Introduction Goal Basis Reduction Lattice Diffusion and Sublattice Fusion Algorithm Hill Climbing Algorithm Experiment & Results References The End. Lattice Basis Reduction techniques based on the LLL algorithm Bal K. Khadka Michigan Technological University, Houghton, Michigan 49931, USA August 26 - August 30, 2015 Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Lattice Basis Reduction techniques based on theLLL algorithm
Bal K. Khadka
Michigan Technological University, Houghton, Michigan 49931, USA
August 26 - August 30, 2015
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Contents
1 Introduction
2 Goal
3 Basis Reduction
4 Lattice Diffusion and Sublattice Fusion Algorithm
5 Hill Climbing Algorithm
6 Experiment & Results
7 References
8 The End.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Introduction
Lattice Basis:Given m linearly independent vectors B = (b1, b2, ..., bm)
T inEuclidean n−space Rn where m ≤ n, the lattice L generated bythem is defined as L(B) = {
∑xibi |xi ∈ Z}. That is
L(B) = {xTB | x ∈ Zm}.
Let B = (b1, b2, ..., bm)T be a basis of L ⊂ Rn and U be an
integral unimodular matrix (an m ×m integer matrix havingdeterminant ±1), then UB is another basis of L.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Introduction
Lattice Basis:Given m linearly independent vectors B = (b1, b2, ..., bm)
T inEuclidean n−space Rn where m ≤ n, the lattice L generated bythem is defined as L(B) = {
∑xibi |xi ∈ Z}. That is
L(B) = {xTB | x ∈ Zm}.
Let B = (b1, b2, ..., bm)T be a basis of L ⊂ Rn and U be an
integral unimodular matrix (an m ×m integer matrix havingdeterminant ±1), then UB is another basis of L.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Introduction
Minkowski Convex Body Theorem:A convex set S ⊂ Rn which is symmetric about origin and withvolume greater than m2ndet(L) contains at least m non-zerodistinct lattice pairs ±x1, ±x2, . . . .± xm.
Corollary:If L ⊂ Rn is an n dimensional lattice wih determinant det(L) thenthere is a nonzero b ∈ L such that | b |≤ 2√
π[Γ(n2 + 1)]
1n (det(L))
1n .
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Introduction
Minkowski Convex Body Theorem:A convex set S ⊂ Rn which is symmetric about origin and withvolume greater than m2ndet(L) contains at least m non-zerodistinct lattice pairs ±x1, ±x2, . . . .± xm.
Corollary:If L ⊂ Rn is an n dimensional lattice wih determinant det(L) thenthere is a nonzero b ∈ L such that | b |≤ 2√
π[Γ(n2 + 1)]
1n (det(L))
1n .
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Goal
Given an integral lattice basis of a lattice L ⊂ Rn as input, to finda vector in the lattice L with a minimal Euclidean norm.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Gram-Schimdt Orthogonalization (GSO)
Given a basis B = (b1, b2, ..., bm)T for a vector space Rn, we
can use GSO process to construct an orthogonal basisB∗ = (b∗1, b
∗2, ..., b
∗m)
T such that b∗1 = b1 and
b∗i = bi −i−1∑j=1
µijb∗j (2 ≤ i ≤ m),
µij =〈bi , b∗j 〉〈b∗j , b∗j 〉
(1 ≤ j < i ≤ n).
B = MB∗, where M = (µij) is a lower triangular matrix.
For any non zero lattice vector b ∈ L ⊂ Rn we have| b |≥ min {| b∗1 |, · · · , | b∗n |}.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Gram-Schimdt Orthogonalization (GSO)
Given a basis B = (b1, b2, ..., bm)T for a vector space Rn, we
can use GSO process to construct an orthogonal basisB∗ = (b∗1, b
∗2, ..., b
∗m)
T such that b∗1 = b1 and
b∗i = bi −i−1∑j=1
µijb∗j (2 ≤ i ≤ m),
µij =〈bi , b∗j 〉〈b∗j , b∗j 〉
(1 ≤ j < i ≤ n).
B = MB∗, where M = (µij) is a lower triangular matrix.
For any non zero lattice vector b ∈ L ⊂ Rn we have| b |≥ min {| b∗1 |, · · · , | b∗n |}.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Gram-Schimdt Orthogonalization (GSO)
Given a basis B = (b1, b2, ..., bm)T for a vector space Rn, we
can use GSO process to construct an orthogonal basisB∗ = (b∗1, b
∗2, ..., b
∗m)
T such that b∗1 = b1 and
b∗i = bi −i−1∑j=1
µijb∗j (2 ≤ i ≤ m),
µij =〈bi , b∗j 〉〈b∗j , b∗j 〉
(1 ≤ j < i ≤ n).
