LLL-reducing in quasi-linear time Damien Stehl e Joint work with - PowerPoint PPT Presentation

L 1 e Introduction Wishful thinking Deforming Truncating Quasi-linear LLL-reduction onhage’91: β 1+ ε for n = 2. Yap’92, Sch¨ Eisenbrand-Rote’01: β 1+ ε for fixed any n . Our result 1 , that computes “somewhat” We give an algorithm, called � L LLL-reduced bases in time O ( n 5+ ε β + n ω +1+ ε β 1+ ε ). n ω : cost of matrix mult. in dimension n . For fixed n : O ( M ( β ) log β ), where M ( · ) is for integer mult. Same total degree as before. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 7/36

L 1 e Introduction Wishful thinking Deforming Truncating Plan of the talk 1 Wishful thinking. 2 Reducing by deforming. 3 Reducing by truncating. 1 algorithm. 4 The � L Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 8/36

L 1 e Introduction Wishful thinking Deforming Truncating A gcd analogy Euclid’s algorithm for computing gcd( r 0 , r 1 ): i := 1. While r i � = 0: Compute q i := ⌊ r i − 1 / r i ⌋ , r i +1 := r i − 1 − q i r i . Output r i − 1 . Vectorial interpretation: � 0 � 0 � � � � r i − 1 � � � r 0 � 1 � r i 1 1 = · = · 1 − q i 1 − q j r i +1 r i r 1 j = i LLL as a gcd: Given B i , find U i s.t. B i U i is closer to reduced. L 3 : Compute r i − 1 / r i exactly before rounding it. L 2 : Compute r i − 1 / r i approximately before rounding it. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 9/36

L 1 e Introduction Wishful thinking Deforming Truncating Towards a quasi-linear time gcd algorithm Euclid computes remainders ( r i ) i and quotients ( q i ) i . Assume r 0 ≈ r 1 ≈ 2 β . Writing down all the r i ’s costs O ( β 2 ). Lehmer’38 If | r 0 − ¯ | r 0 | , | r 1 − ¯ r 0 | r 1 | ≤ 2 − 2 ℓ , then ( q i ) i and (¯ q i ) i share their first ℓ bits. | r 1 | Do not compute the q i ’s using and updating the lengthy r i ’s: Use the shorter ¯ r i ’s instead! When the relevant bits of the q i ’s are known, apply them to ( r 0 , r 1 )... and apply Lehmer again. Knuth’70, Sch¨ onhage’71: Do this recursively! Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 10/36

L 1 e Introduction Wishful thinking Deforming Truncating The Knuth-Sch¨ onhage gcd algorithm To compute the first ℓ quotient bits of r 0 , r 1 of bit-sizes 2 ℓ : 1 Take the first ℓ bits of r 0 and r 1 . 2 Recursively get the first ℓ/ 2 quotient bits. 3 Apply the quotients to r 0 , r 1 , to get r ′ 0 , r ′ 1 . 4 Take the first ℓ bits of r ′ 0 and r ′ 1 . 5 Recursively get the first ℓ/ 2 quotient bits. Applying the quotients: multiply a O ( ℓ )-bit 2 × 2 matrix to a O ( ℓ )-bit vector. Cost: C ℓ = 2 C ℓ/ 2 + O ( M ( ℓ )) = O ( M ( ℓ ) log ℓ ). Can be used to compute gcds in time O ( M ( ℓ ) log ℓ ). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 11/36

L 1 e Introduction Wishful thinking Deforming Truncating What about doing it for LLL? To compute the “first” ℓ bits of U reducing B : 1 Take the first ℓ bits of each b ij . 2 Recursively get the first ℓ/ 2 bits of U . 3 Apply them to B , to get a shorter B ′ . 4 Take the first ℓ bits of each b ′ ij . 5 Recursively get the next ℓ/ 2 bits of U . What is a “quotient” here? How to control the bit-size of a unimodular matrix? Can we truncate “remainders”, i.e., lattice bases? How to handle multidimensionality / unbalanced magnitudes? Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 12/36

