accelerating lattice reduction algorithms with floating
play

Accelerating lattice reduction algorithms with floating-point - PowerPoint PPT Presentation

Nov 01, 2022 •26 likes •766 views

Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Accelerating lattice reduction algorithms with floating-point arithmetic Damien Stehl e http://perso.ens-lyon.fr/damien.stehle/ LIP

  1. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Accelerating lattice reduction algorithms with floating-point arithmetic Damien Stehl´ e http://perso.ens-lyon.fr/damien.stehle/ LIP – CNRS/ENSL/INRIA/UCBL/U. Lyon MaGiX@LiX, September 2011 Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 1/30

  2. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Goals and plan of the talk Goals: To describe efficient techniques for lattice reduction. To illustrate how numerical linear algebra can be rigorously used to accelerate an algebraic computation. Plan of the talk: 1 Reminders on Euclidean lattices. 2 Using floating-point arithmetic within lattice algorithms. 3 The fplll library. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 2/30

  3. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Goals and plan of the talk Goals: To describe efficient techniques for lattice reduction. To illustrate how numerical linear algebra can be rigorously used to accelerate an algebraic computation. Plan of the talk: 1 Reminders on Euclidean lattices. 2 Using floating-point arithmetic within lattice algorithms. 3 The fplll library. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 2/30

  4. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Euclidean lattices Lattice ≡ { � i ≤ n x i b i : x i ∈ Z } . If the b i ’s are linearly independent, they are called a basis. Bases are not unique, but can be obtained from each other by integer transforms of determinant ± 1: � − 2 � 4 � 1 � � � 1 − 3 1 = · . 10 6 2 4 2 1 Lattice reduction: find a nice basis, given an arbitrary one. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 3/30

  5. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Euclidean lattices Lattice ≡ { � i ≤ n x i b i : x i ∈ Z } . If the b i ’s are linearly independent, they are called a basis. Bases are not unique, but can be obtained from each other by integer transforms of determinant ± 1: � − 2 � 4 � 1 � � � 1 − 3 1 = · . 10 6 2 4 2 1 Lattice reduction: find a nice basis, given an arbitrary one. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 3/30

  6. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Euclidean lattices Lattice ≡ { � i ≤ n x i b i : x i ∈ Z } . If the b i ’s are linearly independent, they are called a basis. Bases are not unique, but can be obtained from each other by integer transforms of determinant ± 1: � − 2 � 4 � 1 � � � 1 − 3 1 = · . 10 6 2 4 2 1 Lattice reduction: find a nice basis, given an arbitrary one. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 3/30

  7. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Lattice invariants and lattice reduction Minimum: λ ( L ) = min ( � b � : b ∈ L \ 0 ). Lattice determinant: det L = | det( b i ) i | , for any basis. Minkowski’s theorem: λ ( L ) ≤ √ n · (det L ) 1 / n . Lattice reduction: Find basis ( b i ) i s.t. HF( B ) is small, with � b 1 � HF( B ) := (det L ) 1 / n . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 4/30

  8. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Lattice invariants and lattice reduction Minimum: λ ( L ) = min ( � b � : b ∈ L \ 0 ). Lattice determinant: det L = | det( b i ) i | , for any basis. Minkowski’s theorem: λ ( L ) ≤ √ n · (det L ) 1 / n . Lattice reduction: Find basis ( b i ) i s.t. HF( B ) is small, with � b 1 � HF( B ) := (det L ) 1 / n . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 4/30

  9. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Lattice invariants and lattice reduction Minimum: λ ( L ) = min ( � b � : b ∈ L \ 0 ). Lattice determinant: det L = | det( b i ) i | , for any basis. Minkowski’s theorem: λ ( L ) ≤ √ n · (det L ) 1 / n . Lattice reduction: Find basis ( b i ) i s.t. HF( B ) is small, with � b 1 � HF( B ) := (det L ) 1 / n . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 4/30

