Certified lattice reduction

Quadratic form reduction and lattice reduction are fundamental tools in computational number theory and in computer science, especially in cryptography. The celebrated Lenstra-Lenstra-Lov\'asz reduction algorithm (so-called LLL) has been improved in many ways through the past decades and remains one of the central methods used for reducing integral lattice basis. In particular, its floating-point variants-where the rational arithmetic required by Gram-Schmidt orthogonalization is replaced by floating-point arithmetic-are now the fastest known. However, the systematic study of the reduction theory of real quadratic forms or, more generally, of real lattices is not widely represented in the literature. When the problem arises, the lattice is usually replaced by an integral approximation of (a multiple of) the original lattice, which is then reduced. While practically useful and proven in some special cases, this method doesn't offer any guarantee of success in general. In this work, we present an adaptive-precision version of a generalized LLL algorithm that covers this case in all generality. In particular, we replace floating-point arithmetic by Interval Arithmetic to certify the behavior of the algorithm. We conclude by giving a typical application of the result in algebraic number theory for the reduction of ideal lattices in number fields.Comment: 23 page

Cosmos greenstone terrane: Insights into an Archaean volcanic arc, associated with komatiite-hosted nickel sulphide mineralisation, from U-Pb dating, volcanic stratigraphy and geochemistry

The Neoarchaean Agnew-Wiluna greenstone belt (AWB) of the Kalgoorlie Terrane, within the Eastern Goldfields Superterrane (EGS) of the Yilgarn Craton, Western Australia, contains several world-class, komatiite-hosted, nickel-sulphide ore bodies. These are commonly associated with felsic volcanic successions, many of which are considered to have a tonalite-trondhjemite-dacite (TTD) affinity. The Cosmos greenstone sequence lies on the western edge of the AWB and this previously unstudied mineralised volcanic succession contrasts markedly in age, geochemistry, emplacement mechanisms and probable tectonic setting to that of the majority of the AWB and wider EGS. Detailed subsurface mapping has shown that the footwall to the Cosmos mineralised ultramafic sequence consists of an intricate succession of both fragmental and coherent extrusive lithologies, ranging from basaltic andesites through to rhyolites, plus later-formed felsic and basaltic intrusions. The occurrence of thick sequences of amygdaloidal intermediate lavas intercalated with extensive sequences of dacite lapilli tuff, coupled with the absence of marine sediments or hydrovolcanic products, indicates the succession was formed in a subaerial environment. Chemical composition of the non-ultramafic lithologies is typified by a high-K calc-alkaline to shoshonite signature, indicative of formation in a volcanic arc setting. Assimilation-fractional crystallisation modelling has shown that at least two compositionally distinct sources must be invoked to explain the observed basaltic andesite to rhyolite magma suite. High resolution U-Pb dating of several units within the succession underpins stratigraphic relationships established in the field and indicates that the emplacement of the Cosmos succession took place between ~2736 Ma and ~2653 Ma, making it significantly older and longer-lived than most other greenstone successions within the Kalgoorlie Terrane. Extrusive periodic volcanism spanned ~50 Myrs with three cycles of bimodal intermediate/felsic and ultramafic volcanism occurring between ~2736 Ma and ~2685 Ma. Periodic intrusive activity, related to the local granite plutonism, lasted for a further ~32 Myrs or until ~2653 Ma. The Cosmos succession either represents a separate, older terrane in its own right or it has an autochthonous relationship with the AWB but volcanism initiated much earlier in this region than currently considered. Dating of the Cosmos succession has demonstrated that high-resolution geochronology within individual greenstone successions can be achieved and provides more robust platforms for interpreting the evolution of ancient mineralised volcanic successions. The geochemical affinity of the Cosmos succession indicates a subduction zone was operating in the Kalgoorlie Terrane by ~2736 Ma, much earlier than considered in current regional geodynamic models. The Cosmos volcanic succession provides further evidence that plate tectonics was in operation during the Neoarchaean, contrary to some recently proposed tectonic models

Fully homomorphic encryption modulo Fermat numbers

In this paper, we recast state-of-the-art constructions for fully homomorphic encryption in the simple language of arithmetic modulo large Fermat numbers. The techniques used to construct our scheme are quite standard in the realm of (R)LWE based cryptosystems. However, the use of arithmetic in such a simple ring greatly simplifies exposition of the scheme and makes its implementation much easier. In terms of performance, our test implementation of the proposed scheme is slower than the current speed records but remains within a comparable range. We hope that the detailed study of our simplified scheme by the community can make it competitive and provide new insights into FHE constructions at large