L 1 e Introduction Wishful thinking Deforming Truncating From reduced to reduced If B is arbitrary, then a reducing U can be huge (Cramer :-(). If B is reduced, any U such that BU is reduced is bounded. Let B be reduced with R-factor R , and U s.t. BU is reduced. Then: ∀ i , j : | u ij | ≤ 2 O ( n ) · r jj / r ii . If B is reduced, the r ii ’s can’t decrease fast. Assuming they don’t increase, we get max | u ij | ≤ 2 O ( n ) . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 14/36

L 1 e Introduction Wishful thinking Deforming Truncating From reduced to deformed to reduced Start from something reduced, deform it a bit, and reduce it! The Belabas-van Hoeij-Novocin deformation: B �→ diag(2 ℓ , 1 , . . . , 1) · B = σ ℓ B . The r ii ’s cannot decrease. Their product increases by a factor 2 ℓ . Let ℓ ≥ 0, B be reduced with R-factor R , and U s.t. σ ℓ BU is reduced. Then: ∀ i , j : | u ij | ≤ 2 ℓ + O ( n ) · r jj / r ii . − → If B is “balanced”, each u ij has at most ℓ + O ( n ) bits. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 15/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 b 1 , n − 1 b 1 , n  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 b n − 2 , n − 1 b n − 2 , n     0 . . . 0 b n − 1 , n − 1 b n − 1 , n 0 . . . 0 0 b n , n Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 b 1 , n − 1 b 1 , n  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 b n − 2 , n − 1 b n − 2 , n     0 . . . 0 b n − 1 , n − 1 b n − 1 , n 0 . . . 0 0 b n , n Bottom right 1 × 1 submatrix is reduced. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 b 1 , n − 1 b 1 , n . . . .  ...  . . . .  . . . .      0 . . . b n − 2 , n − 2 b n − 2 , n − 1 b n − 2 , n   b n − 1 , n − 1 b n − 1 , n   0 . . . 0 2 ℓ 2 ℓ 0 . . . 0 0 b n , n Scale down row n − 1 so that bottom-right 2 × 2 submatrix is reduced: ℓ ≈ log b n − 1 , n − 1 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 b 1 , n − 1 b 1 , n  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 b n − 2 , n − 1 b n − 2 , n     0 . . . 0 b n − 1 , n − 1 b n − 1 , n 0 . . . 0 0 b n , n Lift row n − 1 by ℓ bits and reduce bottom-right 2 × 2 submatrix. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 b 1 , n − 1 b 1 , n  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 b n − 2 , n − 1 b n − 2 , n     0 . . . 0 x x 0 . . . 0 x x Lift row n − 1 by ℓ bits and reduce bottom-right 2 × 2 submatrix. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 x x  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 x x     0 . . . 0 x x 0 . . . 0 x x Propagate the transformations to the first n − 2 coordinates, and reduce wrt the diagonal coefficients. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 x x . . . .  ...  . . . .  . . . .     b n − 2 , n − 2  x x 0 . . .   2 ℓ 2 ℓ 2 ℓ   0 . . . 0 x x 0 . . . 0 x x Scale down row n − 2 so that bottom-right 3 × 3 submatrix is reduced: ℓ ≈ log b n − 2 , n − 2 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 x x  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 x x     0 . . . 0 x x 0 . . . 0 x x Lift row n − 2 by ℓ bits and reduce bottom-right 3 × 3 submatrix. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 x x  . . . .  ... . . . .   . . . .     0 . . . x x x     0 . . . x x x 0 . . . x x x Lift row n − 2 by ℓ bits and reduce bottom-right 3 × 3 submatrix. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 x x x  . . . .  ... . . . .   . . . .     0 . . . x x x     0 . . . x x x 0 . . . x x x Propagate the transformations to the first n − 3 coordinates, and reduce wrt the diagonal coefficients. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 x x x  . . . .  ... . . . .   . . . .     0 . . . x x x     0 . . . x x x 0 . . . x x x Keep going. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing in quasi-linear time suffices McCurley-Hafner’91: H = HNF( B ) can be computed in time O ( n ω +1+ ε β 1+ ε ). Cost of the lifts: � � O (log h n , n ) + � � P oly ( n ) · O (log h n − 1 , n − 1 ) + . . . = P oly ( n ) · � O (log det H ) = P oly ( n ) · � O (log det B ). (in fact, we do a bit better than that) Cost of the propagations bounded using the smallness of the transforms: O ( n ω +1+ ε ( β 1+ ε + n )). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 17/36

