Skip to main content
SpringerLink
Log in

A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram–Schmidt lengths

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

Lattice basis reduction algorithms have been used in cryptanalysis. The most famous algorithm is LLL, proposed by Lenstra, Lenstra, Lovász, and one of its typical improvements is LLL with deep insertions (DeepLLL). A DeepLLL-reduced basis is LLL-reduced, and hence its quality is at least as good as LLL. In practice, DeepLLL often outputs a more reduced basis than LLL, but no theoretical result is known. First, we show provable output quality of DeepLLL, strictly better than that of LLL. Second, as a main work of this paper, we propose a new variant of DeepLLL. The squared-sum of Gram–Schmidt lengths of a basis is related with the computational hardness of lattice problems such as the shortest vector problem (SVP). Given an input basis, our variant monotonically decreases the squared-sum by a given factor at every deep insertion. This guarantees that our variant runs in polynomial-time.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6

Similar content being viewed by others

References

  1. Ajtai M.: Generating random lattices according to the invariant distribution, Draft of March (2006).

  2. Aono Y., Nguyen P.Q.: Random sampling revisited: Lattice enumeration with discrete pruning. In: Advances in Cryptology—EUROCRYPT 2017, Lecture Notes in Computer Science. 10211, pp. 65–102 (2017).

    Google Scholar 

  3. Aono Y., Wang Y., Hayashi T., Takagi T.: Improved progressive BKZ algorithms and their precise cost estimation by sharp simulator. In: Advances in Cryptology—EUROCRYPT 2016, Lecture Notes in Computer Science 9665, pp. 789–819 (2016).

    Chapter  Google Scholar 

  4. Babai L.: On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986).

    Article  MathSciNet  MATH  Google Scholar 

  5. Bremner M.R.: Lattice Basis Reduction: An Introduction to the LLL Algorithm and Its Applications. CRC Press, Boca Raton (2011).

    Book  Google Scholar 

  6. Chen Y., Nguyen P.Q.: BKZ 2.0: better lattice security estimates. In: Advances in Cryptology—ASIACRYPT 2011, Lecture Notes in Computer Science 7073, pp. 1–20 (2011).

    Google Scholar 

  7. Cohen H.: A Course in Computational Algebraic Number Theory, vol. 138. Graduate Texts in MathSpringer, Berlin (1993).

    Book  MATH  Google Scholar 

  8. Darmstadt T.U.: SVP Challenge. http://www.latticechallenge.org/svp-challenge/.

  9. Ducas L.: Shortest vector from lattice sieving: a few dimensions for free. In: Advances in Cryptology—EUROCRYPT 2018, Lecture Notes in Computer Science 10820, pp. 125–145 (2018).

    Chapter  Google Scholar 

  10. Fukase M., Kashiwabara K.: An accelerated algorithm for solving SVP based on statistical analysis. J. Inf. Process. 23(1), 1–15 (2015).

    Google Scholar 

  11. Fontein F., Schneider M., Wagner U.: PotLLL: a polynomial time version of LLL with deep insertions. Des. Codes Cryptogr. 73, 355–368 (2014).

    Article  MathSciNet  MATH  Google Scholar 

  12. Galbraith S.D.: Mathematics of Public Key Cryptography. Cambridge University Press, Cambridge (2012).

    Book  MATH  Google Scholar 

  13. Gama N., Nguyen P.Q.: Predicting lattice reduction. In: Advances in Cryptology—EUROCRYPT 2008, Lecture Notes in Computer Science 4965, pp. 31–51 (2008).

  14. Goldstein D., Mayer A.: On the equidistribution of Hecke points. Forum Math. 15, 165–189 (2003).

    Article  MathSciNet  MATH  Google Scholar 

  15. Hanrot G., Pujol X., Stehlé D.: Analyzing blockwise lattice algorithms using dynamical systems. In: Advances in Cryptology—CRYPTO 2011, Lecture Notes in Computer Science 6841, pp. 447–464 (2011).

    Chapter  Google Scholar 

  16. Korkine A., Zolotarev G.: Sur les formes quadratiques. Math. Ann. 6, 366–389 (1873).

    Article  MathSciNet  MATH  Google Scholar 

  17. Lenstra A.K., Lenstra H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982).

    Article  MathSciNet  MATH  Google Scholar 

  18. Matsuda Y., Teruya T., Kashiwabara K.: Estimation of the success probability of random sampling by the Gram–Charlier approximation. IACR ePrint 2018/815 (2018).

  19. Micciancio D., Goldwasser S.: Complexity of Lattice Problems: A Cryptographic Perspective. Springer, New York (2012).

    MATH  Google Scholar 

  20. Nguyen Q., Vallée B.: The LLL Algorithm. Information Security Cryptography (2010).

  21. Schnorr C.P.: Lattice reduction by random sampling and birthday methods. In: International Symposium on Theoretical Aspects of Computer Science—STACS 2003, Lecture Notes in Computer Science 2606, pp. 145–156 (2003).

    Google Scholar 

  22. Schnorr C.P., Euchner M.: Lattice basis reduction: Improved practical algorithms and solving subset sum problems. Math. Program. 66, 181–199 (1994).

    Article  MathSciNet  MATH  Google Scholar 

  23. Shoup V.: NTL: a library for doing number theory. http://www.shoup.net/ntl/.

  24. Teruya T., Kashiwabara K., Hanaoka G.: Fast lattice basis reduction suitable for massive parallelization and its application to the shortest vector problem. In: Public-Key Cryptography—PKC 2018, Lecture Notes in Computer Science 10769, pp. 437–460 (2018).

    Chapter  Google Scholar 

  25. Yamaguchi J., Yasuda M.: Explicit formula for Gram–Schmidt vectors in LLL with deep insertions and its applications. In: Number-Theoretic Methods in Cryptology—NuTMiC 2017, Lecture Notes in Computer Science 10737, pp. 142–160 (2018).

    Chapter  MATH  Google Scholar 

  26. Yasuda M., Yokoyama K., Shimoyama T., Kogure J., Koshiba T.: Analysis of decreasing squared-sum of Gram–Schmidt lengths for short lattice vectors. J. Math. Cryptol. 11(1), 1–24 (2017).

    Article  MathSciNet  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute of Mathematics for Industry, Kyushu University, Fukuoka, Japan

    Masaya Yasuda

  2. Graduate School of Mathematics, Kyushu University, Fukuoka, Japan

    Junpei Yamaguchi

Authors
  1. Masaya Yasuda
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Junpei Yamaguchi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Masaya Yasuda.

Additional information

Communicated by T. Iwata.

Publisher's Note

Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.

This work was supported by JST CREST Grant Number JPMJCR14D6, Japan. A part of this work was also supported by JSPS KAKENHI Grant Number JP16H02830.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Yasuda, M., Yamaguchi, J. A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram–Schmidt lengths. Des. Codes Cryptogr. 87, 2489–2505 (2019). https://doi.org/10.1007/s10623-019-00634-9

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-019-00634-9

Keywords

Mathematics Subject Classification

Search

Navigation