accelerating lattice reduction algorithms with floating
play

Accelerating lattice reduction algorithms with floating-point - PowerPoint PPT Presentation

Nov 01, 2022 •26 likes •766 views

Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Accelerating lattice reduction algorithms with floating-point arithmetic Damien Stehl e http://perso.ens-lyon.fr/damien.stehle/ LIP

  1. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Accelerating lattice reduction algorithms with floating-point arithmetic Damien Stehl´ e http://perso.ens-lyon.fr/damien.stehle/ LIP – CNRS/ENSL/INRIA/UCBL/U. Lyon MaGiX@LiX, September 2011 Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 1/30

  2. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Goals and plan of the talk Goals: To describe efficient techniques for lattice reduction. To illustrate how numerical linear algebra can be rigorously used to accelerate an algebraic computation. Plan of the talk: 1 Reminders on Euclidean lattices. 2 Using floating-point arithmetic within lattice algorithms. 3 The fplll library. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 2/30

  3. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Goals and plan of the talk Goals: To describe efficient techniques for lattice reduction. To illustrate how numerical linear algebra can be rigorously used to accelerate an algebraic computation. Plan of the talk: 1 Reminders on Euclidean lattices. 2 Using floating-point arithmetic within lattice algorithms. 3 The fplll library. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 2/30

  4. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Euclidean lattices Lattice ≡ { � i ≤ n x i b i : x i ∈ Z } . If the b i ’s are linearly independent, they are called a basis. Bases are not unique, but can be obtained from each other by integer transforms of determinant ± 1: � − 2 � 4 � 1 � � � 1 − 3 1 = · . 10 6 2 4 2 1 Lattice reduction: find a nice basis, given an arbitrary one. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 3/30

  5. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Euclidean lattices Lattice ≡ { � i ≤ n x i b i : x i ∈ Z } . If the b i ’s are linearly independent, they are called a basis. Bases are not unique, but can be obtained from each other by integer transforms of determinant ± 1: � − 2 � 4 � 1 � � � 1 − 3 1 = · . 10 6 2 4 2 1 Lattice reduction: find a nice basis, given an arbitrary one. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 3/30

  6. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Euclidean lattices Lattice ≡ { � i ≤ n x i b i : x i ∈ Z } . If the b i ’s are linearly independent, they are called a basis. Bases are not unique, but can be obtained from each other by integer transforms of determinant ± 1: � − 2 � 4 � 1 � � � 1 − 3 1 = · . 10 6 2 4 2 1 Lattice reduction: find a nice basis, given an arbitrary one. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 3/30

  7. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Lattice invariants and lattice reduction Minimum: λ ( L ) = min ( � b � : b ∈ L \ 0 ). Lattice determinant: det L = | det( b i ) i | , for any basis. Minkowski’s theorem: λ ( L ) ≤ √ n · (det L ) 1 / n . Lattice reduction: Find basis ( b i ) i s.t. HF( B ) is small, with � b 1 � HF( B ) := (det L ) 1 / n . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 4/30

  8. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Lattice invariants and lattice reduction Minimum: λ ( L ) = min ( � b � : b ∈ L \ 0 ). Lattice determinant: det L = | det( b i ) i | , for any basis. Minkowski’s theorem: λ ( L ) ≤ √ n · (det L ) 1 / n . Lattice reduction: Find basis ( b i ) i s.t. HF( B ) is small, with � b 1 � HF( B ) := (det L ) 1 / n . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 4/30

  9. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Lattice invariants and lattice reduction Minimum: λ ( L ) = min ( � b � : b ∈ L \ 0 ). Lattice determinant: det L = | det( b i ) i | , for any basis. Minkowski’s theorem: λ ( L ) ≤ √ n · (det L ) 1 / n . Lattice reduction: Find basis ( b i ) i s.t. HF( B ) is small, with � b 1 � HF( B ) := (det L ) 1 / n . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 4/30

  10. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Lattice invariants and lattice reduction Minimum: λ ( L ) = min ( � b � : b ∈ L \ 0 ). Lattice determinant: det L = | det( b i ) i | , for any basis. Minkowski’s theorem: λ ( L ) ≤ √ n · (det L ) 1 / n . Lattice reduction: Find basis ( b i ) i s.t. HF( B ) is small, with � b 1 � HF( B ) := (det L ) 1 / n . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 4/30

