Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
133 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
46 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Recursive lattice reduction -- A framework for finding short lattice vectors (2311.15064v3)

Published 25 Nov 2023 in cs.DS

Abstract: We propose a recursive lattice reduction framework for finding short non-zero vectors or dense sublattices of a lattice. The framework works by recursively searching for dense sublattices of dense sublattices (or their duals) with progressively lower rank. When the procedure encounters a recursive call on a lattice $L$ with relatively low rank, we simply use a known algorithm to find a shortest non-zero vector in $L$. This new framework is complementary to basis reduction algorithms, which similarly work to reduce an $n$-dimensional lattice problem with some approximation factor $\gamma$ to a lower-dimensional exact lattice problem in some lower dimension $k$, with a tradeoff between $\gamma$, $n$, and $k$. Our framework provides an alternative and arguably simpler perspective. For example, our algorithms can be described at a high level without explicitly referencing any specific basis of the lattice, the Gram-Schmidt orthogonalization, or even projection (though, of course, concrete implementations of algorithms in this framework will likely make use of such things). We present a number of instantiations of our framework. Our main concrete result is an efficient reduction that matches the tradeoff achieved by the best-known basis reduction algorithms. This reduction also can be used to find dense sublattices with any rank $\ell$ satisfying $\min{\ell,n-\ell} \leq n-k+1$, using only an oracle for SVP in $k$ dimensions, with slightly better parameters than what was known using basis reduction. We also show a simple reduction with the same tradeoff for finding short vectors in quasipolynomial time, and a reduction from finding dense sublattices of a high-dimensional lattice to this problem in lower dimension. Finally, we present an automated search procedure that finds algorithms in this framework that (provably) achieve better approximations with fewer oracle calls.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (46)
  1. Estimate all the {LWE, NTRU} schemes! In SCN, 2018. https://estimate-all-the-lwe-ntru-schemes.github.io/docs/.
  2. Solving the Shortest Vector Problem in 2nsuperscript2𝑛2^{n}2 start_POSTSUPERSCRIPT italic_n end_POSTSUPERSCRIPT time via discrete Gaussian sampling. In STOC, 2015.
  3. Code for experiments. https://github.com/spencerpeters/RecursiveLatticeReductionCode, 2023.
  4. A sieve algorithm for the Shortest Lattice Vector Problem. In STOC, 2001.
  5. Slide reduction, revisited—Filling the gaps in SVP approximation. In CRYPTO, 2020.
  6. A 2n/2superscript2𝑛22^{n/2}2 start_POSTSUPERSCRIPT italic_n / 2 end_POSTSUPERSCRIPT-time algorithm for n𝑛\sqrt{n}square-root start_ARG italic_n end_ARG-SVP and n𝑛\sqrt{n}square-root start_ARG italic_n end_ARG-Hermite SVP, and an improved time-approximation tradeoff for (H)SVP. In Eurocrypt, 2021.
  7. Faster sieving algorithm for approximate SVP with constant approximation factors. https://eprint.iacr.org/2019/1028, 2019.
  8. Improved progressive BKZ algorithms and their precise cost estimation by sharp simulator. In Eurocrypt, 2016.
  9. New directions in nearest neighbor searching with applications to lattice sieving. In SODA, 2016.
  10. H. F. Blichfeldt. The minimum value of quadratic forms, and the closest packing of spheres. Mathematische Annalen, 101(1):605–608, 1929.
  11. Measuring, simulating and exploiting the head concavity phenomenon in bkz. In Advances in Cryptology–ASIACRYPT 2018: 24th International Conference on the Theory and Application of Cryptology and Information Security, Brisbane, QLD, Australia, December 2–6, 2018, Proceedings, Part I 24, pages 369–404. Springer, 2018.
