A generalization of the LLL-algorithm over euclidean rings or orders

(1)

J

OURNAL DE

T

HÉORIE DES

N

OMBRES DE

B

ORDEAUX

H

UGUETTE

N

APIAS

A generalization of the LLL-algorithm over

euclidean rings or orders

Journal de Théorie des Nombres de Bordeaux, tome

8, n

o

_{2 (1996),}

p. 387-396

<http://www.numdam.org/item?id=JTNB_1996__8_2_387_0>

L’accès aux archives de la revue « Journal de Théorie des Nombres de Bordeaux » (http://jtnb.cedram.org/) implique l’accord avec les condi-tions générales d’utilisation (http://www.numdam.org/conditions). Toute uti-lisation commerciale ou impression systématique est constitutive d’une infraction pénale. Toute copie ou impression de ce fichier doit conte-nir la présente mention de copyright.

Article numérisé dans le cadre du programme Numérisation de documents anciens mathématiques

(2)

A

_{generalization}

of the

_{LLL-algorithm}

over euclidean

rings

or orders

par HUGUETTE NAPIAS

RÉSUMÉ. De nombreux réseaux célèbres _(D4,_E8,le réseau K12 de

Coxeter-Todd, le réseau de Barnes-Wall, le réseau 039B24 de Leech, les réseaux 2-modulaires de dimension 32 de _Quebbemannet de _{Bachoc, ... )}sont munis de structures _algébriquessur divers anneaux euclidiens, entiers d’Eisenstein

ou _quaternionsde Hurwitz, par exemple. Les procédés usuels de réduction,

et en particulier l’algorithme LLL, deviennent plus performants lorsqu’on

les _adapteà ces _structures,

ABSTRACT. Numerous _importantlattices

_(D4,

_E8,the Coxeter-Todd lat-tice _K12,the Barnes-Wall lattice 039B16, the Leech lattice 039B24, as well as

the 2-modular 32-dimensional lattices found by Quebbemann and _Bachoc) possess algebraic structures over various Euclidean _rings,_e.g. Eisenstein

integers or Hurwitz _quaternions.One obtains efficient _{algorithms by} per-forming within this frame the usual reduction _{procedures, including}the well known _{LLL-algorithm.}

1. Introduction.

The

_{LLL-algorithm}

for basis

_reduction,

one of the most

_important

and useful

_algorithm

in the

_geometry

of

_numbers,

due to

_Lenstra,

Lovdsz

_[9]

can be

_generalized

to Euclidean

_rings

or orders.

_Many

lattices

built with codes over

_rings

or orders have an

algebraic

and additive struc-ture. We

_present

here a new version of the

LLL-algorithm

which reduces a basis

(or

a

_system

of

_generator

vectors)

while

_preserving

the

_algebraic

structure of the lattice.

We can

_apply

it to the

_ring

of the

_integers

of the five

_{quadratic imaginary}

fields

_{~(~), ~(~), ~(~), Q( ..;::::7),}

_Q(B/~H).

the Hurwitz order 9R and a maximal order of the

_quaternion

_algebra

ramified at 3 and oo.

The lattices can be

_given

via a basis or a set of

_generators

(in

the case of a set of

_generators,

this reduction avoids

_using

the Hermite Normal Form

algorithm).

(3)

2. The

_{LLL-algorithm}

over a Euclidean

ring

(or order).

First,

we fix some notation. We denote

by

A a Euclidean

_ring

contained

in a iield K: CM number field or

_quaternion

field over a number

field,

which can be identified to a vector _space

_Rm,

endowed with an involution n

(7 : x 1-+ We

_equip

with the Hermitian

product

_{z.y =}

E xp

_yp.

We p=i

assume that the Norm _mapN : x

2013~

x

I

= sends K in R and A in

Z.

Here,

we are interested in the case where the field K is commutative

(when

K is a

skewfield,

the notion of a determinant has no _sense,but we can substitute for it the reduced

_norm).

Definition.

