Zhe Li,San Ling,Chaoping Xing,Sze Ling Yeo

DOI: https://doi.org/10.48550/arXiv.1710.02265

2017-10-06

Cryptography and Security

Abstract:In this paper, we propose new classes of trapdoor functions to solve the closest vector problem in lattices. Specifically, we construct lattices based on properties of polynomials for which the closest vector problem is hard to solve unless some trapdoor information is revealed. We thoroughly analyze the security of our proposed functions using state-of-the-art attacks and results on lattice reductions. Finally, we describe how our functions can be used to design quantum-safe encryption schemes with reasonable public key sizes. In particular, our scheme can offer around $106$ bits of security with a public key size of around $6.4$ $\texttt{KB}$. Our encryption schemes are efficient with respect to key generation, encryption and decryption.

Wei,Chengliang Tian,Xiaoyun Wang

DOI: https://doi.org/10.1016/j.disc.2013.10.020

IF: 0.961

2014-01-01

Discrete Mathematics

Abstract:In this paper, we first discuss lattices possessing nϵ-unique shortest vectors. We obtain three optimal transference theorems by establishing close relationships among successive minima, the covering radius and the minimal length of generating vectors. These results can be used to get finer reductions between GapSV Pγ′ and GapSIV Pγ for this class of lattices. Our work improves related results in the literature. In the second part of this paper, we prove a new transference theorem for general lattices where an optimal lower bound relating the successive minima of a lattice with its dual is given. As an application, we compare the respective advantages of current upper bounds on the smoothing parameters related to discrete Gaussian measures on lattices and give a more appropriate bound for lattices with duals possessing n-unique shortest vectors.

Robert Lin,Peter W. Shor

2024-01-23

Abstract:We introduce a new class of algorithms for finding a short vector in lattices defined by codes of co-dimension $k$ over $\mathbb{Z}_P^d$, where $P$ is prime. The co-dimension $1$ case is solved by exploiting the packing properties of the projections mod $P$ of an initial set of non-lattice vectors onto a single dual codeword. The technical tools we introduce are sorting of the projections followed by single-step pairwise Euclidean reduction of the projections, resulting in monotonic convergence of the positive-valued projections to zero. The length of vectors grows by a geometric factor each iteration. For fixed $P$ and $d$, and large enough user-defined input sets, we show that it is possible to minimize the number of iterations, and thus the overall length expansion factor, to obtain a short lattice vector. Thus we obtain a novel approach for controlling the output length, which resolves an open problem posed by Noah Stephens-Davidowitz (the possibility of an approximation scheme for the shortest-vector problem (SVP) which does not reduce to near-exact SVP). In our approach, one may obtain short vectors even when the lattice dimension is quite large, e.g., 8000. For fixed $P$, the algorithm yields shorter vectors for larger $d$. We additionally present a number of extensions and generalizations of our fundamental co-dimension $1$ method. These include a method for obtaining many different lattice vectors by multiplying the dual codeword by an integer and then modding by $P$; a co-dimension $k$ generalization; a large input set generalization; and finally, a "block" generalization, which involves the replacement of pairwise (Euclidean) reduction by a $k$-party (non-Euclidean) reduction. The $k$-block generalization of our algorithm constitutes a class of polynomial-time algorithms indexed by $k\geq 2$, which yield successively improved approximations for the short vector problem.

Cryptography and Security,Number Theory

Nihar Gargava,Vlad Serban,Maryna Viazovska

2024-02-16

Abstract:We examine the moments of the number of lattice points in a fixed ball of volume $V$ for lattices in Euclidean space which are modules over the ring of integers of a number field $K$. In particular, denoting by $\omega_K$ the number of roots of unity in $K$, we show that for lattices of large enough dimension the moments of the number of $\omega_K$-tuples of lattice points converge to those of a Poisson distribution of mean $V/\omega_K$. This extends work of Rogers for $\mathbb{Z}$-lattices. What is more, we show that this convergence can also be achieved by increasing the degree of the number field $K$ as long as $K$ varies within a set of number fields with uniform lower bounds on the absolute Weil height of non-torsion elements.

Number Theory,Information Theory,Dynamical Systems

Mingjie Liu,Xiaoyun Wang,Guangwu Xu,Xuexin Zheng

2011-01-01

Abstract:Given a lattice L with the i-th successive minimum λi, its i-th gap λi λ1 often provides useful information for analyzing the security of cryptographic scheme related to L. This paper concerns short vectors for lattices with gaps. In the first part, a λ2-gap estimation of LWE lattices with cryptographic significance is given. For some γ′, a better reduction from BDDγ′ to uSV Pγ is obtained in the presence of larger λ2-gap. The second part of the paper shows that gaps among the successive minima lead to a more efficient SVP search algorithm. As far as we know, it is the first SVP algorithm exploiting lattices with gaps.