  11. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Lattice invariants and lattice reduction Minimum: λ ( L ) = min ( � b � : b ∈ L \ 0 ). Lattice determinant: det L = | det( b i ) i | , for any basis. Minkowski’s theorem: λ ( L ) ≤ √ n · (det L ) 1 / n . Lattice reduction: Find basis ( b i ) i s.t. HF( B ) is small, with � b 1 � HF( B ) := (det L ) 1 / n . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 4/30

  12. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Main computational problems SVP γ : Given a basis of L , find b ∈ L with 0 < � b � ≤ γ · λ ( L ) . BDD γ : Given a basis of L and t with dist ( t , L ) ≤ γ − 1 · λ ( L ) , find b ∈ L closest to t . And many variants: CVP γ , SIVP γ , uSVP γ , etc. Very hard for small γ : CVP, SIVP, uSVP, and SVP are NP-hard under (randomized) reductions. “Easy” for exponential γ . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 5/30

  13. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Main computational problems SVP γ : Given a basis of L , find b ∈ L with 0 < � b � ≤ γ · λ ( L ) . BDD γ : Given a basis of L and t with dist ( t , L ) ≤ γ − 1 · λ ( L ) , find b ∈ L closest to t . And many variants: CVP γ , SIVP γ , uSVP γ , etc. Very hard for small γ : CVP, SIVP, uSVP, and SVP are NP-hard under (randomized) reductions. “Easy” for exponential γ . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 5/30

  14. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Main computational problems SVP γ : Given a basis of L , find b ∈ L with 0 < � b � ≤ γ · λ ( L ) . BDD γ : Given a basis of L and t with dist ( t , L ) ≤ γ − 1 · λ ( L ) , find b ∈ L closest to t . And many variants: CVP γ , SIVP γ , uSVP γ , etc. Very hard for small γ : CVP, SIVP, uSVP, and SVP are NP-hard under (randomized) reductions. “Easy” for exponential γ . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 5/30

  15. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Main computational problems SVP γ : Given a basis of L , find b ∈ L with 0 < � b � ≤ γ · λ ( L ) . BDD γ : Given a basis of L and t with dist ( t , L ) ≤ γ − 1 · λ ( L ) , find b ∈ L closest to t . And many variants: CVP γ , SIVP γ , uSVP γ , etc. Very hard for small γ : CVP, SIVP, uSVP, and SVP are NP-hard under (randomized) reductions. “Easy” for exponential γ . Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 5/30

  16. Background on Euclidean lattices Hybrid algorithms for LLL-reduction The fplll library Conclusion Main computational problems SVP γ : Given a basis of L , find b ∈ L with 0 < � b � ≤ γ · λ ( L ) . BDD γ : Given a basis of L and t with dist ( t , L ) ≤ γ − 1 · λ ( L ) , find b ∈ L closest to t . And many variants: CVP γ , SIVP γ , uSVP γ , etc. Very hard for small γ : CVP, SIVP, uSVP, and SVP are NP-hard under (randomized) reductions. “Easy” for exponential γ . All known algorithms rely on some kind of lattice reduction. Damien Stehl´ e Accelerating lattice reduction algorithms with floating-point arithmetic 20/09/2011 5/30

Recommend

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V. Vazirani, Chapter 27 - Problem statement, general discussion - Lattices: brief introduction - The Gauss algorithm in R 2 - Lower bound via

295 views • 13 slides
Lattice Basis Reduction Part II: Algorithms Sanzheng Qiao Department of Computing and Software

Lattice Basis Reduction Part II: Algorithms Sanzheng Qiao Department of Computing and Software

Hermite Reduction LLL Reduction HKZ Reduction Minkowski Reduction A Measurement Lattice Basis Reduction Part II: Algorithms Sanzheng Qiao Department of Computing and Software McMaster University, Canada qiao@mcmaster.ca

758 views • 63 slides
Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL,

Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL,

Background on lattice reduction Our results Our technical ideas and argument Conclusion and open problems Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL, UK London-ish Lattice Coding &amp;

1.91k views • 167 slides
A Fast Jacobi-Type Method for Lattice Basis Reduction Zhaofei Tian Department of Computing and

A Fast Jacobi-Type Method for Lattice Basis Reduction Zhaofei Tian Department of Computing and

