2,395 research outputs found
On the Quantitative Hardness of CVP
For odd
integers (and ), we show that the Closest Vector Problem
in the norm (\CVP_p) over rank lattices cannot be solved in
2^{(1-\eps) n} time for any constant \eps > 0 unless the Strong Exponential
Time Hypothesis (SETH) fails. We then extend this result to "almost all" values
of , not including the even integers. This comes tantalizingly close
to settling the quantitative time complexity of the important special case of
\CVP_2 (i.e., \CVP in the Euclidean norm), for which a -time
algorithm is known. In particular, our result applies for any
that approaches as .
We also show a similar SETH-hardness result for \SVP_\infty; hardness of
approximating \CVP_p to within some constant factor under the so-called
Gap-ETH assumption; and other quantitative hardness results for \CVP_p and
\CVPP_p for any under different assumptions
On the Closest Vector Problem with a Distance Guarantee
We present a substantially more efficient variant, both in terms of running
time and size of preprocessing advice, of the algorithm by Liu, Lyubashevsky,
and Micciancio for solving CVPP (the preprocessing version of the Closest
Vector Problem, CVP) with a distance guarantee. For instance, for any , our algorithm finds the (unique) closest lattice point for any target
point whose distance from the lattice is at most times the length of
the shortest nonzero lattice vector, requires as preprocessing advice only vectors, and runs in
time .
As our second main contribution, we present reductions showing that it
suffices to solve CVP, both in its plain and preprocessing versions, when the
input target point is within some bounded distance of the lattice. The
reductions are based on ideas due to Kannan and a recent sparsification
technique due to Dadush and Kun. Combining our reductions with the LLM
algorithm gives an approximation factor of for search
CVPP, improving on the previous best of due to Lagarias, Lenstra,
and Schnorr. When combined with our improved algorithm we obtain, somewhat
surprisingly, that only O(n) vectors of preprocessing advice are sufficient to
solve CVPP with (the only slightly worse) approximation factor of O(n).Comment: An early version of the paper was titled "On Bounded Distance
Decoding and the Closest Vector Problem with Preprocessing". Conference on
Computational Complexity (2014
Search-to-Decision Reductions for Lattice Problems with Approximation Factors (Slightly) Greater Than One
We show the first dimension-preserving search-to-decision reductions for
approximate SVP and CVP. In particular, for any ,
we obtain an efficient dimension-preserving reduction from -SVP to -GapSVP and an efficient dimension-preserving reduction
from -CVP to -GapCVP. These results generalize the known
equivalences of the search and decision versions of these problems in the exact
case when . For SVP, we actually obtain something slightly stronger
than a search-to-decision reduction---we reduce -SVP to
-unique SVP, a potentially easier problem than -GapSVP.Comment: Updated to acknowledge additional prior wor
New Shortest Lattice Vector Problems of Polynomial Complexity
The Shortest Lattice Vector (SLV) problem is in general hard to solve, except
for special cases (such as root lattices and lattices for which an obtuse
superbase is known). In this paper, we present a new class of SLV problems that
can be solved efficiently. Specifically, if for an -dimensional lattice, a
Gram matrix is known that can be written as the difference of a diagonal matrix
and a positive semidefinite matrix of rank (for some constant ), we show
that the SLV problem can be reduced to a -dimensional optimization problem
with countably many candidate points. Moreover, we show that the number of
candidate points is bounded by a polynomial function of the ratio of the
smallest diagonal element and the smallest eigenvalue of the Gram matrix.
Hence, as long as this ratio is upper bounded by a polynomial function of ,
the corresponding SLV problem can be solved in polynomial complexity. Our
investigations are motivated by the emergence of such lattices in the field of
Network Information Theory. Further applications may exist in other areas.Comment: 13 page
Compute-and-Forward: Finding the Best Equation
Compute-and-Forward is an emerging technique to deal with interference. It
allows the receiver to decode a suitably chosen integer linear combination of
the transmitted messages. The integer coefficients should be adapted to the
channel fading state. Optimizing these coefficients is a Shortest Lattice
Vector (SLV) problem. In general, the SLV problem is known to be prohibitively
complex. In this paper, we show that the particular SLV instance resulting from
the Compute-and-Forward problem can be solved in low polynomial complexity and
give an explicit deterministic algorithm that is guaranteed to find the optimal
solution.Comment: Paper presented at 52nd Allerton Conference, October 201
Inapproximability of Combinatorial Optimization Problems
We survey results on the hardness of approximating combinatorial optimization
problems
Reduction algorithms for the cryptanalysis of lattice based asymmetrical cryptosystems
Thesis (Master)--Izmir Institute of Technology, Computer Engineering, Izmir, 2008Includes bibliographical references (leaves: 79-91)Text in English; Abstract: Turkish and Englishxi, 119 leavesThe theory of lattices has attracted a great deal of attention in cryptology in recent years. Several cryptosystems are constructed based on the hardness of the lattice problems such as the shortest vector problem and the closest vector problem. The aim of this thesis is to study the most commonly used lattice basis reduction algorithms, namely Lenstra Lenstra Lovasz (LLL) and Block Kolmogorov Zolotarev (BKZ) algorithms, which are utilized to approximately solve the mentioned lattice based problems.Furthermore, the most popular variants of these algorithms in practice are evaluated experimentally by varying the common reduction parameter delta in order to propose some practical assessments about the effect of this parameter on the process of basis reduction.These kind of practical assessments are believed to have non-negligible impact on the theory of lattice reduction, and so the cryptanalysis of lattice cryptosystems, due to thefact that the contemporary nature of the reduction process is mainly controlled by theheuristics
- …