## AI helps you reading Science

## AI Insight

AI extracts a summary of this paper

Weibo:

# Hardness of Approximating the Shortest Vector Problem in Lattices

J. ACM, no. 5 (2005): 126-135

EI WOS

Abstract

Let p > 1 be any fixed real. We show that assuming NP ⊈ RP, there is no polynomial time algorithm that approximates the Shortest Vector Problem (SVP) in ℓp norm within a constant factor. Under the stronger assumption NP ⊈ RTIME(2poly(log n)), we show that there is no polynomial-time algorithm with approximation ratio 2(log...More

Code:

Data:

Introduction

- A lattice is a periodic geometric object defined as all integer combinations of some linearly independent vectors in Rn.
- 2. For any ε > 0, there is no polynomial-time algorithm that approximates SVP on n-dimensional lattices in the p norm to within a factor of 2(log n)1−ε unless NP ⊆ RTIME(2poly(log n)).
- 3. There exists a c > 0 such that there is no polynomial-time algorithm that approximates SVP on n-dimensional lattices in the p norm to within a factor of nc/ log log n unless NP ⊆ RSUBEXP = ∩δ>0RTIME(2nδ ).

Highlights

- A lattice is a periodic geometric object defined as all integer combinations of some linearly independent vectors in Rn
- One of the main motivations for research on the hardness of lattice problems is their applications in cryptography, as was demonstrated by Ajtai [3], who came up with a construction of cryptographic primitives whose security relies on the worst-case hardness of certain lattice problems
- Two main computational problems associated with lattices are the Shortest Vector Problem (SVP) and the Closest Vector Problem (CVP)
- The problem CVP is an inhomogeneous variant of SVP, in which given a lattice and some target point one has to find the closest lattice
- The main result of this paper improves the best NP-hardness factor known for SVP under randomized quasipolynomial reductions
- The tensor product of linear codes is used to amplify the NP-hardness of approximating the minimum distance in a linear code of block length n to arbitrarily large constants under polynomial-time reductions and to 2(log n)1−ε under quasipolynomial-time reductions [15]. This example motivates one to use the tensor product of lattices to increase the hardness factor known for approximating SVP

Results

- There exist c, c > 0, such that for any 1 ≤ p ≤ ∞, there exists a c > 0 such that for any k = k(N ), there is no polynomial-time algorithm that approximates SVP in the p norm on N c kdimensional lattices to within a factor of 2c k unless SAT is in RTIME(nO(k(nc))).
- This example motivates one to use the tensor product of lattices to increase the hardness factor known for approximating SVP.
- Theorem 1.2 follows : the authors start with Khot’s basic SVP instances, which are known to be hard to approximate to within some constant.
- The tensor product of L1 and L2 is defined as the n1n2-dimensional lattice generated by the n1n2 × m1m2 matrix B1 ⊗ B2 and is denoted by L = L1 ⊗ L2.
- The authors use the tensor product of lattices and a technique of [12] to boost the hardness factor to an almost polynomial factor in the 2 norm.
- There are a constant γ < 1 and a polynomial-time randomized reduction from SAT to SVP outputting a lattice basis B, satisfying L(B) ⊆ Zn for some integer n, and an integer d that with probability 9/10 have the following properties:
- Let (B, d) be a NO instance of the SVP variant given in Theorem 3.2, and denote by L1 the lattice generated by the basis B.

Conclusion

- The proof of this lemma is based on some properties of sub-lattices of NO instances which are established in the following claim.
- In running time of nO(k(nc)) the authors can generate the SVP instance (B⊗k, dk) where B⊗k is the k-fold tensor product of B, i.e., the matrix that generates the lattice L(B)⊗k.
- Using Theorem 1.2, the authors see that SVP on N -dimensional lattices is hard to approximate to within 2Ω((log N )1−ε) unless NP ⊆ RTIME(2poly(log n)), as desired.

Related work

- In the early 1980s, Lenstra, Lenstra and Lovasz (LLL) presented the first polynomial-time approximation algorithm for SVP [19]. Their algorithm achieves an approximation factor of 2O(n), where n is the dimension of the lattice. Using their algorithm, Babai gave an approximation algorithm for CVP achieving the same approximation factor [7]. A few years later, improved algorithms were presented for both problems, obtaining a slightly sub-exponential approximation factor, namely 2O(n(log log n)2/ log n) [25], and this has since been improved slightly [4]. The best algorithm known for solving SVP exactly requires exponential running time in n [17, 4]. All the above results hold with respect to any p norm.

