lll reducing in quasi linear time
play

LLL-reducing in quasi-linear time Damien Stehl e Joint work with - PowerPoint PPT Presentation

Jul 29, 2023 •33 likes •1.06k views

L 1 e Introduction Wishful thinking Deforming Truncating LLL-reducing in quasi-linear time Damien Stehl e Joint work with A. Novocin & G. Villard LIP CNRS/ENSL/INRIA/UCBL/U. Lyon Rocquencourt, April 2011 Damien Stehl e

  1. L 1 e Introduction Wishful thinking Deforming Truncating Quasi-linear LLL-reduction onhage’91: β 1+ ε for n = 2. Yap’92, Sch¨ Eisenbrand-Rote’01: β 1+ ε for fixed any n . Our result 1 , that computes “somewhat” We give an algorithm, called � L LLL-reduced bases in time O ( n 5+ ε β + n ω +1+ ε β 1+ ε ). n ω : cost of matrix mult. in dimension n . For fixed n : O ( M ( β ) log β ), where M ( · ) is for integer mult. Same total degree as before. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 7/36

  2. L 1 e Introduction Wishful thinking Deforming Truncating Plan of the talk 1 Wishful thinking. 2 Reducing by deforming. 3 Reducing by truncating. 1 algorithm. 4 The � L Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 8/36

  3. L 1 e Introduction Wishful thinking Deforming Truncating A gcd analogy Euclid’s algorithm for computing gcd( r 0 , r 1 ): i := 1. While r i � = 0: Compute q i := ⌊ r i − 1 / r i ⌋ , r i +1 := r i − 1 − q i r i . Output r i − 1 . Vectorial interpretation: � 0 � 0 � � � � r i − 1 � � � r 0 � 1 � r i 1 1 = · = · 1 − q i 1 − q j r i +1 r i r 1 j = i LLL as a gcd: Given B i , find U i s.t. B i U i is closer to reduced. L 3 : Compute r i − 1 / r i exactly before rounding it. L 2 : Compute r i − 1 / r i approximately before rounding it. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 9/36

  4. L 1 e Introduction Wishful thinking Deforming Truncating A gcd analogy Euclid’s algorithm for computing gcd( r 0 , r 1 ): i := 1. While r i � = 0: Compute q i := ⌊ r i − 1 / r i ⌋ , r i +1 := r i − 1 − q i r i . Output r i − 1 . Vectorial interpretation: � 0 � 0 � � � � r i − 1 � � � r 0 � 1 � r i 1 1 = · = · 1 − q i 1 − q j r i +1 r i r 1 j = i LLL as a gcd: Given B i , find U i s.t. B i U i is closer to reduced. L 3 : Compute r i − 1 / r i exactly before rounding it. L 2 : Compute r i − 1 / r i approximately before rounding it. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 9/36

  5. L 1 e Introduction Wishful thinking Deforming Truncating A gcd analogy Euclid’s algorithm for computing gcd( r 0 , r 1 ): i := 1. While r i � = 0: Compute q i := ⌊ r i − 1 / r i ⌋ , r i +1 := r i − 1 − q i r i . Output r i − 1 . Vectorial interpretation: � 0 � 0 � � � � r i − 1 � � � r 0 � 1 � r i 1 1 = · = · 1 − q i 1 − q j r i +1 r i r 1 j = i LLL as a gcd: Given B i , find U i s.t. B i U i is closer to reduced. L 3 : Compute r i − 1 / r i exactly before rounding it. L 2 : Compute r i − 1 / r i approximately before rounding it. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 9/36

  6. L 1 e Introduction Wishful thinking Deforming Truncating A gcd analogy Euclid’s algorithm for computing gcd( r 0 , r 1 ): i := 1. While r i � = 0: Compute q i := ⌊ r i − 1 / r i ⌋ , r i +1 := r i − 1 − q i r i . Output r i − 1 . Vectorial interpretation: � 0 � 0 � � � � r i − 1 � � � r 0 � 1 � r i 1 1 = · = · 1 − q i 1 − q j r i +1 r i r 1 j = i LLL as a gcd: Given B i , find U i s.t. B i U i is closer to reduced. L 3 : Compute r i − 1 / r i exactly before rounding it. L 2 : Compute r i − 1 / r i approximately before rounding it. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 9/36

  7. L 1 e Introduction Wishful thinking Deforming Truncating A gcd analogy Euclid’s algorithm for computing gcd( r 0 , r 1 ): i := 1. While r i � = 0: Compute q i := ⌊ r i − 1 / r i ⌋ , r i +1 := r i − 1 − q i r i . Output r i − 1 . Vectorial interpretation: � 0 � 0 � � � � r i − 1 � � � r 0 � 1 � r i 1 1 = · = · 1 − q i 1 − q j r i +1 r i r 1 j = i LLL as a gcd: Given B i , find U i s.t. B i U i is closer to reduced. L 3 : Compute r i − 1 / r i exactly before rounding it. L 2 : Compute r i − 1 / r i approximately before rounding it. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 9/36

  8. L 1 e Introduction Wishful thinking Deforming Truncating Towards a quasi-linear time gcd algorithm Euclid computes remainders ( r i ) i and quotients ( q i ) i . Assume r 0 ≈ r 1 ≈ 2 β . Writing down all the r i ’s costs O ( β 2 ). Lehmer’38 If | r 0 − ¯ | r 0 | , | r 1 − ¯ r 0 | r 1 | ≤ 2 − 2 ℓ , then ( q i ) i and (¯ q i ) i share their first ℓ bits. | r 1 | Do not compute the q i ’s using and updating the lengthy r i ’s: Use the shorter ¯ r i ’s instead! When the relevant bits of the q i ’s are known, apply them to ( r 0 , r 1 )... and apply Lehmer again. Knuth’70, Sch¨ onhage’71: Do this recursively! Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 10/36

  9. L 1 e Introduction Wishful thinking Deforming Truncating Towards a quasi-linear time gcd algorithm Euclid computes remainders ( r i ) i and quotients ( q i ) i . Assume r 0 ≈ r 1 ≈ 2 β . Writing down all the r i ’s costs O ( β 2 ). Lehmer’38 If | r 0 − ¯ | r 0 | , | r 1 − ¯ r 0 | r 1 | ≤ 2 − 2 ℓ , then ( q i ) i and (¯ q i ) i share their first ℓ bits. | r 1 | Do not compute the q i ’s using and updating the lengthy r i ’s: Use the shorter ¯ r i ’s instead! When the relevant bits of the q i ’s are known, apply them to ( r 0 , r 1 )... and apply Lehmer again. Knuth’70, Sch¨ onhage’71: Do this recursively! Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 10/36

  10. L 1 e Introduction Wishful thinking Deforming Truncating Towards a quasi-linear time gcd algorithm Euclid computes remainders ( r i ) i and quotients ( q i ) i . Assume r 0 ≈ r 1 ≈ 2 β . Writing down all the r i ’s costs O ( β 2 ). Lehmer’38 If | r 0 − ¯ | r 0 | , | r 1 − ¯ r 0 | r 1 | ≤ 2 − 2 ℓ , then ( q i ) i and (¯ q i ) i share their first ℓ bits. | r 1 | Do not compute the q i ’s using and updating the lengthy r i ’s: Use the shorter ¯ r i ’s instead! When the relevant bits of the q i ’s are known, apply them to ( r 0 , r 1 )... and apply Lehmer again. Knuth’70, Sch¨ onhage’71: Do this recursively! Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 10/36

