Korkine–Zolotarev Lattice Basis Reduction Algorithm
   HOME

TheInfoList



Click Here for Items Related To - Korkine–Zolotarev Lattice Basis Reduction Algorithm
OR:
Korkine–Zolotarev Lattice Basis Reduction Algorithm on:   [Wikipedia]   [Google]   [Amazon]

The Korkine–Zolotarev (KZ) lattice basis reduction algorithm or Hermite-Korkine–Zolotarev (HKZ) algorithm is a
lattice reduction In mathematics, the goal of lattice basis reduction is to find a basis with short, nearly orthogonal vectors when given an integer lattice basis as input. This is realized using different algorithms, whose running time is usually at least expone ...
algorithm In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific problems or to perform a computation. Algorithms are used as specifications for performing ...
. For lattices in \mathbb^n it yields a lattice basis with orthogonality defect at most n^n, unlike the 2^ bound of the LLL reduction. KZ has exponential complexity versus the polynomial complexity of the LLL reduction algorithm, however it may still be preferred for solving sequences of Closest Vector Problems (CVPs) in a lattice, where it can be more efficient.


History

The definition of a KZ-reduced basis was given by A. Korkine and G. Zolotareff in 1877, a strengthened version of Hermite reduction. The first algorithm for constructing a KZ-reduced basis was given in 1983 by Kannan. The Block Korkine-Zolotarev (BKZ) algorithm was introduced in 1987.


Definition

A KZ-reduced basis for a lattice is defined as follows:Micciancio & Goldwasser, p.133, definition 7.8 Given a
basis Basis may refer to: Finance and accounting *Adjusted basis, the net cost of an asset after adjusting for various tax-related items *Basis point, 0.01%, often used in the context of interest rates * Basis trading, a trading strategy consisting o ...
:\mathbf=\, define its
Gram–Schmidt process In mathematics, particularly linear algebra and numerical analysis, the Gram–Schmidt process is a method for orthonormalizing a set of vectors in an inner product space, most commonly the Euclidean space equipped with the standard inner prod ...
orthogonal basis :\mathbf^*=\, and the Gram-Schmidt coefficients :\mu_=\frac, for any 1 \le j < i \le n. Also define projection functions :\pi_i(\mathbf) = \sum_ \frac \mathbf^*_j which project \mathbf orthogonally onto the span of \mathbf^*_i, \cdots, \mathbf^*_n. Then the basis B is KZ-reduced if the following holds: # \mathbf^*_i is the shortest nonzero vector in \pi_i(\mathcal(\mathbf)) # For all j < i, \left, \mu_\ \leq 1/2 Note that the first condition can be reformulated recursively as stating that \mathbf_1 is a shortest vector in the lattice, and \ is a KZ-reduced basis for the lattice \pi_2(\mathcal(\mathbf)). Also note that the second condition guarantees that the reduced basis is length-reduced (adding an integer multiple of one basis vector to another will not decrease its length); the same condition is used in the LLL reduction.


Notes


References

* * * * * {{DEFAULTSORT:Korkine-Zolotarev lattice basis reduction algorithm Theory of cryptography Computational number theory Lattice points