Lenstra–Lenstra–Lovász lattice basis reduction algorithm
Algorithm for finding a basis of short vectors in a lattice
Top 10 Lenstra–Lenstra–Lovász lattice basis reduction algorithm related articles
The Lenstra–Lenstra–Lovász (LLL) lattice basis reduction algorithm is a polynomial time lattice reduction algorithm invented by Arjen Lenstra, Hendrik Lenstra and László Lovász in 1982. Given a basis
The original applications were to give polynomial-time algorithms for factorizing polynomials with rational coefficients, for finding simultaneous rational approximations to real numbers, and for solving the integer linear programming problem in fixed dimensions.
The precise definition of LLL-reduced is as follows: Given a basis
define its Gram–Schmidt process orthogonal basis
and the Gram-Schmidt coefficients
, for any .
Then the basis
- (size-reduced) For
. By definition, this property guarantees the length reduction of the ordered basis.
- (Lovász condition) For k = 2,3,..,n
Here, estimating the value of the
The LLL algorithm computes LLL-reduced bases. There is no known efficient algorithm to compute a basis in which the basis vectors are as short as possible for lattices of dimensions greater than 4. However, an LLL-reduced basis is nearly as short as possible, in the sense that there are absolute bounds
Overview of "Gram%E2%80%93Schmidt process" article
The LLL algorithm has found numerous other applications in MIMO detection algorithms and cryptanalysis of public-key encryption schemes: knapsack cryptosystems, RSA with particular settings, NTRUEncrypt, and so forth. The algorithm can be used to find integer solutions to many problems.
In particular, the LLL algorithm forms a core of one of the integer relation algorithms. For example, if it is believed that r=1.618034 is a (slightly rounded) root to an unknown quadratic equation with integer coefficients, one may apply LLL reduction to the lattice in
Lenstra–Lenstra–Lovász lattice basis reduction algorithm Applications articles: 14
Properties of LLL-reduced basis
- The first vector in the basis cannot be much larger than the shortest non-zero vector:
. In particular, for , this gives .
- The first vector in the basis is also bounded by the determinant of the lattice:
. In particular, for , this gives .
- The product of the norms of the vectors in the basis cannot be much larger than the determinant of the lattice: let
, then .
LLL algorithm pseudocode
INPUT a lattice basis
a parameter with , most commonly PROCEDURE and do not normalize using the most current values of and while do for from to do if then Update and the related 's as needed. (The naive method is to recompute whenever changes: ) end if end for if then else Swap and Update and the related 's as needed. end if end while return the LLL reduced basis of OUTPUT the reduced basis
Let a lattice basis
then the reduced basis is
which is size-reduced, satisfies the Lovász condition, and is hence LLL-reduced, as described above. See W. Bosma. for details of the reduction process.
Likewise, for the basis over the complex integers given by the columns of the matrix below,
then the columns of the matrix below give an LLL-reduced basis.
LLL is implemented in
- Arageli as the function
- fpLLL as a stand-alone implementation
- GAP as the function
- Macaulay2 as the function
LLLin the package
- Magma as the functions
LLLGram(taking a gram matrix)
- Maple as the function
- Mathematica as the function
- Number Theory Library (NTL) as the function
- PARI/GP as the function
- Pymatgen as the function
- SageMath as the method
LLLdriven by fpLLL and NTL
- Isabelle/HOL in the 'archive of formal proofs' entry
LLL_Basis_Reduction. This code exports to efficiently executable Haskell.
Lenstra–Lenstra–Lovász lattice basis reduction algorithm Implementations articles: 6
- Lenstra, A. K.; Lenstra, H. W., Jr.; Lovász, L. (1982). "Factoring polynomials with rational coefficients". Mathematische Annalen. 261 (4): 515–534. CiteSeerX 10.1.1.310.318. doi:10.1007/BF01457454. hdl:1887/3810. MR 0682664.
- Galbraith, Steven (2012). "chapter 17". Mathematics of Public Key Cryptography.
- Nguyen, Phong Q.; Stehlè, Damien (September 2009). "An LLL Algorithm with Quadratic Complexity". SIAM J. Comput. 39 (3): 874–903. doi:10.1137/070705702. Retrieved 3 June 2019.
- Nguyen, Phong Q.; Stehlé, Damien (1 October 2009). "Low-dimensional lattice basis reduction revisited". ACM Transactions on Algorithms. 5 (4): 1–48. doi:10.1145/1597036.1597050.
- Odlyzko, Andrew; te Reile, Herman J. J. "Disproving Mertens Conjecture" (PDF). Journal für die reine und angewandte Mathematik. 357: 138–160. doi:10.1515/crll.1985.357.138. Retrieved 27 January 2020.
- Shahabuddin, Shahriar et al., "A Customized Lattice Reduction Multiprocessor for MIMO Detection", in Arxiv preprint, January 2015.
- D. Simon (2007). "Selected applications of LLL in number theory" (PDF). LLL+25 Conference. Caen, France.
- Regev, Oded. "Lattices in Computer Science: LLL Algorithm" (PDF). New York University. Retrieved 1 February 2019.
- Silverman, Joseph. "Introduction to Mathematical Cryptography Errata" (PDF). Brown University Mathematics Dept. Retrieved 5 May 2015.
- Bosma, Wieb. "4. LLL" (PDF). Lecture notes. Retrieved 28 February 2010.
- Divasón, Jose. "A Formalization of the LLL Basis Reduction Algorithm". Conference paper. Retrieved 3 May 2020.
- Napias, Huguette (1996). "A generalization of the LLL algorithm over euclidean rings or orders". Journal de Théorie des Nombres de Bordeaux. 8 (2): 387–396. doi:10.5802/jtnb.176.
- Cohen, Henri (2000). A course in computational algebraic number theory. GTM. 138. Springer. ISBN 3-540-55640-0.CS1 maint: ref=harv (link)
- Borwein, Peter (2002). Computational Excursions in Analysis and Number Theory. ISBN 0-387-95444-9.
- Luk, Franklin T.; Qiao, Sanzheng (2011). "A pivoted LLL algorithm". Linear Algebra and Its Applications. 434 (11): 2296–2307. doi:10.1016/j.laa.2010.04.003.
- Hoffstein, Jeffrey; Pipher, Jill; Silverman, J.H. (2008). An Introduction to Mathematical Cryptography. Springer. ISBN 978-0-387-77993-5.CS1 maint: ref=harv (link)