L 1 e Introduction Wishful thinking Deforming Truncating Where are we now? LLL-reduction − → sequence of Lift-reductions. We are to lift-reduce in quasi-linear time. More precisely: given ℓ and B reduced, we will find U unimodular such that σ ℓ BU is reduced, in time � O ( ℓ ). This is independent from the bit-size of B . The “LLL quotients” are the matrices U that achieve some amount ℓ of lifting. The quotients have bounded magnitudes. If B is “balanced”, then they have small bit-sizes. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 18/36

L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reduction is inappropriate for truncations Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 20/36

L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reduction is inappropriate for truncations We can’t decide reducedness by looking at the (53) top-most bits: Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 20/36

L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reduction is inappropriate for truncations We can’t decide reducedness by looking at the (53) top-most bits: � � � � 2 60 + 2 5 2 60 1 1 = ⇒ 2 60 2 60 − 1 − 1 Not reduced Reduced � � � � 2 53 + 2 − 1 + 2 − 25 2 53 + 1 1 1 = ⇒ 2 − 10 − 2 63 2 − 10 − 2 63 Reduced Not reduced Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 20/36

L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reduction is inappropriate for truncations We can’t decide reducedness by looking at the (53) top-most bits: � � � � 2 60 + 2 5 2 60 1 1 = ⇒ 2 60 2 60 − 1 − 1 Not reduced Reduced � � � � 2 53 + 2 − 1 + 2 − 25 2 53 + 1 1 1 = ⇒ 2 − 10 − 2 63 2 − 10 − 2 63 Reduced Not reduced If B ∈ Z n × n , we may need all the bits to decide. If B ∈ R n × n , we may not even be able to tell! Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 20/36

L 1 e Introduction Wishful thinking Deforming Truncating Sensitivity of the R-factor Take B ∈ R n × n full-rank, with B = QR . � ∆ b i � Apply a columnwise perturbation ∆ B , i.e., max i � b i � ≤ ε . If ε is very small, then B + ∆ B is full-rank and: B + ∆ B = ( Q + ∆ Q )( R + ∆ R ) . How large can ∆ R be? Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 21/36

L 1 e Introduction Wishful thinking Deforming Truncating Sensitivity of the R-factor Take B ∈ R n × n full-rank, with B = QR . � ∆ b i � Apply a columnwise perturbation ∆ B , i.e., max i � b i � ≤ ε . If ε is very small, then B + ∆ B is full-rank and: B + ∆ B = ( Q + ∆ Q )( R + ∆ R ) . How large can ∆ R be? Chang-S-Villard’11 Let cond ( R ) = �| R || R − 1 |� . If cond ( R ) · ε < ∼ 1, then: B + ∆ B is full-rank and max � ∆ r i � < ∼ cond ( R ) · ε . � r i � Furthermore, if B is LLL-reduced, then cond ( R ) = 2 O ( n ) . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 21/36

L 1 e Introduction Wishful thinking Deforming Truncating Fixing the LLL-reduction We would like the reduction to resist perturbations. The bound on � ∆ r j � is proportional to � r j � . By reducedness, 1 ≤ � r j � r j , j ≤ 2 O ( n ) . ⇒ r i , j should be related to r j , j instead of (only) r i , i . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 22/36