B = MB∗, where M = (µij) is a lower triangular matrix.
For any non zero lattice vector b ∈ L ⊂ Rn we have| b |≥ min {| b∗1 |, · · · , | b∗n |}.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
LLL Reduced Bases
Let L(B) with B = (b1, b2, ..., bm) be a lattice in Rn withGSO vector b∗1, b
∗2, ..., b
∗m. The basis B is called α reduced (or
LLL-reduced with the reduction parameter α ∈ (14 , 1)) if the
following conditions hold:
a) |µi ,j | ≤ 12 for 1 ≤ j < i ≤ m,
b) |b∗i + µi ,i−1b∗i−1|2 ≥ α|b∗i−1|2 for 2 ≤ i ≤ m.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
LLL Reduced Bases
Let L(B) with B = (b1, b2, ..., bm) be a lattice in Rn withGSO vector b∗1, b
∗2, ..., b
∗m. The basis B is called α reduced (or
LLL-reduced with the reduction parameter α ∈ (14 , 1)) if the
following conditions hold:
a) |µi ,j | ≤ 12 for 1 ≤ j < i ≤ m,
b) |b∗i + µi ,i−1b∗i−1|2 ≥ α|b∗i−1|2 for 2 ≤ i ≤ m.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
LLL Reduced Bases
Let L(B) with B = (b1, b2, ..., bm) be a lattice in Rn withGSO vector b∗1, b
∗2, ..., b
∗m. The basis B is called α reduced (or
LLL-reduced with the reduction parameter α ∈ (14 , 1)) if the
following conditions hold:
a) |µi ,j | ≤ 12 for 1 ≤ j < i ≤ m,
b) |b∗i + µi ,i−1b∗i−1|2 ≥ α|b∗i−1|2 for 2 ≤ i ≤ m.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Lattice Diffusion and Sublattice Fusion Algorithm
Input: Basis B = (b)m×n of L ⊂ Rn, β < m→ Block Sizeand N, M → parameters
Take N permutation matrices Pj , (1 ≤ j ≤ N) with radiusclose to m.
M ←M∪i=1
βi ↑ Sort{LLL(PjB)|length of (LLL(PjB)) is
minimum for 1 ≤ j ≤ N}.
B ′ ← LLL(M)
Output: a vector of minimal length
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Lattice Diffusion and Sublattice Fusion Algorithm
Input: Basis B = (b)m×n of L ⊂ Rn, β < m→ Block Sizeand N, M → parameters
Take N permutation matrices Pj , (1 ≤ j ≤ N) with radiusclose to m.
M ←M∪i=1
βi ↑ Sort{LLL(PjB)|length of (LLL(PjB)) is
minimum for 1 ≤ j ≤ N}.
B ′ ← LLL(M)
Output: a vector of minimal length
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Lattice Diffusion and Sublattice Fusion Algorithm
Input: Basis B = (b)m×n of L ⊂ Rn, β < m→ Block Sizeand N, M → parameters
Take N permutation matrices Pj , (1 ≤ j ≤ N) with radiusclose to m.
M ←M∪i=1
βi ↑ Sort{LLL(PjB)|length of (LLL(PjB)) is
minimum for 1 ≤ j ≤ N}.
B ′ ← LLL(M)
Output: a vector of minimal length
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Lattice Diffusion and Sublattice Fusion Algorithm
Input: Basis B = (b)m×n of L ⊂ Rn, β < m→ Block Sizeand N, M → parameters
Take N permutation matrices Pj , (1 ≤ j ≤ N) with radiusclose to m.
M ←M∪i=1
βi ↑ Sort{LLL(PjB)|length of (LLL(PjB)) is
minimum for 1 ≤ j ≤ N}.
B ′ ← LLL(M)
Output: a vector of minimal length
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Lattice Diffusion and Sublattice Fusion Algorithm
Input: Basis B = (b)m×n of L ⊂ Rn, β < m→ Block Sizeand N, M → parameters
Take N permutation matrices Pj , (1 ≤ j ≤ N) with radiusclose to m.
M ←M∪i=1
βi ↑ Sort{LLL(PjB)|length of (LLL(PjB)) is
minimum for 1 ≤ j ≤ N}.
B ′ ← LLL(M)
Output: a vector of minimal length
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Hill Climbing Algorithm
Begin: Basis B = (b)m×n of L ⊂ Rn.
Take k permutation matrices Pj , (2 ≤ j ≤ k) such thatd(Pj , Im) = r (r ≤ m ) . where d is a hamming distance.
