The LLL basis reduction algorithm was the first polynomial-time algorithm to compute a reduced basis of a given lattice, and hence also a short vector in the lattice. It approximates an NP-hard problem where the approximation quality solely depends on the dimension of the lattice, but not the lattice itself. The algorithm has applications in number theory, computer algebra and cryptography. In this paper, we provide an implementation of the LLL algorithm. Both its soundness and its polynomial running-time have been verified using Isabelle/HOL. Our implementation is nearly as fast as an implementation in a commercial computer algebra system, and its efficiency can be further increased by connecting it with fast untrusted lattice reduction algorithms and certifying their output. We additionally integrate one application of LLL, namely a verified factorization algorithm for univariate integer polynomials which runs in polynomial time.

中文翻译：

---

在 Isabelle/HOL 中形式化 LLL 基约简算法和 LLL 分解算法

LLL 基约简算法是第一个计算给定格的约简基的多项式时间算法，因此也是格中的短向量。它近似于一个 NP-hard 问题，其中近似质量仅取决于晶格的维度，而不是晶格本身。该算法在数论、计算机代数和密码学中有应用。在本文中，我们提供了 LLL 算法的实现。它的稳健性和多项式运行时间都已使用 Isabelle/HOL 进行了验证。我们的实现几乎与商业计算机代数系统中的实现一样快，并且可以通过将其与快速不受信任的格约简算法连接并验证其输出来进一步提高其效率。我们还集成了一个 LLL 应用程序，