  10. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Lattice invariants and lattice reduction Minimum: λ ( L ) = min ( � b � : b ∈ L \ 0 ). Lattice determinant: det L = | det( b i ) i | , for any basis. Minkowski’s theorem: λ ( L ) ≤ √ n · (det L ) 1 / n . Lattice reduction: Find basis ( b i ) i s.t. HF( B ) is small, with � b 1 � HF( B ) := (det L ) 1 / n . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 4/30

  11. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Lattice invariants and lattice reduction Minimum: λ ( L ) = min ( � b � : b ∈ L \ 0 ). Lattice determinant: det L = | det( b i ) i | , for any basis. Minkowski’s theorem: λ ( L ) ≤ √ n · (det L ) 1 / n . Lattice reduction: Find basis ( b i ) i s.t. HF( B ) is small, with � b 1 � HF( B ) := (det L ) 1 / n . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 4/30

  12. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Main computational problems SVP γ : Given a basis of L , find b ∈ L with 0 < � b � ≤ γ · λ ( L ) . BDD γ : Given a basis of L and t with dist ( t , L ) ≤ γ − 1 · λ ( L ) , find b ∈ L closest to t . And many variants: CVP γ , SIVP γ , uSVP γ , etc. Very hard for small γ : CVP, SIVP, uSVP, and SVP are NP-hard under (randomized) reductions. “Easy” for exponential γ . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 5/30

  13. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Main computational problems SVP γ : Given a basis of L , find b ∈ L with 0 < � b � ≤ γ · λ ( L ) . BDD γ : Given a basis of L and t with dist ( t , L ) ≤ γ − 1 · λ ( L ) , find b ∈ L closest to t . And many variants: CVP γ , SIVP γ , uSVP γ , etc. Very hard for small γ : CVP, SIVP, uSVP, and SVP are NP-hard under (randomized) reductions. “Easy” for exponential γ . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 5/30

  14. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Main computational problems SVP γ : Given a basis of L , find b ∈ L with 0 < � b � ≤ γ · λ ( L ) . BDD γ : Given a basis of L and t with dist ( t , L ) ≤ γ − 1 · λ ( L ) , find b ∈ L closest to t . And many variants: CVP γ , SIVP γ , uSVP γ , etc. Very hard for small γ : CVP, SIVP, uSVP, and SVP are NP-hard under (randomized) reductions. “Easy” for exponential γ . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 5/30

  15. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Main computational problems SVP γ : Given a basis of L , find b ∈ L with 0 < � b � ≤ γ · λ ( L ) . BDD γ : Given a basis of L and t with dist ( t , L ) ≤ γ − 1 · λ ( L ) , find b ∈ L closest to t . And many variants: CVP γ , SIVP γ , uSVP γ , etc. Very hard for small γ : CVP, SIVP, uSVP, and SVP are NP-hard under (randomized) reductions. “Easy” for exponential γ . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 5/30

  16. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Main computational problems SVP γ : Given a basis of L , find b ∈ L with 0 < � b � ≤ γ · λ ( L ) . BDD γ : Given a basis of L and t with dist ( t , L ) ≤ γ − 1 · λ ( L ) , find b ∈ L closest to t . And many variants: CVP γ , SIVP γ , uSVP γ , etc. Very hard for small γ : CVP, SIVP, uSVP, and SVP are NP-hard under (randomized) reductions. “Easy” for exponential γ . All known algorithms rely on some kind of lattice reduction. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 5/30

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V. Vazirani, Chapter 27 - Problem statement, general discussion - Lattices: brief introduction - The Gauss algorithm in R 2 - Lower bound via

295 views • 13 slides
Lattice Basis Reduction Part II: Algorithms Sanzheng Qiao Department of Computing and Software

Lattice Basis Reduction Part II: Algorithms Sanzheng Qiao Department of Computing and Software

Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Lattice Basis Reduction Part II: Algorithms Sanzheng Qiao Department of Computing and Software McMaster University, Canada qiao@mcmaster.ca

758 views • 63 slides
Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL,

Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL,

Background on lattice reduction Our results Our technical ideas and argument Conclusion and open problems Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL, UK London-ish Lattice Coding &amp;

1.91k views • 167 slides
A Fast Jacobi-Type Method for Lattice Basis Reduction Zhaofei Tian Department of Computing and