Vijay Bhattiprolu,Euiwoong Lee

2024-10-04

Abstract:We establish strong inapproximability for finding the sparsest nonzero vector in a real subspace. We show that it is NP-Hard (under randomized reductions) to approximate the sparsest vector in a subspace within any constant factor (or almost polynomial factors in quasipolynomial time). We recover as a corollary state of the art inapproximability for the shortest vector problem (SVP), a foundational problem in lattice based cryptography. Our proof is surprisingly simple, bypassing even the PCP theorem. We are inspired by the homogenization framework from the inapproximability theory of minimum distance problems (MDC) in integer lattices and error correcting codes. We use a combination of (a) \emph{product testing via tensor codes} and (b) \emph{encoding an assignment as a coset of a random code in higher dimensional space} in order to embed non-homogeneous quadratic equations into the sparsest vector problem. (a) is inspired by Austrin and Khot's simplified proof of hardness of MDC over finite fields, and (b) is inspired by Micciancio's semi-derandomization of hardness of SVP. Our reduction involves the challenge of performing (a) over the reals. We prove that tensoring of the kernel of a +1/-1 random matrix furnishes an adequate product test (while still allowing (b)). The proof exposes a connection to Littlewood-Offord theory and relies on a powerful anticoncentration result of Rudelson and Vershynin. Our main motivation in this work is the development of inapproximability theory for problems over the reals. Analytic variants of sparsest vector have connections to small set expansion, quantum separability and polynomial maximization over convex sets, all of which cause similar barriers to inapproximability. The approach we develop could lead to progress on the hardness of some of these problems.

Computational Complexity,Cryptography and Security

Hb Kan,H Shen,H Zhu

DOI: https://doi.org/10.1007/978-3-540-24680-0_76

2004-01-01

Abstract:The closest vector problem for general lattices is NP-hard. However, we can efficiently find the closest lattice points for some special lattices, such as root lattices (A(n), D-n and some E-n). In this paper, we discuss the closest vector problem on more general lattices than root lattices.

Christian Bagshaw,Bryce Kerr

2023-04-11

Abstract:In recent decades, the use of ideas from Minkowski's Geometry of Numbers has gained recognition as a helpful tool in bounding the number of solutions to modular congruences with variables from short intervals. In 1941, Mahler introduced an analogue to the Geometry of Numbers in function fields over finite fields. Here, we build on Mahler's ideas and develop results useful for bounding the sizes of intersections of lattices and convex bodies in $\mathbb{F}_q((1/T))^d$, which are more precise than what is known over $\mathbb{R}^d$. These results are then applied to various problems regarding bounding the number of solutions to congruences in $\mathbb{F}_q[T]$, such as the number of points on polynomial curves in low dimensional subspaces of finite fields. Our results improve on a number of previous bounds due to Bagshaw, Cilleruelo, Shparlinski and Zumalacárregui. We also present previous techniques developed by various authors for estimating certain energy/point counts in a unified manner.

Number Theory

Eden Schirman,Cong Ling,Florian Mintert

2023-07-22

Abstract:Leading protocols of post-quantum cryptosystems are based on the mathematical problem of finding short vectors in structured lattices. It is assumed that the structure of these lattices does not give an advantage for quantum and classical algorithms attempting to find short vectors. In this work we focus on cyclic and nega-cyclic lattices and give a quantum algorithmic framework of how to exploit the symmetries underlying these lattices. This framework leads to a significant saving in the quantum resources (e.g. qubits count and circuit depth) required for implementing a quantum algorithm attempting to find short vectors. We benchmark the proposed framework with the variational quantum eigensolver, and show that it leads to better results while reducing the qubits count and the circuit depth. The framework is also applicable to classical algorithms aimed at finding short vectors in structured lattices, and in this regard it could be seen as a quantum-inspired approach.

Quantum Physics

Huck Bennett

DOI: https://doi.org/10.1145/3586165.3586172

2023-02-28

ACM SIGACT News

Abstract:Computational problems on point lattices play a central role in many areas of computer science including integer programming, coding theory, cryptanalysis, and especially the design of secure cryptosystems. In this survey, we present known results and open questions related to the complexity of the most important of these problems, the Shortest Vector Problem (SVP).