Concepts Algorithms Experimental Results References A Fast Jacobi-Type Method for Lattice Basis Reduction Zhaofei Tian Department of Computing and Software McMaster University Hamilton, Ontario, Canada Concepts Algorithms Experimental

308 views • 27 slides
Formal verification of floating-point algorithms John Harrison Intel Corporation Floating

Formal verification of floating-point algorithms John Harrison Intel Corporation Floating

Formal verification of floating-point algorithms 1 Formal verification of floating-point algorithms John Harrison Intel Corporation Floating point algorithm verification HOL Light Floating point numbers and formats HOL floating

636 views • 28 slides
Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong

Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong

Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong University. Wenling Liu @ SJTU Table of Contents Lattice Backgrounds LenstraLenstraLov asz Reduction Hemite SVP reduction and DBKZ Algorithm

930 views • 49 slides
Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239

Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239

Algorithms for Lattice Transforms and 2348 2349 Lattice Transforms for 234 248 239 Algorithms 23 39 24 Thore Husfeldt 2 Lund University and IT University of Copenhagen 3 This Talk in 60 Seconds In Prefix sum Out y i = x

1.39k views • 111 slides
RNS Arithmetic Approach in Lattice-based Cryptography Accelerating the Rounding-off Core

RNS Arithmetic Approach in Lattice-based Cryptography Accelerating the Rounding-off Core

22nd IEEE Symposium on Computer Arithmetic RNS Arithmetic Approach in Lattice-based Cryptography Accelerating the Rounding-off Core Procedure Jean-Claude Bajard , Julien Eynard Nabil Merkiche , Thomas Plantard Sorbonne

383 views • 25 slides
The (gimmicky) Road Map Gradual Sub-Lattice Reduction The Old Stuff Lattice Reduction

The (gimmicky) Road Map Gradual Sub-Lattice Reduction The Old Stuff Lattice Reduction

The Old Stuff The New Concepts The Bottom Line Gradual Sub-Lattice Reduction (now with more applications!) Andy Novocin andy@novocin.com LIRMM, Montpellier June 22nd The Old Stuff The New Concepts The Bottom Line The (gimmicky) Road

1.46k views • 99 slides
Algorithms for hard lattice problems Thijs Laarhoven ts

Algorithms for hard lattice problems Thijs Laarhoven ts

Algorithms for hard lattice problems Thijs Laarhoven ts ttts Tenerife PQCrypto Conference (January 31, 2018) Lattices What is a lattice? O Lattices What

1.59k views • 136 slides
Policy and Strategy: Accelerating Poverty Reduction, Reducing Unemployment, and Overcoming

Policy and Strategy: Accelerating Poverty Reduction, Reducing Unemployment, and Overcoming

Policy and Strategy: Accelerating Poverty Reduction, Reducing Unemployment, and Overcoming Vulnerability Rahma Iryanti National Development Planning Agency BAPPENAS ISSUES OF EMPLOYMENT High rate of youth unemployment; Quality of

347 views • 12 slides
Applications of Lattices in Telecommunications Amin Sakzad Dept of Electrical and Computer

Applications of Lattices in Telecommunications Amin Sakzad Dept of Electrical and Computer

Sphere Decoder Algorithm Lattice Reduction Algorithms Integer-Forcing Linear Receiver Lattice-based Cryptography Applications of Lattices in Telecommunications Amin Sakzad Dept of Electrical and Computer Systems Engineering Monash University

772 views • 76 slides
Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore

Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore

Lattice Coding &amp; Crypto Meeting Antonio Campello Sampling Algorithms for Lattice Gaussian Codes based on joint work with J.-C. Belfiore (Huawei Technologies France) Discrete Gaussian Measures f : R n R + D : [0 , 1] is a

917 views • 33 slides
Polynomial approximation and floating-point numbers Algorithms Project Seminar Sylvain

Polynomial approximation and floating-point numbers Algorithms Project Seminar Sylvain

Scope of my researches Approximation theory Polynomial approximation with floating-point numbers Lattices and LLL algorithm A concrete case Conclusion Polynomial approximation and floating-point numbers Algorithms Project Seminar Sylvain

1.17k views • 101 slides
Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y.

Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y.

Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y. Xiao and X. Xie Computer Science, McGill University, Montreal, Canada Fields Institute Workshop on Hybrid Methodologies for Symbolic-Numeric

1.3k views • 76 slides
Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol,

Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol,

Analyzing Blockwise Lattice Algorithms using Dynamical Systems Guillaume Hanrot, Xavier Pujol, Damien Stehl e ENS Lyon, LIP (CNRS ENSL INRIA UCBL - ULyon) Analyzing Blockwise Lattice Algorithms using Dynamical Systems 1/16

939 views • 61 slides
6.1 Dimensionality reduction Previously in the course, we have discussed algorithms suited for a

6.1 Dimensionality reduction Previously in the course, we have discussed algorithms suited for a

CS/CNS/EE 253: Advanced Topics in Machine Learning Topic: Dimensionality Reduction Lecturer: Andreas Krause Scribe: Matt Faulkner Date: 25 January 2010 6.1 Dimensionality reduction Previously in the course, we have discussed algorithms suited for

442 views • 6 slides
Formal Proofs of Floating-Point Algorithms John Harrison Intel Corporation SCAN 2010 28th

Formal Proofs of Floating-Point Algorithms John Harrison Intel Corporation SCAN 2010 28th

Formal Proofs of Floating-Point Algorithms John Harrison Intel Corporation SCAN 2010 28th September 2010 0 Overview Formal verification and theorem proving Formalizing floating-point arithmetic Square root example Reciprocal

534 views • 42 slides
Faster Enumeration-based Lattice Reduction: Root Hermite Factor k 1 / ( 2 k ) in Time k k / 8 + o (

Faster Enumeration-based Lattice Reduction: Root Hermite Factor k 1 / ( 2 k ) in Time k k / 8 + o (

Faster Enumeration-based Lattice Reduction: Root Hermite Factor k 1 / ( 2 k ) in Time k k / 8 + o ( k ) Martin R. Albrecht 1 , Shi Bai 2 , Pierre-Alain Fouque 3 , Paul Kirchner 3 , Damien Stehl 4 and Weiqiang Wen 3 1 Royal Holloway, University of

985 views • 50 slides
An Architectural Framework for Accelerating Dynamic Parallel Algorithms on Reconfigurable

An Architectural Framework for Accelerating Dynamic Parallel Algorithms on Reconfigurable

An Architectural Framework for Accelerating Dynamic Parallel Algorithms on Reconfigurable Hardware Tao Chen, Shreesha Srinath Christopher Batten , G. Edward Suh Computer Systems Laboratory School of Electrical and Computer Engineering Cornell

546 views • 36 slides
Dimensionality Reduction Algorithms (and how to interpret their output) Dalya Baron (Tel Aviv

Dimensionality Reduction Algorithms (and how to interpret their output) Dalya Baron (Tel Aviv

Dimensionality Reduction Algorithms (and how to interpret their output) Dalya Baron (Tel Aviv University) XXX Winter School, November 2018 What is Dimensionality Reduction? Dimensionality Reduction algorithm 28 x 28 features per object 2

437 views • 33 slides
Algorithms using real numbers Floating point arithmetic limited precision Algorithms

Algorithms using real numbers Floating point arithmetic limited precision Algorithms

Algorithms using real numbers Floating point arithmetic limited precision Algorithms using real numbers computational errors IEEE standard type double in Java Computational errors due to limited precision

491 views • 10 slides
Lattice Reduction, Integer Programming, and Knapsacks Daniel Lichtblau danl@wolfram.com Wolfram

Lattice Reduction, Integer Programming, and Knapsacks Daniel Lichtblau danl@wolfram.com Wolfram

Lattice Reduction, Integer Programming, and Knapsacks Daniel Lichtblau danl@wolfram.com Wolfram Research, Inc. 100 Trade Centre Dr. Champaign IL USA, 61820 ICMS, Castro Urdiales, Spain September 13, 2006 Abstract We will discuss

755 views • 31 slides
DRS Diagonal dominant Reduction for lattice-based Signature Thomas PLANTARD, Arnaud SIPASSEUTH,

DRS Diagonal dominant Reduction for lattice-based Signature Thomas PLANTARD, Arnaud SIPASSEUTH,

DRS Diagonal dominant Reduction for lattice-based Signature Thomas PLANTARD, Arnaud SIPASSEUTH, Cedric DUMONDELLE, Willy SUSILO Institute of Cybersecurity and Cryptology University of Wollongong http://www.uow.edu.au/ thomaspl

458 views • 22 slides

More recommend