lattice reduction and preconditioning

play

Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work - PowerPoint PPT Presentation

Oct 13, 2023 •534 likes •1.3k views

Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y. Xiao and X. Xie Computer Science, McGill University, Montreal, Canada Fields Institute Workshop on Hybrid Methodologies for Symbolic-Numeric

Lattice Reduction and Preconditioning Xiao-Wen Chang Joint work with M. Al Borne, W.-Y. Ku, Y. Xiao and X. Xie Computer Science, McGill University, Montreal, Canada Fields Institute Workshop on Hybrid Methodologies for Symbolic-Numeric Computation November 16-19, 2011 X.-W. Chang Lattice Reduction and Preconditioning 1/33
Outline Part 1: Lattice reduction Introduction 1 A floating point partial LLL reduction algorithm 2 A floating point blocked LLL reduction algorithm 3 Numerical test results 4 Part 2: Lattice preconditioning Motivations 1 Some lattice preconditioning techniques. 2 Numerical test results 3 Summary and future work X.-W. Chang Lattice Reduction and Preconditioning 2/33
Outline Part 1: Lattice reduction Introduction 1 A floating point partial LLL reduction algorithm 2 A floating point blocked LLL reduction algorithm 3 Numerical test results 4 Part 2: Lattice preconditioning Motivations 1 Some lattice preconditioning techniques. 2 Numerical test results 3 Summary and future work X.-W. Chang Lattice Reduction and Preconditioning 2/33
Outline Part 1: Lattice reduction Introduction 1 A floating point partial LLL reduction algorithm 2 A floating point blocked LLL reduction algorithm 3 Numerical test results 4 Part 2: Lattice preconditioning Motivations 1 Some lattice preconditioning techniques. 2 Numerical test results 3 Summary and future work X.-W. Chang Lattice Reduction and Preconditioning 2/33
Outline Part 1: Lattice reduction Introduction 1 A floating point partial LLL reduction algorithm 2 A floating point blocked LLL reduction algorithm 3 Numerical test results 4 Part 2: Lattice preconditioning Motivations 1 Some lattice preconditioning techniques. 2 Numerical test results 3 Summary and future work X.-W. Chang Lattice Reduction and Preconditioning 2/33
Lattice reduction — introduction Let B ∈ R m × n be of full column rank. Lattice generated by B : L ( B ) = { Bx : x ∈ Z n } . Lattice reduction is to find a unimodular matrix Z (i.e., Z ∈ Z n × n , | det( Z ) | = 1) such that 1 the columns of BZ are fairly orthogonal to each other; 2 the columns of BZ are short. For simplicity, we assume B is a square matrix here. Applications: Cryptology, algorithmic number theory, communications, GPS etc X.-W. Chang Lattice Reduction and Preconditioning 3/33
Lattice reduction — introduction Let B ∈ R m × n be of full column rank. Lattice generated by B : L ( B ) = { Bx : x ∈ Z n } . Lattice reduction is to find a unimodular matrix Z (i.e., Z ∈ Z n × n , | det( Z ) | = 1) such that 1 the columns of BZ are fairly orthogonal to each other; 2 the columns of BZ are short. For simplicity, we assume B is a square matrix here. Applications: Cryptology, algorithmic number theory, communications, GPS etc X.-W. Chang Lattice Reduction and Preconditioning 3/33
Lattice reduction — introduction Let B ∈ R m × n be of full column rank. Lattice generated by B : L ( B ) = { Bx : x ∈ Z n } . Lattice reduction is to find a unimodular matrix Z (i.e., Z ∈ Z n × n , | det( Z ) | = 1) such that 1 the columns of BZ are fairly orthogonal to each other; 2 the columns of BZ are short. For simplicity, we assume B is a square matrix here. Applications: Cryptology, algorithmic number theory, communications, GPS etc X.-W. Chang Lattice Reduction and Preconditioning 3/33
Lattice reduction — introduction Let B ∈ R m × n be of full column rank. Lattice generated by B : L ( B ) = { Bx : x ∈ Z n } . Lattice reduction is to find a unimodular matrix Z (i.e., Z ∈ Z n × n , | det( Z ) | = 1) such that 1 the columns of BZ are fairly orthogonal to each other; 2 the columns of BZ are short. For simplicity, we assume B is a square matrix here. Applications: Cryptology, algorithmic number theory, communications, GPS etc X.-W. Chang Lattice Reduction and Preconditioning 3/33
Lattice reduction — introduction, cont’d A reduction process can often be casted as a matrix factorization: Q T BZ = R , or B = QRZ − 1 Q ∈ R n × n is orthogonal, Z ∈ Z n × n is unimodular, R ∈ R n × n is upper triangular. The most well-known lattice reduction: LLL reduction (Lenstra, Lenstra, Lov´ asz, ’82) | r ij | ≤ 1 2 | r ii | , j = i + 1 : n (size reduced condition) δ r 2 i , i ≤ r 2 i , i +1 + r 2 i +1 , i +1 , 1 / 4 < δ ≤ 1 (Lov´ asz’s condition) X.-W. Chang Lattice Reduction and Preconditioning 4/33