English Else

Dan Ding,Guizhen Zhu,Xiaoyun Wang

DOI: https://doi.org/10.1145/2739480.2754639

2015-07-11

Abstract:In this paper, we propose a genetic algorithm for solving the shortest vector problem (SVP) based on sparse representation of short lattice vectors, which, we prove, can guarantee finding the shortest lattice vector under a Markov analysis. With some heuristic improvements (local search and heuristic pruning), the SVP genetic algorithm, by experimental results, outperforms other SVP algorithms, like the famous Kannan-Helfrich algorithm under SVP challenge benchmarks. In summary, we, for the first time, adopt the genetic algorithm in solving the shortest vector problem, based on which lattice-based cryptosystem is as a promising candidate for post-quantum cryptography.

Thijs Laarhoven,Michele Mosca,Joop van de Pol

DOI: https://doi.org/10.48550/arXiv.1301.6176

2013-01-25

Cryptography and Security

Abstract:By applying Grover's quantum search algorithm to the lattice algorithms of Micciancio and Voulgaris, Nguyen and Vidick, Wang et al., and Pujol and Stehl\'{e}, we obtain improved asymptotic quantum results for solving the shortest vector problem. With quantum computers we can provably find a shortest vector in time $2^{1.799n + o(n)}$, improving upon the classical time complexity of $2^{2.465n + o(n)}$ of Pujol and Stehl\'{e} and the $2^{2n + o(n)}$ of Micciancio and Voulgaris, while heuristically we expect to find a shortest vector in time $2^{0.312n + o(n)}$, improving upon the classical time complexity of $2^{0.384n + o(n)}$ of Wang et al. These quantum complexities will be an important guide for the selection of parameters for post-quantum cryptosystems based on the hardness of the shortest vector problem.

Divesh Aggarwal,Thomas Espitau,Spencer Peters,Noah Stephens-Davidowitz

2024-10-22

Abstract:We propose a recursive lattice reduction framework for finding short non-zero vectors or dense sublattices of a lattice. The framework works by recursively searching for dense sublattices of dense sublattices (or their duals) with progressively lower rank. When the procedure encounters a recursive call on a lattice $L$ with relatively low rank, we simply use a known algorithm to find a shortest non-zero vector in $L$. This new framework is complementary to basis reduction algorithms, which similarly work to reduce an $n$-dimensional lattice problem with some approximation factor $\gamma$ to a lower-dimensional exact lattice problem in some lower dimension $k$, with a tradeoff between $\gamma$, $n$, and $k$. Our framework provides an alternative and arguably simpler perspective. For example, our algorithms can be described at a high level without explicitly referencing any specific basis of the lattice, the Gram-Schmidt orthogonalization, or even projection (though, of course, concrete implementations of algorithms in this framework will likely make use of such things). We present a number of instantiations of our framework. Our main concrete result is an efficient reduction that matches the tradeoff achieved by the best-known basis reduction algorithms. This reduction also can be used to find dense sublattices with any rank $\ell$ satisfying $\min\{\ell,n-\ell\} \leq n-k+1$, using only an oracle for SVP in $k$ dimensions, with slightly better parameters than what was known using basis reduction. We also show a simple reduction with the same tradeoff for finding short vectors in quasipolynomial time, and a reduction from finding dense sublattices of a high-dimensional lattice to this problem in lower dimension. Finally, we present an automated search procedure that finds algorithms in this framework that (provably) achieve better approximations with fewer oracle calls.

Data Structures and Algorithms

Karim Boulabiar,Rawaa Hajji,Karim BoulabiarRawaa Hajji1 Laboratoire de Recherche LATAO,Département de Mathematiques,Faculté des Sciences de Tunis,Université de Tunis El Manar,2092,El Manar,Tunisia. E-Mail 2 Laboratoire de Recherche LATAO,Département de Mathematiques,Faculté des Sciences de Tunis,Université de Tunis El Manar,2092,El Manar,Tunisia.

DOI: https://doi.org/10.2989/16073606.2023.2287815

2024-03-08

Quaestiones Mathematicae

Abstract:Let L be a truncated Archimedean vector lattice whose truncation is denoted by *. In a recent paper, we proved that there exists a locally compact Hausdorff space X such that L is a lattice isomorphic with a truncated vector lattice of functions in C ∞ ( X ) whose truncation is provided by meet with some characteristic function on X . This representation, no matter how interesting it is, has a major drawback, namely, C ∞ ( X ) need not be a vector lattice, unless X is extremally disconnected. The main purpose of this paper is to remedy this shortcoming by proving that, indeed, an extremally disconnected locally compact space X can be found such that L can be seen as an order dense vector sublattice of C ∞ ( X ) whose truncation is provided, again, by meet with some characteristic function on X .

mathematics

Florian Pausinger

DOI: https://doi.org/10.48550/arXiv.1606.02978

2016-06-09

Abstract:We present tight upper and lower bounds for the traveling salesman path through the points of two-dimensional modular lattices. We use these results to bound the traveling salesman path of two-dimensional Kronecker point sets. Our results rely on earlier work on shortest vectors in lattices as well as on the strong convergence of Jacobi-Perron type algorithms.

Combinatorics,Number Theory

Daniel Dadush,Oded Regev,Noah Stephens-Davidowitz

DOI: https://doi.org/10.48550/arXiv.1409.8063

2014-09-29

Data Structures and Algorithms

Abstract:We present a substantially more efficient variant, both in terms of running time and size of preprocessing advice, of the algorithm by Liu, Lyubashevsky, and Micciancio for solving CVPP (the preprocessing version of the Closest Vector Problem, CVP) with a distance guarantee. For instance, for any $\alpha < 1/2$, our algorithm finds the (unique) closest lattice point for any target point whose distance from the lattice is at most $\alpha$ times the length of the shortest nonzero lattice vector, requires as preprocessing advice only $N \approx \widetilde{O}(n \exp(\alpha^2 n /(1-2\alpha)^2))$ vectors, and runs in time $\widetilde{O}(nN)$. As our second main contribution, we present reductions showing that it suffices to solve CVP, both in its plain and preprocessing versions, when the input target point is within some bounded distance of the lattice. The reductions are based on ideas due to Kannan and a recent sparsification technique due to Dadush and Kun. Combining our reductions with the LLM algorithm gives an approximation factor of $O(n/\sqrt{\log n})$ for search CVPP, improving on the previous best of $O(n^{1.5})$ due to Lagarias, Lenstra, and Schnorr. When combined with our improved algorithm we obtain, somewhat surprisingly, that only O(n) vectors of preprocessing advice are sufficient to solve CVPP with (the only slightly worse) approximation factor of O(n).

Oded Regev

DOI: https://doi.org/10.48550/arXiv.cs/0309051

2003-09-29

Abstract:We introduce the use of Fourier analysis on lattices as an integral part of a lattice based construction. The tools we develop provide an elegant description of certain Gaussian distributions around lattice points. Our results include two cryptographic constructions which are based on the worst-case hardness of the unique shortest vector problem. The main result is a new public key cryptosystem whose security guarantee is considerably stronger than previous results ($O(n^{1.5})$ instead of $O(n^7)$). This provides the first alternative to Ajtai and Dwork's original 1996 cryptosystem. Our second result is a family of collision resistant hash functions which, apart from improving the security in terms of the unique shortest vector problem, is also the first example of an analysis which is not based on Ajtai's iterative step. Surprisingly, both results are derived from one theorem which presents two indistinguishable distributions on the segment $[0,1)$. It seems that this theorem can have further applications and as an example we mention how it can be used to solve an open problem related to quantum computation.

Cryptography and Security

Lior Bary-Soroker,Or Ben-Porath,Vlad Matei

2024-04-01

Abstract:The paper studies the probability for a Galois group of a random polynomial to be $A_n$. We focus on the so-called large box model, where we choose the coefficients of the polynomial independently and uniformly from $\{-L,\ldots, L\}$. The state-of-the-art upper bound is $O(L^{-1})$, due to Bhargava. We conjecture a much stronger upper bound $L^{-n/2 +\epsilon}$, and that this bound is essentially sharp. We prove strong lower bounds both on this probability and on the related probability of the discriminant being a square.

Mathematics

Chi Zhang,Yingpu Deng,Zhaonan Wang

DOI: https://doi.org/10.48550/arXiv.2311.17415

2024-01-24

Abstract:In 2018, the longest vector problem (LVP) and the closest vector problem (CVP) in $p$-adic lattices were introduced. These problems are closely linked to the orthogonalization process. In this paper, we first prove that every $p$-adic lattice has an orthogonal basis and give definition to the successive maxima and the escape distance, as the $p$-adic analogues of the successive minima and the covering radius in Euclidean lattices. Then, we present deterministic polynomial time algorithms to perform the orthogonalization process, solve the LVP and solve the CVP with an orthogonal basis of the whole vector space. Finally, we conclude that orthogonalization and the CVP are polynomially equivalent.

Number Theory