|
|
Line 1: |
Line 1: |
| The '''Lenstra–Lenstra–Lovász''' (LLL) '''lattice basis reduction algorithm''' is a [[polynomial time]] [[lattice reduction]] [[algorithm]] invented by [[Arjen Lenstra]], [[Hendrik Lenstra]] and [[László Lovász]] in 1982.<ref>{{Cite journal|last1=Lenstra|first1=A. K.|author1-link=A. K. Lenstra|last2=Lenstra|first2=H. W., Jr.|author2-link=H. W. Lenstra, Jr.|last3=Lovász|first3=L.|author3-link=László Lovász|title=Factoring polynomials with rational coefficients|journal=[[Mathematische Annalen]]|volume=261|year=1982|issue=4|pages=515–534|id={{hdl|1887/3810}}|doi=10.1007/BF01457454|mr=0682664}}</ref> Given a [[basis (linear algebra)|basis]] <math>\mathbf{B}=\{ \mathbf{b}_1,\mathbf{b}_2, \dots, \mathbf{b}_d \}</math> with ''n''-dimensional integer coordinates, for a [[lattice (group)|lattice]] L in '''R'''<sup>''n''</sup> with <math> \ d \leq n </math>, the LLL algorithm outputs an ''LLL-reduced'' (short, nearly [[orthogonal]]) lattice basis in time
| | MRSA can cause many other symptoms since it can infect the urinary tract or the bloodstream. ) Immediately clean any surface, which is visible contamination of a body fluid such as blood, urine or other body fluid. I slowly began to recover from this set back, but in two months, still wasn't back to where I was a week after leaving the hospital. This does not completely prevent the spread of MRSA. The surrounding area is usually red, swollen and very painful. <br><br>You will undoubtedly discover countless conversation organizations for MMS as a MRSA cure. The definition of 'a cure' is being four years or longer without a particular disease such as AIDS, or cancer. This can be through a surgical wound or opening, scrape, burn and even cut. Bodily utilization is known to be a helpful MRSA cure, in addition. It sounds as if it's performed as a cure for MRSA for some, but I speculate what are the results if the sore isn't open. <br><br>Direct or indirect contact with a person infected with MRSA is a growing route of transmission for the infection. If you or someone you love is in the hospital with MRSA right now, please read this message. These natural bacterial floras are mostly located inside the nostrils. There's also a risk that, left untreated, this infection can lead to endocarditis and meningitis. A mitochondrion is a tiny organelle inside our cells that help to convert substances inside our food into energy. <br><br>In the past, doctors were able to treat most serious infections with the use of antibiotics. Treatments for MRSA may function for a single particular person, however, notfor the next. If you suspect someone else has it do not roll or spar with them and advise them to get treatment. Turmeric Root: Turmeric is a brownish root often found in Indian cuisine. Many people are just the carriers of staph bacteria and usually does not show any sign of infection but MRSA wont let you so easily. <br><br>Therefore, under the above scenario Medicare would not cover the extra cost necessitated by leaving the sponge in the patient. - Easy to clean - Aesthetically Pleasing -Quick to install. Would there be any sort of hope that honey might have any benefit in that kind of situation. The health deparment said the bacteria is being spread to humans through pigs. If infected with this disease, there is quick progress made (within 24 to 48 hours,) and within a mere 72 hours, the infection may take hold in human tissue and become quite resistant to treatment.<br><br>For those who have any kind of issues with regards to where by along with tips on how to use [http://www.midlanddistrictrailroadclub.info/ how to treat mrsa], it is possible to email us with our own web page. |
| | |
| :<math>O(d^5n\log^3 B)\,</math>
| |
| | |
| where B is the largest length of <math>b_i</math> under the Euclidean norm. | |
| | |
| The original applications were to give polynomial time algorithms for factorizing polynomials with rational coefficients into irreducible polynomials, for finding simultaneous rational approximations to real numbers, and for solving the [[linear programming|integer linear programming problem]] in fixed dimensions.
