Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Improving Lagarias-Odlyzko Algorithm For Average-Case Subset Sum: Modular Arithmetic Approach

Antoine Joux, Karol Węgrzycki

TL;DR

This work targets the average-case Subset Sum problem and improves the density of solvable instances by introducing a modular arithmetic framework that leverages lattice reduction. After a single reduction, it solves almost all instances with integers of size $Ω(\sqrt{Γ_{\textsf{LO}}})$, and yields a target-oblivious polynomial-time tester for any $T$. The approach builds a generating lattice via modular reductions, computes a full-rank multiplier matrix $\mathcal{M}_p$ from short vectors, and recovers a feasible subset via a linear system modulo a large prime. Extending to block-basis reductions suggests further density gains, while retaining polynomial-time guarantees, potentially broadening applicability beyond LO’s original setting. Overall, the modular-arithmetic method sharpens average-case guarantees and provides a pragmatic certificate for almost-all sparse Subset Sum instances.

Abstract

Lagarias and Odlyzko (J.~ACM~1985) proposed a polynomial time algorithm for solving ``\emph{almost all}'' instances of the Subset Sum problem with $n$ integers of size $Ω(Γ_{\text{LO}})$, where $\log_2(Γ_{\text{LO}}) > n^2 \log_2(γ)$ and $γ$ is a parameter of the lattice basis reduction ($γ> \sqrt{4/3}$ for LLL). The algorithm of Lagarias and Odlyzko is a cornerstone result in cryptography. However, the theoretical guarantee on the density of feasible instances has remained unimproved for almost 40 years. In this paper, we propose an algorithm to solve ``almost all'' instances of Subset Sum with integers of size $Ω(\sqrt{Γ_{\text{LO}}})$ after a single call to the lattice reduction. Additionally, our argument allows us to solve the Subset Sum problem for multiple targets while the previous approach could only answer one target per call to lattice basis reduction. We introduce a modular arithmetic approach to the Subset Sum problem. The idea is to use the lattice reduction to solve a linear system modulo a suitably large prime. We show that density guarantees can be improved, by analysing the lengths of the LLL reduced basis vectors, of both the primal and the dual lattices simultaneously.

Improving Lagarias-Odlyzko Algorithm For Average-Case Subset Sum: Modular Arithmetic Approach

TL;DR

This work targets the average-case Subset Sum problem and improves the density of solvable instances by introducing a modular arithmetic framework that leverages lattice reduction. After a single reduction, it solves almost all instances with integers of size , and yields a target-oblivious polynomial-time tester for any . The approach builds a generating lattice via modular reductions, computes a full-rank multiplier matrix from short vectors, and recovers a feasible subset via a linear system modulo a large prime. Extending to block-basis reductions suggests further density gains, while retaining polynomial-time guarantees, potentially broadening applicability beyond LO’s original setting. Overall, the modular-arithmetic method sharpens average-case guarantees and provides a pragmatic certificate for almost-all sparse Subset Sum instances.

Abstract

Lagarias and Odlyzko (J.~ACM~1985) proposed a polynomial time algorithm for solving ``\emph{almost all}'' instances of the Subset Sum problem with integers of size , where and is a parameter of the lattice basis reduction ( for LLL). The algorithm of Lagarias and Odlyzko is a cornerstone result in cryptography. However, the theoretical guarantee on the density of feasible instances has remained unimproved for almost 40 years. In this paper, we propose an algorithm to solve ``almost all'' instances of Subset Sum with integers of size after a single call to the lattice reduction. Additionally, our argument allows us to solve the Subset Sum problem for multiple targets while the previous approach could only answer one target per call to lattice basis reduction. We introduce a modular arithmetic approach to the Subset Sum problem. The idea is to use the lattice reduction to solve a linear system modulo a suitably large prime. We show that density guarantees can be improved, by analysing the lengths of the LLL reduced basis vectors, of both the primal and the dual lattices simultaneously.
Paper Structure (16 sections, 8 theorems, 70 equations)

This paper contains 16 sections, 8 theorems, 70 equations.

Table of Contents

  1. Introduction
  2. Our Technique: Modular Arithmetic Approach
  3. Extension to Block Basis Reduction
  4. Related Work
  5. Preliminaries
  6. Background on Lattices
  7. Dual Lattice
  8. The LLL algorithm and its property
  9. State-of-the-art: Lagarias-Odlyzko Algorithm
  10. Modular arithmetic approach
  11. Generating Family
  12. Basis of Generating Family and Dual Basis
  13. Every vector of the LLL-reduced basis is probably short
  14. Proof of \ref{['thm:multipliers']}
  15. Extension to the block reduction
  16. ...and 1 more sections

Key Result

Theorem 1.1

Let $a_1,\ldots,a_n \in \mathbb{Z}_{\geqslant 0}$ be integers, selected uniformly at random from $\{1,\ldots,\left\lceil \sqrt{\Gamma_\textsf{LO}} \right\rceil\}$, where $\Gamma_\textsf{LO} = (\gamma_{\textsf{LLL}})^{n^2} \cdot 2^{\Theta(n\log{n})}$. With overwhelming probability, after a single cal Our tester and its creation method are both deterministic. Their success probability only depends o

Theorems & Definitions (20)

  • Theorem 1.1
  • Theorem 1.2: Modular Arithmetic Approach
  • Theorem 1.3
  • Claim 3.1: cf.,Frieze
  • proof : Proof of \ref{['claim:LO']}
  • Theorem 4.1: Modular Arithmetic Approach
  • proof : Proof of Theorem \ref{['thm:main-theorem']} assuming \ref{['thm:multipliers']}
  • proof
  • Lemma 4.3
  • Claim 4.4
  • ...and 10 more