L 1 e Introduction Wishful thinking Deforming Truncating Fixing the LLL-reduction We would like the reduction to resist perturbations. The bound on � ∆ r j � is proportional to � r j � . By reducedness, 1 ≤ � r j � r j , j ≤ 2 O ( n ) . ⇒ r i , j should be related to r j , j instead of (only) r i , i . Let Ξ = ( δ, η, θ ) with η ∈ (1 / 2 , 1), θ > 0 and δ ∈ ( η 2 , 1). A basis B ∈ R n × n with R-factor R is said Ξ-reduced if: ∀ i , j : | r i , j | ≤ η · r i , i + θ · r j , j [Modified size-reduction] ∀ i : δ · r 2 i , i ≤ r 2 i , i +1 + r 2 i +1 , i +1 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 22/36

L 1 e Introduction Wishful thinking Deforming Truncating Fixing the LLL-reduction We would like the reduction to resist perturbations. The bound on � ∆ r j � is proportional to � r j � . By reducedness, 1 ≤ � r j � r j , j ≤ 2 O ( n ) . ⇒ r i , j should be related to r j , j instead of (only) r i , i . Let Ξ = ( δ, η, θ ) with η ∈ (1 / 2 , 1), θ > 0 and δ ∈ ( η 2 , 1). A basis B ∈ R n × n with R-factor R is said Ξ-reduced if: ∀ i , j : | r i , j | ≤ η · r i , i + θ · r j , j [Modified size-reduction] ∀ i : δ · r 2 i , i ≤ r 2 i , i +1 + r 2 i +1 , i +1 . If B is balanced, this is the same as before. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 22/36

L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reductions, graphically �� b 2 b 2 b 2 b 2 �� 0 0 0 0 b 1 b 1 b 1 b 1 �� (1 , 1 / 2 , 0) ( δ, 1 / 2 , 0) ( δ, η, 0) ( δ, η, θ ) Hermite LLL’82 Schnorr’88 Chang-S-Villard’11 Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 23/36

L 1 e Introduction Wishful thinking Deforming Truncating Properties of the new reduction The new reduction is perturbation-friendly: We still have cond ( R ) = 2 O ( n ) for Ξ-reduced bases. If B is reduced and max � ∆ b i � � b i � ≤ 2 − Ω( n ) , then B + ∆ B is reduced (for slightly weaker parameters). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 24/36

L 1 e Introduction Wishful thinking Deforming Truncating Properties of the new reduction The new reduction is perturbation-friendly: We still have cond ( R ) = 2 O ( n ) for Ξ-reduced bases. If B is reduced and max � ∆ b i � � b i � ≤ 2 − Ω( n ) , then B + ∆ B is reduced (for slightly weaker parameters). The popular properties of LLL-reduction still hold: Computable in polynomial time. ⇒ � � b i � ≤ 2 O ( n 2 ) · | det( b i ) i | . B reduced = Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 24/36

L 1 e Introduction Wishful thinking Deforming Truncating Deformations and truncations are compatible B and σ ℓ BU reduced = ⇒ U small. B reduced = ⇒ B + ∆ B reduced. Let ℓ ≥ 0, B be reduced and ∆ B s.t. max � ∆ b i � � b i � ≤ 2 − ℓ − Ω( n ) . If σ ℓ ( B + ∆ B ) U is reduced, then so is σ ℓ BU ... For slightly weaker reduction factors. The ℓ + O ( n ) top-most bits of B suffice for finding U . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 25/36

L 1 e Introduction Wishful thinking Deforming Truncating 1 Overview of � L 1 : HNF and n calls to Lift- � 1 . � L L 1 computes U unimodular If B is reduced and ℓ ≥ 0, Lift- � L such that σ ℓ BU is reduced, in time P oly ( n ) · � O ( ℓ ). We master “remainders/bases” truncations. We have “LLL quotients”. If the basis is balanced, the quotient has small bit-size. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 27/36

