Gradual sub-lattice reduction and a new complexity for factoring polynomials

We present a lattice algorithm specifically designed for some classical applications of lattice reduction. The applications are for lattice bases with a generalized knapsack-type structure, where the target vectors are boundably short. For such applications, the complexity of the algorithm improves traditional lattice reduction by replacing some dependence on the bit-length of the input vectors by some dependence on the bound for the output vectors. If the bit-length of the target vectors is unrelated to the bit-length of the input, then our algorithm is only linear in the bit-length of the input entries, which is an improvement over the quadratic complexity floating-point LLL algorithms. To illustrate the usefulness of this algorithm we show that a direct application to factoring univariate polynomials over the integers leads to the first complexity bound improvement since 1984. A second application is algebraic number reconstruction, where a new complexity bound is obtained as well.

💡 Research Summary

The paper introduces a novel lattice‑reduction technique called gradual sub‑lattice reduction (GSLR) that is tailored to bases having a generalized knapsack‑type structure. In such bases most columns are essentially diagonal, with only a few off‑diagonal entries carrying small integer coefficients. Classical reduction algorithms such as LLL treat the whole basis uniformly, which leads to a quadratic dependence on the bit‑length (B) of the input vectors. GSLR exploits the structural sparsity by repeatedly extracting a small sub‑lattice, reducing it, and using the resulting short vector as a guide for the next extraction. The process stops as soon as a vector shorter than a pre‑specified bound (L) is found.

The algorithm proceeds in four logical steps:

1. Sub‑lattice selection – Choose the first (k) columns of the input matrix, where (k) is determined dynamically from the current bound (L) and the input size.
2. Gram‑Schmidt orthogonalisation and size‑reduction – Apply the standard LLL‑style size‑reduction to the selected sub‑lattice, but only in the reduced dimension (k). Because (k \ll n) (the full dimension), the arithmetic cost is dramatically lower.
3. Short‑vector extraction – After reduction, compute the shortest Gram‑Schmidt (or Babai) vector. If its Euclidean norm is ≤ (L), record it as a candidate for the target vector.
4. Expansion or termination – If the bound is not yet met, enlarge the sub‑lattice by adding another column and repeat from step 2. The algorithm terminates exactly when the bound is satisfied, guaranteeing that no further work is wasted.

A rigorous complexity analysis shows that the total running time is
\