finding reduced basis for lattices ido heskia math/csc 870
TRANSCRIPT
Finding Reduced Basis for Lattices
Ido Heskia
Math/Csc 870
Due to:
A.K. Lenstra
H.W. Lenstra
L. Lovasz
LLL Algorithm
Introduction
A Lattice
1.
2. 1 1
|n n
i i i ii i
L b rb r
Let n be a positive integer. A subset L of the n-dimensional real vector space iscalled a lattice if there exists a basis b1,b2,…,bn of such that
The bi’s span L. n is the rank of L.We will consider only
1 1
|n n
i i i ii i
L b rb r
n
n
nib
Constructing lattices:
1det , , nd L b b Determinant of L:
The bi’s are written as column
vectors. Apparently, this positive
real number doesn’t depend on the
choice of the basis.
Let be linearly independent. Suppose it is a basis for
We perform the Gram-Schmidt process:
1,n
nb b
b1
b2 b2
2Lproj b0 0
L
0
*2 2 2Lb b proj b
nL
*1b
*1b
Similarly, define:*
1 1b b* *
2 2 21 1b b b
* * *ij i j j jb b b b
1* *
1
i
i i ij jj
b b b
* *1 , , nb b Forms an orthogonal basis of L
Dividing by shortens our vectors.
2*jb
* * *3 3 31 1 32 2b b b b
A basis b1,..,bn of a lattice is called reduced if :
1) for
2)
* ¾ can be replaced by any ¼<y<1
1
2ij
2 2* * *1 1 1
3,1
4i ii i ib b b i n
* | | is Euclidean length.
1 j i n
Applications
Factoring polynomials with rational coeffecients
0
| , 0n
ii i
i
x a x a n
For example:
Lives in
5 2
42 73 2
x xf x x x
x
An irreducible polynomial over a field is
non-constant and cannot be
represented as the product of at-least 2
non-constant Polynomials.
Reducible (over ):
Irreducible:
2 1 1 1x x x 2 1x
How to find, for a given non-zero
polynomial in its decomposition into
Irreducibles?
Factor primitive polynomials
(gcd of all coeffecients of f is 1)
Into irreducible factors in
Use LLL
f x
x
x
Simultaneous Diophantine approximations
Given , and
Find such that:
Or
n 1, n 0 1
1, , ,np p q
,1 ni ip q q
1
1ii n
p
q q
Cryptography
For given positive
Do there exist such that:
(is s a subset sum of the mi’s)?
1, , ,nm m s
1, , 0,1nz z
1 1 n ns z m z m
Sums of squares
Every prime that is 1mod4 can be
written as sum of two squares.
Those squares are found using LLL
abc Conjecture
For define the radical
, ,a b c
p prime
|
, ,
p abc
rad a b c p
(That’s the product of distinct prime factors of a,b,c). suppose gcd(a,b,c)=1.
log
, ,log , ,
cq a b c
rad a b c
abc conjecture: For every x>1 there exists only finitely many a,b,c with gcd(a,b,c) = 1 and a + b = c such that
, ,q a b c x
The search for examples uses LLL
Proposition:
B1,bn are reduced basis for a lattice L in b1*, bn* defined as before. Then:
1.
2.
3.
4.
(i.e. the 1st vector is “reasonably” short).
22 1 *2 ,1ij ib b j i n
1
4
1
2nn n
ii
d L b d L
1 1
41 2
n
nb d L
Reduced basis, what is it good for?
n
2 211 2 , , 0nb x x L x
Algorithm.doc
Example.doc
Algorithm terminates:
det ,1 ,i j ld b b j l i
*
1
,0i
i jj
d b i n
so each is a pos. real number
20 1, nd d d L
1
1
n
ii
D d
D changes only if some bi* is changed, which only occurs at case 1 of the algorithm. The number is reduced by a factor of ¾ since is, while the other
di’s are unchanged. Hence D reduced by factor of ¾ .
1kd *
1kb
di’s are bounded from below which bounds D from below.
2min : , 0m L x x L x
iid m L
So there’s an upper bound for # of times we pass through case 1.
In end of case 1, k = k-1
End of case 2, k = k+1
Start with k = 2, and 1k n
So # of times we pass through case 2
Is at most n-1 more than the # of times we pass through case 1,
Hence the algorithm terminates.
Complexity:
Initialization step with rationales: 3O n
# of times pass through case 1:
# of times pass through case 2:
2 logO n B
2 logO n B
2, 2, iB B b B
Case 1 requires operations
Case 2 we have values of p
Each requires operations
O n
O n
O n
Hence we get a total of
Operations.
Polynomial Time.
4 logO n B
References:Factoring Polynomials with Rational Coeffecients-- A.K. Lenstra, H.W. Lenstra, Jr. and L. LovaszA Course in Convexity-- Alexander BarvinokLattice Basis Reduction Algorithms and Applications-- Matthew C. CarySome Applications of LLL-- http://www.math.ru.nl/~bosma/onderwijs/voorjaar07/compalg8.pdfLinear Algebra with Applications-- Otto BretcherLattices-- www.cs.tau.ac.il/~safra/ACT2/Lattices.ppt