B ← {LLL(PjB)|length of (LLL(PjB)) is minimum for1 ≤ j ≤ k}.
End if the desired bound is achieved, or no furtherimprovement is observed.
else,
go to the step 2.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Hill Climbing Algorithm
Begin: Basis B = (b)m×n of L ⊂ Rn.
Take k permutation matrices Pj , (2 ≤ j ≤ k) such thatd(Pj , Im) = r (r ≤ m ) . where d is a hamming distance.
B ← {LLL(PjB)|length of (LLL(PjB)) is minimum for1 ≤ j ≤ k}.
End if the desired bound is achieved, or no furtherimprovement is observed.
else,
go to the step 2.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Hill Climbing Algorithm
Begin: Basis B = (b)m×n of L ⊂ Rn.
Take k permutation matrices Pj , (2 ≤ j ≤ k) such thatd(Pj , Im) = r (r ≤ m ) . where d is a hamming distance.
B ← {LLL(PjB)|length of (LLL(PjB)) is minimum for1 ≤ j ≤ k}.
End if the desired bound is achieved, or no furtherimprovement is observed.
else,
go to the step 2.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Hill Climbing Algorithm
Begin: Basis B = (b)m×n of L ⊂ Rn.
Take k permutation matrices Pj , (2 ≤ j ≤ k) such thatd(Pj , Im) = r (r ≤ m ) . where d is a hamming distance.
B ← {LLL(PjB)|length of (LLL(PjB)) is minimum for1 ≤ j ≤ k}.
End if the desired bound is achieved, or no furtherimprovement is observed.
else,
go to the step 2.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Hill Climbing Algorithm
Begin: Basis B = (b)m×n of L ⊂ Rn.
Take k permutation matrices Pj , (2 ≤ j ≤ k) such thatd(Pj , Im) = r (r ≤ m ) . where d is a hamming distance.
B ← {LLL(PjB)|length of (LLL(PjB)) is minimum for1 ≤ j ≤ k}.
End if the desired bound is achieved, or no furtherimprovement is observed.
else,
go to the step 2.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Hill Climbing Algorithm
Begin: Basis B = (b)m×n of L ⊂ Rn.
Take k permutation matrices Pj , (2 ≤ j ≤ k) such thatd(Pj , Im) = r (r ≤ m ) . where d is a hamming distance.
B ← {LLL(PjB)|length of (LLL(PjB)) is minimum for1 ≤ j ≤ k}.
End if the desired bound is achieved, or no furtherimprovement is observed.
else,
go to the step 2.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Our experiment
Case 1: we constructed hadamard matrices and inflated usingintegral unimodular matrices.
Case 2: we picked Ideal lattices from online resources.
We used Hill climbing/lattice diffusion and sublattice fusionalgorithm to get the desired approximated shortest vector.
We successfully reduced B to find the competitive shortestvectors.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Our experiment
Case 1: we constructed hadamard matrices and inflated usingintegral unimodular matrices.
Case 2: we picked Ideal lattices from online resources.
We used Hill climbing/lattice diffusion and sublattice fusionalgorithm to get the desired approximated shortest vector.
We successfully reduced B to find the competitive shortestvectors.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Our experiment
Case 1: we constructed hadamard matrices and inflated usingintegral unimodular matrices.
Case 2: we picked Ideal lattices from online resources.
We used Hill climbing/lattice diffusion and sublattice fusionalgorithm to get the desired approximated shortest vector.
We successfully reduced B to find the competitive shortestvectors.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Our experiment
Case 1: we constructed hadamard matrices and inflated usingintegral unimodular matrices.
Case 2: we picked Ideal lattices from online resources.
We used Hill climbing/lattice diffusion and sublattice fusionalgorithm to get the desired approximated shortest vector.
We successfully reduced B to find the competitive shortestvectors.
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Results
Inflated Hadamard Matrix
Ideal Lattice
ASVP Hall of Fame
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Results
Inflated Hadamard Matrix
Ideal Lattice
ASVP Hall of Fame
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
Results
Inflated Hadamard Matrix
Ideal Lattice
ASVP Hall of Fame
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
References
Lattice Basis Reduction by Murray R. BermnerLLL reduction using NTL library by Victor Shouphttp://www.latticechallenge.org/ideallattice-challenge/in-dex.php
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
The End
Any Question?
Thank You!
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
IntroductionGoal
Basis ReductionLattice Diffusion and Sublattice Fusion Algorithm
Hill Climbing AlgorithmExperiment & Results
ReferencesThe End.
The End
Any Question?
Thank You!
Bal K. Khadka (August 26 - August 30, 2015) Algebraic Combinatorics and Applications
Related Documents
