## CryptoDB

### Paper: Towards faster polynomial-time lattice reduction

Authors: Paul Kirchner , University Rennes Thomas Espitau , NTT Research and Development Pierre-Alain Fouque , University Rennes DOI: 10.1007/978-3-030-84245-1_26 (login may be required) Search ePrint Search Google Slides CRYPTO 2021 The LLL algorithm is a polynomial-time algorithm for reducing d-dimensional lattice with exponential approximation factor. Currently, the most efficient variant of LLL, by Neumaier and Stehl\'e, has a theoretical running time in $d^4\cdot B^{1+o(1)}$ where $B$ is the bitlength of the entries, but has never been implemented. This work introduces new asymptotically fast, parallel, yet heuristic, reduction algorithms with their optimized implementations. Our algorithms are recursive and fully exploit fast block matrix multiplication. We experimentally demonstrate that by carefully controlling the floating-point precision during the recursion steps, we can reduce euclidean lattices of rank d in time $\tilde{O}(d^\omega\cdot C)$, i.e., almost a constant number of matrix multiplications, where $\omega$ is the exponent of matrix multiplication and C is the log of the condition number of the matrix. For cryptographic applications, C is close to B, while it can be up to d times larger in the worst case. It improves the running-time of the state-of-the-art implementation fplll by a multiplicative factor of order $d^2\cdot B$. Further, we show that we can reduce structured lattices, the so-called knapsack lattices, in time $\tilde{O}(d^{\omega-1}\cdot C)$ with a progressive reduction strategy. Besides allowing reducing huge lattices, our implementation can break several instances of Fully Homomorphic Encryption schemes based on large integers in dimension 2,230 with 4 millions of bits.
##### BibTeX
@inproceedings{crypto-2021-31251,
title={Towards faster polynomial-time lattice reduction},
publisher={Springer-Verlag},
doi={10.1007/978-3-030-84245-1_26},
author={Paul Kirchner and Thomas Espitau and Pierre-Alain Fouque},
year=2021
}