576 research outputs found
Search-to-Decision Reductions for Lattice Problems with Approximation Factors (Slightly) Greater Than One
We show the first dimension-preserving search-to-decision reductions for
approximate SVP and CVP. In particular, for any ,
we obtain an efficient dimension-preserving reduction from -SVP to -GapSVP and an efficient dimension-preserving reduction
from -CVP to -GapCVP. These results generalize the known
equivalences of the search and decision versions of these problems in the exact
case when . For SVP, we actually obtain something slightly stronger
than a search-to-decision reduction---we reduce -SVP to
-unique SVP, a potentially easier problem than -GapSVP.Comment: Updated to acknowledge additional prior wor
Decoding by Embedding: Correct Decoding Radius and DMT Optimality
The closest vector problem (CVP) and shortest (nonzero) vector problem (SVP)
are the core algorithmic problems on Euclidean lattices. They are central to
the applications of lattices in many problems of communications and
cryptography. Kannan's \emph{embedding technique} is a powerful technique for
solving the approximate CVP, yet its remarkable practical performance is not
well understood. In this paper, the embedding technique is analyzed from a
\emph{bounded distance decoding} (BDD) viewpoint. We present two complementary
analyses of the embedding technique: We establish a reduction from BDD to
Hermite SVP (via unique SVP), which can be used along with any Hermite SVP
solver (including, among others, the Lenstra, Lenstra and Lov\'asz (LLL)
algorithm), and show that, in the special case of LLL, it performs at least as
well as Babai's nearest plane algorithm (LLL-aided SIC). The former analysis
helps to explain the folklore practical observation that unique SVP is easier
than standard approximate SVP. It is proven that when the LLL algorithm is
employed, the embedding technique can solve the CVP provided that the noise
norm is smaller than a decoding radius , where
is the minimum distance of the lattice, and . This
substantially improves the previously best known correct decoding bound . Focusing on the applications of BDD to decoding of
multiple-input multiple-output (MIMO) systems, we also prove that BDD of the
regularized lattice is optimal in terms of the diversity-multiplexing gain
tradeoff (DMT), and propose practical variants of embedding decoding which
require no knowledge of the minimum distance of the lattice and/or further
improve the error performance.Comment: To appear in IEEE Transactions on Information Theor
Local Testing for Membership in Lattices
Motivated by the structural analogies between point lattices and linear error-correcting codes, and by the mature theory on locally testable codes, we initiate a systematic study of local testing for membership in lattices. Testing membership in lattices is also motivated in practice, by applications to integer programming, error detection in lattice-based communication, and cryptography. Apart from establishing the conceptual foundations of lattice testing, our results include the following: 1. We demonstrate upper and lower bounds on the query complexity of local testing for the well-known family of code formula lattices. Furthermore, we instantiate our results with code formula lattices constructed from Reed-Muller codes, and obtain nearly-tight bounds. 2. We show that in order to achieve low query complexity, it is sufficient to design one-sided non-adaptive canonical tests. This result is akin to, and based on an analogous result for error-correcting codes due to Ben-Sasson et al. (SIAM J. Computing 35(1) pp1-21)
Cryptography based on the Hardness of Decoding
This thesis provides progress in the fields of for lattice and coding based cryptography. The first contribution consists of constructions of IND-CCA2 secure public key cryptosystems from both the McEliece and the low noise learning parity with noise assumption. The second contribution is a novel instantiation of the lattice-based learning with errors problem which uses uniform errors
Decoding by Sampling: A Randomized Lattice Algorithm for Bounded Distance Decoding
Despite its reduced complexity, lattice reduction-aided decoding exhibits a
widening gap to maximum-likelihood (ML) performance as the dimension increases.
To improve its performance, this paper presents randomized lattice decoding
based on Klein's sampling technique, which is a randomized version of Babai's
nearest plane algorithm (i.e., successive interference cancelation (SIC)). To
find the closest lattice point, Klein's algorithm is used to sample some
lattice points and the closest among those samples is chosen. Lattice reduction
increases the probability of finding the closest lattice point, and only needs
to be run once during pre-processing. Further, the sampling can operate very
efficiently in parallel. The technical contribution of this paper is two-fold:
we analyze and optimize the decoding radius of sampling decoding resulting in
better error performance than Klein's original algorithm, and propose a very
efficient implementation of random rounding. Of particular interest is that a
fixed gain in the decoding radius compared to Babai's decoding can be achieved
at polynomial complexity. The proposed decoder is useful for moderate
dimensions where sphere decoding becomes computationally intensive, while
lattice reduction-aided decoding starts to suffer considerable loss. Simulation
results demonstrate near-ML performance is achieved by a moderate number of
samples, even if the dimension is as high as 32
Polynomial Time Bounded Distance Decoding near Minkowski's Bound in Discrete Logarithm Lattices
International audienceWe propose a concrete family of dense lattices of arbitrary dimension n in which the lattice Bounded Distance Decoding (BDD) problem can be solved in determin-istic polynomial time. This construction is directly adapted from the Chor-Rivest cryptosystem (IEEE-TIT 1988). The lattice construction needs discrete logarithm computations that can be made in deterministic polynomial time for well-chosen parameters. Each lattice comes with a deterministic polynomial time decoding algorithm able to decode up to large radius. Namely, we reach decoding radius within O(log n) Minkowski's bound, for both 1 and 2 norms
- …