The basis

_{bI, b2, ... ,}

_bn

_{of a}

lattice A is called A - LLL-reduced

_if

where the vectors

_{b* (1}

r

n)

and the elements

_of

(1 ~

s

r

_n)

are

2nductively defined

in the Gram-Schmidt

orthogonalization

process

f9~,

and the two reals

CI

and

C2

are such that 0

_G1

_C2

1.

Remarks: The constant

_C2

_depends

on

Cl,

it can be

replaced

by

_any

value

_strictly

_bigger

than

_CI

but it must be

_strictly

smaller than 1 to

make sure that the

_algorithm

terminates. The constant

_CI

is

_equal

to

sup{inf {N(y -

E and

_depends

on the field K

~8~.

In the

_following,

the Hermitian norm

br.br

will be denoted

by

Br

(1

r

n).

PROPERTIES.

(4)

v)

More

_{generally,, for}

a

_systems

of linearly independent

vectors Xl, x2, ... , Xt

o f A,

For the

_proof

of these

_properties,

see

[12].

Remark: Most of the

_time,

the lattices we considered have

_"integer"

en-tries

_{( "integer"}

means elements of

A).

So,

we

generalize

the version of the

LLL-algorithm

[5]

which runs with elements of Z. We have the

_following

proposition:

PROPOSITION.

We set

_dp

= 1 ~

p n

and

_do

= 1. Let be

Ar,s

for

s r and

Ar,r

=

dr.

For s _r

fcxed,

we

define

the _sequence_up

by

_uo=

br.bs

and

for

all _psuch that 1 _p _s,

Then

_A,,.,

and _upE A and

_{Ar,s .}

For the

_proof

of this

_proposition,

see

(12j .

Remarks: In the case where the field K is

_commutative,

the elements

_dp

are also

equal

to

The sequence is defined in such a _waythat it can be used when

K is a skewfield.

At the

_beginning

of the

_algorithm,

we

_compute

the _up

(1 ::;

_p

n)

instead

of

_using

the Gram-Schmidt

_{orthogonalization}

_process.

So,

we have for a basis two new conditions of A-LLL-reduction

_equivalent

(5)

When the lattice A is

_given

via a set of

_generators,

the Hermitian norms

of some vectors

_bs

are

equal

to zero. The definition of

_dp

is

replaced

by

In this case, we no more have the

equivalence

between the conditions

b)

and

_b’).

_So,

we

implemented

the

algorithm

_using

the first two

_previous

conditions of A-LLL-reduction and the Gram-Schmidt

_{orthogonalization}

process.

We

_give

the two

_algorithms,

the first for a

_basis,

and the second one for an

arbitrary

set of

_generators.

First

_algorithm:

Input:

A basis

_{b~ (1 ~}

_p

_n)

of a lattice A.

Output:

An A-LLL-reduced basis.

Init: Set r :=

_2,

:=

_1,

do :=1, di

:=

bl.bl.

Computing

up : If r

goto

Finished?.

Otherwise: set rmax := _rfor s

_{= 1,...,}

r set u :=

bs.br,

for t =

_{1, ... ,}

_{s - 1}

set u := if s r set U, if s = _r_set

d r:=

_u.

dt-, I J

Reduction: Execute

_REDI(r,

_{r - 1).}

A-LLL-condition:

_{If drdr-2+}

_I

₁

execute SWAPI

_(r),

set r :=

_{max(2, r -1)}

and

_goto

Reduction.

Otherwise:

for s = _{r -}

_{2, ...}

1 _execute

REDI(r, s)

and _set_{r := r}₊1.

Finished? If r n

_goto

_Computing

_{up else}terminate.

REDI(r, ):

Set _q:= :=

br -

qbs,

_Ar,s

:=

qds,

for t =

1)...

s -1 set

_Ar,t

_{:= Àr,t s-}

_Q’as,t

and return.

,

SWAPI(r):

Interchange

br

and

br_1

and if r > 2 for s =

1, ... r -

2

(6)

-For a E

_K,

the

_symbol

means the nearest element of A

_(in

the sense of

the

_norm)

to a.

Second

_algorithm:

Input:

A set of

_generators

_{bp (1}

p

n)

of a lattice A.

