Gradual sub-lattice reduction and a new complexity for factoring polynomials

We present a lattice algorithm specifically designed for some classical applications of lattice reduction. The applications are for lattice bases with a generalized knapsack-type structure, where the target vectors are boundably short. For such applications, the complexity of the algorithm improves traditional lattice reduction by replacing some dependence on the bit-length of the input vectors by some dependence on the bound for the output vectors. If the bit-length of the target vectors is unrelated to the bit-length of the input, then our algorithm is only linear in the bit-length of the input entries, which is an improvement over the quadratic complexity floating-point LLL algorithms. To illustrate the usefulness of this algorithm we show that a direct application to factoring univariate polynomials over the integers leads to the first complexity bound improvement since 1984. A second application is algebraic number reconstruction, where a new complexity bound is obtained as well

The quark mass gap in strong magnetic fields

Quarks in strong magnetic fields (|eB|>>Lambda_QCD^2 ~ 0.04 GeV^2) acquire enhanced infrared phase space proportional to |eB|. Accordingly they provide larger chiral condensates and stronger backreactions to the gluon dynamics. Confronting theories with lattice data at various values of |eB|, one can test theoretical ideas as well as validity of various approximations, domain of applicability of the effective models, and so on. The particularly interesting findings on the lattice are inverse magnetic catalysis and linear growth of the chiral condensate as a function of |eB|, which pose theoretical challenges. In this talk we propose a scenario to explain both phenomena, claiming that the quark mass gap should stay at around ~ Lambda_QCD, instead of ~|eB|^{1/2} which has been supposed from dimensional arguments and/or effective model calculations. The contrast between infrared and ultraviolet behaviors of the interaction is a key ingredient to obtain the mass gap of ~Lambda_QCD.Comment: 4 pages, proceedings of the XXIV Quark Matter conference, May 19-24 2014, Darmstadt (Germany

LLL for ideal lattices re-evaluation of the security of Gentry-Halevi\u27s FHE scheme

The LLL algorithm, named after its inventors, Lenstra, Lenstra and Lovász, is one of themost popular lattice reduction algorithms in the literature. In this paper, we propose the first variant of LLL algorithm that is dedicated for ideal lattices, namely, the iLLL algorithm. Our iLLL algorithm takes advantage of the fact that within LLL procedures, previously reduced vectors can be re-used for further reductions. Using this method, we prove that the iLLL is at least as fast as the LLL algorithm, and it outputs a basis with the same quality. We also provide a heuristic approach that accelerates the re-use method. As a result, in practice, our algorithm can be approximately eight times faster than LLL algorithm for typical scenarios where lattice dimension is between 100 and 150. When applying our algorithm to the Gentry–Halevi’s fully homomorphic challenges, we are able to solve the toy challenge within 24 days using a 2.66GHz CPU, while with the classical LLL algorithm, it takes 32 days. Further, assuming a 4.0GHz CPU, we predict to reduce the basis in 15.7 years for the small challenges, while previous best prediction was 45 years

Easy scalar decompositions for efficient scalar multiplication on elliptic curves and genus 2 Jacobians

The first step in elliptic curve scalar multiplication algorithms based on scalar decompositions using efficient endomorphisms-including Gallant-Lambert-Vanstone (GLV) and Galbraith-Lin-Scott (GLS) multiplication, as well as higher-dimensional and higher-genus constructions-is to produce a short basis of a certain integer lattice involving the eigenvalues of the endomorphisms. The shorter the basis vectors, the shorter the decomposed scalar coefficients, and the faster the resulting scalar multiplication. Typically, knowledge of the eigenvalues allows us to write down a long basis, which we then reduce using the Euclidean algorithm, Gauss reduction, LLL, or even a more specialized algorithm. In this work, we use elementary facts about quadratic rings to immediately write down a short basis of the lattice for the GLV, GLS, GLV+GLS, and Q-curve constructions on elliptic curves, and for genus 2 real multiplication constructions. We do not pretend that this represents a significant optimization in scalar multiplication, since the lattice reduction step is always an offline precomputation---but it does give a better insight into the structure of scalar decompositions. In any case, it is always more convenient to use a ready-made short basis than it is to compute a new one