1,142 research outputs found
Tensor-based trapdoors for CVP and their application to public key cryptography
We propose two trapdoors for the Closest-Vector-Problem in lattices (CVP) related to the lattice tensor product. Using these trapdoors we set up a lattice-based cryptosystem which resembles to the McEliece scheme
On the Lattice Distortion Problem
We introduce and study the \emph{Lattice Distortion Problem} (LDP). LDP asks
how "similar" two lattices are. I.e., what is the minimal distortion of a
linear bijection between the two lattices? LDP generalizes the Lattice
Isomorphism Problem (the lattice analogue of Graph Isomorphism), which simply
asks whether the minimal distortion is one.
As our first contribution, we show that the distortion between any two
lattices is approximated up to a factor by a simple function of
their successive minima. Our methods are constructive, allowing us to compute
low-distortion mappings that are within a factor
of optimal in polynomial time and within a factor of optimal in
singly exponential time. Our algorithms rely on a notion of basis reduction
introduced by Seysen (Combinatorica 1993), which we show is intimately related
to lattice distortion. Lastly, we show that LDP is NP-hard to approximate to
within any constant factor (under randomized reductions), by a reduction from
the Shortest Vector Problem.Comment: This is the full version of a paper that appeared in ESA 201
On the Quantitative Hardness of CVP
For odd
integers (and ), we show that the Closest Vector Problem
in the norm (\CVP_p) over rank lattices cannot be solved in
2^{(1-\eps) n} time for any constant \eps > 0 unless the Strong Exponential
Time Hypothesis (SETH) fails. We then extend this result to "almost all" values
of , not including the even integers. This comes tantalizingly close
to settling the quantitative time complexity of the important special case of
\CVP_2 (i.e., \CVP in the Euclidean norm), for which a -time
algorithm is known. In particular, our result applies for any
that approaches as .
We also show a similar SETH-hardness result for \SVP_\infty; hardness of
approximating \CVP_p to within some constant factor under the so-called
Gap-ETH assumption; and other quantitative hardness results for \CVP_p and
\CVPP_p for any under different assumptions
Parameterized Intractability of Even Set and Shortest Vector Problem from Gap-ETH
The k-Even Set problem is a parameterized variant of the Minimum Distance Problem of linear codes over F_2, which can be stated as follows: given a generator matrix A and an integer k, determine whether the code generated by A has distance at most k. Here, k is the parameter of the problem. The question of whether k-Even Set is fixed parameter tractable (FPT) has been repeatedly raised in literature and has earned its place in Downey and Fellows\u27 book (2013) as one of the "most infamous" open problems in the field of Parameterized Complexity.
In this work, we show that k-Even Set does not admit FPT algorithms under the (randomized) Gap Exponential Time Hypothesis (Gap-ETH) [Dinur\u2716, Manurangsi-Raghavendra\u2716]. In fact, our result rules out not only exact FPT algorithms, but also any constant factor FPT approximation algorithms for the problem. Furthermore, our result holds even under the following weaker assumption, which is also known as the Parameterized Inapproximability Hypothesis (PIH) [Lokshtanov et al.\u2717]: no (randomized) FPT algorithm can distinguish a satisfiable 2CSP instance from one which is only 0.99-satisfiable (where the parameter is the number of variables).
We also consider the parameterized k-Shortest Vector Problem (SVP), in which we are given a lattice whose basis vectors are integral and an integer k, and the goal is to determine whether the norm of the shortest vector (in the l_p norm for some fixed p) is at most k. Similar to k-Even Set, this problem is also a long-standing open problem in the field of Parameterized Complexity. We show that, for any p > 1, k-SVP is hard to approximate (in FPT time) to some constant factor, assuming PIH. Furthermore, for the case of p = 2, the inapproximability factor can be amplified to any constant
Search-to-Decision Reductions for Lattice Problems with Approximation Factors (Slightly) Greater Than One
We show the first dimension-preserving search-to-decision reductions for
approximate SVP and CVP. In particular, for any ,
we obtain an efficient dimension-preserving reduction from -SVP to -GapSVP and an efficient dimension-preserving reduction
from -CVP to -GapCVP. These results generalize the known
equivalences of the search and decision versions of these problems in the exact
case when . For SVP, we actually obtain something slightly stronger
than a search-to-decision reduction---we reduce -SVP to
-unique SVP, a potentially easier problem than -GapSVP.Comment: Updated to acknowledge additional prior wor
- …