21,414 research outputs found
Unique Shortest Vector Problem for max norm is NP-hard
The unique Shortest vector problem (uSVP) in lattice theory plays a crucial role in many public-key cryptosystems. The security of those cryptosystems bases on the hardness of uSVP. However, so far there is no proof for the proper hardness of uSVP even in its exact version. In this paper, we show that the exact version of uSVP for norm is NP-hard. Furthermore, many other lattice problems including unique Subspace avoiding problem, unique Closest vector problem and unique Generalized closest vector problem, for any norm, are also shown to be NP-hard
Improved Reduction from the Bounded Distance Decoding Problem to the Unique Shortest Vector Problem in Lattices
We present a probabilistic polynomial-time reduction from the lattice Bounded Distance Decoding (BDD) problem with parameter 1/( sqrt(2) * gamma) to the unique Shortest Vector Problem (uSVP) with parameter gamma for any gamma > 1 that is polynomial in the lattice dimension n. It improves the BDD to uSVP reductions of [Lyubashevsky and Micciancio, CRYPTO, 2009] and [Liu, Wang, Xu and Zheng, Inf. Process. Lett., 2014], which rely on Kannan\u27s embedding technique. The main ingredient to the improvement is the use of Khot\u27s lattice sparsification [Khot, FOCS, 2003] before resorting to Kannan\u27s embedding, in order to boost the uSVP parameter
The -Unique Shortest Vector Problem is Hard
The unique Shortest Vector Problem (uSVP) gained prominence because
it was the problem upon which the first provably-secure
lattice-based cryptosystems were built. But it was an open problem
as to whether uSVP was as hard as the standard, more general,
version of the shortest vector problem.
We show that there is a reduction from the approximate decision
version of the shortest vector problem (GapSVP) to the unique
shortest vector problem. In particular, we show that for any
, there is a reduction from GapSVP to
-uSVP. This implies that the Ajtai-Dwork
and the Regev cryptosystems are based on the hardness of the
worst-case GapSVP and GapSVP,
respectively. Our reduction is quite elementary, but it does use a
clever, yet surprisingly simple (in retrospect!), idea of Peikert
that was recently used by him to construct a cryptosystem based on
the worst-case hardness of GapSVP
On the Closest Vector Problem with a Distance Guarantee
We present a substantially more efficient variant, both in terms of running
time and size of preprocessing advice, of the algorithm by Liu, Lyubashevsky,
and Micciancio for solving CVPP (the preprocessing version of the Closest
Vector Problem, CVP) with a distance guarantee. For instance, for any , our algorithm finds the (unique) closest lattice point for any target
point whose distance from the lattice is at most times the length of
the shortest nonzero lattice vector, requires as preprocessing advice only vectors, and runs in
time .
As our second main contribution, we present reductions showing that it
suffices to solve CVP, both in its plain and preprocessing versions, when the
input target point is within some bounded distance of the lattice. The
reductions are based on ideas due to Kannan and a recent sparsification
technique due to Dadush and Kun. Combining our reductions with the LLM
algorithm gives an approximation factor of for search
CVPP, improving on the previous best of due to Lagarias, Lenstra,
and Schnorr. When combined with our improved algorithm we obtain, somewhat
surprisingly, that only O(n) vectors of preprocessing advice are sufficient to
solve CVPP with (the only slightly worse) approximation factor of O(n).Comment: An early version of the paper was titled "On Bounded Distance
Decoding and the Closest Vector Problem with Preprocessing". Conference on
Computational Complexity (2014
Decoding by Embedding: Correct Decoding Radius and DMT Optimality
The closest vector problem (CVP) and shortest (nonzero) vector problem (SVP)
are the core algorithmic problems on Euclidean lattices. They are central to
the applications of lattices in many problems of communications and
cryptography. Kannan's \emph{embedding technique} is a powerful technique for
solving the approximate CVP, yet its remarkable practical performance is not
well understood. In this paper, the embedding technique is analyzed from a
\emph{bounded distance decoding} (BDD) viewpoint. We present two complementary
analyses of the embedding technique: We establish a reduction from BDD to
Hermite SVP (via unique SVP), which can be used along with any Hermite SVP
solver (including, among others, the Lenstra, Lenstra and Lov\'asz (LLL)
algorithm), and show that, in the special case of LLL, it performs at least as
well as Babai's nearest plane algorithm (LLL-aided SIC). The former analysis
helps to explain the folklore practical observation that unique SVP is easier
than standard approximate SVP. It is proven that when the LLL algorithm is
employed, the embedding technique can solve the CVP provided that the noise
norm is smaller than a decoding radius , where
