Filters








1,143 Hits in 6.7 sec

The optimal LLL algorithm is still polynomial in fixed dimension

Ali Akhavi
2003 Theoretical Computer Science  
ACM 32(1) (1985) 229) seem to show that the algorithm remains polynomial in average.  ...  However, no bound better than a naive exponential order one is established for the worst-case complexity of the optimal LLL algorithm, even for ÿxed small dimension (higher than 2).  ...  Acknowledgements I am indebted to Brigitte Vallà ee for drawing my attention to algorithmic problems in lattice theory and for regular helpful discussions.  ... 
doi:10.1016/s0304-3975(02)00616-3 fatcat:w2txuny4vvee7m4zkgfbdi6t34

Worst-Case Complexity of the Optimal LLL Algorithm [chapter]

Ali Akhavi
2000 Lecture Notes in Computer Science  
However no bound better than a naive exponential order one is established for the worstcase complexity of the optimal LLL algorithm, even for fixed small dimension (higher than ¾).  ...  Here we prove that, for any fixed dimension Ò, the number of iterations of the LLL algorithm is linear with respect to the size of the input.  ...  I am indebted to Brigitte Vallée for drawing my attention to algorithmic problems in lattice theory and for regular helpful discussions. I wish to thank her also for her help to improve this paper.  ... 
doi:10.1007/10719839_35 fatcat:uzqcj2goejeylmnimxabdepdei

Adaptive Precision Floating Point LLL [chapter]

Thomas Plantard, Willy Susilo, Zhenfei Zhang
2013 Lecture Notes in Computer Science  
The LLL algorithm is one of the most studied lattice basis reduction algorithms in the literature.  ...  In its classic setting, the floating point precision is a fixed value, determined by the dimension of the input basis at the initiation of the algorithm.  ...  The LLL algorithm, named after its inventors, Lenstra, Lenstra and Lovász [11] , is a polynomial time lattice reduction algorithm.  ... 
doi:10.1007/978-3-642-39059-3_8 fatcat:s27mn24dgbhhxkx6ogdakksiwe

Integer Programming and Algorithmic Geometry of Numbers [chapter]

Friedrich Eisenbrand
2009 50 Years of Integer Programming 1958-2008  
Lenstra's algorithm runs in polynomial time in the input encoding length if the dimension is fixed.  ...  It turns out that the parametric shortest vector problem can be solved in linear time when the dimension is fixed with a cascaded LLL-algorithm.  ... 
doi:10.1007/978-3-540-68279-0_14 fatcat:c7iusb6esbgpnbjnmohiokwegy

Formalizing the LLL Basis Reduction Algorithm and the LLL Factorization Algorithm in Isabelle/HOL

René Thiemann, Ralph Bottesch, Jose Divasón, Max W. Haslbeck, Sebastiaan J. C. Joosten, Akihisa Yamada
2020 Journal of automated reasoning  
The LLL basis reduction algorithm was the first polynomial-time algorithm to compute a reduced basis of a given lattice, and hence also a short vector in the lattice.  ...  The algorithm has applications in number theory, computer algebra and cryptography. In this paper, we provide an implementation of the LLL algorithm.  ...  Sebastiaan is now working at University of Twente, the Netherlands, and supported by the NWO VICI 639.023.710 Mercedes project.  ... 
doi:10.1007/s10817-020-09552-1 pmid:32831440 pmcid:PMC7413592 fatcat:fhfgozhs5zhvzg7zfooxpdiina

Cryptanalysis of RSA: A Special Case of Boneh-Durfee's Attack [article]

Majid Mumtaz, Ping Luo
2020 IACR Cryptology ePrint Archive  
The core objective is to explore RSA polynomials underlying algebraic structure so that we can improve the performance of weak key attacks.  ...  Boneh-Durfee proposed (at Eurocrypt 1999) a polynomial time attacks on RSA small decryption exponent which exploits lattices and sub-lattice structure to obtain an optimized bounds d < N 0.284 and d <  ...  After that LLL algorithm process the scanned lattice efficiently especially it is useful for large dimension matrices. Only pick specific vectors whose dimension approximately remains same.  ... 
dblp:journals/iacr/MumtazL20 fatcat:sgoegczurrfatbbcuvcw7dzrya

A Formalization of the LLL Basis Reduction Algorithm [chapter]

Jose Divasón, Sebastiaan Joosten, René Thiemann, Akihisa Yamada
2018 Lecture Notes in Computer Science  
We additionally integrate one application of LLL, namely a verified factorization algorithm for univariate integer polynomials which runs in polynomial time.  ...  The LLL basis reduction algorithm was the first polynomialtime algorithm to compute a reduced basis of a given lattice, and hence also a short vector in the lattice.  ...  This research was supported by the Austrian Science Fund (FWF) project Y757. Jose Divasón is partially funded by the Spanish projects MTM2014-54151-P and MTM2017-88804-P.  ... 
doi:10.1007/978-3-319-94821-8_10 fatcat:fpazlnxfyrhvzltnl23t6u36e4

The History of the LLL-Algorithm [chapter]

Ionica Smeets, Arjen Lenstra, Hendrik Lenstra, László Lovász, Peter van Emde Boas
2009 The LLL Algorithm  
Polynomial Factorization Arjen Lenstra's connection with the LLL-algorithm began while he still was a student.  ...  If the solution set K is full-dimensional, then vol(K) > 0 and one can prove that log(1/vol(K)) is bounded by a polynomial in the dimension n and the length of the rest of input for K.  ... 
doi:10.1007/978-3-642-02295-1_1 dblp:series/isc/SmeetsLLLB10 fatcat:dtyaqbe255fozauekdsl543ora

Page 2614 of Mathematical Reviews Vol. , Issue 2001D [page]

2001 Mathematical Reviews  
Classical results concern the optimal order of n(e,d), for fixed dimension d, as a function of ¢. Usually these results include an unknown constant Cy, which depends on d.  ...  The number n(e,d) is the minimal number of function values needed for a worst case error € in the dimension d for the class Fy.  ... 

