Abstract
Lattice basis reduction algorithms have been used in cryptanalysis. The most famous algorithm is LLL, proposed by Lenstra, Lenstra, Lovász, and one of its typical improvements is LLL with deep insertions (DeepLLL). A DeepLLL-reduced basis is LLL-reduced, and hence its quality is at least as good as LLL. In practice, DeepLLL often outputs a more reduced basis than LLL, but no theoretical result is known. First, we show provable output quality of DeepLLL, strictly better than that of LLL. Second, as a main work of this paper, we propose a new variant of DeepLLL. The squared-sum of Gram–Schmidt lengths of a basis is related with the computational hardness of lattice problems such as the shortest vector problem (SVP). Given an input basis, our variant monotonically decreases the squared-sum by a given factor at every deep insertion. This guarantees that our variant runs in polynomial-time.
Similar content being viewed by others
References
Ajtai M.: Generating random lattices according to the invariant distribution, Draft of March (2006).
Aono Y., Nguyen P.Q.: Random sampling revisited: Lattice enumeration with discrete pruning. In: Advances in Cryptology—EUROCRYPT 2017, Lecture Notes in Computer Science. 10211, pp. 65–102 (2017).
Aono Y., Wang Y., Hayashi T., Takagi T.: Improved progressive BKZ algorithms and their precise cost estimation by sharp simulator. In: Advances in Cryptology—EUROCRYPT 2016, Lecture Notes in Computer Science 9665, pp. 789–819 (2016).
Babai L.: On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986).
Bremner M.R.: Lattice Basis Reduction: An Introduction to the LLL Algorithm and Its Applications. CRC Press, Boca Raton (2011).
Chen Y., Nguyen P.Q.: BKZ 2.0: better lattice security estimates. In: Advances in Cryptology—ASIACRYPT 2011, Lecture Notes in Computer Science 7073, pp. 1–20 (2011).
Cohen H.: A Course in Computational Algebraic Number Theory, vol. 138. Graduate Texts in MathSpringer, Berlin (1993).
Darmstadt T.U.: SVP Challenge. http://www.latticechallenge.org/svp-challenge/.
Ducas L.: Shortest vector from lattice sieving: a few dimensions for free. In: Advances in Cryptology—EUROCRYPT 2018, Lecture Notes in Computer Science 10820, pp. 125–145 (2018).
Fukase M., Kashiwabara K.: An accelerated algorithm for solving SVP based on statistical analysis. J. Inf. Process. 23(1), 1–15 (2015).
Fontein F., Schneider M., Wagner U.: PotLLL: a polynomial time version of LLL with deep insertions. Des. Codes Cryptogr. 73, 355–368 (2014).
Galbraith S.D.: Mathematics of Public Key Cryptography. Cambridge University Press, Cambridge (2012).
Gama N., Nguyen P.Q.: Predicting lattice reduction. In: Advances in Cryptology—EUROCRYPT 2008, Lecture Notes in Computer Science 4965, pp. 31–51 (2008).
Goldstein D., Mayer A.: On the equidistribution of Hecke points. Forum Math. 15, 165–189 (2003).
Hanrot G., Pujol X., Stehlé D.: Analyzing blockwise lattice algorithms using dynamical systems. In: Advances in Cryptology—CRYPTO 2011, Lecture Notes in Computer Science 6841, pp. 447–464 (2011).
Korkine A., Zolotarev G.: Sur les formes quadratiques. Math. Ann. 6, 366–389 (1873).
Lenstra A.K., Lenstra H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982).
Matsuda Y., Teruya T., Kashiwabara K.: Estimation of the success probability of random sampling by the Gram–Charlier approximation. IACR ePrint 2018/815 (2018).
Micciancio D., Goldwasser S.: Complexity of Lattice Problems: A Cryptographic Perspective. Springer, New York (2012).
Nguyen Q., Vallée B.: The LLL Algorithm. Information Security Cryptography (2010).
Schnorr C.P.: Lattice reduction by random sampling and birthday methods. In: International Symposium on Theoretical Aspects of Computer Science—STACS 2003, Lecture Notes in Computer Science 2606, pp. 145–156 (2003).
Schnorr C.P., Euchner M.: Lattice basis reduction: Improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994).
Shoup V.: NTL: a library for doing number theory. http://www.shoup.net/ntl/.
Teruya T., Kashiwabara K., Hanaoka G.: Fast lattice basis reduction suitable for massive parallelization and its application to the shortest vector problem. In: Public-Key Cryptography—PKC 2018, Lecture Notes in Computer Science 10769, pp. 437–460 (2018).
Yamaguchi J., Yasuda M.: Explicit formula for Gram–Schmidt vectors in LLL with deep insertions and its applications. In: Number-Theoretic Methods in Cryptology—NuTMiC 2017, Lecture Notes in Computer Science 10737, pp. 142–160 (2018).
Yasuda M., Yokoyama K., Shimoyama T., Kogure J., Koshiba T.: Analysis of decreasing squared-sum of Gram–Schmidt lengths for short lattice vectors. J. Math. Cryptol. 11(1), 1–24 (2017).
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by T. Iwata.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
This work was supported by JST CREST Grant Number JPMJCR14D6, Japan. A part of this work was also supported by JSPS KAKENHI Grant Number JP16H02830.
Rights and permissions
About this article
Cite this article
Yasuda, M., Yamaguchi, J. A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram–Schmidt lengths. Des. Codes Cryptogr. 87, 2489–2505 (2019). https://doi.org/10.1007/s10623-019-00634-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-019-00634-9
Keywords
- Lattice basis reduction
- LLL with deep insertions
- Shortest vector problem (SVP)
- Shortest diagonal problem (SDP)