lattice basis reduction part ii algorithms
play

Lattice Basis Reduction Part II: Algorithms Sanzheng Qiao - PowerPoint PPT Presentation

Oct 28, 2023 •127 likes •758 views

Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Lattice Basis Reduction Part II: Algorithms Sanzheng Qiao Department of Computing and Software McMaster University, Canada qiao@mcmaster.ca

  1. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Lattice Basis Reduction Part II: Algorithms Sanzheng Qiao Department of Computing and Software McMaster University, Canada qiao@mcmaster.ca www.cas.mcmaster.ca/ ˜ qiao November 8, 2011, revised February 2012 Joint work with W. Zhang and Y. Wei, Fudan University

  2. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Outline 1 Hermite Reduction 2 LLL Reduction 3 HKZ Reduction 4 Minkowski Reduction 5 A Measurement

  3. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Outline 1 Hermite Reduction 2 LLL Reduction 3 HKZ Reduction 4 Minkowski Reduction 5 A Measurement

  4. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Hermite reduction (size reduction) Hermite-reduced A lattice basis { b 1 , b 2 , . . . , b n } is called size-reduced if its QR decomposition satisfies | r i , i | ≥ 2 | r i , j | , 1 ≤ i < j ≤ n , for all

  5. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Hermite reduction (size reduction) Hermite-reduced A lattice basis { b 1 , b 2 , . . . , b n } is called size-reduced if its QR decomposition satisfies | r i , i | ≥ 2 | r i , j | , 1 ≤ i < j ≤ n , for all Procedure Reduce ( i , j ) � r i , j � r i , j � r i , i � � r i , j � � � � r i , i r i , j − r i , i � 1 − r i , i r i , i = r j , j r j , j 0 1 � r i , j � �� | r i , i | ≥ 2 � r i , j − r i , i � � r i , i �

  6. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Gauss reduction A unimodular transformation � 1 � � � − µ 1 0 or 0 1 − µ 1 Also called Integer Gauss transformation Integer elementary matrix

  7. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Outline 1 Hermite Reduction 2 LLL Reduction 3 HKZ Reduction 4 Minkowski Reduction 5 A Measurement

  8. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement LLL reduction LLL-reduced A lattice basis { b 1 , b 2 , . . . , b n } is called LLL-reduced if it is size-reduced and R in the QR decomposition satisfies r 2 i + 1 , i + 1 + r 2 i , i + 1 ≥ ω r 2 i , i

  9. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement LLL reduction LLL-reduced A lattice basis { b 1 , b 2 , . . . , b n } is called LLL-reduced if it is size-reduced and R in the QR decomposition satisfies r 2 i + 1 , i + 1 + r 2 i , i + 1 ≥ ω r 2 i , i Procedure SwapRestore ( i ) Find a Givens plane rotation G : � r i − 1 , i − 1 � � 0 � ˆ r i − 1 , i r i − 1 , i − 1 r i − 1 , i � ˆ � 1 G = . r i , i r i , i ˆ 0 1 0 0 Unimodular transformation: Permutation

  10. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement LLL algorithm k = 2; while k <= n { if |r(k-1,k) / r(k-1,k-1)| > 1/2 if r(k,k)ˆ2 + r(k-1,k)ˆ2 < w*r(k-1,k-1)ˆ2 { } else { } }

  11. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement LLL algorithm k = 2; while k <= n { if |r(k-1,k) / r(k-1,k-1)| > 1/2 Reduce(k-1,k); if r(k,k)ˆ2 + r(k-1,k)ˆ2 < w*r(k-1,k-1)ˆ2 { } else { } }

  12. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement LLL algorithm k = 2; while k <= n { if |r(k-1,k) / r(k-1,k-1)| > 1/2 Reduce(k-1,k); if r(k,k)ˆ2 + r(k-1,k)ˆ2 < w*r(k-1,k-1)ˆ2 { SwapRestore(k); k = max(k-1, 2); } else { } }

  13. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement LLL algorithm k = 2; while k <= n { if |r(k-1,k) / r(k-1,k-1)| > 1/2 Reduce(k-1,k); if r(k,k)ˆ2 + r(k-1,k)ˆ2 < w*r(k-1,k-1)ˆ2 { SwapRestore(k); k = max(k-1, 2); } else { for i = k-2 downto 1 if |r(i,k) / r(i,i)| > 1/2 Reduce(i,k); k = k+1; } }

  14. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement LLL algorithm k = 2; while k <= n { if |r(k-1,k) / r(k-1,k-1)| > 1/2 Reduce(k-1,k); if r(k,k)ˆ2 + r(k-1,k)ˆ2 < w*r(k-1,k-1)ˆ2 { SwapRestore(k); k = max(k-1, 2); } else { for i = k-2 downto 1 if |r(i,k) / r(i,i)| > 1/2 Reduce(i,k); k = k+1; } } Redundant size reductions.

