Searching worst cases of a one-variable function using lattice reduction

We propose a new algorithm to find worst cases for the correct rounding of a mathematical function of one variable. We first reduce this problem to the real small value problem - i.e., for polynomials with real coefficients. Then, we show that this second problem can be solved efficiently by extending Coppersmith's work on the integer small value problem - for polynomials with integer coefficients - using lattice reduction. For floating-point numbers with a mantissa less than N and a polynomial approximation of degree d, our algorithm finds all worst cases at distance less than N/sup -d2//2d+1 from a machine number in time O(N/sup (d+1/2d+1)+/spl epsiv//). For d=2, a detailed study improves on the O(N/sup 2/(3+/spl epsiv/)/) complexity from Lefevre's algorithm to O(N/sup 4/(7+/spl epsiv/)/). For larger d, our algorithm can be used to check that there exist no worst cases at distance less than N/sup -k/ in time O(N/sup 1/(2+/spl epsiv/)/).

[1]  Jean-Michel Muller,et al.  Worst cases for correct rounding of the elementary functions in double precision , 2001, Proceedings 15th IEEE Symposium on Computer Arithmetic. ARITH-15 2001.

[2]  Noam D. Elkies Rational Points Near Curves and Small Nonzero |x3-y2| via Lattice Reduction , 2000, ANTS.

[3]  Tommy Färnqvist Number Theory Meets Cache Locality – Efficient Implementation of a Small Prime FFT for the GNU Multiple Precision Arithmetic Library , 2005 .

[4]  V. Lefèvre,et al.  Moyens arithmetiques pour un calcul fiable , 2000 .

[5]  László Lovász,et al.  Algorithmic theory of numbers, graphs and convexity , 1986, CBMS-NSF regional conference series in applied mathematics.

[6]  Jean-Michel Muller,et al.  Correctly rounded exponential function in double-precision arithmetic , 2001, SPIE Optics + Photonics.

[7]  Don Coppersmith,et al.  Finding a Small Root of a Univariate Modular Equation , 1996, EUROCRYPT.

[8]  Vincent Lefèvre,et al.  Worst cases and lattice reduction , 2003, Proceedings 2003 16th IEEE Symposium on Computer Arithmetic.

[9]  D. Boneh Cryptanalysis of RSA with Private Key d Less Than N 0 , 1999 .

[10]  Abraham Ziv,et al.  Fast evaluation of elementary mathematical functions with correctly rounded last bit , 1991, TOMS.

[11]  Dan Boneh,et al.  Cryptanalysis of RSA with private key d less than N0.292 , 1999, IEEE Trans. Inf. Theory.

[12]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[13]  David Defour,et al.  Proposal for a Standardization of Mathematical Function Implementation in Floating-Point Arithmetic , 2004, Numerical Algorithms.

[14]  Ansi Ieee,et al.  IEEE Standard for Binary Floating Point Arithmetic , 1985 .

[15]  Guido D. Salvucci,et al.  Ieee standard for binary floating-point arithmetic , 1985 .

[16]  David W. Matula,et al.  On infinitely precise rounding for division, square root, reciprocal and square root reciprocal , 1999, Proceedings 14th IEEE Symposium on Computer Arithmetic (Cat. No.99CB36336).

[17]  Don Coppersmith,et al.  Finding Small Solutions to Small Degree Polynomials , 2001, CaLC.

[18]  Don Coppersmith,et al.  Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known , 1996, EUROCRYPT.

[19]  D. Boneh,et al.  Cryptanalysis of RSA with Private Key Less Than , 2000 .

[20]  Damien Stehlé BREAKING LITTLEWOOD'S CIPHER , 2004, Cryptologia.

[21]  D. Boneh,et al.  Factoring N = pr q for large r , 1999 .

[22]  Tomás Lang,et al.  Bounds on runs of zeros and ones for algebraic functions , 2001, Proceedings 15th IEEE Symposium on Computer Arithmetic. ARITH-15 2001.

[23]  Dan Boneh,et al.  Factoring N = prq for Large r , 1999, CRYPTO.