A hierarchy of polynomial time lattice basis reduction algorithms
Theoretical Computer Science
A more efficient algorithm for lattice basis reduction
Journal of Algorithms
Lattice basis reduction: improved practical algorithms and solving subset sum problems
Mathematical Programming: Series A and B
A sieve algorithm for the shortest lattice vector problem
STOC '01 Proceedings of the thirty-third annual ACM symposium on Theory of computing
Lattice Attacks on Digital Signature Schemes
Designs, Codes and Cryptography
Complexity of Lattice Problems
Complexity of Lattice Problems
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
Proceedings of the thirty-fifth annual ACM symposium on Theory of computing
Attacking the Chor-Rivest cryptosystem by improved lattice reduction
EUROCRYPT'95 Proceedings of the 14th annual international conference on Theory and application of cryptographic techniques
Cryptanalysis of RSA with private key d less than N0:292
EUROCRYPT'99 Proceedings of the 17th international conference on Theory and application of cryptographic techniques
EUROCRYPT'05 Proceedings of the 24th annual international conference on Theory and Applications of Cryptographic Techniques
Finding short lattice vectors within mordell's inequality
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Rigorous and Efficient Short Lattice Vectors Enumeration
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
A hybrid lattice-reduction and meet-in-the-middle attack against NTRU
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
Improved analysis of Kannan's shortest lattice vector algorithm
CRYPTO'07 Proceedings of the 27th annual international cryptology conference on Advances in cryptology
EUROCRYPT'08 Proceedings of the theory and applications of cryptographic techniques 27th annual international conference on Advances in cryptology
Proceedings of the forty-second ACM symposium on Theory of computing
Lattice reduction algorithms: theory and practice
EUROCRYPT'11 Proceedings of the 30th Annual international conference on Theory and applications of cryptographic techniques: advances in cryptology
Algorithms for the shortest and closest lattice vector problems
IWCC'11 Proceedings of the Third international conference on Coding and cryptology
Analyzing blockwise lattice algorithms using dynamical systems
CRYPTO'11 Proceedings of the 31st annual conference on Advances in cryptology
BKZ 2.0: better lattice security estimates
ASIACRYPT'11 Proceedings of the 17th international conference on The Theory and Application of Cryptology and Information Security
| Hi-index | 0.00 |
Lattice reduction is a hard problem of interest to both public-key cryptography and cryptanalysis. Despite its importance, extremely few algorithms are known. The best algorithm known in high dimension is due to Schnorr, proposed in 1987 as a block generalization of the famous LLL algorithm. This paper deals with Schnorr's algorithm and potential improvements. We prove that Schnorr's algorithm outputs better bases than what was previously known: namely, we decrease all former bounds on Schnorr's approximation factors to their (ln 2)-th power. On the other hand, we also show that the output quality may have intrinsic limitations, even if an improved reduction strategy was used for each block, thereby strengthening recent results by Ajtai. This is done by making a connection between Schnorr's algorithm and a mathematical constant introduced by Rankin more than 50 years ago as a generalization of Hermite's constant. Rankin's constant leads us to introduce the so-called smallest volume problem, a new lattice problem which generalizes the shortest vector problem, and which has applications to blockwise lattice reduction generalizing LLL and Schnorr's algorithm, possibly improving their output quality. Schnorr's algorithm is actually based on an approximation algorithm for the smallest volume problem in low dimension. We obtain a slight improvement over Schnorr's algorithm by presenting a cheaper approximation algorithm for the smallest volume problem, which we call transference reduction.