Lattice reduction — introduction, cont’d A reduction process can often be casted as a matrix factorization: Q T BZ = R , or B = QRZ − 1 Q ∈ R n × n is orthogonal, Z ∈ Z n × n is unimodular, R ∈ R n × n is upper triangular. The most well-known lattice reduction: LLL reduction (Lenstra, Lenstra, Lov´ asz, ’82) | r ij | ≤ 1 2 | r ii | , j = i + 1 : n (size reduced condition) δ r 2 i , i ≤ r 2 i , i +1 + r 2 i +1 , i +1 , 1 / 4 < δ ≤ 1 (Lov´ asz’s condition) X.-W. Chang Lattice Reduction and Preconditioning 4/33
Literature on algorithms for LLL reduction and variants Nguyen and Vall´ ee (ed): The LLL Algorithm: Survey and Applications (09). Lenstra, Lenstra, Lov´ asz (82), Kaltofen (83), Schnorr (87, 88, 05), Sch¨ onhage (91), Yap (92), Cohen (93), Schnorr & Euchner (94), Storjohann (96), Eisenbrand & Rote (01), Koy & Schnorr (01), Nguyen & Stehl´ e (05, 06, 09), Ling & Howgrave-Graham (07), Villard (07) Morel, Stehl´ e & Villard (09), Novocin, Stehl´ e & Villard (11) Most of these algorithms consider integer B to try to find a correct LLL reduced basis. X.-W. Chang Lattice Reduction and Preconditioning 5/33
Lattice reduction: our goal To develop faster floating point LLL reduction algs for real B . We will present a floating point partial LLL reduction algorithm a floating point blocked LLL reduction algorithm Due to rounding errors, a correct LLL reduced basis is not guaranteed by the algorithms. Two uses of the floating point LLL reduction: 1 Used to compute a correct LLL reduced basis 2 Used as a preprocessing step in solving the integer least squares (ILS) problem: x ∈ Z n � y − Bx � 2 . min Here the LLL reduction is to make an ILS solver faster. X.-W. Chang Lattice Reduction and Preconditioning 6/33
Lattice reduction: our goal To develop faster floating point LLL reduction algs for real B . We will present a floating point partial LLL reduction algorithm a floating point blocked LLL reduction algorithm Due to rounding errors, a correct LLL reduced basis is not guaranteed by the algorithms. Two uses of the floating point LLL reduction: 1 Used to compute a correct LLL reduced basis 2 Used as a preprocessing step in solving the integer least squares (ILS) problem: x ∈ Z n � y − Bx � 2 . min Here the LLL reduction is to make an ILS solver faster. X.-W. Chang Lattice Reduction and Preconditioning 6/33
Lattice reduction: our goal To develop faster floating point LLL reduction algs for real B . We will present a floating point partial LLL reduction algorithm a floating point blocked LLL reduction algorithm Due to rounding errors, a correct LLL reduced basis is not guaranteed by the algorithms. Two uses of the floating point LLL reduction: 1 Used to compute a correct LLL reduced basis 2 Used as a preprocessing step in solving the integer least squares (ILS) problem: x ∈ Z n � y − Bx � 2 . min Here the LLL reduction is to make an ILS solver faster. X.-W. Chang Lattice Reduction and Preconditioning 6/33
Lattice reduction: our goal To develop faster floating point LLL reduction algs for real B . We will present a floating point partial LLL reduction algorithm a floating point blocked LLL reduction algorithm Due to rounding errors, a correct LLL reduced basis is not guaranteed by the algorithms. Two uses of the floating point LLL reduction: 1 Used to compute a correct LLL reduced basis 2 Used as a preprocessing step in solving the integer least squares (ILS) problem: x ∈ Z n � y − Bx � 2 . min Here the LLL reduction is to make an ILS solver faster. X.-W. Chang Lattice Reduction and Preconditioning 6/33
LLL reduction A typical LLL algorithm first computes the QR factorization: B = QR . Then it works on R . To meet the size reduced condition, one applies elementary unimodular transformations Z ij = I − µ e i e T e i = [0 , . . . , 0 , 1 , 0 , . . . , 0] T j , Apply Z ij to R : R = RZ ij = R − µ Re i e T ¯ j The entries of ¯ R are the same as the corresponding ones of R , except: ¯ r kj = r kj − µ r ki , k = 1 , . . . , i If µ = ⌊ r ij / r ii ⌉ , then | ¯ r ij | ≤ | ¯ r ii | / 2 X.-W. Chang Lattice Reduction and Preconditioning 7/33
LLL reduction A typical LLL algorithm first computes the QR factorization: B = QR . Then it works on R . To meet the size reduced condition, one applies elementary unimodular transformations Z ij = I − µ e i e T e i = [0 , . . . , 0 , 1 , 0 , . . . , 0] T j , Apply Z ij to R : R = RZ ij = R − µ Re i e T ¯ j The entries of ¯ R are the same as the corresponding ones of R , except: ¯ r kj = r kj − µ r ki , k = 1 , . . . , i If µ = ⌊ r ij / r ii ⌉ , then | ¯ r ij | ≤ | ¯ r ii | / 2 X.-W. Chang Lattice Reduction and Preconditioning 7/33

Recommend

More recommend