L 1 e Introduction Wishful thinking Deforming Truncating A first attempt for Lift- � L 1 Inputs : B reduced, lifting target ℓ . Output : U unimodular such that σ ℓ BU reduced. Keep the ℓ/ 2 + O ( n ) top-most bits of B . Recursively compute U 1 s.t. σ ℓ/ 2 BU 1 reduced. Apply U 1 to σ ℓ/ 2 B and keep the ℓ/ 2 + O ( n ) top-most bits. Recursively compute U 2 s.t. σ ℓ/ 2 ( σ ℓ/ 2 BU 1 ) U 2 is reduced. Return U 1 · U 2 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 28/36

L 1 e Introduction Wishful thinking Deforming Truncating Some additional difficulties 1 Keep the ℓ/ 2 + O ( n ) top-most bits of B . 2 Recursively compute U 1 s.t. σ ℓ/ 2 BU 1 reduced. 3 Apply U 1 to σ ℓ/ 2 B and keep the ℓ/ 2 + O ( n ) top-most bits. 4 Recursively compute U 2 s.t. σ ℓ/ 2 ( σ ℓ/ 2 BU 1 ) U 2 is reduced. 5 Return U 1 · U 2 . What do we do at the recursion leaves? Every time we truncate, we may loosen the reduction factors... How do we compute B · U 1 and U 1 · U 2 efficiently? Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 29/36

L 1 e Introduction Wishful thinking Deforming Truncating Strengthening the reducedness of a basis (Morel-S-Villard) Problem: Suppose we have a Ξ-reduced basis. How do we Ξ ′ -reduce it, for Ξ ′ > Ξ? Truncate, reduce, output the obtained U . This takes time O ( n 6+ ε ) when the r ii ’s are balanced. Otherwise, u ij can be as large as r jj / r ii ... Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 30/36

L 1 e Introduction Wishful thinking Deforming Truncating Strengthening the reducedness of a basis (Morel-S-Villard) 1 Rescale the columns of B : B �→ BS . 2 Do that while keeping B reduced. 3 Find U unimodular s.t. ( BS ) U is reduced. 4 ( BSU ) S − 1 = B ( SUS − 1 ) is reduced. 5 If the scaling was properly chosen: SUS − 1 is unimodular. This costs O ( n 6+ ε ). It also works for a small amount of lift: ℓ = O ( n ). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 31/36

L 1 e Introduction Wishful thinking Deforming Truncating Reducedness strengthening Used for the recursion leaves. Used for re-strengthening the reduction factors, loosened by the truncations. Returns ( U , S ) s.t.: B ( SUS − 1 ) is reduced, max | u ij | ≤ 2 O ( n ) , S is powers-of-2 diagonal matrix. SUS − 1 might not be small, but ( S , U ) is. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 32/36

L 1 e Introduction Wishful thinking Deforming Truncating 1 Bounding the cost of Lift- � L 1 Keep the ℓ/ 2 + O ( n ) top-most bits of B . 2 Recursively compute U 1 s.t. σ ℓ/ 2 BU 1 reduced. 3 Apply U 1 to σ ℓ/ 2 B and keep the ℓ/ 2 + O ( n ) top-most bits. 4 Recursively compute U 2 s.t. σ ℓ/ 2 ( σ ℓ/ 2 BU 1 ) U 2 is reduced. 5 Return U 1 · U 2 . New representations for bases and transforms: Easy if assuming all handled bases are “balanced”. Else... An ℓ -lifing U is stored as ( U ′ , D ) with U = DU ′ D − 1 , ij | ≤ 2 ℓ + O ( n ) and D p-of-2 diagonal. max | u ′ B is stored as ( B ′ , D ) with B = B ′ D and max | b ′ i , j | ≤ 2 O ( ℓ + n ) and D p-of-2 diagonal. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 33/36

