Abstract

AbstractThe LLL basis reduction algorithm was the first polynomial-time algorithm to compute a reduced basis of a given lattice, and hence also a short vector in the lattice. It thereby approximates an NP-hard problem where the approximation quality solely depends on the dimension of the lattice, but not the lattice itself. The algorithm has several applications in number theory, computer algebra and cryptography.In this paper, we develop the first mechanized soundness proof of the LLL algorithm using Isabelle/HOL. We additionally integrate one application of LLL, namely a verified factorization algorithm for univariate integer polynomials which runs in polynomial time.

Highlights

  • The LLL basis reduction algorithm by Lenstra, Lenstra and Lovasz [8] is a remarkable algorithm with numerous applications

  • The LLL algorithm plays an important role in finding short vectors in lattices: Given some list of linearly independent integer vectors f0, . . . , fm−1 ∈ Zn, the corresponding lattice L is the set of integer linear combinations of the fi; and the shortest vector problem is to find some non-zero element in L which has the minimum norm

  • The Gram–Schmidt orthogonalization (GSO) procedure takes a list of linearly independent vectors f0, . . . , fm−1 from Rn or Qn as input, and returns an orthogonal basis g0, . . . , gm−1 for the space that is spanned by the input vectors

Read more

Summary

Introduction

The LLL basis reduction algorithm by Lenstra, Lenstra and Lovasz [8] is a remarkable algorithm with numerous applications. There even exists a 500-page book solely about the LLL algorithm [10] It lists applications in number theory and cryptology, and contains the best known polynomial factorization algorithm that is used in today’s computer algebra systems. In addition to the LLL algorithm, we verify one application, namely a polynomial-time algorithm for the factorization of univariate integer polynomials, that is: factorization into the content and a product of irreducible integer polynomials It reuses most parts of the formalization of the Berlekamp– Zassenhaus factorization algorithm, where the main difference is the replacement of the exponential-time reconstruction phase [1, Sect. 3 we describe an extended formalization about the Gram–Schmidt orthogonalization procedure This procedure is a crucial sub-routine of the LLL algorithm whose correctness is verified in Sect. Our formalization is available in the archive of formal proofs (AFP) [2,3]

Preliminaries
Gram–Schmidt Orthogonalization
The LLL Basis Reduction Algorithm
Experimental Evaluation of the Verified LLL Algorithm
Factorization of Polynomials in Polynomial Time
Short Vectors for Polynomial Factorization
Bug in Modern Computer Algebra
A Verified Factorization Algorithm
Summary

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.