AI helps you reading Science

AI generates interpretation videos

AI extracts and analyses the key points of the paper to generate videos automatically


pub
Go Generating

AI Traceability

AI parses the academic lineage of this thesis


Master Reading Tree
Generate MRT

AI Insight

AI extracts a summary of this paper


Weibo:
The main result of this paper improves the best NP-hardness factor known for Shortest Vector Problem under randomized quasipolynomial reductions

Hardness of Approximating the Shortest Vector Problem in Lattices

J. ACM, no. 5 (2005): 126-135

Cited by: 212|Views269
EI WOS

Abstract

Let p > 1 be any fixed real. We show that assuming NP ⊈ RP, there is no polynomial time algorithm that approximates the Shortest Vector Problem (SVP) in ℓp norm within a constant factor. Under the stronger assumption NP ⊈ RTIME(2poly(log n)), we show that there is no polynomial-time algorithm with approximation ratio 2(log...More

Code:

Data:

0
Introduction
  • A lattice is a periodic geometric object defined as all integer combinations of some linearly independent vectors in Rn.
  • 2. For any ε > 0, there is no polynomial-time algorithm that approximates SVP on n-dimensional lattices in the p norm to within a factor of 2(log n)1−ε unless NP ⊆ RTIME(2poly(log n)).
  • 3. There exists a c > 0 such that there is no polynomial-time algorithm that approximates SVP on n-dimensional lattices in the p norm to within a factor of nc/ log log n unless NP ⊆ RSUBEXP = ∩δ>0RTIME(2nδ ).
Highlights
  • A lattice is a periodic geometric object defined as all integer combinations of some linearly independent vectors in Rn
  • One of the main motivations for research on the hardness of lattice problems is their applications in cryptography, as was demonstrated by Ajtai [3], who came up with a construction of cryptographic primitives whose security relies on the worst-case hardness of certain lattice problems
  • Two main computational problems associated with lattices are the Shortest Vector Problem (SVP) and the Closest Vector Problem (CVP)
  • The problem CVP is an inhomogeneous variant of SVP, in which given a lattice and some target point one has to find the closest lattice
  • The main result of this paper improves the best NP-hardness factor known for SVP under randomized quasipolynomial reductions
  • The tensor product of linear codes is used to amplify the NP-hardness of approximating the minimum distance in a linear code of block length n to arbitrarily large constants under polynomial-time reductions and to 2(log n)1−ε under quasipolynomial-time reductions [15]. This example motivates one to use the tensor product of lattices to increase the hardness factor known for approximating SVP
Results
  • There exist c, c > 0, such that for any 1 ≤ p ≤ ∞, there exists a c > 0 such that for any k = k(N ), there is no polynomial-time algorithm that approximates SVP in the p norm on N c kdimensional lattices to within a factor of 2c k unless SAT is in RTIME(nO(k(nc))).
  • This example motivates one to use the tensor product of lattices to increase the hardness factor known for approximating SVP.
  • Theorem 1.2 follows : the authors start with Khot’s basic SVP instances, which are known to be hard to approximate to within some constant.
  • The tensor product of L1 and L2 is defined as the n1n2-dimensional lattice generated by the n1n2 × m1m2 matrix B1 ⊗ B2 and is denoted by L = L1 ⊗ L2.
  • The authors use the tensor product of lattices and a technique of [12] to boost the hardness factor to an almost polynomial factor in the 2 norm.
  • There are a constant γ < 1 and a polynomial-time randomized reduction from SAT to SVP outputting a lattice basis B, satisfying L(B) ⊆ Zn for some integer n, and an integer d that with probability 9/10 have the following properties:
  • Let (B, d) be a NO instance of the SVP variant given in Theorem 3.2, and denote by L1 the lattice generated by the basis B.
Conclusion
  • The proof of this lemma is based on some properties of sub-lattices of NO instances which are established in the following claim.
  • In running time of nO(k(nc)) the authors can generate the SVP instance (B⊗k, dk) where B⊗k is the k-fold tensor product of B, i.e., the matrix that generates the lattice L(B)⊗k.
  • Using Theorem 1.2, the authors see that SVP on N -dimensional lattices is hard to approximate to within 2Ω((log N )1−ε) unless NP ⊆ RTIME(2poly(log n)), as desired.
Related work
  • In the early 1980s, Lenstra, Lenstra and Lovasz (LLL) presented the first polynomial-time approximation algorithm for SVP [19]. Their algorithm achieves an approximation factor of 2O(n), where n is the dimension of the lattice. Using their algorithm, Babai gave an approximation algorithm for CVP achieving the same approximation factor [7]. A few years later, improved algorithms were presented for both problems, obtaining a slightly sub-exponential approximation factor, namely 2O(n(log log n)2/ log n) [25], and this has since been improved slightly [4]. The best algorithm known for solving SVP exactly requires exponential running time in n [17, 4]. All the above results hold with respect to any p norm.
Reference
  • D. Aharonov and O. Regev. Lattice problems in NP intersect coNP. Journal of the ACM, 52(5):749– 765, 2005. Preliminary version in FOCS’04.
