The Beauty and the Beasts—The Hard Cases in LLL Reduction

  • Saed AlsayighEmail author
  • Jintai Ding
  • Tsuyoshi Takagi
  • Yuntao Wang
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10418)


In this paper, we will systematically study who indeed are the hard lattice cases in LLL reduction. The “hard” cases here mean for their special geometric structures, with a comparatively high “failure probability” that LLL can not solve SVP even by using a powerful relaxation factor. We define the perfect lattice as the “Beauty”, which is given by basis of vectors of the same length with the mutual angles of any two vectors to be exactly \(60^{\circ }\). Simultaneously the “Beasts” lattice is defined as the lattice close to the Beauty lattice. There is a relatively high probability (e.g. 15.0% in 3 dimensions) that our “Beasts” bases can withstand the exact-arithmetic LLL reduction (relaxation factors \(\delta \) close to 1), comparing to the probability (corresponding <0.01%) when apply same LLL on random bases from TU Darmstadt SVP Challenge. Our theoretical proof gives us a direct explanation of this phenomenon. Moreover, we give rational Beauty bases of 3 and 8 dimensions, an irrational Beauty bases of general high dimensions. We also give a general way to construct Beasts lattice bases from the Beauty ones. Experimental results show the Beasts bases derived from Beauty can withstand LLL reduction by a stable probability even for high dimensions. Our work in a way gives a simple and direct way to explain how to build a hard lattice in LLL reduction.


Lattice LLL reduction Hard cases Post-Quantum Cryptography 


  1. 1.
    Akhavi, A.: Worst-case complexity of the optimal LLL algorithm. In: Gonnet, G.H., Viola, A. (eds.) LATIN 2000. LNCS, vol. 1776, pp. 355–366. Springer, Heidelberg (2000). doi: 10.1007/10719839_35 CrossRefGoogle Scholar
  2. 2.
    Akhavi, A.: The optimal LLL algorithm is still polynomial in fixed dimension. Theor. Comput. Sci. 297(1–3), 323 (2003)MathSciNetzbMATHGoogle Scholar
  3. 3.
    Bi, J., Coron, J.-S., Faugère, J.-C., Nguyen, P.Q., Renault, G., Zeitoun, R.: Rounding and chaining LLL: finding faster small roots of univariate polynomial congruences. In: Krawczyk, H. (ed.) PKC 2014. LNCS, vol. 8383, pp. 185–202. Springer, Heidelberg (2014). doi: 10.1007/978-3-642-54631-0_11 CrossRefGoogle Scholar
  4. 4.
    Goldstein, D., Mayer, A.: On the equidistribution of Hecke points. Forum Mathematicum 15(2), 165–189 (2003)MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Gama, N., Nguyen, P.Q.: Predicting lattice reduction. In: Smart, N. (ed.) EUROCRYPT 2008. LNCS, vol. 4965, pp. 31–51. Springer, Heidelberg (2008). doi: 10.1007/978-3-540-78967-3_3 CrossRefGoogle Scholar
  6. 6.
    Gama, N., Nguyen, P.Q., Regev, O.: Lattice enumeration using extreme pruning. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 257–278. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_13 CrossRefGoogle Scholar
  7. 7.
    Lagrange, L.: “Recherches d’arithmétique”. Nouv. Mém. Acad. (1773)Google Scholar
  8. 8.
    Luzzi, L., Othman, G.R., Belfiore, J.C.: Augmented lattice reduction for MIMO decoding. IEEE Trans. Wireless Commun. 9(9), 2853–2859 (2010)CrossRefGoogle Scholar
  9. 9.
    Lenstra, A.K., Lenstra Jr., H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)MathSciNetCrossRefzbMATHGoogle Scholar
  10. 10.
    Lyubashevsky, V., Peikert, C., Regev, O.: On ideal lattices and learning with errors over rings. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 1–23. Springer, Heidelberg (2010). doi: 10.1007/978-3-642-13190-5_1 CrossRefGoogle Scholar
  11. 11.
    Luzzi, L., Stehlé, D., Ling, C.: Decoding by embedding: correct decoding radius and DMT optimality. IEEE Trans. Inf. Theory 59(5), 2960–2973 (2013)MathSciNetCrossRefzbMATHGoogle Scholar
  12. 12.
    Magma computational algebra system.
  13. 13.
    Minkowski, H.: Geometrie der Zahlen (1910)Google Scholar
  14. 14.
    Nguyen, P.Q., Stehlé, D.: Low-dimensional lattice basis reduction revisited. ACM Trans. Algorithms 5(4) (2009)Google Scholar
  15. 15.
    Victor Shoup’s NTL library.
  16. 16.
    Nguyen, P.Q., Vallée, B. (eds.): The LLL Algorithm - Survey and Applications. Information Security and Cryptography. Springer, Berlin Heidelberg (2010)zbMATHGoogle Scholar
  17. 17.
    Regev, O.: On lattices, learning with errors, random linear codes, and cryptography. In: STOC 2005, pp. 84–93 (2005)Google Scholar
  18. 18.
    Semaev, I.: A 3-dimensional lattice reduction algorithm. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 181–193. Springer, Heidelberg (2001). doi: 10.1007/3-540-44670-2_13 CrossRefGoogle Scholar
  19. 19.
    Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(1–3), 181–199 (1994)MathSciNetCrossRefzbMATHGoogle Scholar
  20. 20.
    TU Darmstadt lattice challenge.

Copyright information

© Springer International Publishing AG 2017

Authors and Affiliations

  • Saed Alsayigh
    • 1
    Email author
  • Jintai Ding
    • 1
  • Tsuyoshi Takagi
    • 2
    • 3
  • Yuntao Wang
    • 4
  1. 1.Department of Mathematical SciencesUniversity of CincinnatiCincinnatiUSA
  2. 2.Institute of Mathematics for IndustryKyushu UniversityFukuokaJapan
  3. 3.CREST, Japan Science and Technology AgencyKawaguchiJapan
  4. 4.Graduate School of MathematicsKyushu UniversityFukuokaJapan

Personalised recommendations