Each function contains documentation and examples available via Julia's built-in documentation system, for example with `?lll`. Documentation @@ -71,8 +74,12 @@ y=H*u+rand(N)/100; uhat=cvp(Q'*y,R); sum(abs.(u-uhat)) ``` +
+In the first test we compare the `lll` function from LLLplus, the `l2avx` function in the `src\l2.jl` file in LLLplus, the @@ -115,20 +122,19 @@ BigFloat) as well as type from external packages (Float128 from [Quadmath.jl](https://github.com/JuliaMath/Quadmath.jl) and Double64 from [DoubleFloat.jl](https://github.com/JuliaMath/DoubleFloats.jl)) which are used to -generate 40 128x128 matrices, over which execution time for the +generate 60 16x16 matrices, over which execution time for the lattice reduction techniques is averaged. The vertical axis is a logarithmic representation of execution time as in the previous figure. This figure was generated using code in `test/perftest.jl`.  -### Notes +
+The algorithm pseudocode in a [survey paper by Wuebben](http://www.ant.uni-bremen.de/sixcms/media.php/102/10740/SPM_2011_Wuebben.pdf) and the [monograph by Bremner](https://www.amazon.com/Lattice-Basis-Reduction-Introduction-Applications/dp/1439807027) diff --git a/docs/src/assets/perfVsDataType.png b/docs/src/assets/perfVsDataType.png index ac3aa50..2cf5bf5 100644 Binary files a/docs/src/assets/perfVsDataType.png and b/docs/src/assets/perfVsDataType.png differ diff --git a/docs/src/functions.md b/docs/src/functions.md index 67e5b87..bd0dac1 100644 --- a/docs/src/functions.md +++ b/docs/src/functions.md @@ -21,7 +21,8 @@ end integerfeasibility rationalapprox spigotBBP - hard_sphere + hkz + ishkzreduced issizereduced islllreduced orthogonalitydefect diff --git a/docs/src/index.md b/docs/src/index.md index d2976b7..daacde0 100644 --- a/docs/src/index.md +++ b/docs/src/index.md @@ -4,27 +4,28 @@ CurrentModule = LLLplus ``` -LLLplus includes +LLLplus provides [Lenstra-Lenstra-Lovász](https://en.wikipedia.org/wiki/Lenstra%E2%80%93Lenstra%E2%80%93Lov%C3%A1sz_lattice_basis_reduction_algorithm) -(LLL), [Brun](https://en.wikipedia.org/wiki/Viggo_Brun), and Seysen -lattice reduction; and solvers for the +(LLL) lattice reduction, solvers for the [shortest vector problem](https://en.wikipedia.org/wiki/Lattice_problem#Shortest_vector_problem_(SVP)) (SVP) and the [closest vector problem](https://en.wikipedia.org/wiki/Lattice_problem#Closest_vector_problem_.28CVP.29) -(CVP). These tools are +(CVP), and related algorithms. These tools are used in cryptography, digital communication, and integer programming. This package is experimental and not a robust tool; use at your own risk :-) -LLL [1] lattice reduction is a powerful tool that is widely used in +LLL lattice reduction is a powerful tool that is widely used in cryptanalysis, in cryptographic system design, in digital communications, and to solve other integer problems. The historical and practical prominence of the LLL technique in lattice tools is the -reason for its use in the name "LLLplus". LLL reduction is -often used as an approximate solution to the SVP. -We also include Brun [2] and Seysen [3] -lattice reduction techniques. The LLL, Brun, and Seysen algorithms are -based on [4]. The CVP solver is based on [5] and can handle lattices -and bounded integer constellations while the SVP solver is based on [6]. +reason for its use in the name "LLLplus". LLL reduction is often used +as an approximate solution to the SVP. We also include +[Brun](https://archive.org/stream/skrifterutgitavv201chri#page/300/mode/2up) +integer relations, +[Seysen](http://link.springer.com/article/10.1007%2FBF01202355) +lattice reduction, and +[Hermite-Korkine-Zolotarev](http://www.cas.mcmaster.ca/~qiao/publications/ZQW11.pdf) +lattice reduction techniques. One application of lattice tools is in cryptanalysis; as an demo of a cryptanalytic attack, see the `subsetsum` function. The LLL algorithm @@ -115,7 +116,7 @@ BigFloat) as well as type from external packages (Float128 from [Quadmath.jl](https://github.com/JuliaMath/Quadmath.jl) and Double64 from [DoubleFloat.jl](https://github.com/JuliaMath/DoubleFloats.jl)) which are used to -generate 40 128x128 matrices, over which execution time for the +generate 60 16x16 matrices, over which execution time for the lattice reduction techniques is averaged. The vertical axis is a logarithmic representation of execution time as in the previous figure. This figure was generated using code in `test/perftest.jl`. @@ -124,14 +125,9 @@ figure. This figure was generated using code in `test/perftest.jl`. ### Notes -There are certainly many improvements and additions that could be made -to LLLplus. Even so, it would be hard to compete with -[fplll](https://github.com/fplll/fplll) on features. In fact, a Julia -wrapper around [fplll](https://github.com/fplll/fplll) would be the most -useful addition to lattice tools in Julia. - -The algorithm pseudocode in the monograph [7] and the survey paper [4] -were very helpful in writing the lattice reduction tools in LLLplus +The algorithm pseudocode in a [survey paper by Wuebben](http://www.ant.uni-bremen.de/sixcms/media.php/102/10740/SPM_2011_Wuebben.pdf) and the +[monograph by Bremner](https://www.amazon.com/Lattice-Basis-Reduction-Introduction-Applications/dp/1439807027) +were helpful in writing the lattice reduction tools in LLLplus and are a good resource for further study. If you are trying to break one of the [Lattice Challenge](http://www.latticechallenge.org) records or are looking for robust, well-proven lattice tools, look at @@ -141,31 +137,3 @@ number-theoretic problems the it uses the [FLINT](http://flintlib.org/) C library to do LLL reduction on Nemo-specific data types. Finally, no number theorists have worked on LLLplus; please treat the package as experimental. - -### References - -[1] A. K. Lenstra; H. W. Lenstra Jr.; L. Lovász, ["Factoring polynomials with rational coefficients"](http://ftp.cs.elte.hu/~lovasz/scans/lll.pdf). Mathematische Annalen 261, 1982. - -[2] V. Brun, -["En generalisation av kjedebrøken I,"](https://archive.org/stream/skrifterutgitavv201chri#page/300/mode/2up) -Skr. Vidensk. Selsk. Kristiana, Mat. Nat. Klasse, 1919. - -[3] M. Seysen, ["Simultaneous reduction of a lattice basis and its reciprocal basis"](http://link.springer.com/article/10.1007%2FBF01202355) Combinatorica, 1993. - -[4] D. Wuebben, D. Seethaler, J. Jalden, and G. Matz, ["Lattice Reduction - A Survey with Applications in Wireless Communications"](http://www.ant.uni-bremen.de/sixcms/media.php/102/10740/SPM_2011_Wuebben.pdf). IEEE Signal Processing Magazine, 2011. - -[5] A. Ghasemmehdi, E. Agrell, ["Faster Recursions in Sphere Decoding"](https://publications.lib.chalmers.se/records/fulltext/local_141586.pdf) IEEE -Transactions on Information Theory, vol 57, issue 6 , June 2011. - -[6] E. Agrell, T. Eriksson, A. Vardy, and K. Zeger, ["Closest Point Search in -Lattices"](https://www.researchgate.net/publication/3080772_Closest_point_search_in_lattices_IEEE_Trans_Inf_Theory) -IEEE Transactions on Information Theory, vol. 48, no. 8, August 2002. - -[7] M. R. Bremner, ["Lattice Basis Reduction: An Introduction to the LLL - Algorithm and Its Applications"](https://www.amazon.com/Lattice-Basis-Reduction-Introduction-Applications/dp/1439807027) CRC Press, 2012. - - - -## List of Functions -```@index -``` diff --git a/src/LLLplus.jl b/src/LLLplus.jl index 943a905..76d3450 100644 --- a/src/LLLplus.jl +++ b/src/LLLplus.jl @@ -29,6 +29,7 @@ export dataTypeForGram,intTypeGivenBitsRequired include("lll.jl") # lll, gauss, sizereduction +include("l2.jl") # lll on Rational{Integer} with `l2` include("cvp.jl") # cvp, svp include("hkz.jl") include("brun.jl") diff --git a/src/applications.jl b/src/applications.jl index 047d4b8..50dec74 100644 --- a/src/applications.jl +++ b/src/applications.jl @@ -252,6 +252,7 @@ values around the nominal k. This technique is related to that in robust tool, just a demo. [1] https://scholarworks.rit.edu/theses/64/ + [2] https://pdfs.semanticscholar.org/21a7/c2f9ff29507f1153aefcca04d1cd308e45c0.pdf # Examples @@ -406,6 +407,7 @@ function spigotBBPvec(Td::Type{Tr},s,b,n,K) where {Tr<:Number} end return v end + """ spigotBBP(α::Td,s,b,n,K,verbose=false) where {Td} diff --git a/src/hkz.jl b/src/hkz.jl index c602f3a..b1004e6 100644 --- a/src/hkz.jl +++ b/src/hkz.jl @@ -64,7 +64,7 @@ julia> B*Z 1 -1 -1 -1 -julia> N=9; Bo=rand(0:10,N,N); Z,_=LLLplus.hkz_red(Bo); B=Bo*Z; +julia> N=10; Bo=rand(0:100,N,N); Z,_=LLLplus.hkz_red(Bo); B=Bo*Z; julia> ishkzreduced(B) true diff --git a/src/l2.jl b/src/l2.jl index ac57acb..0e48fd6 100644 --- a/src/l2.jl +++ b/src/l2.jl @@ -1,3 +1,6 @@ +lll(H::AbstractArray{Rational{Td},2},δ=.75,η=.51) where {Td<:Integer} = + l2(H,Rational{Td},δ,η) + """ B = l2(H::AbstractArray{Td,2},TG::Type{Tg},δ=.75,η=.51) where {Td<:Number,Tg<:Number} @@ -16,32 +19,30 @@ generally faster than `lll` on small bases, say of dimensions less than 80. # Examples ```jldoctest -julia> using LLLplus -julia> include("src/l2.jl") -julia> H= [1 2; 3 4];B = l2(H) +julia> H= [1 2; 3 4];B,_ = LLLplus.l2(H); B ┌ Warning: l2 is in a raw (alpha) state and may change. See the help text. -└ @ LLLplus ~/shared/LLLplus/src/l2.jl:42 +└ @ LLLplus src/l2.jl:45 2×2 Array{Int64,2}: 1 -1 1 1 -julia> H= [.5 2; 3 4]; B= l2(H) +julia> H= [.5 2; 3 4]; B,_= LLLplus.l2(H); B +┌ Warning: l2 is in a raw (alpha) state and may change. See the help text. +└ @ LLLplus src/l2.jl:45 2×2 Array{Float64,2}: 1.5 -1.0 1.0 2.0 -julia> H= BigFloat.([1.5 2; 3 4]) .+ 2im; B= l2(H); -┌ Error: `l2` does not handle complex data yet; try `lll`. -└ @ LLLplus ~/shared/LLLplus/src/l2.jl:50 - -julia> N=30;H = randn(N,N); B = l2(H); +julia> N=30;H = randn(N,N); B,T = LLLplus.l2(H); +┌ Warning: l2 is in a raw (alpha) state and may change. See the help text. +└ @ LLLplus src/l2.jl:45 ``` """ function l2(H::AbstractArray{Td,2},TG::Type{Tg}=Td,δ=.75,η=.51) where {Td<:Number,Tg<:Number} - @warn "l2 is in a raw (alpha) state and may change. See the help text." maxlog=1 + @warn "l2 is in a raw (alpha) state and may change. See the help text." maxlog=1 _file="src/l2.jl" if !(0.25 < δ < 1.0) error("δ must be between 1/4 and 1."); @@ -128,7 +129,8 @@ function l2(H::AbstractArray{Td,2},TG::Type{Tg}=Td,δ=.75,η=.51) where end κ+=1 end - return B + T = Ti.(round.(inv(H)*B)) + return B,T end function lazysizereduction!(ηb,κ,B,G,r,μ,s,X,n,d,Tg) @@ -176,7 +178,7 @@ function lazysizereduction!(ηb,κ,B,G,r,μ,s,X,n,d,Tg) end @goto startCholesky end - +#= """ B = l2avx(H::AbstractArray{Td,2},TG::Type{Tg},δ=.75,η=.51) where {Td<:Number,Tg<:Number} @@ -188,7 +190,6 @@ from the `LoopVectorization.jl` package. See the `l2` help text ```julia julia> using LLLplus julia> using LoopVectorization -julia> include("src/l2.jl") julia> H= [1 2; 3 4];B = l2avx(H) ┌ Warning: l2avx is in a raw (alpha) state and may change. See the help text. └ @ LLLplus ~/shared/LLLplus/src/l2.jl:42 @@ -336,6 +337,7 @@ function lazysizereductionAVX!(ηb,κ,B,G,r,μ,s,X,n,d,Tg) end @goto startCholesky end +=# diff --git a/src/lll.jl b/src/lll.jl index 55625d3..6333ce4 100644 --- a/src/lll.jl +++ b/src/lll.jl @@ -46,7 +46,7 @@ end B = copy(H); N,L = size(B); Qt,R = qr(B); -Q = Matrix(Qt); # A few cycles can be saved by skipping updates of the Q matrix. +Q = Matrix(Qt); # A few cycles can be saved by removing Q and T Ti= getIntType(Td) T = Matrix{Ti}(I, L, L) diff --git a/test/lrtest.jl b/test/lrtest.jl index cdd6c26..d1e7688 100644 --- a/test/lrtest.jl +++ b/test/lrtest.jl @@ -25,12 +25,12 @@ those used in lattice cryptography). # As function of Integer width lrtest(50,2.^[4;],[100;],[Int32,Int64,Int128,Float64,BigInt,BigFloat],"rand") # As function of N - lrtest(50,2.^[0:6;],[100;],[Float64],"rand") + lrtest(50,2 .^[0:6;],[100;],[Float64],"rand") """ function lrtest(Ns::Int,N::Array{Int,1},L::Array{Int,1}, dataType::Array{DataType,1},distType) -lrAlgs = [brun,lll, seysen,hkz,] +lrAlgs = [hkz,lll,seysen, sizereduction,brun,] @printf(" Ns N L dataType") for ax = 1:min(length(lrAlgs),6)