{"title":"改进平均情况下子集和的 Lagarias-Odlyzko 算法:模块化算术方法","authors":"Antoine Joux, Karol Węgrzycki","doi":"arxiv-2408.16108","DOIUrl":null,"url":null,"abstract":"Lagarias and Odlyzko (J.~ACM~1985) proposed a polynomial time algorithm for\nsolving ``\\emph{almost all}'' instances of the Subset Sum problem with $n$\nintegers of size $\\Omega(\\Gamma_{\\text{LO}})$, where\n$\\log_2(\\Gamma_{\\text{LO}}) > n^2 \\log_2(\\gamma)$ and $\\gamma$ is a parameter\nof the lattice basis reduction ($\\gamma > \\sqrt{4/3}$ for LLL). The algorithm\nof Lagarias and Odlyzko is a cornerstone result in cryptography. However, the\ntheoretical guarantee on the density of feasible instances has remained\nunimproved for almost 40 years. In this paper, we propose an algorithm to solve ``almost all'' instances of\nSubset Sum with integers of size $\\Omega(\\sqrt{\\Gamma_{\\text{LO}}})$ after a\nsingle call to the lattice reduction. Additionally, our argument allows us to\nsolve the Subset Sum problem for multiple targets while the previous approach\ncould only answer one target per call to lattice basis reduction. We introduce\na modular arithmetic approach to the Subset Sum problem. The idea is to use the\nlattice reduction to solve a linear system modulo a suitably large prime. We\nshow that density guarantees can be improved, by analysing the lengths of the\nLLL reduced basis vectors, of both the primal and the dual lattices\nsimultaneously.","PeriodicalId":501525,"journal":{"name":"arXiv - CS - Data Structures and Algorithms","volume":"12 1","pages":""},"PeriodicalIF":0.0000,"publicationDate":"2024-08-28","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Improving Lagarias-Odlyzko Algorithm For Average-Case Subset Sum: Modular Arithmetic Approach\",\"authors\":\"Antoine Joux, Karol Węgrzycki\",\"doi\":\"arxiv-2408.16108\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Lagarias and Odlyzko (J.~ACM~1985) proposed a polynomial time algorithm for\\nsolving ``\\\\emph{almost all}'' instances of the Subset Sum problem with $n$\\nintegers of size $\\\\Omega(\\\\Gamma_{\\\\text{LO}})$, where\\n$\\\\log_2(\\\\Gamma_{\\\\text{LO}}) > n^2 \\\\log_2(\\\\gamma)$ and $\\\\gamma$ is a parameter\\nof the lattice basis reduction ($\\\\gamma > \\\\sqrt{4/3}$ for LLL). The algorithm\\nof Lagarias and Odlyzko is a cornerstone result in cryptography. However, the\\ntheoretical guarantee on the density of feasible instances has remained\\nunimproved for almost 40 years. In this paper, we propose an algorithm to solve ``almost all'' instances of\\nSubset Sum with integers of size $\\\\Omega(\\\\sqrt{\\\\Gamma_{\\\\text{LO}}})$ after a\\nsingle call to the lattice reduction. Additionally, our argument allows us to\\nsolve the Subset Sum problem for multiple targets while the previous approach\\ncould only answer one target per call to lattice basis reduction. We introduce\\na modular arithmetic approach to the Subset Sum problem. The idea is to use the\\nlattice reduction to solve a linear system modulo a suitably large prime. We\\nshow that density guarantees can be improved, by analysing the lengths of the\\nLLL reduced basis vectors, of both the primal and the dual lattices\\nsimultaneously.\",\"PeriodicalId\":501525,\"journal\":{\"name\":\"arXiv - CS - Data Structures and Algorithms\",\"volume\":\"12 1\",\"pages\":\"\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2024-08-28\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"arXiv - CS - Data Structures and Algorithms\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/arxiv-2408.16108\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"arXiv - CS - Data Structures and Algorithms","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/arxiv-2408.16108","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Improving Lagarias-Odlyzko Algorithm For Average-Case Subset Sum: Modular Arithmetic Approach
Lagarias and Odlyzko (J.~ACM~1985) proposed a polynomial time algorithm for
solving ``\emph{almost all}'' instances of the Subset Sum problem with $n$
integers of size $\Omega(\Gamma_{\text{LO}})$, where
$\log_2(\Gamma_{\text{LO}}) > n^2 \log_2(\gamma)$ and $\gamma$ is a parameter
of the lattice basis reduction ($\gamma > \sqrt{4/3}$ for LLL). The algorithm
of Lagarias and Odlyzko is a cornerstone result in cryptography. However, the
theoretical guarantee on the density of feasible instances has remained
unimproved for almost 40 years. In this paper, we propose an algorithm to solve ``almost all'' instances of
Subset Sum with integers of size $\Omega(\sqrt{\Gamma_{\text{LO}}})$ after a
single call to the lattice reduction. Additionally, our argument allows us to
solve the Subset Sum problem for multiple targets while the previous approach
could only answer one target per call to lattice basis reduction. We introduce
a modular arithmetic approach to the Subset Sum problem. The idea is to use the
lattice reduction to solve a linear system modulo a suitably large prime. We
show that density guarantees can be improved, by analysing the lengths of the
LLL reduced basis vectors, of both the primal and the dual lattices
simultaneously.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