| |
| | |
| ==LLL reduction==
| |
| The precise definition of LLL-reduced is as follows: Given a [[Basis (linear algebra)|basis]] | |
| | |
| :<math>\mathbf{B}=\{ \mathbf{b}_1,\mathbf{b}_2, \dots, \mathbf{b}_n \},</math>
| |
| | |
| define its [[Gram–Schmidt process]] orthogonal basis
| |
| | |
| :<math>\mathbf{B}^*=\{ \mathbf{b}^*_1, \mathbf{b}^*_2, \dots, \mathbf{b}^*_n \},</math>
| |
| | |
| and the Gram-Schmidt coefficients | |
| :<math>\mu_{i,j}=\frac{\langle\mathbf{b}_i,\mathbf{b}^*_j\rangle}{\langle\mathbf{b}^*_j,\mathbf{b}^*_j\rangle}</math>, for any <math>1 \le j < i \le n</math>.
| |
| | |
| Then the basis <math>B</math> is LLL-reduced if there exists a parameter <math>\delta</math> in (0.25,1] such that the following holds:
| |
| | |
| # (size-reduced) For <math>1 \leq j < i \leq n\colon \left|\mu_{i,j}\right|\leq 0.5</math>. By definition, this property guarantees the length reduction of the ordered basis.
| |
| # (Lovász condition) For k = 2,3,..,n <math> \colon \delta \Vert \mathbf{b}^*_{k-1}\Vert^2 \leq \Vert \mathbf{b}^*_k\Vert^2+ \mu_{k,k-1}^2\Vert
| |
| \mathbf{b}^*_{k-1}\Vert^2</math>.
| |
| | |
| Here, estimating the value of the <math>\delta</math> parameter, we can conclude how well the basis is reduced. Greater values of <math>\delta</math> lead to stronger reductions of the basis.
| |
| Initially, A. Lenstra, H. Lenstra and L. Lovász demonstrated the LLL-reduction algorithm for <math>\delta = \frac{3}{4}</math>.
| |
| Note that although LLL-reduction is well-defined for <math>\delta = 1</math>, the polynomial-time complexity is guaranteed only
| |
| for <math>\delta</math> in (0.25,1).
| |
| | |
| The LLL algorithm computes LLL-reduced bases. There is no known efficient algorithm to compute a basis in which the basis vectors are as short as possible for lattices of dimensions greater than 4. However, an LLL-reduced basis is nearly as short as possible, in the sense that there are absolute bounds <math>c_i > 1</math> such that the first basis vector is no more than <math>c_1</math> times as long as a shortest vector in the lattice,
| |
| the second basis vector is likewise within <math>c_2</math> of the second successive minimum, and so on.
| |
| | |
| ==LLL Algorithm==
| |
| The following description is based on {{harv|Cohen|2000|loc=Algorithm 2.6.3}}.
| |
| | |
| INPUT:
| |
| :<math>\triangleright </math> a lattice basis <math> \mathbf{b}_1,\mathbf{b}_2, \dots, \mathbf{b}_n \in Z^{m}</math>,
| |
| :<math>\triangleright </math> parameter <math>\delta </math> with <math>\frac{1}{4} < \delta <1 </math>
| |
| | |
| PROCEDURE:
| |
| | |
| ''Perform Gram-Schmidt:''
| |
| * <math>b_{1}^{*}:= b_{1},B_{1}:= \langle b_{1}^{*}, b_{1}^{*} \rangle </math>
| |
| * '''for''' <math>i</math> '''from''' <math>2</math> '''to''' <math>n</math> '''do'''
| |
| ** <math>b_{i}^{*}:= b_{i}</math>
| |
| ** '''for''' <math>j</math> '''from''' <math>1</math> '''to''' <math>i-1</math> '''do'''
| |
| *** <math>\mu_{i,j}:= \frac{\langle b_{i}, b_{j}^{*} \rangle}{B_{j}}</math>
| |
| *** <math>b_{i}^{*}:= b_{i}^{*} - \mu_{i,j}b_{j}^{*}</math>
| |
| ** '''end for'''
| |
| ** <math>B_{i}:= \langle b_{i}^{*}, b_{i}^{*} \rangle </math>
| |
| * '''end for'''
| |
| * <math>k:=2</math> ''(k is the stage at which the vectors <math> \mathbf{b}_1,\mathbf{b}_2, \dots, \mathbf{b}_{k-1}</math> are reduced according to size-reduced property 1.)''