L 1 e Introduction Wishful thinking Deforming Truncating Handling the new representations U �→ ( U ′ , D ) with U = DU ′ D − 1 . B �→ ( B ′ , D ) with B = B ′ D . ( B 1 D 1 ) · ( D 2 U 2 D − 1 2 ) is cheap if D − 1 and D 2 “coincide”. 1 ( D 1 U 1 D − 1 1 ) · ( D 2 U 2 D − 1 2 ) is cheap if D 1 and D 2 “coincide”. They always do coincide: D ≈ diag( r 11 , . . . , r nn ). Final hassle: The bit-sizes of the DUD − 1 ’s might grow too much. We sanatize them at every recursion leaf. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 34/36

L 1 e Introduction Wishful thinking Deforming Truncating Sanitizing the transforms Assume B and σ ℓ BU are reduced with ℓ ≥ 0 and U unimodular. Let ∆ U s.t. | ∆ u ij | ≤ 2 − Ω( ℓ + n ) r jj / r ii , then: U + ∆ U unimodular and σ ℓ B ( U + ∆ U ) reduced . A lift-reducing U may be large, but its bit-size can be made small. To “clean” a DUD ′ , we equalize D − 1 and D ′ , and truncate. U �→ ( U ′ , D , x ) with U = 2 x DU ′ D − 1 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 35/36

LLL-reducing in quasi-linear time Damien Stehl e Joint work with - PowerPoint PPT Presentation

L 1 e Introduction Wishful thinking Deforming Truncating LLL-reducing in quasi-linear time Damien Stehl e Joint work with A. Novocin & G. Villard LIP CNRS/ENSL/INRIA/UCBL/U. Lyon Rocquencourt, April 2011 Damien Stehl e

Quasi-Newton methods for minimization Lectures for PHD course on Non-linear equations and

can be done in linear time? Yuri Gurevich Tallinn, April 29, 2014 Agenda 1. What linear time?

Computational Integrity with a Public Random String from Quasi-Linear PCPs Michael Riabzev

KAM for quasi-linear KdV Massimiliano Berti Toronto, 10-1-2014, Conference on Hamiltonian

On stability of special solutions for quasi-linear equations of traffic flow Podoroga Anastasia

1 Trace Cache Summary of Reducing Cache Hit Time Trace: a dynamic sequence of Small and simple

Quasi-linear versus potential-based formulations of force-flux relations and the GENERIC for

Quasi-Optimal Multiplication of Linear Differential Operators Alexandre Benoit 1 , Alin Bostan 2

Exotic components in linear slices of quasi-Fuchsian groups Yuichi Kabaya Kyoto University

Global well-posedness of the quasi-linear Euler-Korteweg system for small irrotational data

xtdpdqml: Quasi-maximum likelihood estimation of linear dynamic short-T panel data models

Nonlinear Planetary Wave Dynamics of Quasi-Stationary Anomalies Grant Branstator National Center

Iterative Methods for Symmetric Quasi-Definite Linear Systems Mario Arioli 1 Dominique Orban 2 1

GC for interactive and real-time systems Interactive or real-time app concerns Reducing length

GC for interactive and real-time systems Interactive or real-time app concerns Reducing length

Designs Chapter 11 Quasi-Experimentation Quasi-experiments resemble experiments, but lack

A proof of the model-independence of (, 1) -category theory joint with Dominic Verity CT2018,

Transport for the 1D Schr odinger equation via quasi-free systems (Collaboration with V.

Nonadditivity in the quasi-equilibrium state of a short-range interacting system Takashi Mori

Quasi-Random Rumor Spreading Benjamin Doerr MPII Saarbrcken joint work with Tobias Friedrich

Alex Suciu Northeastern University Joint work with Thomas Koberda (U. Virginia) arxiv:1604.02010

Probabilistic Graphical Models David Sontag New York University Lecture 12, April 19, 2012

Semantics for Probabilistic Programming Chris Heunen 1 / 21 Bayes law P ( A | B ) = P ( B | A

ADVANCED ECONOMETRICS I Theory (2/3) Instructor: Joaquim J. S. Ramalho E.mail: