More basis reduction for linear codes: backward reduction, BKZ, slide reduction, and more

TL;DR

This work develops a comprehensive framework for basis reduction of linear codes by generalizing lattice-based concepts to codes over $\,\mathbb{F}_q$, including projection, epipodal vectors, and proper bases. It introduces backward reduction, fully backward-reduced bases, and efficient algorithms with Griesmer-bound guarantees, and extends BKZ and slide-reduction to codes with practical performance. The paper also presents two illustrative algorithms and analyzes the limits of basis quality via $k_1$ and related metrics, supported by experiments showing improved balance of epipodal profiles and competitive runtimes. Overall, the results illuminate the promise and limitations of basis reduction for codes and offer concrete tools that may impact decoding strategies and code-based cryptographic constructions.

Abstract

We expand on recent exciting work of Debris-Alazard, Ducas, and van Woerden [Transactions on Information Theory, 2022], which introduced the notion of basis reduction for codes, in analogy with the extremely successful paradigm of basis reduction for lattices. We generalize DDvW's LLL algorithm and size-reduction algorithm from codes over $\mathbb{F}_2$ to codes over $\mathbb{F}_q$, and we further develop the theory of proper bases. We then show how to instantiate for codes the BKZ and slide-reduction algorithms, which are the two most important generalizations of the LLL algorithm for lattices. Perhaps most importantly, we show a new and very efficient basis-reduction algorithm for codes, called full backward reduction. This algorithm is quite specific to codes and seems to have no analogue in the lattice setting. We prove that this algorithm finds vectors as short as LLL does in the worst case (i.e., within the Griesmer bound) and does so in less time. We also provide both heuristic and empirical evidence that it outperforms LLL in practice, and we give a variant of the algorithm that provably outperforms LLL (in some sense) for random codes. Finally, we explore the promise and limitations of basis reduction for codes. In particular, we show upper and lower bounds on how ``good'' of a basis a code can have, and we show two additional illustrative algorithms that demonstrate some of the promise and the limitations of basis reduction for codes.

Figures (3)

• Figure 1: Average sorted output profile for various reduction algorithms run on random bases over 10 iterations for $n=1280$ and $k=640$ (cryptographic parameters). If we let $\ell_i'$ denote the length of the $i$th longest epipodal vector after basis reduction, $\underline{\ell}_i$ is the average of $\ell_i'$ over 10 iterations. Also shown on the leftmost graphs are error bars representing $\pm 2$ sample standard deviations.
• Figure 2: Running time for various basis reduction algorithms run on random bases averaged over 10 iterations. Also shown are error bars representing $\pm 2$ sample standard deviations.
• Figure 3: Average $k_1$ over 10 iterations for basis reduction algorithms run on random bases. Also shown are error bars representing $\pm 2$ sample standard deviations. Gray lines correspond to $k_1 = \log_2(n)$ and $k_1 = 2 \log_2(n)$.

Theorems & Definitions (109)

• proof
• Lemma 2.2
• Lemma 2.3: hoeffdingProbabilityInequalitiesSums1963
• proof
• Definition 3.1
• Definition 3.2
• Definition 3.4
• Definition 3.6
• Lemma 3.7
• proof