  12. BKZ 2.0: Better lattice security estimates. In Asiacrypt, 2011.
  13. Daniel Dadush. On approximating the covering radius and finding dense lattice subspaces. In STOC, 2019.
  14. Algorithms for the Densest Sub-lattice Problem. In SODA, 2013.
  15. Finding short lattice vectors within Mordell’s inequality. In STOC, 2008.
  16. Predicting lattice reduction. In Eurocrypt, 2008.
  17. Analyzing blockwise lattice algorithms using dynamical systems. In CRYPTO, 2011.
  18. Improved analysis of Kannan’s shortest lattice vector algorithm. In CRYPTO, 2007.
  19. Fast reduction of algebraic lattices over cyclotomic fields. In CRYPTO, 2020.
  20. Towards faster polynomial-time lattice reduction. In CRYPTO, 2021.
  21. Thijs Laarhoven. Sieving for shortest vectors in lattices using angular locality-sensitive hashing. In CRYPTO, 2015.
  22. Factoring polynomials with rational coefficients. Math. Ann., 261(4):515–534, 1982.
  23. Approximating the densest sublattice from Rankin’s inequality. LMS J. of Computation and Mathematics, 17(A):92–111, 2014.
  24. An LLL algorithm for module lattices. In ASIACRYPT, 2019.
  25. Improving convergence and practicality of slide-type reductions. Information and Computation, 291(C), 2023.
  26. Shortest lattice vectors in the presence of gaps. http://eprint.iacr.org/2011/139, 2011.
  27. Lattice reduction for modules, or how to reduce ModuleSVP to ModuleSVP. In CRYPTO, 2020.
  28. A deterministic single exponential time algorithm for most lattice problems based on Voronoi cell computations. In STOC, 2010.
  29. Faster exponential time algorithms for the Shortest Vector Problem. In SODA, 2010.
  30. Practical, predictable lattice basis reduction. In Eurocrypt, 2016.
  31. NIST. Selected algorithms 2022 - Post-Quantum Cryptography, 2022. https://csrc.nist.gov/Projects/post-quantum-cryptography/selected-algorithms-2022.
  32. LLL on the average. In ANTS, 2006.
  33. An LLL algorithm with quadratic complexity. SIAM Journal on Computing, 39(3):874–903, 2009.
  34. Faster LLL-type reduction of lattice bases. In ISSAC, 2016.
  35. Sieve algorithms for the Shortest Vector Problem are practical. J. Mathematical Cryptology, 2(2):181–207, 2008.
  36. Solving the Shortest Lattice Vector Problem in time 22.465ⁱnsuperscript22.465𝑛2^{2.465n}2 start_POSTSUPERSCRIPT 2.465 italic_n end_POSTSUPERSCRIPT. http://eprint.iacr.org/2009/605, 2009.
  37. Unifying LLL inequalities. https://gaborpataki.web.unc.edu/wp-content/uploads/sites/14119/2018/07/uniflll.pdf, 2009.
  38. Fast practical lattice reduction through iterated compression. In CRYPTO, 2023.
  39. Claus-Peter Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. Theor. Comput. Sci., 53(23):201–224, 1987.
  40. Claus-Peter Schnorr and M. Euchner. Lattice basis reduction: Improved practical algorithms and solving Subset Sum problems. Mathmatical Programming, 66:181–199, 1994.
  41. Damien StehlĂ©. Floating-point LLL: Theoretical and practical aspects. In The LLL Algorithm: Survey and Applications, pages 179–213. Springer, 2010.
  42. A volume estimate for the set of stable lattices. Comptes Rendus MathĂ©matique. AcadĂ©mie des Sciences. Paris, 352(11):875–879, 2014.
  43. Michael Walter. Lattice blog reduction — Part I: BKZ — Calvin CafĂ©: The Simons Institute Blog, 2020. https://blog.simons.berkeley.edu/2020/04/lattice-blog-reduction-part-i-bkz/.
  44. Michael Walter. The convergence of slide-type reductions. In PKC, 2021.
  45. Finding shortest lattice vectors in the presence of gaps. In CT-RSA, 2015.
  46. Second order statistical behavior of LLL and BKZ. In SAC, 2018.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now