Markov Chain Monte Carlo Algorithms for Lattice Gaussian Sampling

Sampling from a lattice Gaussian distribution is emerging as an important problem in various areas such as coding and cryptography. The default sampling algorithm --- Klein's algorithm yields a distribution close to the lattice Gaussian only if the standard deviation is sufficiently large. In this paper, we propose the Markov chain Monte Carlo (MCMC) method for lattice Gaussian sampling when this condition is not satisfied. In particular, we present a sampling algorithm based on Gibbs sampling, which converges to the target lattice Gaussian distribution for any value of the standard deviation. To improve the convergence rate, a more efficient algorithm referred to as Gibbs-Klein sampling is proposed, which samples block by block using Klein's algorithm. We show that Gibbs-Klein sampling yields a distribution close to the target lattice Gaussian, under a less stringent condition than that of the original Klein algorithm.Comment: 5 pages, 1 figure, IEEE International Symposium on Information Theory(ISIT) 201

Time- and Space-Efficient Evaluation of Some Hypergeometric Constants

The currently best known algorithms for the numerical evaluation of hypergeometric constants such as $\zeta(3)$ to $d$ decimal digits have time complexity $O(M(d) \log^2 d)$ and space complexity of $O(d \log d)$ or $O(d)$. Following work from Cheng, Gergel, Kim and Zima, we present a new algorithm with the same asymptotic complexity, but more efficient in practice. Our implementation of this algorithm improves slightly over existing programs for the computation of $\pi$, and we announce a new record of 2 billion digits for $\zeta(3)$

Doctorates and the Berlin declaration

K. Doevendans, S. Hanrot 2003. Doctorates and the Berlin Declaration.USO-Built Report Series 2:11-17. The Berlin declaration of September 2003 hasplaced education for a doctorate even more strongly in the Bologna Process. This is also the case in domains, such as architecture, where the different countries of Europe are at variance as to the presence and content of such a degree. The meaning of this development for joint supervision and joint degrees within USO-Built summarizes the content of this chapter

Worst-Case Hermite-Korkine-Zolotarev Reduced Lattice Bases

The Hermite-Korkine-Zolotarev reduction plays a central role in strong lattice reduction algorithms. By building upon a technique introduced by Ajtai, we show the existence of Hermite-Korkine-Zolotarev reduced bases that are arguably least reduced. We prove that for such bases, Kannan's algorithm solving the shortest lattice vector problem requires d^{\frac{d}{2\e}(1+o(1))} bit operations in dimension $d$. This matches the best complexity upper bound known for this algorithm. These bases also provide lower bounds on Schnorr's constants $\alpha_d$ and $\beta_d$ that are essentially equal to the best upper bounds. Finally, we also show the existence of particularly bad bases for Schnorr's hierarchy of reductions

Accelerating the CM method

Given a prime q and a negative discriminant D, the CM method constructs an elliptic curve E/\Fq by obtaining a root of the Hilbert class polynomial H_D(X) modulo q. We consider an approach based on a decomposition of the ring class field defined by H_D, which we adapt to a CRT setting. This yields two algorithms, each of which obtains a root of H_D mod q without necessarily computing any of its coefficients. Heuristically, our approach uses asymptotically less time and space than the standard CM method for almost all D. Under the GRH, and reasonable assumptions about the size of log q relative to |D|, we achieve a space complexity of O((m+n)log q) bits, where mn=h(D), which may be as small as O(|D|^(1/4)log q). The practical efficiency of the algorithms is demonstrated using |D| > 10^16 and q ~ 2^256, and also |D| > 10^15 and q ~ 2^33220. These examples are both an order of magnitude larger than the best previous results obtained with the CM method.Comment: 36 pages, minor edits, to appear in the LMS Journal of Computation and Mathematic

A long note on Mulders' short product

The short product of two power series is the meaningful part of the product of these objects, i.e., _i+j < n a_ib_j x^i+j. In , Mulders gives an algorithm to compute a short product faster than the full product in the case of Karatsuba's multiplication . This algorithm work by selecting a cutoff point k and performing a full kk product and two (n-k)(n-k) short products recursively. Mulders also gives an heuristically optimal cutoff point n. In this paper, we determine the optimal cutoff point in Mulders' algorithm. We also give a slightly more general description of Mulders' method

Floating-Point L2L^2-Approximations

International audienceComputing good polynomial approximations to usual functions is an important topic for the computer evaluation of those functions. These approximations can be good under several criteria, the most desirable being probably that the relative error is as small as possible in the $L^{\infty}$ sense, i.e. everywhere on the interval under study. In the present paper, we investigate a simpler criterion, the $L^2$ case. Though finding a best polynomial $L^2$-approximation with real coefficients is quite easy, we show that if the coefficients are restricted to be floating point numbers to some precision, the problem becomes a general instance of the CVP problem, and hence is NP-hard. We investigate the practical behaviour of exact and approximate algorithms for this problem. The conclusion is that it is possible in a short amount of time to obtain a relative or absolute best $L^2$-approximation. The main applications are for large dimension, as a preliminary step of finding $L^{\infty}$-approximations and for functions with large variations, for which relative best approximation is by far more interesting than absolute

Proceedings of the 7th Conference on Real Numbers and Computers (RNC'7)

These are the proceedings of RNC7

Fabrique d’une icône : La Madone de Bentalha. Entretien avec Juliette Hanrot

Dans la nuit du 22 au 23 septembre 1997, un massacre de civils est perpétré par une centaine d’hommes à Bentalha, à une trentaine de kilomètres d’Alger. Le lendemain, un photographe algérien travaillant pour l’AFP, Hocine Zaourar, qui s’est rendu dans l’hôpital qui avait accueilli les victimes, saisit l’expression de douleur d’une femme. Cette image fait immédiatement la une de plus de 750 journaux dans le monde. Un tel retentissement s’explique par la force dramatique de la photo, mais surtout par son analogie frappante avec l’iconographie chrétienne de la douleur. C’est cette photo, baptisée par la presse Madone de Bentalha, qu’analyse l’ouvrage de Juliette Hanrot, La Madone de Bentalha. Histoire d’une photographie, en en déployant les multiples niveaux de signification tant sur le plan de l’histoire immédiate et des effets médiatiques que sur le plan de ses résonnances culturelles et anthropologiques. Dans l’entretien qu’elle a accordé à Dominique Clévenot, Juliette Hanrot revient sur la fabrique de cette icône pour interroger la relation que l’image de presse entretient avec le contexte historique de l’événement qu’elle relate, mais aussi avec l’imaginaire du public qui la reçoit