  11. L 1 e Introduction Wishful thinking Deforming Truncating Towards a quasi-linear time gcd algorithm Euclid computes remainders ( r i ) i and quotients ( q i ) i . Assume r 0 ≈ r 1 ≈ 2 β . Writing down all the r i ’s costs O ( β 2 ). Lehmer’38 If | r 0 − ¯ | r 0 | , | r 1 − ¯ r 0 | r 1 | ≤ 2 − 2 ℓ , then ( q i ) i and (¯ q i ) i share their first ℓ bits. | r 1 | Do not compute the q i ’s using and updating the lengthy r i ’s: Use the shorter ¯ r i ’s instead! When the relevant bits of the q i ’s are known, apply them to ( r 0 , r 1 )... and apply Lehmer again. Knuth’70, Sch¨ onhage’71: Do this recursively! Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 10/36

  12. L 1 e Introduction Wishful thinking Deforming Truncating The Knuth-Sch¨ onhage gcd algorithm To compute the first ℓ quotient bits of r 0 , r 1 of bit-sizes 2 ℓ : 1 Take the first ℓ bits of r 0 and r 1 . 2 Recursively get the first ℓ/ 2 quotient bits. 3 Apply the quotients to r 0 , r 1 , to get r ′ 0 , r ′ 1 . 4 Take the first ℓ bits of r ′ 0 and r ′ 1 . 5 Recursively get the first ℓ/ 2 quotient bits. Applying the quotients: multiply a O ( ℓ )-bit 2 × 2 matrix to a O ( ℓ )-bit vector. Cost: C ℓ = 2 C ℓ/ 2 + O ( M ( ℓ )) = O ( M ( ℓ ) log ℓ ). Can be used to compute gcds in time O ( M ( ℓ ) log ℓ ). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 11/36

  13. L 1 e Introduction Wishful thinking Deforming Truncating The Knuth-Sch¨ onhage gcd algorithm To compute the first ℓ quotient bits of r 0 , r 1 of bit-sizes 2 ℓ : 1 Take the first ℓ bits of r 0 and r 1 . 2 Recursively get the first ℓ/ 2 quotient bits. 3 Apply the quotients to r 0 , r 1 , to get r ′ 0 , r ′ 1 . 4 Take the first ℓ bits of r ′ 0 and r ′ 1 . 5 Recursively get the first ℓ/ 2 quotient bits. Applying the quotients: multiply a O ( ℓ )-bit 2 × 2 matrix to a O ( ℓ )-bit vector. Cost: C ℓ = 2 C ℓ/ 2 + O ( M ( ℓ )) = O ( M ( ℓ ) log ℓ ). Can be used to compute gcds in time O ( M ( ℓ ) log ℓ ). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 11/36

  14. L 1 e Introduction Wishful thinking Deforming Truncating What about doing it for LLL? To compute the “first” ℓ bits of U reducing B : 1 Take the first ℓ bits of each b ij . 2 Recursively get the first ℓ/ 2 bits of U . 3 Apply them to B , to get a shorter B ′ . 4 Take the first ℓ bits of each b ′ ij . 5 Recursively get the next ℓ/ 2 bits of U . What is a “quotient” here? How to control the bit-size of a unimodular matrix? Can we truncate “remainders”, i.e., lattice bases? How to handle multidimensionality / unbalanced magnitudes? Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 12/36

  15. L 1 e Introduction Wishful thinking Deforming Truncating What about doing it for LLL? To compute the “first” ℓ bits of U reducing B : 1 Take the first ℓ bits of each b ij . 2 Recursively get the first ℓ/ 2 bits of U . 3 Apply them to B , to get a shorter B ′ . 4 Take the first ℓ bits of each b ′ ij . 5 Recursively get the next ℓ/ 2 bits of U . What is a “quotient” here? How to control the bit-size of a unimodular matrix? Can we truncate “remainders”, i.e., lattice bases? How to handle multidimensionality / unbalanced magnitudes? Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 12/36

  16. L 1 e Introduction Wishful thinking Deforming Truncating Plan of the talk 1 Wishful thinking. 2 Reducing by deforming. 3 Reducing by truncating. 1 algorithm. 4 The � L Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 13/36

  17. L 1 e Introduction Wishful thinking Deforming Truncating From reduced to reduced If B is arbitrary, then a reducing U can be huge (Cramer :-(). If B is reduced, any U such that BU is reduced is bounded. Let B be reduced with R-factor R , and U s.t. BU is reduced. Then: ∀ i , j : | u ij | ≤ 2 O ( n ) · r jj / r ii . If B is reduced, the r ii ’s can’t decrease fast. Assuming they don’t increase, we get max | u ij | ≤ 2 O ( n ) . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 14/36

  18. L 1 e Introduction Wishful thinking Deforming Truncating From reduced to reduced If B is arbitrary, then a reducing U can be huge (Cramer :-(). If B is reduced, any U such that BU is reduced is bounded. Let B be reduced with R-factor R , and U s.t. BU is reduced. Then: ∀ i , j : | u ij | ≤ 2 O ( n ) · r jj / r ii . If B is reduced, the r ii ’s can’t decrease fast. Assuming they don’t increase, we get max | u ij | ≤ 2 O ( n ) . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 14/36

  19. L 1 e Introduction Wishful thinking Deforming Truncating From reduced to reduced If B is arbitrary, then a reducing U can be huge (Cramer :-(). If B is reduced, any U such that BU is reduced is bounded. Let B be reduced with R-factor R , and U s.t. BU is reduced. Then: ∀ i , j : | u ij | ≤ 2 O ( n ) · r jj / r ii . If B is reduced, the r ii ’s can’t decrease fast. Assuming they don’t increase, we get max | u ij | ≤ 2 O ( n ) . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 14/36

  20. L 1 e Introduction Wishful thinking Deforming Truncating From reduced to deformed to reduced Start from something reduced, deform it a bit, and reduce it! The Belabas-van Hoeij-Novocin deformation: B �→ diag(2 ℓ , 1 , . . . , 1) · B = σ ℓ B . The r ii ’s cannot decrease. Their product increases by a factor 2 ℓ . Let ℓ ≥ 0, B be reduced with R-factor R , and U s.t. σ ℓ BU is reduced. Then: ∀ i , j : | u ij | ≤ 2 ℓ + O ( n ) · r jj / r ii . − → If B is “balanced”, each u ij has at most ℓ + O ( n ) bits. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 15/36

  21. L 1 e Introduction Wishful thinking Deforming Truncating From reduced to deformed to reduced Start from something reduced, deform it a bit, and reduce it! The Belabas-van Hoeij-Novocin deformation: B �→ diag(2 ℓ , 1 , . . . , 1) · B = σ ℓ B . The r ii ’s cannot decrease. Their product increases by a factor 2 ℓ . Let ℓ ≥ 0, B be reduced with R-factor R , and U s.t. σ ℓ BU is reduced. Then: ∀ i , j : | u ij | ≤ 2 ℓ + O ( n ) · r jj / r ii . − → If B is “balanced”, each u ij has at most ℓ + O ( n ) bits. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 15/36

  22. L 1 e Introduction Wishful thinking Deforming Truncating From reduced to deformed to reduced Start from something reduced, deform it a bit, and reduce it! The Belabas-van Hoeij-Novocin deformation: B �→ diag(2 ℓ , 1 , . . . , 1) · B = σ ℓ B . The r ii ’s cannot decrease. Their product increases by a factor 2 ℓ . Let ℓ ≥ 0, B be reduced with R-factor R , and U s.t. σ ℓ BU is reduced. Then: ∀ i , j : | u ij | ≤ 2 ℓ + O ( n ) · r jj / r ii . − → If B is “balanced”, each u ij has at most ℓ + O ( n ) bits. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 15/36

  23. L 1 e Introduction Wishful thinking Deforming Truncating From reduced to deformed to reduced Start from something reduced, deform it a bit, and reduce it! The Belabas-van Hoeij-Novocin deformation: B �→ diag(2 ℓ , 1 , . . . , 1) · B = σ ℓ B . The r ii ’s cannot decrease. Their product increases by a factor 2 ℓ . Let ℓ ≥ 0, B be reduced with R-factor R , and U s.t. σ ℓ BU is reduced. Then: ∀ i , j : | u ij | ≤ 2 ℓ + O ( n ) · r jj / r ii . − → If B is “balanced”, each u ij has at most ℓ + O ( n ) bits. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 15/36

  24. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 b 1 , n − 1 b 1 , n  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 b n − 2 , n − 1 b n − 2 , n     0 . . . 0 b n − 1 , n − 1 b n − 1 , n 0 . . . 0 0 b n , n Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  25. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 b 1 , n − 1 b 1 , n  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 b n − 2 , n − 1 b n − 2 , n     0 . . . 0 b n − 1 , n − 1 b n − 1 , n 0 . . . 0 0 b n , n Bottom right 1 × 1 submatrix is reduced. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  26. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 b 1 , n − 1 b 1 , n . . . .  ...  . . . .  . . . .      0 . . . b n − 2 , n − 2 b n − 2 , n − 1 b n − 2 , n   b n − 1 , n − 1 b n − 1 , n   0 . . . 0 2 ℓ 2 ℓ 0 . . . 0 0 b n , n Scale down row n − 1 so that bottom-right 2 × 2 submatrix is reduced: ℓ ≈ log b n − 1 , n − 1 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  27. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 b 1 , n − 1 b 1 , n  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 b n − 2 , n − 1 b n − 2 , n     0 . . . 0 b n − 1 , n − 1 b n − 1 , n 0 . . . 0 0 b n , n Lift row n − 1 by ℓ bits and reduce bottom-right 2 × 2 submatrix. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  28. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 b 1 , n − 1 b 1 , n  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 b n − 2 , n − 1 b n − 2 , n     0 . . . 0 x x 0 . . . 0 x x Lift row n − 1 by ℓ bits and reduce bottom-right 2 × 2 submatrix. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  29. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 x x  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 x x     0 . . . 0 x x 0 . . . 0 x x Propagate the transformations to the first n − 2 coordinates, and reduce wrt the diagonal coefficients. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  30. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 x x . . . .  ...  . . . .  . . . .     b n − 2 , n − 2  x x 0 . . .   2 ℓ 2 ℓ 2 ℓ   0 . . . 0 x x 0 . . . 0 x x Scale down row n − 2 so that bottom-right 3 × 3 submatrix is reduced: ℓ ≈ log b n − 2 , n − 2 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  31. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 x x  . . . .  ... . . . .   . . . .     0 . . . b n − 2 , n − 2 x x     0 . . . 0 x x 0 . . . 0 x x Lift row n − 2 by ℓ bits and reduce bottom-right 3 × 3 submatrix. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  32. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 b 1 , n − 2 x x  . . . .  ... . . . .   . . . .     0 . . . x x x     0 . . . x x x 0 . . . x x x Lift row n − 2 by ℓ bits and reduce bottom-right 3 × 3 submatrix. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  33. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 x x x  . . . .  ... . . . .   . . . .     0 . . . x x x     0 . . . x x x 0 . . . x x x Propagate the transformations to the first n − 3 coordinates, and reduce wrt the diagonal coefficients. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  34. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing suffices for reducing Assume B ∈ Z n × n is upper triangular.   . . . b 1 , 1 x x x  . . . .  ... . . . .   . . . .     0 . . . x x x     0 . . . x x x 0 . . . x x x Keep going. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 16/36

  35. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing in quasi-linear time suffices McCurley-Hafner’91: H = HNF( B ) can be computed in time O ( n ω +1+ ε β 1+ ε ). Cost of the lifts: � � O (log h n , n ) + � � P oly ( n ) · O (log h n − 1 , n − 1 ) + . . . = P oly ( n ) · � O (log det H ) = P oly ( n ) · � O (log det B ). (in fact, we do a bit better than that) Cost of the propagations bounded using the smallness of the transforms: O ( n ω +1+ ε ( β 1+ ε + n )). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 17/36

  36. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing in quasi-linear time suffices McCurley-Hafner’91: H = HNF( B ) can be computed in time O ( n ω +1+ ε β 1+ ε ). Cost of the lifts: � � O (log h n , n ) + � � P oly ( n ) · O (log h n − 1 , n − 1 ) + . . . = P oly ( n ) · � O (log det H ) = P oly ( n ) · � O (log det B ). (in fact, we do a bit better than that) Cost of the propagations bounded using the smallness of the transforms: O ( n ω +1+ ε ( β 1+ ε + n )). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 17/36

  37. L 1 e Introduction Wishful thinking Deforming Truncating Lift-reducing in quasi-linear time suffices McCurley-Hafner’91: H = HNF( B ) can be computed in time O ( n ω +1+ ε β 1+ ε ). Cost of the lifts: � � O (log h n , n ) + � � P oly ( n ) · O (log h n − 1 , n − 1 ) + . . . = P oly ( n ) · � O (log det H ) = P oly ( n ) · � O (log det B ). (in fact, we do a bit better than that) Cost of the propagations bounded using the smallness of the transforms: O ( n ω +1+ ε ( β 1+ ε + n )). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 17/36

  38. L 1 e Introduction Wishful thinking Deforming Truncating Where are we now? LLL-reduction − → sequence of Lift-reductions. We are to lift-reduce in quasi-linear time. More precisely: given ℓ and B reduced, we will find U unimodular such that σ ℓ BU is reduced, in time � O ( ℓ ). This is independent from the bit-size of B . The “LLL quotients” are the matrices U that achieve some amount ℓ of lifting. The quotients have bounded magnitudes. If B is “balanced”, then they have small bit-sizes. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 18/36

  39. L 1 e Introduction Wishful thinking Deforming Truncating Where are we now? LLL-reduction − → sequence of Lift-reductions. We are to lift-reduce in quasi-linear time. More precisely: given ℓ and B reduced, we will find U unimodular such that σ ℓ BU is reduced, in time � O ( ℓ ). This is independent from the bit-size of B . The “LLL quotients” are the matrices U that achieve some amount ℓ of lifting. The quotients have bounded magnitudes. If B is “balanced”, then they have small bit-sizes. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 18/36

  40. L 1 e Introduction Wishful thinking Deforming Truncating Where are we now? LLL-reduction − → sequence of Lift-reductions. We are to lift-reduce in quasi-linear time. More precisely: given ℓ and B reduced, we will find U unimodular such that σ ℓ BU is reduced, in time � O ( ℓ ). This is independent from the bit-size of B . The “LLL quotients” are the matrices U that achieve some amount ℓ of lifting. The quotients have bounded magnitudes. If B is “balanced”, then they have small bit-sizes. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 18/36

  41. L 1 e Introduction Wishful thinking Deforming Truncating Where are we now? LLL-reduction − → sequence of Lift-reductions. We are to lift-reduce in quasi-linear time. More precisely: given ℓ and B reduced, we will find U unimodular such that σ ℓ BU is reduced, in time � O ( ℓ ). This is independent from the bit-size of B . The “LLL quotients” are the matrices U that achieve some amount ℓ of lifting. The quotients have bounded magnitudes. If B is “balanced”, then they have small bit-sizes. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 18/36

  42. L 1 e Introduction Wishful thinking Deforming Truncating Plan of the talk 1 Wishful thinking. 2 Reducing by deforming. 3 Reducing by truncating. 1 algorithm. 4 The � L Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 19/36

  43. L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reduction is inappropriate for truncations Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 20/36

  44. L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reduction is inappropriate for truncations We can’t decide reducedness by looking at the (53) top-most bits: Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 20/36

  45. L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reduction is inappropriate for truncations We can’t decide reducedness by looking at the (53) top-most bits: � � � � 2 60 + 2 5 2 60 1 1 = ⇒ 2 60 2 60 − 1 − 1 Not reduced Reduced � � � � 2 53 + 2 − 1 + 2 − 25 2 53 + 1 1 1 = ⇒ 2 − 10 − 2 63 2 − 10 − 2 63 Reduced Not reduced Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 20/36

  46. L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reduction is inappropriate for truncations We can’t decide reducedness by looking at the (53) top-most bits: � � � � 2 60 + 2 5 2 60 1 1 = ⇒ 2 60 2 60 − 1 − 1 Not reduced Reduced � � � � 2 53 + 2 − 1 + 2 − 25 2 53 + 1 1 1 = ⇒ 2 − 10 − 2 63 2 − 10 − 2 63 Reduced Not reduced Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 20/36

  47. L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reduction is inappropriate for truncations We can’t decide reducedness by looking at the (53) top-most bits: � � � � 2 60 + 2 5 2 60 1 1 = ⇒ 2 60 2 60 − 1 − 1 Not reduced Reduced � � � � 2 53 + 2 − 1 + 2 − 25 2 53 + 1 1 1 = ⇒ 2 − 10 − 2 63 2 − 10 − 2 63 Reduced Not reduced If B ∈ Z n × n , we may need all the bits to decide. If B ∈ R n × n , we may not even be able to tell! Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 20/36

  48. L 1 e Introduction Wishful thinking Deforming Truncating Sensitivity of the R-factor Take B ∈ R n × n full-rank, with B = QR . � ∆ b i � Apply a columnwise perturbation ∆ B , i.e., max i � b i � ≤ ε . If ε is very small, then B + ∆ B is full-rank and: B + ∆ B = ( Q + ∆ Q )( R + ∆ R ) . How large can ∆ R be? Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 21/36

  49. L 1 e Introduction Wishful thinking Deforming Truncating Sensitivity of the R-factor Take B ∈ R n × n full-rank, with B = QR . � ∆ b i � Apply a columnwise perturbation ∆ B , i.e., max i � b i � ≤ ε . If ε is very small, then B + ∆ B is full-rank and: B + ∆ B = ( Q + ∆ Q )( R + ∆ R ) . How large can ∆ R be? Chang-S-Villard’11 Let cond ( R ) = �| R || R − 1 |� . If cond ( R ) · ε < ∼ 1, then: B + ∆ B is full-rank and max � ∆ r i � < ∼ cond ( R ) · ε . � r i � Furthermore, if B is LLL-reduced, then cond ( R ) = 2 O ( n ) . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 21/36

  50. L 1 e Introduction Wishful thinking Deforming Truncating Fixing the LLL-reduction We would like the reduction to resist perturbations. The bound on � ∆ r j � is proportional to � r j � . By reducedness, 1 ≤ � r j � r j , j ≤ 2 O ( n ) . ⇒ r i , j should be related to r j , j instead of (only) r i , i . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 22/36

  51. L 1 e Introduction Wishful thinking Deforming Truncating Fixing the LLL-reduction We would like the reduction to resist perturbations. The bound on � ∆ r j � is proportional to � r j � . By reducedness, 1 ≤ � r j � r j , j ≤ 2 O ( n ) . ⇒ r i , j should be related to r j , j instead of (only) r i , i . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 22/36

  52. L 1 e Introduction Wishful thinking Deforming Truncating Fixing the LLL-reduction We would like the reduction to resist perturbations. The bound on � ∆ r j � is proportional to � r j � . By reducedness, 1 ≤ � r j � r j , j ≤ 2 O ( n ) . ⇒ r i , j should be related to r j , j instead of (only) r i , i . Let Ξ = ( δ, η, θ ) with η ∈ (1 / 2 , 1), θ > 0 and δ ∈ ( η 2 , 1). A basis B ∈ R n × n with R-factor R is said Ξ-reduced if: ∀ i , j : | r i , j | ≤ η · r i , i + θ · r j , j [Modified size-reduction] ∀ i : δ · r 2 i , i ≤ r 2 i , i +1 + r 2 i +1 , i +1 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 22/36

  53. L 1 e Introduction Wishful thinking Deforming Truncating Fixing the LLL-reduction We would like the reduction to resist perturbations. The bound on � ∆ r j � is proportional to � r j � . By reducedness, 1 ≤ � r j � r j , j ≤ 2 O ( n ) . ⇒ r i , j should be related to r j , j instead of (only) r i , i . Let Ξ = ( δ, η, θ ) with η ∈ (1 / 2 , 1), θ > 0 and δ ∈ ( η 2 , 1). A basis B ∈ R n × n with R-factor R is said Ξ-reduced if: ∀ i , j : | r i , j | ≤ η · r i , i + θ · r j , j [Modified size-reduction] ∀ i : δ · r 2 i , i ≤ r 2 i , i +1 + r 2 i +1 , i +1 . If B is balanced, this is the same as before. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 22/36

  54. L 1 e Introduction Wishful thinking Deforming Truncating The LLL-reductions, graphically ����� ����� ����� ����� �������� �������� ���������� ���������� b 2 b 2 b 2 b 2 ����� ����� ����� ����� �������� �������� ���������� ���������� ����� ����� ����� ����� �������� �������� ���������� ���������� ����� ����� ����� ����� �������� �������� ���������� ���������� ����� ����� ����� ����� �������� �������� ���������� ���������� ����� ����� �������� �������� ���������� ���������� �������� �������� ���������� ���������� ���������� ���������� 0 0 0 0 b 1 b 1 b 1 b 1 ���������� ���������� �������� �������� ���������� ���������� ����� ����� �������� �������� ���������� ���������� ����� ����� �������� �������� ���������� ���������� ����� ����� ����� ����� �������� �������� ���������� ���������� ����� ����� ����� ����� �������� �������� ���������� ���������� ����� ����� ����� ����� �������� �������� (1 , 1 / 2 , 0) ( δ, 1 / 2 , 0) ( δ, η, 0) ( δ, η, θ ) Hermite LLL’82 Schnorr’88 Chang-S-Villard’11 Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 23/36

