47 research outputs found
On the Lattice Isomorphism Problem
We study the Lattice Isomorphism Problem (LIP), in which given two lattices
L_1 and L_2 the goal is to decide whether there exists an orthogonal linear
transformation mapping L_1 to L_2. Our main result is an algorithm for this
problem running in time n^{O(n)} times a polynomial in the input size, where n
is the rank of the input lattices. A crucial component is a new generalized
isolation lemma, which can isolate n linearly independent vectors in a given
subset of Z^n and might be useful elsewhere. We also prove that LIP lies in the
complexity class SZK.Comment: 23 pages, SODA 201
On the Quantitative Hardness of CVP
For odd
integers (and ), we show that the Closest Vector Problem
in the norm (\CVP_p) over rank lattices cannot be solved in
2^{(1-\eps) n} time for any constant \eps > 0 unless the Strong Exponential
Time Hypothesis (SETH) fails. We then extend this result to "almost all" values
of , not including the even integers. This comes tantalizingly close
to settling the quantitative time complexity of the important special case of
\CVP_2 (i.e., \CVP in the Euclidean norm), for which a -time
algorithm is known. In particular, our result applies for any
that approaches as .
We also show a similar SETH-hardness result for \SVP_\infty; hardness of
approximating \CVP_p to within some constant factor under the so-called
Gap-ETH assumption; and other quantitative hardness results for \CVP_p and
\CVPP_p for any under different assumptions
On the Closest Vector Problem with a Distance Guarantee
We present a substantially more efficient variant, both in terms of running
time and size of preprocessing advice, of the algorithm by Liu, Lyubashevsky,
and Micciancio for solving CVPP (the preprocessing version of the Closest
Vector Problem, CVP) with a distance guarantee. For instance, for any , our algorithm finds the (unique) closest lattice point for any target
point whose distance from the lattice is at most times the length of
the shortest nonzero lattice vector, requires as preprocessing advice only vectors, and runs in
time .
As our second main contribution, we present reductions showing that it
suffices to solve CVP, both in its plain and preprocessing versions, when the
input target point is within some bounded distance of the lattice. The
reductions are based on ideas due to Kannan and a recent sparsification
technique due to Dadush and Kun. Combining our reductions with the LLM
algorithm gives an approximation factor of for search
CVPP, improving on the previous best of due to Lagarias, Lenstra,
and Schnorr. When combined with our improved algorithm we obtain, somewhat
surprisingly, that only O(n) vectors of preprocessing advice are sufficient to
solve CVPP with (the only slightly worse) approximation factor of O(n).Comment: An early version of the paper was titled "On Bounded Distance
Decoding and the Closest Vector Problem with Preprocessing". Conference on
Computational Complexity (2014
Hardness of the (Approximate) Shortest Vector Problem: A Simple Proof via Reed-Solomon Codes
We give a
simple proof that the (approximate, decisional) Shortest Vector Problem is
\NP-hard under a randomized reduction. Specifically, we show that for any and any constant , the -approximate problem
in the norm (-\GapSVP_p) is not in unless \NP
\subseteq \mathsf{RP}. Our proof follows an approach pioneered by Ajtai (STOC
1998), and strengthened by Micciancio (FOCS 1998 and SICOMP 2000), for showing
hardness of -\GapSVP_p using locally dense lattices. We construct
such lattices simply by applying "Construction A" to Reed-Solomon codes with
suitable parameters, and prove their local density via an elementary argument
originally used in the context of Craig lattices.
As in all known \NP-hardness results for \GapSVP_p with , our
reduction uses randomness. Indeed, it is a notorious open problem to prove
\NP-hardness via a deterministic reduction. To this end, we additionally
discuss potential directions and associated challenges for derandomizing our
reduction. In particular, we show that a close deterministic analogue of our
local density construction would improve on the state-of-the-art explicit
Reed-Solomon list-decoding lower bounds of Guruswami and Rudra (STOC 2005 and
IEEE Trans. Inf. Theory 2006).
As a related contribution of independent interest, we also give a
polynomial-time algorithm for decoding -dimensional "Construction A
Reed-Solomon lattices" (with different parameters than those used in our
hardness proof) to a distance within an factor of
Minkowski's bound. This asymptotically matches the best known distance for
decoding near Minkowski's bound, due to Mook and Peikert (IEEE Trans. Inf.
Theory 2022), whose work we build on with a somewhat simpler construction and
analysis
Integrality gaps of semidefinite programs for Vertex Cover and relations to embeddability of Negative Type metrics
We study various SDP formulations for {\sc Vertex Cover} by adding different
constraints to the standard formulation. We show that {\sc Vertex Cover} cannot
be approximated better than even when we add the so called pentagonal
inequality constraints to the standard SDP formulation, en route answering an
open question of Karakostas~\cite{Karakostas}. We further show the surprising
fact that by strengthening the SDP with the (intractable) requirement that the
metric interpretation of the solution is an metric, we get an exact
relaxation (integrality gap is 1), and on the other hand if the solution is
arbitrarily close to being embeddable, the integrality gap may be as
big as . Finally, inspired by the above findings, we use ideas from the
integrality gap construction of Charikar \cite{Char02} to provide a family of
simple examples for negative type metrics that cannot be embedded into
with distortion better than 8/7-\eps. To this end we prove a new
isoperimetric inequality for the hypercube.Comment: A more complete version. Changed order of results. A complete proof
of (current) Theorem
The -Unique Shortest Vector Problem is Hard
The unique Shortest Vector Problem (uSVP) gained prominence because
it was the problem upon which the first provably-secure
lattice-based cryptosystems were built. But it was an open problem
as to whether uSVP was as hard as the standard, more general,
version of the shortest vector problem.
We show that there is a reduction from the approximate decision
version of the shortest vector problem (GapSVP) to the unique
shortest vector problem. In particular, we show that for any
, there is a reduction from GapSVP to
-uSVP. This implies that the Ajtai-Dwork
and the Regev cryptosystems are based on the hardness of the
worst-case GapSVP and GapSVP,
respectively. Our reduction is quite elementary, but it does use a
clever, yet surprisingly simple (in retrospect!), idea of Peikert
that was recently used by him to construct a cryptosystem based on
the worst-case hardness of GapSVP