Output:

An A-LLL-reduced basis.

Init: Set r :

_2,

rmax :=

_1,

bi

:=

bI,

B1

:=

bl.bl.

Gram-Schmidt: If r rmax

goto

Finished?.

s-1

Otherwise: set rmax := _r,for s =

_{l~ ... ~}

_{r -}1 _set :=

br.bs - 2:

_ar,tiis,t

t=1

Reduction: Execute

_{RED ( r, r -1 ) .}

A-LLL-condition:

If Br

(CZ -

execute

_SWAP(r),

set

r :=

max(2,

r -

₁₎

and

_goto

Reduction.

Otherwise: for s = r -

_{2, ...}

1 execute

_RED(r,

_s)

and set r := r + 1.

Finished? If r n

_goto

Gram-Schmidt else terminate.

RED(r, s):

set _q:=

1 bT

:=

br-qbs,

_{:= ILr,s -q, for}t =

1,

... , s-1

set _Ar,t:= _{ILr,t - qJLs,t and}return.

SWAP(r):

Interchange

bT

and

bT_ 1

and if r > 2 for s =

l, ... , r -

2

(7)

The

_running

time of these two

_algorithms

is the same as the

_ordinary

LLL-algorithm

over Z or R. For the

proof

of the

validity

of these

algorithms,

see

[5]

and

[12].

Remarks: Both

_algorithms

were

implemented

on a SPARC 20. To save

time,

we worked with real numbers.

However,

rounding

errors _mayoccur

which can

_generate

some instabilities.

3.

_{Applications.}

3.1.

_Application

to the

_ring

of Gaussian

_integers,

the

_ring

of Eisenstein

_integers

and the Hurwitz order.

We denote

_by

_Z[i]

the

_ring

of Gaussian

_integers

_(i2

=

-1),

the

ring

of Eisenstein

_integers

_(j2

_{+ j}

+ 1 =

0)

and 9A the Hurwitz order

-I+i 2

] (the

unique

maximal order of the

_quaternion

_algebra

ram-ified at 2 and oo,

with i2

=

-1, j2

= -1

and ij

_{= -ji}

=

k,

which

contains

_Z[I,

_j,

_k]).

Definition.

A basis

_bp

₍₁

p

n)

of

a lattice A is called

(resp.

Z[j],

_resp.

rot)-LLL-reduced

when,

[Ci

is the usual constant which occurs in the Euclidean

_algorithm.]

Ch. Bachoc obtained three lattices denoted

_by

_{BC32, BC4o,}

_BC48

_([1],

[2])

with codes over in relative dimensions

8,10,12.

The bases are not

_composed

of minimal vectors. We

_applied

to them the

_following

process: flR-LLL-reduction and

permutation

of the vectors of the reduced

basis to order in the

_increasing

way the

diagonal

elements

(which

represent

the Hermitian

_norms)

until we obtain a basis of minimal _vectors._Afterone

iteration for

_BC32,

two for

BC40

and three for

_BC48,

the

_previous

process

stops.

We

_give

the Hermitian

diagonals

before 9Jt-LLL-reduction and after each iteration.

_[Note

that we _{cannot prove}a

_priori

that such a _processwill

(8)

Using

the scalar

_product

_{(x, y) _}

_Trd(x.y),

where

_Trd(x)

is the reduced

trace

_{of x,}

we can build these lattices over Z. The usual

_{LLL-algorithm}

together

with

_permutations

of the bases vectors does not

_yield

a basis of

minimal vectors for

_BC4o

nor for

BC48.

3.2. Two lattices of ranks 10 and 40 over

7G(

1+~-7~.

Definition.

A basis

_{bp (1}

_p

_n)

_of

a lattice A is called

when,

We consider two lattices which have a structure over

_]

_(the

lattice of rank 10

found

_by

G. Nebe and W. Plesken

_[13]

and rediscovered

_by

Ch. Bachoc

_[2],

realizes the maximal

_{Berge-Martinet}

constant known in dimension

_20,

the second one is an extension

of the

_{first). Replacing}

rot

_by

7G(1+2-7~

₁

in the

_previous

_process,we obtain a basis of

(9)

min-imal vectors for the lattice of rank 10

_(after

8

_iterations),

but not for the other

_(after

101

_iterations,

34 minimal vectors

_appeared).

