2,110 research outputs found
Improved Algorithms for the Shortest Vector Problem and the Closest Vector Problem in the Infinity Norm
Blomer and Naewe[BN09] modified the randomized sieving algorithm of Ajtai,
Kumar and Sivakumar[AKS01] to solve the shortest vector problem (SVP). The
algorithm starts with randomly chosen vectors in the lattice and
employs a sieving procedure to iteratively obtain shorter vectors in the
lattice. The running time of the sieving procedure is quadratic in .
We study this problem for the special but important case of the
norm. We give a new sieving procedure that runs in time linear in , thereby
significantly improving the running time of the algorithm for SVP in the
norm. As in [AKS02,BN09], we also extend this algorithm to obtain
significantly faster algorithms for approximate versions of the shortest vector
problem and the closest vector problem (CVP) in the norm.
We also show that the heuristic sieving algorithms of Nguyen and Vidick[NV08]
and Wang et al.[WLTB11] can also be analyzed in the norm. The
main technical contribution in this part is to calculate the expected volume of
intersection of a unit ball centred at origin and another ball of a different
radius centred at a uniformly random point on the boundary of the unit ball.
This might be of independent interest.Comment: Changed the titl
Approximate Voronoi cells for lattices, revisited
We revisit the approximate Voronoi cells approach for solving the closest
vector problem with preprocessing (CVPP) on high-dimensional lattices, and
settle the open problem of Doulgerakis-Laarhoven-De Weger [PQCrypto, 2019] of
determining exact asymptotics on the volume of these Voronoi cells under the
Gaussian heuristic. As a result, we obtain improved upper bounds on the time
complexity of the randomized iterative slicer when using less than memory, and we show how to obtain time-memory trade-offs even when using
less than memory. We also settle the open problem of
obtaining a continuous trade-off between the size of the advice and the query
time complexity, as the time complexity with subexponential advice in our
approach scales as , matching worst-case enumeration bounds,
and achieving the same asymptotic scaling as average-case enumeration
algorithms for the closest vector problem.Comment: 18 pages, 1 figur
Approximate CVP_p in Time 2^{0.802 n}
We show that a constant factor approximation of the shortest and closest lattice vector problem w.r.t. any ?_p-norm can be computed in time 2^{(0.802 +?) n}. This matches the currently fastest constant factor approximation algorithm for the shortest vector problem w.r.t. ??. To obtain our result, we combine the latter algorithm w.r.t. ?? with geometric insights related to coverings
QSETH strikes again: finer quantum lower bounds for lattice problem, strong simulation, hitting set problem, and more
While seemingly undesirable, it is not a surprising fact that there are
certain problems for which quantum computers offer no computational advantage
over their respective classical counterparts. Moreover, there are problems for
which there is no `useful' computational advantage possible with the current
quantum hardware. This situation however can be beneficial if we don't want
quantum computers to solve certain problems fast - say problems relevant to
post-quantum cryptography. In such a situation, we would like to have evidence
that it is difficult to solve those problems on quantum computers; but what is
their exact complexity?
To do so one has to prove lower bounds, but proving unconditional time lower
bounds has never been easy. As a result, resorting to conditional lower bounds
has been quite popular in the classical community and is gaining momentum in
the quantum community. In this paper, by the use of the QSETH framework
[Buhrman-Patro-Speelman 2021], we are able to understand the quantum complexity
of a few natural variants of CNFSAT, such as parity-CNFSAT or counting-CNFSAT,
and also are able to comment on the non-trivial complexity of
approximate-#CNFSAT; both of these have interesting implications about the
complexity of (variations of) lattice problems, strong simulation and hitting
set problem, and more.
In the process, we explore the QSETH framework in greater detail than was
(required and) discussed in the original paper, thus also serving as a useful
guide on how to effectively use the QSETH framework.Comment: 34 pages, 2 tables, 2 figure
On the Quantum Complexity of the Continuous Hidden Subgroup Problem
The Hidden Subgroup Problem (HSP) aims at capturing all problems that are susceptible to be solvable in quantum polynomial time following the blueprints of Shor's celebrated algorithm. Successful solutions to this problems over various commutative groups allow to efficiently perform number-theoretic tasks such as factoring or finding discrete logarithms.
The latest successful generalization (Eisentrager et al. STOC 2014) considers the problem of finding a full-rank lattice as the hidden subgroup of the continuous vector space Rm
, even for large dimensions m
. It unlocked new cryptanalytic algorithms (Biasse-Song SODA 2016, Cramer et al. EUROCRYPT 2016 and 2017), in particular to find mildly short vectors in ideal lattices.
The cryptanalytic relevance of such a problem raises the question of a more refined and quantitative complexity analysis. In the light of the increasing physical difficulty of maintaining a large entanglement of qubits, the degree of concern may be different whether the above algorithm requires only linearly many qubits or a much larger polynomial amount of qubits.
This is the question we start addressing with this work. We propose a detailed analysis of (a variation of) the aforementioned HSP algorithm, and conclude on its complexity as a function of all the relevant parameters. Incidentally, our work clarifies certain claims from the extended abstract of Eisentrager et al
- …