| |
| * '''if''' <math>|\mu_{i,j}| >\frac{1}{2}</math> '''then''' execute reduction subroutine RED(k,k-1):
| |
| ** '''for''' <math>l</math> '''from''' <math>k-1</math> '''to''' <math>1</math> '''do'''
| |
| *** <math>r:= \lfloor 0.5 + \mu_{k,l} \rfloor</math>
| |
| *** <math>b_{k}:= b_{k}- rb_{l} </math>
| |
| *** '''for''' <math>j</math> '''from''' <math>1</math> '''to''' <math>l-1</math> '''do'''
| |
| **** <math> \mu_{k,j}:= \mu_{k,j} - r \mu_{l,j} </math>
| |
| *** '''end for'''
| |
| *** <math> \mu_{k,l}:= \mu_{k,l} - r </math>
| |
| ** '''end for'''
| |
| * '''end if'''
| |
| * Calculate <math> \mu_{i,j}</math> for 1 <math>\leq j <i \leq n</math> and <math>B_{i}</math> for <math>i</math> from 1 to <math>n</math>
| |
| | |
| * '''while''' <math>k \leq n</math> '''do'''
| |
| ** Length reduce <math>b_{k} </math> and correct <math>\mu_{k,j}</math> according to reduction subroutine in step 4, for <math>j</math> from 1 till <math>k-1</math>
| |
| ** '''if''' <math> B_{k} < (\frac{3}{4}- \mu_{k,k-1}^2)B_{k-1} </math> '''then'''
| |
| *** Exchange <math>b_{k}</math> and <math>b_{k-1}</math>
| |
| *** <math>k</math>:= max <math>(2,k-1)</math>
| |
| ** '''else'''
| |
| *** <math>k:= k+1</math>
| |
| ** '''end if'''
| |
| * '''end while'''
| |
| | |
| OUTPUT: LLL reduced basis <math> \mathbf{b}_1,\mathbf{b}_2, \dots, \mathbf{b}_n </math>
| |
| | |
| ==Example==
| |
| The following presents an example due to W. Bosma.<ref>{{Cite web|url=http://www.math.ru.nl/~bosma/onderwijs/voorjaar07/compalg7.pdf|title=4. LLL |last=Bosma|first=Wieb|work=Lecture notes|accessdate=28 February 2010}}</ref>
| |
| | |
| INPUT:
| |
| | |
| Let a lattice basis <math> \mathbf{b}_1,\mathbf{b}_2, \mathbf{b}_3 \in Z^{3}</math>, be given by the columns of
| |
| :<math>
| |
| \begin{bmatrix}
| |
| 1 & -1& 3\\
| |
| 1 & 0 & 5\\
| |
| 1 & 2 & 6
| |
| \end{bmatrix}
| |
| </math>
| |
| | |
| Then according to the LLL algorithm we obtain the following:
| |
| | |
| 1.<math>b_{1}^{*}= b_{1}=
| |
| \begin{bmatrix}1\\1\\1\end{bmatrix},B_{1}= \langle b_{1}^{*}, b_{1}^{*} \rangle =
| |
| \begin{bmatrix}1\\1\\1\end{bmatrix} \begin{bmatrix}1\\1\\1\end{bmatrix}= 3</math>
| |
| | |
| 2.For <math>i=2</math> DO:
| |
| | |
| 2.1.For <math>j=1</math> set <math>\mu_{2,1}= \frac{\langle b_{2}, b_{1}^{*} \rangle}{B_{1}}=
| |
| \frac{\begin{bmatrix}-1\\0\\2\end{bmatrix} \begin{bmatrix}1\\1\\1\end{bmatrix}}{3}=\frac{1}{3}(< \frac{1}{2})</math>
| |
| | |
| and <math>b_{2}^{*}= b_{2}- \mu_{2,1}b_{1}^{*}= \begin{bmatrix}-1\\0\\2\end{bmatrix}- \frac{1}{3}\begin{bmatrix}1\\1\\1\end{bmatrix}=\begin{bmatrix}\frac{-4}{3}\\\frac{-1}{3}\\\frac{5}{3}\end{bmatrix}.</math>
| |
| | |
| 2.2<math>B_{2}= \langle b_{2}^{*}, b_{2}^{*} \rangle =
| |
| \begin{bmatrix}\frac{-4}{3}\\\frac{-1}{3}\\\frac{5}{3}\end{bmatrix} \begin{bmatrix}\frac{-4}{3}\\\frac{-1}{3}\\\frac{5}{3}\end{bmatrix}= \frac{14}{3}.</math>