In the

_{following table,}

we

_give

the

diagonal

elements of the lattice of

rank 10 before

and after each iteration.

For the lattice of rank

_40,

we

_give

the

diagonal

elements before

Z[

LLL-reduction

[5 20, 9ao]

(i.e.

the 20 first elements have a Hermitian norm

_equal

to 5 and the 20 others a Hermitian norm

equal

to

₉₎

and after the 101st iteration

(434 ~ 53 ~ 63~ .

Considering

a matrix of the lattice of rank 10 with minimal

vectors,

we can build a matrix of the lattice of rank

40 which has minimal

_vectors,

but not

_Z[

HF]-LLL-reduced

_(the

_previous

process

brings

some no shortest

vectors).

3.3. A lattice of rank 20 over

_~3.

In the

_quaternion

field ramified at 3 and _oo,

_{Q~[i, j,1~],}

with i2

_{= -1, j2}

=

-3 and

_{i j - - ji}

=

k,

we denote

by

rot3

a _{maximal order} _w,

_w’]

_with w

= ---~

and

_{w’ = iw,}

which contains

Definition.

(10)

G. Nebe builds a unimodular lattice of rank 20 which has an

_algebraic

structure over

_9X3,

_{generated by}

40 vectors and stable

_by

_SL2(41)

(pri-vate

_{communications).}

_Using

the second

_algorithm,

we obtain a

reduced basis. With the

_previous

process, we find a vector of Hermitian

norm 12.

Considering

the scalar

product

(x, y)

= _webuild _a

lattice over

Z,

with a vector of norm 8. But we cannot prove that this lat-tice is extremal in the sense of the

_theory

of modular forms since it

_might

contain vectors of norm 6.

References

[1]

Ch. _Bachoc,_Voisinageau sens de Kneser _pourles réseaux _{quaternioniens,}Comm.

Math. Helvet. 70 _(1995),350-374.

[2]

Ch. _{Bachoc, Applications of coding theory}to the construction _ofmodular _lattices, to _appear.

[3]

Ch. Batut, D. Bernardi, H. Cohen and M. Olivier, User’s Guide to PARI-GP.

[4]

J.W.S. Cassels, Rational Quadratic Forms, Academic _Press,London, 1978.

[5]

H. _{Cohen, A}course in _{computational algebraic}number _{theory, Springer-Verlag,} Graduate Texts in _{Mathematics, n°138, 1995.}

[6]

C. Fieker and M. E. Pohst, On lattices over number _fields,_preprint.

[7]

G.H. _Hardyand E.M. _Wright,An introduction to the theory of numbers _(1954), Oxford university press.

[8]

F. _Lemmermeyer,The Euclidean _algorithmin _algebraicnumber _fields,_preprint.

[9]

A.K. _Lenstra,H.W. _Lenstra,Jr and L. _{Lovász, Factoring polynomials}with rational

coefficients, Math. Ann. 261

_(1982),

515-534.

[10]

J. _Martinet,Les réseaux _parfaitsdes espaces euclidiens, to _appear.

[11]

J. _Martinet,Structures _algébriquessur les réseaux, Number Theory, S. David éd.

(Séminaire de Théorie des Nombres de Paris, 1992 - _{93), Cambridge}_University

Press, Cambridge, 1995, pp. 167-186.

[12]

H. _Napias,Etude _{expérimentale}et _{algorithmique}de réseaux _{euclidiens, Thèse,} Univ. Bordeaux I _(1996).

(11)

[14]

M. _{Pohst, A modification of the LLL-algorithm,}J. _Symb._Comp.4 _(1987),123-128.

Huguette NAPIAS

Laboratoire _{d’Algorithmique Arithm6tique} Universite Bordeaux I

351, cours de la _Lib6ration,

33405 TALENCE cedex