  55. L 1 e Introduction Wishful thinking Deforming Truncating Properties of the new reduction The new reduction is perturbation-friendly: We still have cond ( R ) = 2 O ( n ) for Ξ-reduced bases. If B is reduced and max � ∆ b i � � b i � ≤ 2 − Ω( n ) , then B + ∆ B is reduced (for slightly weaker parameters). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 24/36

  56. L 1 e Introduction Wishful thinking Deforming Truncating Properties of the new reduction The new reduction is perturbation-friendly: We still have cond ( R ) = 2 O ( n ) for Ξ-reduced bases. If B is reduced and max � ∆ b i � � b i � ≤ 2 − Ω( n ) , then B + ∆ B is reduced (for slightly weaker parameters). The popular properties of LLL-reduction still hold: Computable in polynomial time. ⇒ � � b i � ≤ 2 O ( n 2 ) · | det( b i ) i | . B reduced = Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 24/36

  57. L 1 e Introduction Wishful thinking Deforming Truncating Deformations and truncations are compatible B and σ ℓ BU reduced = ⇒ U small. B reduced = ⇒ B + ∆ B reduced. Let ℓ ≥ 0, B be reduced and ∆ B s.t. max � ∆ b i � � b i � ≤ 2 − ℓ − Ω( n ) . If σ ℓ ( B + ∆ B ) U is reduced, then so is σ ℓ BU ... For slightly weaker reduction factors. The ℓ + O ( n ) top-most bits of B suffice for finding U . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 25/36

  58. L 1 e Introduction Wishful thinking Deforming Truncating Deformations and truncations are compatible B and σ ℓ BU reduced = ⇒ U small. B reduced = ⇒ B + ∆ B reduced. Let ℓ ≥ 0, B be reduced and ∆ B s.t. max � ∆ b i � � b i � ≤ 2 − ℓ − Ω( n ) . If σ ℓ ( B + ∆ B ) U is reduced, then so is σ ℓ BU ... For slightly weaker reduction factors. The ℓ + O ( n ) top-most bits of B suffice for finding U . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 25/36

  59. L 1 e Introduction Wishful thinking Deforming Truncating Deformations and truncations are compatible B and σ ℓ BU reduced = ⇒ U small. B reduced = ⇒ B + ∆ B reduced. Let ℓ ≥ 0, B be reduced and ∆ B s.t. max � ∆ b i � � b i � ≤ 2 − ℓ − Ω( n ) . If σ ℓ ( B + ∆ B ) U is reduced, then so is σ ℓ BU ... For slightly weaker reduction factors. The ℓ + O ( n ) top-most bits of B suffice for finding U . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 25/36

  60. L 1 e Introduction Wishful thinking Deforming Truncating Deformations and truncations are compatible B and σ ℓ BU reduced = ⇒ U small. B reduced = ⇒ B + ∆ B reduced. Let ℓ ≥ 0, B be reduced and ∆ B s.t. max � ∆ b i � � b i � ≤ 2 − ℓ − Ω( n ) . If σ ℓ ( B + ∆ B ) U is reduced, then so is σ ℓ BU ... For slightly weaker reduction factors. The ℓ + O ( n ) top-most bits of B suffice for finding U . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 25/36

  61. L 1 e Introduction Wishful thinking Deforming Truncating Plan of the talk 1 Wishful thinking. 2 Reducing by deforming. 3 Reducing by truncating. 1 algorithm. 4 The � L Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 26/36

  62. L 1 e Introduction Wishful thinking Deforming Truncating 1 Overview of � L 1 : HNF and n calls to Lift- � 1 . � L L 1 computes U unimodular If B is reduced and ℓ ≥ 0, Lift- � L such that σ ℓ BU is reduced, in time P oly ( n ) · � O ( ℓ ). We master “remainders/bases” truncations. We have “LLL quotients”. If the basis is balanced, the quotient has small bit-size. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 27/36

  63. L 1 e Introduction Wishful thinking Deforming Truncating 1 Overview of � L 1 : HNF and n calls to Lift- � 1 . � L L 1 computes U unimodular If B is reduced and ℓ ≥ 0, Lift- � L such that σ ℓ BU is reduced, in time P oly ( n ) · � O ( ℓ ). We master “remainders/bases” truncations. We have “LLL quotients”. If the basis is balanced, the quotient has small bit-size. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 27/36

  64. L 1 e Introduction Wishful thinking Deforming Truncating A first attempt for Lift- � L 1 Inputs : B reduced, lifting target ℓ . Output : U unimodular such that σ ℓ BU reduced. Keep the ℓ/ 2 + O ( n ) top-most bits of B . Recursively compute U 1 s.t. σ ℓ/ 2 BU 1 reduced. Apply U 1 to σ ℓ/ 2 B and keep the ℓ/ 2 + O ( n ) top-most bits. Recursively compute U 2 s.t. σ ℓ/ 2 ( σ ℓ/ 2 BU 1 ) U 2 is reduced. Return U 1 · U 2 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 28/36

  65. L 1 e Introduction Wishful thinking Deforming Truncating A first attempt for Lift- � L 1 Inputs : B reduced, lifting target ℓ . Output : U unimodular such that σ ℓ BU reduced. Keep the ℓ/ 2 + O ( n ) top-most bits of B . Recursively compute U 1 s.t. σ ℓ/ 2 BU 1 reduced. Apply U 1 to σ ℓ/ 2 B and keep the ℓ/ 2 + O ( n ) top-most bits. Recursively compute U 2 s.t. σ ℓ/ 2 ( σ ℓ/ 2 BU 1 ) U 2 is reduced. Return U 1 · U 2 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 28/36

  66. L 1 e Introduction Wishful thinking Deforming Truncating Some additional difficulties 1 Keep the ℓ/ 2 + O ( n ) top-most bits of B . 2 Recursively compute U 1 s.t. σ ℓ/ 2 BU 1 reduced. 3 Apply U 1 to σ ℓ/ 2 B and keep the ℓ/ 2 + O ( n ) top-most bits. 4 Recursively compute U 2 s.t. σ ℓ/ 2 ( σ ℓ/ 2 BU 1 ) U 2 is reduced. 5 Return U 1 · U 2 . What do we do at the recursion leaves? Every time we truncate, we may loosen the reduction factors... How do we compute B · U 1 and U 1 · U 2 efficiently? Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 29/36

  67. L 1 e Introduction Wishful thinking Deforming Truncating Strengthening the reducedness of a basis (Morel-S-Villard) Problem: Suppose we have a Ξ-reduced basis. How do we Ξ ′ -reduce it, for Ξ ′ > Ξ? Truncate, reduce, output the obtained U . This takes time O ( n 6+ ε ) when the r ii ’s are balanced. Otherwise, u ij can be as large as r jj / r ii ... Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 30/36