| |
| | |
| 3. <math>\mathbf{k}:=2</math>
| |
| | |
| 4.Here the step 4 of the LLL algorithm is skipped as size-reduced property holds for <math>\mu_{2,1}</math>
| |
| | |
| 5.For <math>i=3</math> and for <math>j=1,2</math> calculate <math> \mu_{i,j}</math> and <math>B_{i}</math>:
| |
| <math>\mu_{3,1}= \frac{\langle b_{3}, b_{1}^{*} \rangle}{B_{1}}=
| |
| \frac{\begin{bmatrix}3\\5\\6\end{bmatrix} \begin{bmatrix}1\\1\\1\end{bmatrix}}{3}=\frac{14}{3}(> \frac{1}{2})</math>
| |
| | |
| hence <math>b_{3}^{*}= b_{3}- \mu_{3,1}b_{1}^{*}= \begin{bmatrix}3\\5\\6\end{bmatrix}- \frac{14}{3}\begin{bmatrix}1\\1\\1\end{bmatrix}=\begin{bmatrix}\frac{-5}{3}\\\frac{1}{3}\\\frac{4}{3}\end{bmatrix}</math>
| |
| | |
| and <math>\mu_{3,2}= \frac{\langle b_{3}, b_{2}^{*} \rangle}{B_{2}}=
| |
| \frac{\begin{bmatrix}3\\5\\6\end{bmatrix} \begin{bmatrix}\frac{-4}{3}\\\frac{-1}{3}\\\frac{5}{3}\end{bmatrix}}{\frac{14}{3}}=\frac{13}{14}(> \frac{1}{2})</math>
| |
| | |
| hence <math>b_{3}^{*}= b_{3}^{*}- \mu_{3,2}b_{2}^{*}= \begin{bmatrix}\frac{-5}{3}\\\frac{1}{3}\\\frac{4}{3}\end{bmatrix}- \frac{13}{14}\begin{bmatrix}\frac{-4}{3}\\\frac{-1}{3}\\\frac{5}{3}\end{bmatrix}=\begin{bmatrix}\frac{-18}{42}\\\frac{27}{42}\\\frac{-9}{42}\end{bmatrix}= \begin{bmatrix}\frac{-6}{14}\\\frac{9}{14}\\\frac{-3}{14}\end{bmatrix}</math> and
| |
| | |
| <math>B_{3}= \langle b_{3}^{*}, b_{3}^{*} \rangle =
| |
| \begin{bmatrix}\frac{-6}{14}\\\frac{9}{14}\\\frac{-3}{14}\end{bmatrix} \begin{bmatrix}\frac{-6}{14}\\\frac{9}{14}\\\frac{-3}{14}\end{bmatrix}= \frac{126}{196}= \frac{9}{14}</math>
| |
| | |
| 6.While <math>k \leq 3</math> DO
| |
| | |
| 6.1 Length reduce <math>b_{3} </math> and correct <math>\mu_{3,1}</math> and <math>\mu_{3,2}</math> according to reduction subroutine in step 4:
| |
| | |
| For <math>\mid \mu_{3,1}\mid >\frac{1}{2}</math> EXECUTE reduction subroutine RED(3,1):
| |
| | |
| i.<math>r = \lfloor 0.5 + \mu_{3,l} \rfloor =5</math> and <math>b_{3} = b_{3}- 5b_{1}= \begin{bmatrix}3\\5\\6\end{bmatrix}- \begin{bmatrix}5\\5\\5\end{bmatrix}=\begin{bmatrix}-2\\0\\1\end{bmatrix} </math>
| |
| | |
| ii.<math> \mu_{3,1}= \mu_{3,l} - r\mu_{1,1} = \frac{-1}{3}(< \frac{1}{2}) </math>
| |
| | |
| iii.Set <math>\mu_{3,1}= \mu_{3,1} - r= \frac{14}{3}-5= \frac{-1}{3}</math>
| |
| | |
| For <math>\mid \mu_{3,2}\mid >\frac{1}{2}</math> EXECUTE reduction subroutine RED(3,2):
| |
| | |
| i.<math>r = \lfloor 0.5 + \mu_{3,2} \rfloor =1</math> and <math>b_{3} = b_{3}- b_{2}= \begin{bmatrix}3\\5\\6\end{bmatrix}- \begin{bmatrix}-1\\0\\2\end{bmatrix}=\begin{bmatrix}4\\5\\4\end{bmatrix} </math>
| |
| | |
| ii.Set <math>\mu_{3,2}= \mu_{3,2} - r\mu_{2,2}= \frac{13}{14}-1= \frac{-1}{14}</math>
| |
| | |
| iii.<math> \mu_{3,2}= \mu_{3,2} - 1 = \frac{-1}{14}(< \frac{1}{2}) </math>
| |
| | |
