We report on improved practical algorithms for lattice basis reduction. We propose a practical floating point version of the L3-algorithm of Lenstra, Lenstra, Lov'asz (1982). We present a variant of the L3- algorithm with "deep insertions" and a practical algorithm for block Korkin--Zolotarev reduction, a concept introduced by Schnorr (1987). Empirical tests show that the strongest of these algorithms solves almost all subset sum problems with up to 66 random weights of arbitrary bit length within at most a few hours on a UNISYS 6000/70 or within a couple of minutes on a SPARC 1+ computer.

In this semi-tutorial paper, a comprehensive survey of closest-point search methods for lattices without a regular structure is presented. The existing search strategies are described in a unified framework, and differences between them are elucidated. An efficient closest-point search algorithm, based on the Schnorr-Euchner variation of the Pohst method, is implemented. Given an arbitrary point x 2 R m and a generator matrix for a lattice , the algorithm computes the point of that is closest to x. The algorithm is shown to be substantially faster than other known methods, by means of a theoretical comparison with the Kannan algorithm and an experimental comparison with the Pohst algorithm and its variants, such as the recent Viterbo-Boutros decoder. The improvement increases with the dimension of the lattice. Modifications of the algorithm are developed to solve a number of related search problems for lattices, such as finding a shortest vector, determining the kissing number, compu...

Lattices are regular arrangements of points in n-dimensional space, whose study appeared in the 19th century in both number theory and crystallography. Since the appearance of the celebrated LenstraLenstra -Lov'asz lattice basis reduction algorithm twenty years ago, lattices have had surprising applications in cryptology. Until recently, the applications of lattices to cryptology were only negative, as lattices were used to break various cryptographic schemes. Paradoxically, several positive cryptographic applications of lattices have emerged in the past five years: there now exist public-key cryptosystems based on the hardness of lattice problems, and lattices play a crucial role in a few security proofs.

In recent years, methods based on lattice reduction have been used repeatedly for the cryptanalytic attack of various systems. Even if they do not rest on highly sophisticated theories, these methods may look a bit intricate to the practically oriented cryptographers, both from the mathematical and the algorithmic point of view. The aim of the present paper is to explain what can be achieved by lattice reduction algorithms, even without understanding of the actual mechanisms involved. Two examples are given, one of them being the attack devised by the second named author against Knuth's truncated linear congruential generator, which has been announced a few years ago and appears here for the first time in journal version.

this article - Algorithmic Geometry of Numbers. The fundamental basis reduction algorithm of Lov'asz which first appeared in Lenstra, Lenstra, Lov'asz [46] was used in Lenstra's algorithm for integer programming and has since been applied in myriad contexts-starting with factorization of polynomials (A.K. Lenstra, [45]). Classical Geometry of Numbers has a special feature in that it studies the geometric properties of (convex) sets like volume, width etc. which come from the realm of continuous mathematics in relation to lattices which are discrete objects. This makes it ideal for applications to integer programming and other discrete optimization problems which seem inherently harder than their "continuous" counterparts like linear programming. 1

Lattices are regular arrangements of points in space, whose study appeared in the 19th century in both number theory and crystallography.

Abstract. We prove that the Leech lattice is the unique densest lattice in R 24. The proof combines human reasoning with computer verification of the properties of certain explicit polynomials. We furthermore prove that no sphere packing in R 24 can exceed the Leech lattice’s density by a factor of more than 1 + 1.65 · 10 −30, and we give a new proof that E8 is the unique densest lattice in R 8. 1.

In this paper, we classify the perfect lattices in dimension 8. There are 10916 of them. Our classification heavily relies on exploiting symmetry in polyhedral computations. Here we describe algorithms making the classification possible.

Recently, lattice-reduction-aided detectors have been proposed for multiple-input multiple-output (MIMO) systems to give performance with full diversity like maximum likelihood receiver, and yet with complexity similar to linear receivers. However, these lattice-reduction-aided detectors are based on the traditional LLL reduction algorithm that was originally introduced for reducing real lattice bases, in spite of the fact that the channel matrices are inherently complexvalued. In this paper, we introduce the complex LLL algorithm for direct application to reduce the basis of a complex lattice which is naturally defined by a complex-valued channel matrix. We prove that complex LLL reduction-aided detection can also achieve full diversity. Our analysis reveals that the new complex LLL algorithm can achieve a reduction in complexity of nearly 50 % over the traditional LLL algorithm, and this is confirmed by simulation. It is noteworthy that the complex LLL algorithm aforementioned has nearly the same bit-error-rate performance as the traditional LLL algorithm.

Most of the interesting algorithmic problems in the geometry of numbers are NP-hard as the lattice dimension increases. This article deals with the low-dimensional case. We study a greedy lattice basis reduction algorithm for the Euclidean norm, which is arguably the most natural lattice basis reduction algorithm, because it is a straightforward generalization of the well-known two-dimensional Gaussian algorithm. Our results are two-fold. From a mathematical point of view, we show that up to dimension four, the output of the greedy algorithm is optimal: the output basis reaches all the successive minima of the lattice. However, as soon as the lattice dimension is strictly higher than four, the output basis may not even reach the first minimum. More importantly, from a computational point of view, we show that up to dimension four, the bit-complexity of the greedy algorithm is quadratic without fast integer arithmetic: this allows to compute various lattice problems (e.g. computing a Minkowski-reduced basis and a closest vector) in quadratic time, without fast integer arithmetic, up to dimension four, while all other algorithms known for such problems have a bit-complexity which is at least cubic. This was already proved by Semaev up to dimension three using rather technical means, but it was previously unknown whether or not the algorithm was still polynomial in dimension four. Our analysis, based on geometric properties of low-dimensional lattices and in particular Voronoï cells, arguably simplifies Semaev’s analysis in dimensions two and three, unifies the cases of dimensions two, three and four, but breaks down in dimension five.