Lattice based extended formulations for integer linear equality systems

We study different extended formulations for the set $X = \{x\in\mathbb{Z}^n \mid Ax = Ax^0\}$ in order to tackle the feasibility problem for the set $X_+=X \cap \mathbb{Z}^n_+$. Here the goal is not to find an improved polyhedral relaxation of conv$(X_+)$, but rather to reformulate in such a way that the new variables introduced provide good branching directions, and in certain circumstances permit one to deduce rapidly that the instance is infeasible. For the case that $A$ has one row $a$ we analyze the reformulations in more detail. In particular, we determine the integer width of the extended formulations in the direction of the last coordinate, and derive a lower bound on the Frobenius number of $a$. We also suggest how a decomposition of the vector $a$ can be obtained that will provide a useful extended formulation. Our theoretical results are accompanied by a small computational study.Comment: uses packages amsmath and amssym

Complexity of the Havas, Majewski, Matthews LLL Hermite Normal Form algorithm

We show that the integers in the HMM LLL HNF algorithm have bit length O(m.log(m.B)), where m is the number of rows and B is the maximum square length of a row of the input matrix. This is only a little worse than the estimate O(m.log(B)) in the LLL algorithm.Comment: 10 page

A Coefficient-Embedding Ideal Lattice can be Embedded into Infinitely Many Polynomial Rings

Many lattice-based crypstosystems employ ideal lattices for high efficiency. However, the additional algebraic structure of ideal lattices usually makes us worry about the security, and it is widely believed that the algebraic structure will help us solve the hard problems in ideal lattices more efficiently. In this paper, we study the additional algebraic structure of ideal lattices further and find that a given ideal lattice in some fixed polynomial ring can be embedded as an ideal in infinitely many different polynomial rings. We explicitly present all these polynomial rings for any given ideal lattice. The interesting phenomenon tells us that a single ideal lattice may have more abundant algebraic structures than we imagine, which will impact the security of corresponding crypstosystems. For example, it increases the difficulties to evaluate the security of crypstosystems based on ideal lattices, since it seems that we need consider all the polynomial rings that the given ideal lattices can be embedded into if we believe that the algebraic structure will contribute to solve the corresponding hard problem. It also inspires us a new method to solve the ideal lattice problems by embedding the given ideal lattice into another well-studied polynomial ring. As a by-product, we also introduce an efficient algorithm to identify if a given lattice is an ideal lattice or not

Lattice based extended formulations for integer linear equality systems

We study different extended formulations for the set $X = \{x \in Z^n \mid Ax = Ax^0\} in order to tackle the feasibility problem for the set$X^+ = X\cap Z^n_+$. Here the goal is not to find an improved polyhedral relaxation of conv$(X^+)$, but rather to reformulate in such a way that the new variables introduced provide good branching directions, and in certain circumstances permit one to deduce rapidly that the instance is infeasible. For the case that$A$has one row$a$we analyze the reformulations in more detail. In particular, we determine the integer width of the extended formulations in the direction of the last coordinate, and derive a lower bound on the Frobenius number of$a$. We also suggest how a decomposition of the vector$a$ can be obtained that will provide a useful extended formulation. Our theoretical results are accompanied by a small computational study

Finding Short Vectors in Structured Lattices with Reduced Quantum Resources

Leading protocols of post-quantum cryptosystems are based on the mathematical problem of finding short vectors in structured lattices. It is assumed that the structure of these lattices does not give an advantage for quantum and classical algorithms attempting to find short vectors. In this work we focus on cyclic and nega-cyclic lattices and give a quantum algorithmic framework of how to exploit the symmetries underlying these lattices. This framework leads to a significant saving in the quantum resources (e.g. qubits count and circuit depth) required for implementing a quantum algorithm attempting to find short vectors. We benchmark the proposed framework with the variational quantum eigensolver, and show that it leads to better results while reducing the qubits count and the circuit depth. The framework is also applicable to classical algorithms aimed at finding short vectors in structured lattices, and in this regard it could be seen as a quantum-inspired approach

Certified lattice reduction

Quadratic form reduction and lattice reduction are fundamental tools in computational number theory and in computer science, especially in cryptography. The celebrated Lenstra-Lenstra-Lov\'asz reduction algorithm (so-called LLL) has been improved in many ways through the past decades and remains one of the central methods used for reducing integral lattice basis. In particular, its floating-point variants-where the rational arithmetic required by Gram-Schmidt orthogonalization is replaced by floating-point arithmetic-are now the fastest known. However, the systematic study of the reduction theory of real quadratic forms or, more generally, of real lattices is not widely represented in the literature. When the problem arises, the lattice is usually replaced by an integral approximation of (a multiple of) the original lattice, which is then reduced. While practically useful and proven in some special cases, this method doesn't offer any guarantee of success in general. In this work, we present an adaptive-precision version of a generalized LLL algorithm that covers this case in all generality. In particular, we replace floating-point arithmetic by Interval Arithmetic to certify the behavior of the algorithm. We conclude by giving a typical application of the result in algebraic number theory for the reduction of ideal lattices in number fields.Comment: 23 page

Genetic Algorithms for the Extended GCD Problem

We present several genetic algorithms for solving the extended greatest common divisor problem. After defining the problem and discussing previous work, we will state our results

Computing a Basis for an Integer Lattice

The extended gcd problem takes as input two integers, and asks as output an integer linear combination of the integers that are equal to their gcd. The classical extended Euclidean algorithm and fast variants such as the half-gcd algorithm give efficient algorithmic solutions. In this thesis, we give a fast algorithm to solve the simplest — but not trivial — extension of the scalar extended gcd problem on two integers to the case of integer input matrices. Given a full column rank (n + 1) × n integer matrix A, we present an algorithm that produces a square nonsingular integer matrix B such that the lattice generated by the rows of B — the set of all integer linear combinations of the rows of B — is equal to the lattice generated by the rows of A. The magnitude of entries in the basis B are guaranteed to be not much larger than those of the input matrix A. The cost of our algorithm to produce B is about the same as that required to multiply together two square integer matrices of dimension n and with the size of entries about that of the input matrix. This running time bound improves by about a factor of n on the fastest previously known algorithm