| 6.2 As <math> B_{3} < (\frac{3}{4}- \mu_{3,2}^2)B_{2} </math> takes place, then
| |
| | |
| 6.2.1 Exchange <math>b_{3}</math> and <math>b_{2}</math>
| |
| | |
| 6.2.2 <math>k</math>:= 2
| |
| | |
| Apply a SWAP, continue algorithm with the lattice basis, which is given by columns
| |
| | |
| :<math>
| |
| \begin{bmatrix}
| |
| 1 & 4& -1\\
| |
| 1 & 5 & 0\\
| |
| 1 & 4 & 2
| |
| \end{bmatrix}
| |
| </math>
| |
| Implement the algorithm steps again.
| |
| 1.<math>b_{1}^{*}= b_{1}=
| |
| \begin{bmatrix}1\\1\\1\end{bmatrix},B_{1}= 3</math>
| |
| | |
| 2. <math>\mu_{2,1}= \frac{\langle b_{2}, b_{1}^{*} \rangle}{B_{1}}=
| |
| \frac{\begin{bmatrix}4\\5\\4\end{bmatrix} \begin{bmatrix}1\\1\\1\end{bmatrix}}{3}=\frac{13}{3}(>\frac{1}{2})</math>
| |
| | |
| 3.<math>b_{2}^{*}= b_{2}- \mu_{2,1}b_{1}^{*}= \begin{bmatrix}4\\5\\4\end{bmatrix}- \frac{13}{3}\begin{bmatrix}1\\1\\1\end{bmatrix}=\begin{bmatrix}\frac{-1}{3}\\\frac{2}{3}\\\frac{-1}{3}\end{bmatrix}</math>.
| |
| | |
| 4.<math>B_{2}= \langle b_{2}^{*}, b_{2}^{*} \rangle = \frac{2}{3}</math>.
| |
| | |
| 5.For <math>\mid \mu_{2,1}\mid >\frac{1}{2}</math> EXECUTE reduction subroutine RED(2,1):
| |
| | |
| i.<math>r = \lfloor 0.5 + \mu_{2,l} \rfloor =4</math> and <math>b_{2} = b_{2}- 4b_{1}= \begin{bmatrix}4\\5\\4\end{bmatrix}- \begin{bmatrix}4\\4\\4\end{bmatrix}=\begin{bmatrix}0\\1\\0\end{bmatrix} </math>
| |
| | |
| ii.Set <math>\mu_{2,1}= \mu_{2,1} - 4\mu_{1,1}= \frac{13}{3}- 4= \frac{1}{3}(< \frac{1}{2})</math>
| |
| | |
| 6. As <math> B_{2} < (\frac{3}{4}- \mu_{2,1}^2)B_{1} </math> takes place, then
| |
| | |
| 7. Exchange <math>b_{2}</math> and <math>b_{1}</math>
| |
| | |
| OUTPUT: LLL reduced basis
| |
| :<math>
| |
| \begin{bmatrix}
| |
| 0 & 1& -1\\
| |
| 1 & 0 & 0\\
| |
| 0 & 1 & 2
| |
| \end{bmatrix}
| |
| </math>
| |
| | |
| ==Applications==
| |
| The LLL algorithm has found numerous other applications in [[MIMO]] detection algorithms and cryptanalysis of [[public-key encryption]] schemes: [[Naccache-Stern knapsack cryptosystem|knapsack cryptosystems]], [[RSA (algorithm)|RSA]] with particular settings, [[NTRUEncrypt]], and so forth. The algorithm can be used to find integer solutions to many problems.<ref>{{Cite journal|author=D. Simon |title=Selected applications of LLL in number theory |journal=LLL+25 Conference |year=2007 |place=Caen, France |url=http://www.math.unicaen.fr/~simon/maths/lll25_Simon.pdf}}</ref>
| |
| | |
| In particular, the LLL algorithm forms a core of one of the [[integer relation algorithm]]s. For example, if it is believed that ''r''=1.618034 is a (slightly rounded) [[Root of a function|root]] to a [[quadratic equation]] with integer coefficients, one may apply the LLL reduction to the lattice in <math>R^4</math> spanned by <math>[1,0,0,10000r^2], [0,1,0,10000r],</math> and <math>[0,0,1,10000]</math>. The first vector in the reduced basis will