New Complexity Trade-Offs for the (Multiple) Number Field Sieve Algorithm in Non-Prime Fields

The selection of polynomials to represent number fields crucially determines the efficiency of the Number Field Sieve (NFS) algorithm for solving the discrete logarithm in a finite field. An important recent work due to Barbulescu et al. builds upon existing works to propose two new methods for polynomial selection when the target field is a non-prime field. These methods are called the generalised Joux-Lercier (GJL) and the Conjugation methods. In this work, we propose a new method (which we denote as $\mathcal{A}$) for polynomial selection for the NFS algorithm in fields $\mathbb{F}_{Q}$, with $Q=p^n$ and $n>1$. The new method both subsumes and generalises the GJL and the Conjugation methods and provides new trade-offs for both $n$ composite and $n$ prime. Let us denote the variant of the (multiple) NFS algorithm using the polynomial selection method ``{X} by (M)NFS-{X}. Asymptotic analysis is performed for both the NFS-$\mathcal{A}$ and the MNFS-$\mathcal{A}$ algorithms. In particular, when $p=L_Q(2/3,c_p)$, for $c_p\in [3.39,20.91]$, the complexity of NFS-$\mathcal{A}$ is better than the complexities of all previous algorithms whether classical or MNFS. The MNFS-$\mathcal{A}$ algorithm provides lower complexity compared to NFS-$\mathcal{A}$ algorithm; for $c_p\in (0, 1.12] \cup [1.45,3.15]$, the complexity of MNFS-$\mathcal{A}$ is the same as that of the MNFS-Conjugation and for $c_p\notin (0, 1.12] \cup [1.45,3.15]$, the complexity of MNFS-$\mathcal{A}$ is lower than that of all previous methods

A General Polynomial Selection Method and New Asymptotic Complexities for the Tower Number Field Sieve Algorithm

In a recent work, Kim and Barbulescu had extended the tower number field sieve algorithm to obtain improved asymptotic complexities in the medium prime case for the discrete logarithm problem on $\mathbb{F}_{p^n}$ where $n$ is not a prime power. Their method does not work when $n$ is a composite prime power. For this case, we obtain new asymptotic complexities, e.g., $L_{p^n}(1/3,(64/9)^{1/3})$ (resp. $L_{p^n}(1/3,1.88)$ for the multiple number field variation) when $n$ is composite and a power of 2; the previously best known complexity for this case is $L_{p^n}(1/3,(96/9)^{1/3})$ (resp. $L_{p^n}(1/3,2.12)$). These complexities may have consequences to the selection of key sizes for pairing based cryptography. The new complexities are achieved through a general polynomial selection method. This method, which we call Algorithm-$\mathcal{C}$, extends a previous polynomial selection method proposed at Eurocrypt 2016 to the tower number field case. As special cases, it is possible to obtain the generalised Joux-Lercier and the Conjugation method of polynomial selection proposed at Eurocrypt 2015 and the extension of these methods to the tower number field scenario by Kim and Barbulescu. A thorough analysis of the new algorithm is carried out in both concrete and asymptotic terms

Classical and Quantum Algorithms for Variants of Subset-Sum via Dynamic Programming

Subset-Sum is an NP-complete problem where one must decide if a multiset of n integers contains a subset whose elements sum to a target value m. The best known classical and quantum algorithms run in time O?(2^{n/2}) and O?(2^{n/3}), respectively, based on the well-known meet-in-the-middle technique. Here we introduce a novel classical dynamic-programming-based data structure with applications to Subset-Sum and a number of variants, including Equal-Sums (where one seeks two disjoint subsets with the same sum), 2-Subset-Sum (a relaxed version of Subset-Sum where each item in the input set can be used twice in the summation), and Shifted-Sums, a generalization of both of these variants, where one seeks two disjoint subsets whose sums differ by some specified value. Given any modulus p, our data structure can be constructed in time O(np), after which queries can be made in time O(n) to the lists of subsets summing to any value modulo p. We use this data structure in combination with variable-time amplitude amplification and a new quantum pair finding algorithm, extending the quantum claw finding algorithm to the multiple solutions case, to give an O(2^{0.504n}) quantum algorithm for Shifted-Sums. This provides a notable improvement on the best known O(2^{0.773n}) classical running time established by Mucha et al. [Mucha et al., 2019]. We also study Pigeonhole Equal-Sums, a variant of Equal-Sums where the existence of a solution is guaranteed by the pigeonhole principle. For this problem we give faster classical and quantum algorithms with running time O?(2^{n/2}) and O?(2^{2n/5}), respectively