is the minimum distance of the lattice, and . This
substantially improves the previously best known correct decoding bound . Focusing on the applications of BDD to decoding of
multiple-input multiple-output (MIMO) systems, we also prove that BDD of the
regularized lattice is optimal in terms of the diversity-multiplexing gain
tradeoff (DMT), and propose practical variants of embedding decoding which
require no knowledge of the minimum distance of the lattice and/or further
improve the error performance.Comment: To appear in IEEE Transactions on Information Theor
Hard Mathematical Problems in Cryptography and Coding Theory
In this thesis, we are concerned with certain interesting computationally hard problems and the complexities of their associated algorithms. All of these problems share a common feature in that they all arise from, or have applications to, cryptography, or the theory of error correcting codes. Each chapter in the thesis is based on a stand-alone paper which attacks a particular hard problem. The problems and the techniques employed in attacking them are described in detail. The first problem concerns integer factorization: given a positive integer . the problem is to find the unique prime factors of . This problem, which was historically of only academic interest to number theorists, has in recent decades assumed a central importance in public-key cryptography. We propose a method for factorizing a given integer using a graph-theoretic algorithm employing Binary Decision Diagrams (BDD). The second problem that we consider is related to the classification of certain naturally arising classes of error correcting codes, called self-dual additive codes over the finite field of four elements, . We address the problem of classifying self-dual additive codes, determining their weight enumerators, and computing their minimum distance. There is a natural relation between self-dual additive codes over and graphs via isotropic systems. Utilizing the properties of the corresponding graphs, and again employing Binary Decision Diagrams (BDD) to compute the weight enumerators, we can obtain a theoretical speed up of the previously developed algorithm for the classification of these codes. The third problem that we investigate deals with one of the central issues in cryptography, which has historical origins in the theory of geometry of numbers, namely the shortest vector problem in lattices. One method which is used both in theory and practice to solve the shortest vector problem is by enumeration algorithms. Lattice enumeration is an exhaustive search whose goal is to find the shortest vector given a lattice basis as input. In our work, we focus on speeding up the lattice enumeration algorithm, and we propose two new ideas to this end. The shortest vector in a lattice can be written as . where are integer coefficients and are the lattice basis vectors. We propose an enumeration algorithm, called hybrid enumeration, which is a greedy approach for computing a short interval of possible integer values for the coefficients of a shortest lattice vector. Second, we provide an algorithm for estimating the signs or of the coefficients of a shortest vector . Both of these algorithms results in a reduction in the number of nodes in the search tree. Finally, the fourth problem that we deal with arises in the arithmetic of the class groups of imaginary quadratic fields. We follow the results of Soleng and Gillibert pertaining to the class numbers of some sequence of imaginary quadratic fields arising in the arithmetic of elliptic and hyperelliptic curves and compute a bound on the effective estimates for the orders of class groups of a family of imaginary quadratic number fields. That is, suppose is a sequence of positive numbers tending to infinity. Given any positive real number . an effective estimate is to find the smallest positive integer depending on such that for all . In other words, given a constant . we find a value such that the order of the ideal class in the ring (provided by the homomorphism in Soleng's paper) is greater than for any . In summary, in this thesis we attack some hard problems in computer science arising from arithmetic, geometry of numbers, and coding theory, which have applications in the mathematical foundations of cryptography and error correcting codes
Search-to-Decision Reductions for Lattice Problems with Approximation Factors (Slightly) Greater Than One
We show the first dimension-preserving search-to-decision reductions for
approximate SVP and CVP. In particular, for any ,
we obtain an efficient dimension-preserving reduction from -SVP to -GapSVP and an efficient dimension-preserving reduction
from -CVP to -GapCVP. These results generalize the known
equivalences of the search and decision versions of these problems in the exact
case when . For SVP, we actually obtain something slightly stronger
than a search-to-decision reduction---we reduce -SVP to
-unique SVP, a potentially easier problem than -GapSVP.Comment: Updated to acknowledge additional prior wor
- …