lattice basis sampling reduction
ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
On the randomness of bits generated by sufficiently smooth functions
ANTS'06 Proceedings of the 7th international conference on Algorithmic Number Theory
Gradual sub-lattice reduction and a new complexity for factoring polynomials
LATIN'10 Proceedings of the 9th Latin American conference on Theoretical Informatics
A public key cryptosystem based on three new provable problems
Theoretical Computer Science
Implicit factoring with shared most significant and middle bits
PKC'10 Proceedings of the 13th international conference on Practice and Theory in Public Key Cryptography
Rankin's constant and blockwise lattice reduction
CRYPTO'06 Proceedings of the 26th annual international conference on Advances in Cryptology
Parallel shortest lattice vector enumeration on graphics cards
AFRICACRYPT'10 Proceedings of the Third international conference on Cryptology in Africa
Symplectic lattice reduction and NTRU
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
An efficient LLL gram using buffered transformations
CASC'07 Proceedings of the 10th international conference on Computer Algebra in Scientific Computing
| Hi-index | 0.00 |
The Lenstra-Lenstra-Lovász lattice basis reduction algorithm (LLL or L3) is a very popular tool in public-key cryptanalysis and in many other fields. Given an integer d-dimensional lattice basis with vectors of norm less than B in an n-dimensional space, L3 outputs a so-called L3-reduced basis in polynomial time O(d5n log3B), using arithmetic operations on integers of bit-length O(d log B). This worst-case complexity is problematic for lattices arising in cryptanalysis where d or/and log B are often large. As a result, the original L3 is almost never used in practice. Instead, one applies floating-point variants of L3, where the long-integer arithmetic required by Gram-Schmidt orthogonalisation (central in L3) is replaced by floating-point arithmetic. Unfortunately, this is known to be unstable in the worst-case: the usual floating-point L3 is not even guaranteed to terminate, and the output basis may not be L3-reduced at all. In this article, we introduce the L2 algorithm, a new and natural floating-point variant of L3 which provably outputs L3-reduced bases in polynomial time O(d4n (d + log B) log B). This is the first L3 algorithm whose running time (without fast integer arithmetic) provably grows only quadratically with respect to log B, like the well-known Euclidean and Gaussian algorithms, which it generalizes.