be an integer [[linear combination]] of these three, thus necessarily of the form <math>[a,b,c,10000(ar^2+br+c)]</math>; but such a vector is "short" only if ''a'', ''b'', ''c'' are small and <math>ar^2+br+c</math> is even smaller. Thus the first three entries of this short vector are likely to be the coefficients of the integral quadratic [[polynomial]] which has ''r'' as a root. In this example the LLL algorithm finds the shortest vector to be [1, -1, -1, 0.00025] and indeed <math>x^2-x-1</math> has a root equal to 1.6180339887…[[Golden ratio|(The Golden Ratio)]]
| |
| | |
| ==Implementations==
| |
| LLL is implemented in
| |
| *[http://www.arageli.org/ Arageli] as the function ''lll_reduction_int''
| |
| *[http://perso.ens-lyon.fr/damien.stehle fpLLL] as a stand-alone implementation
| |
| *[[GAP computer algebra system|GAP]] as the function ''LLLReducedBasis''
| |
| *[http://www.informatik.tu-darmstadt.de/TI/LiDIA/ LiDIA] as the function/method ''lll'' in the ''LT'' package
| |
| *[[Macaulay2]] as the function ''LLL'' in the package ''LLLBases''
| |
| *[[Magma computer algebra system|Magma]] as the functions ''LLL'' and ''LLLGram'' (taking a gram matrix)
| |
| *[[Maple computer algebra system|Maple]] as the function ''IntegerRelations[LLL]''
| |
| *[[Mathematica]] as the function ''LatticeReduce''
| |
| *[http://shoup.net/ntl Number Theory Library (NTL)] as the function ''LLL''
| |
| *[[PARI/GP]] as the function ''qflll''
| |
| *[[Software for Algebra and Geometry Experimentation|Sage]] as the method ''LLL'' driven by fpLLL and NTL
| |
| | |
| ==See also==
| |
| *[[Coppersmith method]]
| |
| | |
| ==Notes==
| |
| {{Reflist}}
| |
| | |
| ==References==
| |
| * {{cite journal|first1=Huguette |last1=Napias
| |
| |title=A generalizaion of the LLL algorithm over euclidean rings or orders
| |
| |journal=J. The. Nombr. Bordeaux
| |
| |volume=8
| |
| |number=2
| |
| |year=1996
| |
| |pages=387–396
| |
| |url=http://www.numdam.org/item?id=JTNB_1996__8_2_387_0
| |
| }}
| |
| * {{Cite book|last=Cohen|first=Henri|title=A course in computational algebraic number theory|publisher=Springer|year=2000|series=GTM|volume=138|ref=harv|isbn=3-540-55640-0}}
| |
| * {{Cite book| last=Borwein | first=Peter | author-link=Peter Borwein | title=Computational Excursions in Analysis and Number Theory | isbn=0-387-95444-9 | year=2002}}
| |
| * {{cite journal|first1=Franklin T. |last1=Luk| first2=Sanzheng |last2=Qiao|title=A pivoted LLL algorithm|journal=Lin. Alg. Appl. |year=2011
| |
| |volume=434
| |
| |doi=10.1016/j.laa.2010.04.003
| |
| |pages=2296–2307
| |
| }}
| |
| | |
| {{Use dmy dates|date=September 2010}}
| |
| | |
| {{DEFAULTSORT:Lenstra-Lenstra-Lovasz Lattice Basis Reduction Algorithm}}
| |
| [[Category:Theory of cryptography]]
| |
| [[Category:Computational number theory]]
| |
| [[Category:Lattice points]]
| |