  68. L 1 e Introduction Wishful thinking Deforming Truncating Strengthening the reducedness of a basis (Morel-S-Villard) Problem: Suppose we have a Ξ-reduced basis. How do we Ξ ′ -reduce it, for Ξ ′ > Ξ? Truncate, reduce, output the obtained U . This takes time O ( n 6+ ε ) when the r ii ’s are balanced. Otherwise, u ij can be as large as r jj / r ii ... Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 30/36

  69. L 1 e Introduction Wishful thinking Deforming Truncating Strengthening the reducedness of a basis (Morel-S-Villard) Problem: Suppose we have a Ξ-reduced basis. How do we Ξ ′ -reduce it, for Ξ ′ > Ξ? Truncate, reduce, output the obtained U . This takes time O ( n 6+ ε ) when the r ii ’s are balanced. Otherwise, u ij can be as large as r jj / r ii ... Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 30/36

  70. L 1 e Introduction Wishful thinking Deforming Truncating Strengthening the reducedness of a basis (Morel-S-Villard) 1 Rescale the columns of B : B �→ BS . 2 Do that while keeping B reduced. 3 Find U unimodular s.t. ( BS ) U is reduced. 4 ( BSU ) S − 1 = B ( SUS − 1 ) is reduced. 5 If the scaling was properly chosen: SUS − 1 is unimodular. This costs O ( n 6+ ε ). It also works for a small amount of lift: ℓ = O ( n ). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 31/36

  71. L 1 e Introduction Wishful thinking Deforming Truncating Strengthening the reducedness of a basis (Morel-S-Villard) 1 Rescale the columns of B : B �→ BS . 2 Do that while keeping B reduced. 3 Find U unimodular s.t. ( BS ) U is reduced. 4 ( BSU ) S − 1 = B ( SUS − 1 ) is reduced. 5 If the scaling was properly chosen: SUS − 1 is unimodular. This costs O ( n 6+ ε ). It also works for a small amount of lift: ℓ = O ( n ). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 31/36

  72. L 1 e Introduction Wishful thinking Deforming Truncating Strengthening the reducedness of a basis (Morel-S-Villard) 1 Rescale the columns of B : B �→ BS . 2 Do that while keeping B reduced. 3 Find U unimodular s.t. ( BS ) U is reduced. 4 ( BSU ) S − 1 = B ( SUS − 1 ) is reduced. 5 If the scaling was properly chosen: SUS − 1 is unimodular. This costs O ( n 6+ ε ). It also works for a small amount of lift: ℓ = O ( n ). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 31/36

  73. L 1 e Introduction Wishful thinking Deforming Truncating Strengthening the reducedness of a basis (Morel-S-Villard) 1 Rescale the columns of B : B �→ BS . 2 Do that while keeping B reduced. 3 Find U unimodular s.t. ( BS ) U is reduced. 4 ( BSU ) S − 1 = B ( SUS − 1 ) is reduced. 5 If the scaling was properly chosen: SUS − 1 is unimodular. This costs O ( n 6+ ε ). It also works for a small amount of lift: ℓ = O ( n ). Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 31/36

  74. L 1 e Introduction Wishful thinking Deforming Truncating Reducedness strengthening Used for the recursion leaves. Used for re-strengthening the reduction factors, loosened by the truncations. Returns ( U , S ) s.t.: B ( SUS − 1 ) is reduced, max | u ij | ≤ 2 O ( n ) , S is powers-of-2 diagonal matrix. SUS − 1 might not be small, but ( S , U ) is. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 32/36

  75. L 1 e Introduction Wishful thinking Deforming Truncating Reducedness strengthening Used for the recursion leaves. Used for re-strengthening the reduction factors, loosened by the truncations. Returns ( U , S ) s.t.: B ( SUS − 1 ) is reduced, max | u ij | ≤ 2 O ( n ) , S is powers-of-2 diagonal matrix. SUS − 1 might not be small, but ( S , U ) is. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 32/36

  76. L 1 e Introduction Wishful thinking Deforming Truncating 1 Bounding the cost of Lift- � L 1 Keep the ℓ/ 2 + O ( n ) top-most bits of B . 2 Recursively compute U 1 s.t. σ ℓ/ 2 BU 1 reduced. 3 Apply U 1 to σ ℓ/ 2 B and keep the ℓ/ 2 + O ( n ) top-most bits. 4 Recursively compute U 2 s.t. σ ℓ/ 2 ( σ ℓ/ 2 BU 1 ) U 2 is reduced. 5 Return U 1 · U 2 . New representations for bases and transforms: Easy if assuming all handled bases are “balanced”. Else... An ℓ -lifing U is stored as ( U ′ , D ) with U = DU ′ D − 1 , ij | ≤ 2 ℓ + O ( n ) and D p-of-2 diagonal. max | u ′ B is stored as ( B ′ , D ) with B = B ′ D and max | b ′ i , j | ≤ 2 O ( ℓ + n ) and D p-of-2 diagonal. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 33/36

  77. L 1 e Introduction Wishful thinking Deforming Truncating 1 Bounding the cost of Lift- � L 1 Keep the ℓ/ 2 + O ( n ) top-most bits of B . 2 Recursively compute U 1 s.t. σ ℓ/ 2 BU 1 reduced. 3 Apply U 1 to σ ℓ/ 2 B and keep the ℓ/ 2 + O ( n ) top-most bits. 4 Recursively compute U 2 s.t. σ ℓ/ 2 ( σ ℓ/ 2 BU 1 ) U 2 is reduced. 5 Return U 1 · U 2 . New representations for bases and transforms: Easy if assuming all handled bases are “balanced”. Else... An ℓ -lifing U is stored as ( U ′ , D ) with U = DU ′ D − 1 , ij | ≤ 2 ℓ + O ( n ) and D p-of-2 diagonal. max | u ′ B is stored as ( B ′ , D ) with B = B ′ D and max | b ′ i , j | ≤ 2 O ( ℓ + n ) and D p-of-2 diagonal. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 33/36

  78. L 1 e Introduction Wishful thinking Deforming Truncating 1 Bounding the cost of Lift- � L 1 Keep the ℓ/ 2 + O ( n ) top-most bits of B . 2 Recursively compute U 1 s.t. σ ℓ/ 2 BU 1 reduced. 3 Apply U 1 to σ ℓ/ 2 B and keep the ℓ/ 2 + O ( n ) top-most bits. 4 Recursively compute U 2 s.t. σ ℓ/ 2 ( σ ℓ/ 2 BU 1 ) U 2 is reduced. 5 Return U 1 · U 2 . New representations for bases and transforms: Easy if assuming all handled bases are “balanced”. Else... An ℓ -lifing U is stored as ( U ′ , D ) with U = DU ′ D − 1 , ij | ≤ 2 ℓ + O ( n ) and D p-of-2 diagonal. max | u ′ B is stored as ( B ′ , D ) with B = B ′ D and max | b ′ i , j | ≤ 2 O ( ℓ + n ) and D p-of-2 diagonal. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 33/36

  79. L 1 e Introduction Wishful thinking Deforming Truncating Handling the new representations U �→ ( U ′ , D ) with U = DU ′ D − 1 . B �→ ( B ′ , D ) with B = B ′ D . ( B 1 D 1 ) · ( D 2 U 2 D − 1 2 ) is cheap if D − 1 and D 2 “coincide”. 1 ( D 1 U 1 D − 1 1 ) · ( D 2 U 2 D − 1 2 ) is cheap if D 1 and D 2 “coincide”. They always do coincide: D ≈ diag( r 11 , . . . , r nn ). Final hassle: The bit-sizes of the DUD − 1 ’s might grow too much. We sanatize them at every recursion leaf. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 34/36

