7,268 research outputs found
Near-Optimal Deterministic Algorithms for Volume Computation and Lattice Problems via M-Ellipsoids
We give a deterministic 2^{O(n)} algorithm for computing an M-ellipsoid of a
convex body, matching a known lower bound. This has several interesting
consequences including improved deterministic algorithms for volume estimation
of convex bodies and the shortest and closest lattice vector problems under
general norms
Lattice Enumeration Using Extreme Pruning
International audienceLattice enumeration algorithms are the most basic algorithms for solving hard lattice problems such as the shortest vector problem and the closest vector problem, and are often used in public-key cryptanaly-sis either as standalone algorithms, or as subroutines in lattice reduction algorithms. Here we revisit these fundamental algorithms and show that surprising exponential speedups can be achieved both in theory and in practice by using a new technique, which we call extreme pruning. We also provide what is arguably the first sound analysis of pruning, which was introduced in the 1990s by Schnorr et al
Solving the Closest Vector Problem in Time--- The Discrete Gaussian Strikes Again!
We give a -time and space randomized algorithm for solving the
exact Closest Vector Problem (CVP) on -dimensional Euclidean lattices. This
improves on the previous fastest algorithm, the deterministic
-time and -space algorithm of
Micciancio and Voulgaris.
We achieve our main result in three steps. First, we show how to modify the
sampling algorithm from [ADRS15] to solve the problem of discrete Gaussian
sampling over lattice shifts, , with very low parameters. While the
actual algorithm is a natural generalization of [ADRS15], the analysis uses
substantial new ideas. This yields a -time algorithm for
approximate CVP for any approximation factor .
Second, we show that the approximate closest vectors to a target vector can
be grouped into "lower-dimensional clusters," and we use this to obtain a
recursive reduction from exact CVP to a variant of approximate CVP that
"behaves well with these clusters." Third, we show that our discrete Gaussian
sampling algorithm can be used to solve this variant of approximate CVP.
The analysis depends crucially on some new properties of the discrete
Gaussian distribution and approximate closest vectors, which might be of
independent interest
Search-to-Decision Reductions for Lattice Problems with Approximation Factors (Slightly) Greater Than One
We show the first dimension-preserving search-to-decision reductions for
approximate SVP and CVP. In particular, for any ,
we obtain an efficient dimension-preserving reduction from -SVP to -GapSVP and an efficient dimension-preserving reduction
from -CVP to -GapCVP. These results generalize the known
equivalences of the search and decision versions of these problems in the exact
case when . For SVP, we actually obtain something slightly stronger
than a search-to-decision reduction---we reduce -SVP to
-unique SVP, a potentially easier problem than -GapSVP.Comment: Updated to acknowledge additional prior wor
New Shortest Lattice Vector Problems of Polynomial Complexity
The Shortest Lattice Vector (SLV) problem is in general hard to solve, except
for special cases (such as root lattices and lattices for which an obtuse
superbase is known). In this paper, we present a new class of SLV problems that
can be solved efficiently. Specifically, if for an -dimensional lattice, a
Gram matrix is known that can be written as the difference of a diagonal matrix
and a positive semidefinite matrix of rank (for some constant ), we show
that the SLV problem can be reduced to a -dimensional optimization problem
with countably many candidate points. Moreover, we show that the number of
candidate points is bounded by a polynomial function of the ratio of the
smallest diagonal element and the smallest eigenvalue of the Gram matrix.
Hence, as long as this ratio is upper bounded by a polynomial function of ,
the corresponding SLV problem can be solved in polynomial complexity. Our
investigations are motivated by the emergence of such lattices in the field of
Network Information Theory. Further applications may exist in other areas.Comment: 13 page
Tensor-based trapdoors for CVP and their application to public key cryptography
We propose two trapdoors for the Closest-Vector-Problem in lattices (CVP) related to the lattice tensor product. Using these trapdoors we set up a lattice-based cryptosystem which resembles to the McEliece scheme
- …