Low-Dimensional Lattice Basis Reduction Revisited
Phong Q. Nguyen and Damien Stehlé
Abstract: Most of the interesting algorithmic problems in the geometry
of numbers are NP-hard as the lattice dimension increases. This
article deals with the low-dimensional case. We study a greedy
lattice basis reduction algorithm for the Euclidean norm, which is
arguably the most natural lattice basis reduction algorithm, because
it is a straightforward generalization of the well-known
two-dimensional Gaussian algorithm. Our results are two-fold. From a
mathematical point of view, we show that up to dimension four, the
output of the greedy algorithm is optimal: the output basis reaches
all the successive minima of the lattice. However, as soon as the
lattice dimension is strictly higher than four, the output basis may
not even reach the first minimum. More importantly, from a
computational point of view, we show that up to dimension four, the
bit-complexity of the greedy algorithm is quadratic without fast
integer arithmetic: this allows to compute various lattice problems
(e.g., computing a Minkowski-reduced basis and a closest vector) in
quadratic time, without fast integer arithmetic, up to dimension four,
while all other algorithms known for such problems have a
bit-complexity which is at least cubic. This was already proved by
Semaev up to dimension three using rather technical means, but it was
previously unknown whether or not the algorithm was still polynomial
in dimension four. Our analysis, based on geometric properties of
low-dimensional lattices and in particular Voronoi cells, arguably
simplifies Semaev's analysis in dimensions two and three, unifies the
cases of dimensions two, three and four, but breaks down in dimension
five.
ACM TALG version (full version):
pdf © ACM.
Homepage