  80. L 1 e Introduction Wishful thinking Deforming Truncating Handling the new representations U �→ ( U ′ , D ) with U = DU ′ D − 1 . B �→ ( B ′ , D ) with B = B ′ D . ( B 1 D 1 ) · ( D 2 U 2 D − 1 2 ) is cheap if D − 1 and D 2 “coincide”. 1 ( D 1 U 1 D − 1 1 ) · ( D 2 U 2 D − 1 2 ) is cheap if D 1 and D 2 “coincide”. They always do coincide: D ≈ diag( r 11 , . . . , r nn ). Final hassle: The bit-sizes of the DUD − 1 ’s might grow too much. We sanatize them at every recursion leaf. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 34/36

  81. L 1 e Introduction Wishful thinking Deforming Truncating Handling the new representations U �→ ( U ′ , D ) with U = DU ′ D − 1 . B �→ ( B ′ , D ) with B = B ′ D . ( B 1 D 1 ) · ( D 2 U 2 D − 1 2 ) is cheap if D − 1 and D 2 “coincide”. 1 ( D 1 U 1 D − 1 1 ) · ( D 2 U 2 D − 1 2 ) is cheap if D 1 and D 2 “coincide”. They always do coincide: D ≈ diag( r 11 , . . . , r nn ). Final hassle: The bit-sizes of the DUD − 1 ’s might grow too much. We sanatize them at every recursion leaf. Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 34/36

  82. L 1 e Introduction Wishful thinking Deforming Truncating Sanitizing the transforms Assume B and σ ℓ BU are reduced with ℓ ≥ 0 and U unimodular. Let ∆ U s.t. | ∆ u ij | ≤ 2 − Ω( ℓ + n ) r jj / r ii , then: U + ∆ U unimodular and σ ℓ B ( U + ∆ U ) reduced . A lift-reducing U may be large, but its bit-size can be made small. To “clean” a DUD ′ , we equalize D − 1 and D ′ , and truncate. U �→ ( U ′ , D , x ) with U = 2 x DU ′ D − 1 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 35/36

  83. L 1 e Introduction Wishful thinking Deforming Truncating Sanitizing the transforms Assume B and σ ℓ BU are reduced with ℓ ≥ 0 and U unimodular. Let ∆ U s.t. | ∆ u ij | ≤ 2 − Ω( ℓ + n ) r jj / r ii , then: U + ∆ U unimodular and σ ℓ B ( U + ∆ U ) reduced . A lift-reducing U may be large, but its bit-size can be made small. To “clean” a DUD ′ , we equalize D − 1 and D ′ , and truncate. U �→ ( U ′ , D , x ) with U = 2 x DU ′ D − 1 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 35/36

  84. L 1 e Introduction Wishful thinking Deforming Truncating Sanitizing the transforms Assume B and σ ℓ BU are reduced with ℓ ≥ 0 and U unimodular. Let ∆ U s.t. | ∆ u ij | ≤ 2 − Ω( ℓ + n ) r jj / r ii , then: U + ∆ U unimodular and σ ℓ B ( U + ∆ U ) reduced . A lift-reducing U may be large, but its bit-size can be made small. To “clean” a DUD ′ , we equalize D − 1 and D ′ , and truncate. U �→ ( U ′ , D , x ) with U = 2 x DU ′ D − 1 . Damien Stehl´ e LLL-reducing in quasi-linear time 11/04/2011 35/36

Recommend

Quasi-Newton methods for minimization Lectures for PHD course on Non-linear equations and

Quasi-Newton methods for minimization Lectures for PHD course on Non-linear equations and

Quasi-Newton methods for minimization Lectures for PHD course on Non-linear equations and numerical optimization Enrico Bertolazzi DIMS Universit` a di Trento March 2005 Quasi-Newton methods for minimization 1 / 63 Quasi Newton Method

530 views • 32 slides
can be done in linear time? Yuri Gurevich Tallinn, April 29, 2014 Agenda 1. What linear time?

can be done in linear time? Yuri Gurevich Tallinn, April 29, 2014 Agenda 1. What linear time?

What, if anything, can be done in linear time? Yuri Gurevich Tallinn, April 29, 2014 Agenda 1. What linear time? Why linear time? 2. Propositional primal infon logic 3. A linear time decision algorithm 4. Extensions with 1. Disjunction 2.

632 views • 48 slides
Computational Integrity with a Public Random String from Quasi-Linear PCPs Michael Riabzev

Computational Integrity with a Public Random String from Quasi-Linear PCPs Michael Riabzev

Goal Other approaches SCI overview Under the hood Measurements Acknowledgment Summary Computational Integrity with a Public Random String from Quasi-Linear PCPs Michael Riabzev Technion - Israel Institute of Technology EUROCRYPT 2017

469 views • 46 slides
KAM for quasi-linear KdV Massimiliano Berti Toronto, 10-1-2014, Conference on Hamiltonian

KAM for quasi-linear KdV Massimiliano Berti Toronto, 10-1-2014, Conference on Hamiltonian

The problem Literature Main results Proof: forced case Proof: Autonomous case KAM for quasi-linear KdV Massimiliano Berti Toronto, 10-1-2014, Conference on Hamiltonian PDEs: Analysis, Computations and Applications for the 60 -th

979 views • 40 slides
On stability of special solutions for quasi-linear equations of traffic flow Podoroga Anastasia

On stability of special solutions for quasi-linear equations of traffic flow Podoroga Anastasia

On stability of special solutions for quasi-linear equations of traffic flow Podoroga Anastasia Vladimirovna, Tikhonov Ivan Vladimirovich CMC MSU department of Mathematical Physics Dolgoprudny, 12 Sep. 2015 15 Sep. 2016 Podoroga A. V.,

769 views • 46 slides
1 Trace Cache Summary of Reducing Cache Hit Time Trace: a dynamic sequence of Small and simple

1 Trace Cache Summary of Reducing Cache Hit Time Trace: a dynamic sequence of Small and simple

Improving Cache Performance 1. Reducing miss rates 3. Reducing miss penalty or miss rates via parallelism Larger block size Lecture 18: Reducing Cache Hit Non-blocking caches larger cache size Time and Main Memory Design

285 views • 3 slides
Quasi-linear versus potential-based formulations of force-flux relations and the GENERIC for

Quasi-linear versus potential-based formulations of force-flux relations and the GENERIC for

Quasi-linear versus potential-based formulations of force-flux relations and the GENERIC for irreversible processes: comparisons and examples Markus Htter (1,*) Bob Svendsen (2) (1) Eindhoven University of Technology Materials Technology

467 views • 20 slides
Quasi-Optimal Multiplication of Linear Differential Operators Alexandre Benoit 1 , Alin Bostan 2

Quasi-Optimal Multiplication of Linear Differential Operators Alexandre Benoit 1 , Alin Bostan 2

