A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram–Schmidt lengths

Masaya Yasuda; Junpei Yamaguchi

doi:10.1007/s10623-019-00634-9

A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram–Schmidt lengths

Masaya Yasuda, Junpei Yamaguchi

Laboratory of Mathematical Design for Advanced Cryptography

Research output: Contribution to journal › Article › peer-review

8 Citations (Scopus)

Abstract

Lattice basis reduction algorithms have been used in cryptanalysis. The most famous algorithm is LLL, proposed by Lenstra, Lenstra, Lovász, and one of its typical improvements is LLL with deep insertions (DeepLLL). A DeepLLL-reduced basis is LLL-reduced, and hence its quality is at least as good as LLL. In practice, DeepLLL often outputs a more reduced basis than LLL, but no theoretical result is known. First, we show provable output quality of DeepLLL, strictly better than that of LLL. Second, as a main work of this paper, we propose a new variant of DeepLLL. The squared-sum of Gram–Schmidt lengths of a basis is related with the computational hardness of lattice problems such as the shortest vector problem (SVP). Given an input basis, our variant monotonically decreases the squared-sum by a given factor at every deep insertion. This guarantees that our variant runs in polynomial-time.

Original language	English
Pages (from-to)	2489-2505
Number of pages	17
Journal	Designs, Codes, and Cryptography
Volume	87
Issue number	11
DOIs	https://doi.org/10.1007/s10623-019-00634-9
Publication status	Published - Nov 1 2019

All Science Journal Classification (ASJC) codes

Computer Science Applications
Applied Mathematics

Access to Document

10.1007/s10623-019-00634-9

Cite this

@article{910795b9fd56442ba52d8647dff113a3,

title = "A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram–Schmidt lengths",

abstract = "Lattice basis reduction algorithms have been used in cryptanalysis. The most famous algorithm is LLL, proposed by Lenstra, Lenstra, Lov{\'a}sz, and one of its typical improvements is LLL with deep insertions (DeepLLL). A DeepLLL-reduced basis is LLL-reduced, and hence its quality is at least as good as LLL. In practice, DeepLLL often outputs a more reduced basis than LLL, but no theoretical result is known. First, we show provable output quality of DeepLLL, strictly better than that of LLL. Second, as a main work of this paper, we propose a new variant of DeepLLL. The squared-sum of Gram–Schmidt lengths of a basis is related with the computational hardness of lattice problems such as the shortest vector problem (SVP). Given an input basis, our variant monotonically decreases the squared-sum by a given factor at every deep insertion. This guarantees that our variant runs in polynomial-time.",

author = "Masaya Yasuda and Junpei Yamaguchi",

year = "2019",

month = nov,

day = "1",

doi = "10.1007/s10623-019-00634-9",

language = "English",

volume = "87",

pages = "2489--2505",

journal = "Designs, Codes, and Cryptography",

issn = "0925-1022",

publisher = "Springer Netherlands",

number = "11",

}

TY - JOUR

T1 - A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram–Schmidt lengths

AU - Yasuda, Masaya

AU - Yamaguchi, Junpei

PY - 2019/11/1

Y1 - 2019/11/1

N2 - Lattice basis reduction algorithms have been used in cryptanalysis. The most famous algorithm is LLL, proposed by Lenstra, Lenstra, Lovász, and one of its typical improvements is LLL with deep insertions (DeepLLL). A DeepLLL-reduced basis is LLL-reduced, and hence its quality is at least as good as LLL. In practice, DeepLLL often outputs a more reduced basis than LLL, but no theoretical result is known. First, we show provable output quality of DeepLLL, strictly better than that of LLL. Second, as a main work of this paper, we propose a new variant of DeepLLL. The squared-sum of Gram–Schmidt lengths of a basis is related with the computational hardness of lattice problems such as the shortest vector problem (SVP). Given an input basis, our variant monotonically decreases the squared-sum by a given factor at every deep insertion. This guarantees that our variant runs in polynomial-time.

AB - Lattice basis reduction algorithms have been used in cryptanalysis. The most famous algorithm is LLL, proposed by Lenstra, Lenstra, Lovász, and one of its typical improvements is LLL with deep insertions (DeepLLL). A DeepLLL-reduced basis is LLL-reduced, and hence its quality is at least as good as LLL. In practice, DeepLLL often outputs a more reduced basis than LLL, but no theoretical result is known. First, we show provable output quality of DeepLLL, strictly better than that of LLL. Second, as a main work of this paper, we propose a new variant of DeepLLL. The squared-sum of Gram–Schmidt lengths of a basis is related with the computational hardness of lattice problems such as the shortest vector problem (SVP). Given an input basis, our variant monotonically decreases the squared-sum by a given factor at every deep insertion. This guarantees that our variant runs in polynomial-time.

UR - http://www.scopus.com/inward/record.url?scp=85064629578&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85064629578&partnerID=8YFLogxK

U2 - 10.1007/s10623-019-00634-9

DO - 10.1007/s10623-019-00634-9

M3 - Article

AN - SCOPUS:85064629578

SN - 0925-1022

VL - 87

SP - 2489

EP - 2505

JO - Designs, Codes, and Cryptography

JF - Designs, Codes, and Cryptography

IS - 11

ER -

A new polynomial-time variant of LLL with deep insertions for decreasing the squared-sum of Gram–Schmidt lengths

Abstract

All Science Journal Classification (ASJC) codes

Access to Document

Other files and links

Fingerprint

Cite this