    Google ScholarLocate open access versionFindings
  • M. Ajtai. The shortest vector problem in l2 is NP-hard for randomized reductions (extended abstract). In Proceedings of the thirtieth annual ACM symposium on theory of computing - STOC ’98, pages 10–19, Dallas, Texas, USA, May 1998.
    Google ScholarLocate open access versionFindings
  • M. Ajtai. Generating hard instances of lattice problems. In Complexity of computations and proofs, volume 13 of Quad. Mat., pages 1–32. Dept. Math., Seconda Univ. Napoli, Caserta, 2004.
    Google ScholarLocate open access versionFindings
  • M. Ajtai, R. Kumar, and D. Sivakumar. A sieve algorithm for the shortest lattice vector problem. In Proc. 33th ACM Symp. on Theory of Computing (STOC), pages 601–610, 2001.
    Google ScholarLocate open access versionFindings
  • N. Alon and J. H. Spencer. The probabilistic method. Wiley-Interscience Series in Discrete Mathematics and Optimization. Wiley-Interscience [John Wiley & Sons], New York, second edition, 2000.
    Google ScholarFindings
  • S. Arora, L. Babai, J. Stern, and E. Z. Sweedyk. The hardness of approximate optima in lattices, codes, and systems of linear equations. Journal of Computer and System Sciences, 54(2):317–331, Apr. 1997. Preliminary version in FOCS 1993.
    Google ScholarLocate open access versionFindings
  • L. Babai. On Lovasz lattice reduction and the nearest lattice point problem. Combinatorica, 6(1):1–13, 1986.
    Google ScholarLocate open access versionFindings
  • M. Bellare, S. Goldwasser, C. Lund, and A. Russell. Efficient probabilistically checkable proofs and applications to approximation. In Proc. 25th ACM Symposium on Theory of Computing (STOC), pages 294–304, 1993.
    Google ScholarLocate open access versionFindings
  • R. Bhatia. Matrix Analysis. Springer, 1997.
    Google ScholarFindings
  • J.-Y. Cai and A. Nerurkar. Approximating the SVP to within a factor (1+1/dimε) is NP-hard under randomized reductions. J. Comput. Syst. Sci., 59(2):221–239, 1999.
    Google ScholarLocate open access versionFindings
  • H. Cohen. A course in computational algebraic number theory, volume 138 of Graduate Texts in Mathematics. Springer-Verlag, Berlin, 1993.
    Google ScholarFindings
  • E. de Shalit and O. Parzanchevski. On tensor products of semistable lattices. Preprint, 2006.
    Google ScholarFindings
  • I. Dinur. Approximating SVP∞ to within almost-polynomial factors is NP-hard. Theoretical Computer Science, 285(1):55–71, 2002.
    Google ScholarLocate open access versionFindings
  • I. Dinur, G. Kindler, R. Raz, and S. Safra. Approximating CVP to within almost-polynomial factors is NP-hard. Combinatorica, 23(2):205–243, 2003. Preliminary version in FOCS 1998.
    Google ScholarLocate open access versionFindings
  • I. Dumer, D. Micciancio, and M. Sudan. Hardness of approximating the minimum distance of a linear code. IEEE Trans. Inform. Theory, 49(1):22–37, 2003.
    Google ScholarLocate open access versionFindings
  • O. Goldreich and S. Goldwasser. On the limits of nonapproximability of lattice problems. J. Comput. System Sci., 60(3):540–563, 2000.
    Google ScholarLocate open access versionFindings
  • R. Kannan. Minkowski’s convex body theorem and integer programming. Math. Oper. Res., 12:415– 440, 1987.
    Google ScholarLocate open access versionFindings
  • S. Khot. Hardness of approximating the shortest vector problem in lattices. Journal of the ACM, 52(5):789–808, Sept. 2005. Preliminary version in FOCS 2004.
    Google ScholarLocate open access versionFindings
  • A. Lenstra, H. Lenstra, and L. Lovasz. Factoring polynomials with rational coefficients. Math. Ann., 261:515–534, 1982.
    Google ScholarLocate open access versionFindings
  • D. Micciancio. The shortest vector problem is NP-hard to approximate to within some constant. SIAM Journal on Computing, 30(6):2008–2035, Mar. 2001. Preliminary version in FOCS 1998.
    Google ScholarLocate open access versionFindings
  • D. Micciancio and S. Goldwasser. Complexity of Lattice Problems: A Cryptographic Perspective, volume 671 of The Kluwer International Series in Engineering and Computer Science. Kluwer Academic Publishers, Boston, MA, 2002.
    Google ScholarLocate open access versionFindings
  • J. Milnor and D. Husemoller. Symmetric bilinear forms. Springer-Verlag, Berlin, 1973.
    Google ScholarFindings
  • H. Minkowski. Geometrie der Zahlen. I. B. G. Teubner, Leipzig, 1896.
    Google ScholarFindings
  • O. Regev and R. Rosen. Lattice problems and norm embeddings. In Proc. 38th ACM Symp. on Theory of Computing (STOC), pages 447–456, 2006.
    Google ScholarLocate open access versionFindings
  • C.-P. Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical Computer Science, 53(2-3):201–224, 1987.
    Google ScholarLocate open access versionFindings
  • P. van Emde Boas. Another NP-complete problem and the complexity of computing short vectors in a lattice. Technical Report 81-04, Math Inst., University Of Amsterdam, Amsterdam, 1981.
    Google ScholarFindings
Author
Your rating :
0

 

Tags
Comments
数据免责声明
页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果,我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问,可以通过电子邮件方式联系我们:report@aminer.cn
小科