Techniques for Solving Shortest Vector Problem

V. Dinesh Reddy, P. Ravi, Ashu Abdul, Mahesh Kumar Morampudi, Sriramulu Bojjagani
2021 International Journal of Advanced Computer Science and Applications  
More precisely, this paper presents four algorithms: the Lenstra-Lenstra-Lovasz (LLL) algorithm, the Block Korkine-Zolotarev (BKZ) algorithm, a Metropolis algorithm, and a convex relaxation of SVP.  ...  This problem has a great many applications such as optimization, communication theory, cryptography, etc.  ...  ACKNOWLEDGMENT The authors would like to thank the reviewers for their valuable comments.  ... 
doi:10.14569/ijacsa.2021.0120598 fatcat:x2hfrvhtyjewnniblcyiu7deru

Approximate common divisors via lattices [article]

Henry Cohn, Nadia Heninger
2012 arXiv   pre-print
The multivariate approximate common divisor problem is the number-theoretic analogue of multivariate polynomial reconstruction, and we develop a corresponding lattice-based algorithm for the latter problem  ...  While these results do not challenge the suggested parameters, a 2^(n^epsilon) approximation algorithm with epsilon<2/3 for lattice basis reduction in n dimensions could be used to break these parameters  ...  The algorithm runs in polynomial time for fixed m.  ... 
arXiv:1108.2714v2 fatcat:u4dmeg7ulbhcljzauzuxtkddj4

Fast Lattice Point Enumeration with Minimal Overhead [chapter]

Daniele Micciancio, Michael Walter
2014 Proceedings of the Twenty-Sixth Annual ACM-SIAM Symposium on Discrete Algorithms  
The last technique is used to obtain a new SVP enumeration procedure withÕ(n n/2e ) running time, matching (even in the constant in the exponent) the optimal worst-case analysis (Hanrot and Stehlé, CRYPTO  ...  Enumeration algorithms are the best currently known methods to solve lattice problems, both in theory (within the class of polynomial space algorithms), and in practice (where they are routinely used to  ...  polynomial in the dimension n.  ... 
doi:10.1137/1.9781611973730.21 dblp:conf/soda/MicciancioW15 fatcat:wf3jvwa47falzk4nuabsayq2yi

New Results for Partial Key Exposure on RSA with Exponent Blinding

Stelvio Cimato, Silvia Mella, Ruggero Susella
2015 Proceedings of the 12th International Conference on Security and Cryptography  
This type of attacks is of particular interest in the context of side-channel attacks.  ...  Additionally, we apply partial key exposure attacks to CRT-RSA when exponent blinding is used, a case not yet analyzed in literature.  ...  ACKNOWLEDGEMENTS This work was partly supported by the Italian MIUR project SecurityHorizons (c.n. 2010XSEMLC).  ... 
doi:10.5220/0005571701360147 dblp:conf/secrypt/CimatoMS15 fatcat:z4xlwabdrvadblonvhaln6izvy

Decoding by Sampling: A Randomized Lattice Algorithm for Bounded Distance Decoding

Shuiyin Liu, Cong Ling, Damien Stehle
2011 IEEE Transactions on Information Theory  
Of particular interest is that a fixed gain in the decoding radius compared to Babai's decoding can be achieved at polynomial complexity.  ...  The technical contribution of this paper is two-fold: we analyze and optimize the decoding radius of sampling decoding resulting in better error performance than Klein's original algorithm, and propose  ...  The third author gratefully acknowledges the Department of Computing of Macquarie University and the Department of Mathematics and Statistics of the University of Sydney, where part of this work was undergone  ... 
doi:10.1109/tit.2011.2162180 fatcat:tju7blaa65g4nlxrn77tcltrpa

Analyzing Blockwise Lattice Algorithms Using Dynamical Systems [chapter]

Guillaume Hanrot, Xavier Pujol, Damien Stehlé
2011 Lecture Notes in Computer Science  
(or SVP) subroutine, then BKZ returns a basis whose first vector has norm ≤ 2ν n−1 2(β−1) + 3 2 β · (det L) 1 n , where ν β ≤ β is the maximum of Hermite's constants in dimensions ≤ β.  ...  Among them, the BKZ algorithm introduced by Schnorr and Euchner [FCT'91] seems to achieve the best time/quality compromise in practice.  ...  Nguyen for explaining to us their bound on the number of tours of the original BKZ algorithm. We also thank C.-P. Schnorr for helpful discussions.  ... 
doi:10.1007/978-3-642-22792-9_25 fatcat:wmrqaut75bgwljwomdfvqyuiou
« Previous Showing results 1 — 15 out of 1,143 results