  15. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement An improvement: Delayed size reduction k = 2; while k <= n g = round(r(k-1,k) / r(k-1,k-1)); if r(k,k)ˆ2 + (r(k-1,k) - g*r(k-1,k-1))ˆ2 < w*r(k-1,k-1)ˆ2 ReduceSwapRestore(k); k = max(k-1, 2); else k = k + 1; for k = 2 to n for i = k-1 downto 1 if |r(i,k) / r(i,i)| > 1/2 Reduce(i,k);

  16. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement An improvement: Delayed size reduction k = 2; while k <= n g = round(r(k-1,k) / r(k-1,k-1)); if r(k,k)ˆ2 + (r(k-1,k) - g*r(k-1,k-1))ˆ2 < w*r(k-1,k-1)ˆ2 ReduceSwapRestore(k); k = max(k-1, 2); else k = k + 1; for k = 2 to n for i = k-1 downto 1 if |r(i,k) / r(i,i)| > 1/2 Reduce(i,k); Produces identical results at 50% cost.

  17. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Outline 1 Hermite Reduction 2 LLL Reduction 3 HKZ Reduction 4 Minkowski Reduction 5 A Measurement

  18. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement HKZ reduction HKZ-reduced A lattice basis { b 1 , b 2 , . . . , b n } is called HKZ-reduced if it is size-reduced and for each trailing ( n − i + 1 ) × ( n − i + 1 ) , 1 ≤ i < n , submatrix of R in the QR decomposition, its first column is a shortest nonzero vector in the lattice generated by the submatrix.

  19. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement HKZ reduction HKZ-reduced A lattice basis { b 1 , b 2 , . . . , b n } is called HKZ-reduced if it is size-reduced and for each trailing ( n − i + 1 ) × ( n − i + 1 ) , 1 ≤ i < n , submatrix of R in the QR decomposition, its first column is a shortest nonzero vector in the lattice generated by the submatrix. Two problems Shortest vector problem (SVP) Expansion to a basis

  20. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement SVP � Bz � 2 min 2 z

  21. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement SVP � Bz � 2 min 2 z Sphere decoding Determine a search sphere � Bz � 2 2 ≤ ρ 2

  22. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement SVP � Bz � 2 min 2 z Sphere decoding Determine a search sphere � Bz � 2 2 ≤ ρ 2 A simple choice of ρ : the length of the first (or shortest) column of B .

  23. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Example z 1  4 1 5    Rz = z 2 0 4 4     z 3 0 0 3 ρ = 4

  24. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Example z 1  4 1 5    Rz = z 2 0 4 4     z 3 0 0 3 ρ = 4 A necessary condition for z 3 : | 3 z 3 | ≤ 4. Possible values of z 3 : 0, − 1, 1

  25. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Example For each possible values of z 3 , say z 3 = 0, � z 1 z 1         4 1 5 4 1 5 � Rz = z 2  = 0 4 4 0 4 + 0 4 z 2        z 3 0 0 3 0 0 3 The problem size is reduced.

  26. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Example For each possible values of z 3 , say z 3 = 0, � z 1 z 1         4 1 5 4 1 5 � Rz = z 2  = 0 4 4 0 4 + 0 4 z 2        z 3 0 0 3 0 0 3 The problem size is reduced. The necessary condition for z 2 : | 4 z 2 | ≤ 4 Possible values of z 2 : 0, − 1, 1

  27. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Example The search tree 0 −1 1 z 3 0 −1 1 0 −1 1 z 2 −1 1 1 z 1 The solution       4 1 5 1 0 Rz =  = 0 4 4 1 0      0 0 3 − 1 − 3

  28. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Expanding to a basis Problem: Transform the basis matrix   4 1 5 A = 0 4 4   0 0 3 into a new basis matrix whose first column is the shortest vector  0  A z = 0   − 3

  29. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Expanding to a basis Problem: Transform the basis matrix   4 1 5 A = 0 4 4   0 0 3 into a new basis matrix whose first column is the shortest vector  0  A z = 0   − 3 That is, find a unimodular matrix Z : A z = AZ e 1 or z = Z e 1 , Z − 1 z = e 1 Unimodular transformation that introduces zeros into an integer vector.