Introduction The van der Hoeven Algorithm New Algorithm for the Unbalanced Product ( r &gt; d ) Reflexion for the Case when d &gt; r Conclusion Quasi-Optimal Multiplication of Linear Differential Operators Alexandre Benoit 1 , Alin Bostan 2 and

619 views • 51 slides
Exotic components in linear slices of quasi-Fuchsian groups Yuichi Kabaya Kyoto University

Exotic components in linear slices of quasi-Fuchsian groups Yuichi Kabaya Kyoto University

Exotic components in linear slices of quasi-Fuchsian groups Yuichi Kabaya Kyoto University Nara, October 29 2015 1 / 25 Outline S : ori. surface with ( S ) &lt; 0 X ( S ) = { : 1 ( S ) PSL 2 C } / { conjugation } (character

411 views • 27 slides
Global well-posedness of the quasi-linear Euler-Korteweg system for small irrotational data

Global well-posedness of the quasi-linear Euler-Korteweg system for small irrotational data

Presentation of the results Idea of the Proof Perspectives Global well-posedness of the quasi-linear Euler-Korteweg system for small irrotational data Corentin Audiard (LJLL, Paris 6) and Boris Haspot (Ceremade, Paris Dauphine) 1 Presentation

376 views • 22 slides
xtdpdqml: Quasi-maximum likelihood estimation of linear dynamic short-T panel data models

xtdpdqml: Quasi-maximum likelihood estimation of linear dynamic short-T panel data models

Introduction Dynamic panel data model Stata syntax Example Conclusion xtdpdqml: Quasi-maximum likelihood estimation of linear dynamic short-T panel data models Sebastian Kripfganz University of Exeter Business School, Department of

560 views • 27 slides
Nonlinear Planetary Wave Dynamics of Quasi-Stationary Anomalies Grant Branstator National Center

Nonlinear Planetary Wave Dynamics of Quasi-Stationary Anomalies Grant Branstator National Center

Nonlinear Planetary Wave Dynamics of Quasi-Stationary Anomalies Grant Branstator National Center for Atmospheric Research I. Planetary Wave Fundamentals (Sunday) a. Timescales b. Recurring structures c. Four basic processes d. Quasi-linear

719 views • 50 slides
Iterative Methods for Symmetric Quasi-Definite Linear Systems Mario Arioli 1 Dominique Orban 2 1

Iterative Methods for Symmetric Quasi-Definite Linear Systems Mario Arioli 1 Dominique Orban 2 1

Iterative Methods for Symmetric Quasi-Definite Linear Systems Mario Arioli 1 Dominique Orban 2 1 Rutherford Appleton Laboratory, mario.arioli@stfc.ac.uk 2 GERAD and Ecole Polytechnique de Montr eal, dominique.orban@gerad.ca Sparse Days,

962 views • 63 slides
GC for interactive and real-time systems Interactive or real-time app concerns Reducing length

GC for interactive and real-time systems Interactive or real-time app concerns Reducing length

GC for interactive and real-time systems Interactive or real-time app concerns Reducing length of garbage collection pause Demands guarantees for worst case performance Generational GC works if: Young generation is relatively small

452 views • 17 slides
GC for interactive and real-time systems Interactive or real-time app concerns Reducing length

GC for interactive and real-time systems Interactive or real-time app concerns Reducing length

GC for interactive and real-time systems Interactive or real-time app concerns Reducing length of garbage collection pause Demands guarantees for worst case performance Generational GC works if: Young generation is relatively small

377 views • 19 slides
Designs Chapter 11 Quasi-Experimentation Quasi-experiments resemble experiments, but lack

Designs Chapter 11 Quasi-Experimentation Quasi-experiments resemble experiments, but lack

Quasi-Experimental Designs Chapter 11 Quasi-Experimentation Quasi-experiments resemble experiments, but lack experimental control lack of random assignment is the key point of distinction between quasi- experiments and true

888 views • 31 slides
Reducing Over-generation Errors for Automatic Keyphrase Extraction using Integer Linear

Reducing Over-generation Errors for Automatic Keyphrase Extraction using Integer Linear

Reducing Over-generation Errors for Automatic Keyphrase Extraction using Integer Linear Programming Florian Boudin LINA - UMR CNRS 6241, Universit de Nantes, France Keyphrase 2015 1 / 22 Errors made by keyphrase extraction systems

246 views • 22 slides
Lecture 4, Non-linear Time Series Erik Lindstrm Its not a bug, its a feature!

Lecture 4, Non-linear Time Series Erik Lindstrm Its not a bug, its a feature!

Lecture 4, Non-linear Time Series Erik Lindstrm Its not a bug, its a feature! Properties of non-linear systems. Limit cycles Jumps Non-symmetric distributions Bifurcations Chaos Non-linear dependence Why are we using

631 views • 42 slides
1 quasi-newton in one variable: the secant method In a one dimensional problem, approximating the

1 quasi-newton in one variable: the secant method In a one dimensional problem, approximating the

QUASI-N E W TON MET HODS David F. Gleich February 29, 2012 Te material here is from Chapter 6 in No- Te idea behind Quasi-Newton methods is to make an optimization algorithm with cedal and Wright, and Section 12.3 in Griva, Sofer, and Nash.

56 views • 3 slides
Lecture 12. Quasi-likelihood Nan Ye School of Mathematics and Physics University of Queensland

Lecture 12. Quasi-likelihood Nan Ye School of Mathematics and Physics University of Queensland

Lecture 12. Quasi-likelihood Nan Ye School of Mathematics and Physics University of Queensland 1 / 28 Looking Back: Course Overview Generalized linear models (GLMs) Building blocks systematic and random components, exponential familes

437 views • 28 slides
Modified segmentation methods of quasi-stationary time series Irina Roslyakova Department of

Modified segmentation methods of quasi-stationary time series Irina Roslyakova Department of

Modified segmentation methods of quasi-stationary time series Irina Roslyakova Department of Scale Bridging Thermodynamic and Kinetic Simulation ICAMS (Interdisciplinary Centre for Advanced Materials Simulation) Ruhr-Universitt Bochum, UHW

720 views • 12 slides
Memory Hierarchy Reducing Hit Time Main Memory and Examples Soner Onder Michigan

Memory Hierarchy Reducing Hit Time Main Memory and Examples Soner Onder Michigan

Memory Hierarchy Reducing Hit Time Main Memory and Examples Soner Onder Michigan Technological University Randy Katz &amp; David A. Patterson University of California, Berkeley Review: Reducing Misses 2 CPUtime IC

577 views • 47 slides
Reducing Average Handling Times in your Contact Centre What is Average Handle Time? Average

Reducing Average Handling Times in your Contact Centre What is Average Handle Time? Average

Reducing Average Handling Times in your Contact Centre What is Average Handle Time? Average Handling Time (AHT) in essence, tells you how much time an advisor spends working on a task and when they are unable to deal with a new work item.

320 views • 10 slides
Quasi equilibrium construction for long time glassy dynamics Pierfrancesco Urbani Dipartimento

Quasi equilibrium construction for long time glassy dynamics Pierfrancesco Urbani Dipartimento

Quasi equilibrium construction for long time glassy dynamics Pierfrancesco Urbani Dipartimento di Fisica Universit di Roma, La Sapienza Laboratoire de Physique Thorique et Modles Statistiques Universit Paris-Sud

481 views • 16 slides

More recommend