Reference

- D. Aharonov and O. Regev. Lattice problems in NP intersect coNP. Journal of the ACM, 52(5):749– 765, 2005. Preliminary version in FOCS’04.
- M. Ajtai. The shortest vector problem in l2 is NP-hard for randomized reductions (extended abstract). In Proceedings of the thirtieth annual ACM symposium on theory of computing - STOC ’98, pages 10–19, Dallas, Texas, USA, May 1998.
- M. Ajtai. Generating hard instances of lattice problems. In Complexity of computations and proofs, volume 13 of Quad. Mat., pages 1–32. Dept. Math., Seconda Univ. Napoli, Caserta, 2004.
- M. Ajtai, R. Kumar, and D. Sivakumar. A sieve algorithm for the shortest lattice vector problem. In Proc. 33th ACM Symp. on Theory of Computing (STOC), pages 601–610, 2001.
- N. Alon and J. H. Spencer. The probabilistic method. Wiley-Interscience Series in Discrete Mathematics and Optimization. Wiley-Interscience [John Wiley & Sons], New York, second edition, 2000.
- S. Arora, L. Babai, J. Stern, and E. Z. Sweedyk. The hardness of approximate optima in lattices, codes, and systems of linear equations. Journal of Computer and System Sciences, 54(2):317–331, Apr. 1997. Preliminary version in FOCS 1993.
- L. Babai. On Lovasz lattice reduction and the nearest lattice point problem. Combinatorica, 6(1):1–13, 1986.
- M. Bellare, S. Goldwasser, C. Lund, and A. Russell. Efficient probabilistically checkable proofs and applications to approximation. In Proc. 25th ACM Symposium on Theory of Computing (STOC), pages 294–304, 1993.
- R. Bhatia. Matrix Analysis. Springer, 1997.
- J.-Y. Cai and A. Nerurkar. Approximating the SVP to within a factor (1+1/dimε) is NP-hard under randomized reductions. J. Comput. Syst. Sci., 59(2):221–239, 1999.
- H. Cohen. A course in computational algebraic number theory, volume 138 of Graduate Texts in Mathematics. Springer-Verlag, Berlin, 1993.
- E. de Shalit and O. Parzanchevski. On tensor products of semistable lattices. Preprint, 2006.
- I. Dinur. Approximating SVP∞ to within almost-polynomial factors is NP-hard. Theoretical Computer Science, 285(1):55–71, 2002.
- I. Dinur, G. Kindler, R. Raz, and S. Safra. Approximating CVP to within almost-polynomial factors is NP-hard. Combinatorica, 23(2):205–243, 2003. Preliminary version in FOCS 1998.
- I. Dumer, D. Micciancio, and M. Sudan. Hardness of approximating the minimum distance of a linear code. IEEE Trans. Inform. Theory, 49(1):22–37, 2003.
- O. Goldreich and S. Goldwasser. On the limits of nonapproximability of lattice problems. J. Comput. System Sci., 60(3):540–563, 2000.
- R. Kannan. Minkowski’s convex body theorem and integer programming. Math. Oper. Res., 12:415– 440, 1987.
- S. Khot. Hardness of approximating the shortest vector problem in lattices. Journal of the ACM, 52(5):789–808, Sept. 2005. Preliminary version in FOCS 2004.
- A. Lenstra, H. Lenstra, and L. Lovasz. Factoring polynomials with rational coefficients. Math. Ann., 261:515–534, 1982.
- D. Micciancio. The shortest vector problem is NP-hard to approximate to within some constant. SIAM Journal on Computing, 30(6):2008–2035, Mar. 2001. Preliminary version in FOCS 1998.
- D. Micciancio and S. Goldwasser. Complexity of Lattice Problems: A Cryptographic Perspective, volume 671 of The Kluwer International Series in Engineering and Computer Science. Kluwer Academic Publishers, Boston, MA, 2002.
- J. Milnor and D. Husemoller. Symmetric bilinear forms. Springer-Verlag, Berlin, 1973.
- H. Minkowski. Geometrie der Zahlen. I. B. G. Teubner, Leipzig, 1896.
- O. Regev and R. Rosen. Lattice problems and norm embeddings. In Proc. 38th ACM Symp. on Theory of Computing (STOC), pages 447–456, 2006.
- C.-P. Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical Computer Science, 53(2-3):201–224, 1987.
- P. van Emde Boas. Another NP-complete problem and the complexity of computing short vectors in a lattice. Technical Report 81-04, Math Inst., University Of Amsterdam, Amsterdam, 1981.

Tags

Comments

数据免责声明

页面数据均来自互联网公开来源、合作出版商和通过AI技术自动分析结果，我们不对页面数据的有效性、准确性、正确性、可靠性、完整性和及时性做出任何承诺和保证。若有疑问，可以通过电子邮件方式联系我们：report@aminer.cn