A Fast Jacobi-Type Method for Lattice Basis Reduction Zhaofei Tian Department of Computing and

Concepts Algorithms Experimental Results References A Fast Jacobi-Type Method for Lattice Basis Reduction Zhaofei Tian Department of Computing and Software McMaster University Hamilton, Ontario, Canada Concepts Algorithms Experimental

308 views • 27 slides
Formal verification of floating-point algorithms John Harrison Intel Corporation Floating

Formal verification of floating-point algorithms John Harrison Intel Corporation Floating

Formal verification of floating-point algorithms 1 Formal verification of floating-point algorithms John Harrison Intel Corporation Floating point algorithm verification HOL Light Floating point numbers and formats HOL floating

636 views • 28 slides
Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong

Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong

Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong University. Wenling Liu @ SJTU Table of Contents Lattice Backgrounds LenstraLenstraLov asz Reduction Hemite SVP reduction and DBKZ Algorithm

930 views • 49 slides
Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239

Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239

Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239 Algorithms 23 39 24 Thore Husfeldt 2 Lund University and IT University of Copenhagen 3 This Talk in 60 Seconds In Prefix sum Out y i = x

1.39k views • 111 slides
RNS Arithmetic Approach in Lattice-based Cryptography Accelerating the Rounding-off Core

RNS Arithmetic Approach in Lattice-based Cryptography Accelerating the Rounding-off Core

22nd IEEE Symposium on Computer Arithmetic RNS Arithmetic Approach in Lattice-based Cryptography Accelerating the Rounding-off Core Procedure Jean-Claude Bajard , Julien Eynard Nabil Merkiche , Thomas Plantard Sorbonne

383 views • 25 slides
The (gimmicky) Road Map Gradual Sub-Lattice Reduction The Old Stuff Lattice Reduction

The (gimmicky) Road Map Gradual Sub-Lattice Reduction The Old Stuff Lattice Reduction

The Old Stuff The New Concepts The Bottom Line Gradual Sub-Lattice Reduction (now with more applications!) Andy Novocin andy@novocin.com LIRMM, Montpellier June 22nd The Old Stuff The New Concepts The Bottom Line The (gimmicky) Road

1.46k views • 99 slides
Algorithms for hard lattice problems Thijs Laarhoven ts

Algorithms for hard lattice problems Thijs Laarhoven ts

Algorithms for hard lattice problems Thijs Laarhoven ts ttts Tenerife PQCrypto Conference (January 31, 2018) Lattices What is a lattice? O Lattices What

1.59k views • 136 slides
Policy and Strategy: Accelerating Poverty Reduction, Reducing Unemployment, and Overcoming

Policy and Strategy: Accelerating Poverty Reduction, Reducing Unemployment, and Overcoming

Policy and Strategy: Accelerating Poverty Reduction, Reducing Unemployment, and Overcoming Vulnerability Rahma Iryanti National Development Planning Agency BAPPENAS ISSUES OF EMPLOYMENT High rate of youth unemployment; Quality of

347 views • 12 slides
Applications of Lattices in Telecommunications Amin Sakzad Dept of Electrical and Computer

Applications of Lattices in Telecommunications Amin Sakzad Dept of Electrical and Computer

Sphere Decoder Algorithm Lattice Reduction Algorithms Integer-Forcing Linear Receiver Lattice-based Cryptography Applications of Lattices in Telecommunications Amin Sakzad Dept of Electrical and Computer Systems Engineering Monash University

772 views • 76 slides
Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore

Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore

Lattice Coding &amp; Crypto Meeting Antonio Campello Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore (Huawei Technologies France) Discrete Gaussian Measures f : R n R + D : [0 , 1] is a

917 views • 33 slides
Polynomial approximation and floating-point numbers Algorithms Project Seminar Sylvain

Polynomial approximation and floating-point numbers Algorithms Project Seminar Sylvain

Scope of my researches Approximation theory Polynomial approximation with floating-point numbers Lattices and LLL algorithm A concrete case Conclusion Polynomial approximation and floating-point numbers Algorithms Project Seminar Sylvain

1.17k views • 101 slides
Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y.

Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y.

Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y. Xiao and X. Xie Computer Science, McGill University, Montreal, Canada Fields Institute Workshop on Hybrid Methodologies for Symbolic-Numeric

1.3k views • 76 slides
Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol,

Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol,

Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol, Damien Stehl e ENS Lyon, LIP (CNRS ENSL INRIA UCBL - ULyon) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 1/16

939 views • 61 slides
Vivian de la Incera Sharif University of Technology Webinar August 4, 2020 1 Outline 1. Why

Vivian de la Incera Sharif University of Technology Webinar August 4, 2020 1 Outline 1. Why

Magnetic Dual Chiral Density Wave Phase of Dense Quark Matter: Properties and Relevance for Neutron Stars Vivian de la Incera Sharif University of Technology Webinar August 4, 2020 1 Outline 1. Why Quark Matter? 2.Why Inhomogeneous?

352 views • 33 slides
Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol

Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol

Ethereum and Solidity Prof. Tom Austin San Jos State University Bitcoin (BTC) Protocol designed by Satoshi Nakamoto in 2008 https://bitcoin.org/bitcoin.pdf First Bitcoin client launched in 2009 Peer-to-peer no centralized

501 views • 31 slides
Ideal lattices in multicubic fields Andrea LESAVOUREY Thomas PLANTARD Willy SUSILO School of

Ideal lattices in multicubic fields Andrea LESAVOUREY Thomas PLANTARD Willy SUSILO School of

Ideal lattices in multicubic fields Andrea LESAVOUREY Thomas PLANTARD Willy SUSILO School of Computing and Information Technology University of Wollongong Andrea LESAVOUREY Multicubic fields 1 / 39 Outline Motivation 1 Cryptography

911 views • 69 slides
http://cs224w.stanford.edu Degree distribution: P(k) Path length: h Clustering coefficient: C

http://cs224w.stanford.edu Degree distribution: P(k) Path length: h Clustering coefficient: C

CS224W: Analysis of Networks Jure Leskovec, Stanford University http://cs224w.stanford.edu Degree distribution: P(k) Path length: h Clustering coefficient: C Connected components: s Definitions will be presented for undirected graphs,

742 views • 61 slides
Module 11 Introduction to Reinforcement Learning CS 886 Sequential Decision Making and

Module 11 Introduction to Reinforcement Learning CS 886 Sequential Decision Making and

Module 11 Introduction to Reinforcement Learning CS 886 Sequential Decision Making and Reinforcement Learning University of Waterloo Machine Learning Supervised Learning Teacher tells learner what to remember Reinforcement Learning

401 views • 29 slides
Kinematic Redundancy A manipulator may have more DOFs than are necessary to control a

Kinematic Redundancy A manipulator may have more DOFs than are necessary to control a

Kinematic Redundancy A manipulator may have more DOFs than are necessary to control a desired variable What do you do w/ the extra DOFs? However, even if the manipulator has enough DOFs, it may still be unable to control

619 views • 36 slides
I vrr&quot;r Syr 4c'r cf e,rr fr'.t 16., u,l1o brcr'c t?s . I Aul ttPbc o-tto-t r

I vrr&quot;r Syr 4c'r cf e,rr fr'.t 16., u,l1o brcr'c t?s . I Aul ttPbc o-tto-t r

\{ Llr v.fh 3.LE Phl; The ofd, Fioolu.f, o* b-YPc f,D,'J i The t.r\t|rr- vae tor pr.&quot;ducf A '.*tr ,l {, e6 f,r'ov' r'i yafr e lluce o r.&quot;lc, c{ TLe db fr,r;r .? ,^ sto{Fa t ht cla thr' '.&quot;r'*r - t 6') \^^c-fr,

574 views • 21 slides
Cluster algebras, snake graphs and continued fractions Ralf Schiffler Intro Cluster algebras

Cluster algebras, snake graphs and continued fractions Ralf Schiffler Intro Cluster algebras

Cluster algebras, snake graphs and continued fractions Ralf Schiffler Intro Cluster algebras Continued fractions Snake graphs Intro Cluster algebras Continued fractions expansion

1.21k views • 103 slides

More recommend