  30. Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement A plane unimodular transformation A unimodular transformation (Luk, Zhang, and Q, 2010). gcd ( p , q ) = ± d , ap + bq = ± d . Form the unimodular matrix � � p � d a b � � � = − q / d p / d q 0

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

A Fast Jacobi-Type Method for Lattice Basis Reduction Zhaofei Tian Department of Computing and

A Fast Jacobi-Type Method for Lattice Basis Reduction Zhaofei Tian Department of Computing and

Concepts Algorithms Experimental Results References A Fast Jacobi-Type Method for Lattice Basis Reduction Zhaofei Tian Department of Computing and Software McMaster University Hamilton, Ontario, Canada Concepts Algorithms Experimental

308 views • 27 slides
Lattice Basis Reduction Part 1: Concepts Sanzheng Qiao Department of Computing and Software

Lattice Basis Reduction Part 1: Concepts Sanzheng Qiao Department of Computing and Software

Introduction Applications Notions of Reduced Bases Examples Lattice Basis Reduction Part 1: Concepts Sanzheng Qiao Department of Computing and Software McMaster University, Canada qiao@mcmaster.ca www.cas.mcmaster.ca/ qiao October 25,

757 views • 50 slides
The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V. Vazirani, Chapter 27 - Problem statement, general discussion - Lattices: brief introduction - The Gauss algorithm in R 2 - Lower bound via

295 views • 13 slides
Accelerating lattice reduction algorithms with floating-point arithmetic Damien Stehl e

Accelerating lattice reduction algorithms with floating-point arithmetic Damien Stehl e

Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Accelerating lattice reduction algorithms with floating-point arithmetic Damien Stehl e http://perso.ens-lyon.fr/damien.stehle/ LIP

766 views • 74 slides
a ; 90 o c -face centered lattice, having the

a ; 90 o c -face centered lattice, having the

PH-409 (2015) Tutorial Sheet No. 2 * Problems shall be discussed in tutorial class 20*. A two dimensional lattice has basis vectors 2 ; 2 . Find the a i b i j basis vectors of the reciprocal lattice. 21. (a) Show

214 views • 5 slides
Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL,

Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL,

Background on lattice reduction Our results Our technical ideas and argument Conclusion and open problems Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL, UK London-ish Lattice Coding &amp;

1.91k views • 167 slides
Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong

Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong

Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong University. Wenling Liu @ SJTU Table of Contents Lattice Backgrounds LenstraLenstraLov asz Reduction Hemite SVP reduction and DBKZ Algorithm

930 views • 49 slides
Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239

Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239

Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239 Algorithms 23 39 24 Thore Husfeldt 2 Lund University and IT University of Copenhagen 3 This Talk in 60 Seconds In Prefix sum Out y i = x

1.39k views • 111 slides
Lattice-based cryptography (I) Thijs Laarhoven ts

Lattice-based cryptography (I) Thijs Laarhoven ts

Lattice-based cryptography (I) Thijs Laarhoven ts ttts PQCrypto Summer School 2017 (June 20, 2017) Part 1: Lattices, cryptography, and lattice basis

872 views • 53 slides
The (gimmicky) Road Map Gradual Sub-Lattice Reduction The Old Stuff Lattice Reduction

The (gimmicky) Road Map Gradual Sub-Lattice Reduction The Old Stuff Lattice Reduction

The Old Stuff The New Concepts The Bottom Line Gradual Sub-Lattice Reduction (now with more applications!) Andy Novocin andy@novocin.com LIRMM, Montpellier June 22nd The Old Stuff The New Concepts The Bottom Line The (gimmicky) Road

1.46k views • 99 slides
Algorithms for hard lattice problems Thijs Laarhoven ts

Algorithms for hard lattice problems Thijs Laarhoven ts

Algorithms for hard lattice problems Thijs Laarhoven ts ttts Tenerife PQCrypto Conference (January 31, 2018) Lattices What is a lattice? O Lattices What

1.59k views • 136 slides
Applications of Lattices in Telecommunications Amin Sakzad Dept of Electrical and Computer

Applications of Lattices in Telecommunications Amin Sakzad Dept of Electrical and Computer

Sphere Decoder Algorithm Lattice Reduction Algorithms Integer-Forcing Linear Receiver Lattice-based Cryptography Applications of Lattices in Telecommunications Amin Sakzad Dept of Electrical and Computer Systems Engineering Monash University

772 views • 76 slides
Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore

Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore

Lattice Coding &amp; Crypto Meeting Antonio Campello Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore (Huawei Technologies France) Discrete Gaussian Measures f : R n R + D : [0 , 1] is a

917 views • 33 slides
Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y.

Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y.

Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y. Xiao and X. Xie Computer Science, McGill University, Montreal, Canada Fields Institute Workshop on Hybrid Methodologies for Symbolic-Numeric

1.3k views • 76 slides
Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol,

Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol,

Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol, Damien Stehl e ENS Lyon, LIP (CNRS ENSL INRIA UCBL - ULyon) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 1/16

939 views • 61 slides
6.1 Dimensionality reduction Previously in the course, we have discussed algorithms suited for a

6.1 Dimensionality reduction Previously in the course, we have discussed algorithms suited for a

CS/CNS/EE 253: Advanced Topics in Machine Learning Topic: Dimensionality Reduction Lecturer: Andreas Krause Scribe: Matt Faulkner Date: 25 January 2010 6.1 Dimensionality reduction Previously in the course, we have discussed algorithms suited for

442 views • 6 slides
Fubini type results for Hausdorff dimension Tam as Keleti with Korn elia H era and

Fubini type results for Hausdorff dimension Tam as Keleti with Korn elia H era and

Fubini type results for Hausdorff dimension Tam as Keleti with Korn elia H era and Andr as M ath e E otv os Lor and University, Budapest Warwick, 12 July 2017 Tam as Keleti (Budapest) with Korn elia H era

792 views • 45 slides
Curvature and Diffusion in the Heisenberg group Nicolas JUILLET IRMA, Strasbourg Paris, IHP ,

Curvature and Diffusion in the Heisenberg group Nicolas JUILLET IRMA, Strasbourg Paris, IHP ,

Curvature and Diffusion in the Heisenberg group Curvature and Diffusion in the Heisenberg group Nicolas JUILLET IRMA, Strasbourg Paris, IHP , October 2014 Nicolas JUILLET Curvature and Diffusion in the Heisenberg group Curvature and

558 views • 27 slides
Analysis of BKZ Guillaume Hanrot, Xavier Pujol, Damien Stehl e ENSL, LIP, CNRS, INRIA,

Analysis of BKZ Guillaume Hanrot, Xavier Pujol, Damien Stehl e ENSL, LIP, CNRS, INRIA,

Analysis of BKZ Guillaume Hanrot, Xavier Pujol, Damien Stehl e ENSL, LIP, CNRS, INRIA, Universit e de Lyon, UCBL May 5, 2011 Analysis of BKZ 1/32 b b b b b b b b b b b b b b b b b Lattices a 1 a 2 (SVP) Analysis of BKZ

1.44k views • 90 slides
rs

rs

rs Ptr

1.26k views • 97 slides
An optimal Lp -bound on the Krein spectral shift function (Birmingham, November 1012, 2000)

An optimal Lp -bound on the Krein spectral shift function (Birmingham, November 1012, 2000)

An optimal Lp -bound on the Krein spectral shift function (Birmingham, November 1012, 2000) Barry Simon and D. H. Let A,B be the Krein spectral shift function for a pair of operators A, B , with C = A B trace class. Then F (

536 views • 12 slides
Extremization problems in AdS/CFT a -maximization and attractor mechanism Akishi KATO (Math. Sci.,

Extremization problems in AdS/CFT a -maximization and attractor mechanism Akishi KATO (Math. Sci.,

Extremization problems in AdS/CFT a -maximization and attractor mechanism Akishi KATO (Math. Sci., Univ. Tokyo) March 13, 2007, KEK ref. hep-th/0610266 Zonotopes and four-dimensional superconformal field theories; A.K. &amp; Y. Tachikawa

661 views • 29 slides
The classification of empty 4-simplices Francisco Santos (joint with O. Iglesias-Vali no) U.

The classification of empty 4-simplices Francisco Santos (joint with O. Iglesias-Vali no) U.

Introduction Theorem 3 (infinite families) Theorem 1 (volume bounds) Theorem 2 (enumeration) The classification of empty 4-simplices Francisco Santos (joint with O. Iglesias-Vali no) U. de Cantabria, visiting Freie U. Berlin JCCA 2018,

1.59k views • 117 slides
More Subgradient Calculus: Function Convexity first Following functions are again convex, but

More Subgradient Calculus: Function Convexity first Following functions are again convex, but

More Subgradient Calculus: Function Convexity first Following functions are again convex, but again, may not be differentiable everywhere. How does one compute their subgradients at points of non-differentiability? n i f i is convex if

158 views • 15 slides

More recommend