AI helps you reading Science
AI generates interpretation videos
AI extracts and analyses the key points of the paper to generate videos automatically
AI parses the academic lineage of this thesis
AI extracts a summary of this paper
The main result of this paper improves the best NP-hardness factor known for Shortest Vector Problem under randomized quasipolynomial reductions
Hardness of Approximating the Shortest Vector Problem in Lattices
J. ACM, no. 5 (2005): 126-135
Let p > 1 be any fixed real. We show that assuming NP ⊈ RP, there is no polynomial time algorithm that approximates the Shortest Vector Problem (SVP) in ℓp norm within a constant factor. Under the stronger assumption NP ⊈ RTIME(2poly(log n)), we show that there is no polynomial-time algorithm with approximation ratio 2(log...More
PPT (Upload PPT)
- A lattice is a periodic geometric object defined as all integer combinations of some linearly independent vectors in Rn.
- 2. For any ε > 0, there is no polynomial-time algorithm that approximates SVP on n-dimensional lattices in the p norm to within a factor of 2(log n)1−ε unless NP ⊆ RTIME(2poly(log n)).
- 3. There exists a c > 0 such that there is no polynomial-time algorithm that approximates SVP on n-dimensional lattices in the p norm to within a factor of nc/ log log n unless NP ⊆ RSUBEXP = ∩δ>0RTIME(2nδ ).
- A lattice is a periodic geometric object defined as all integer combinations of some linearly independent vectors in Rn
- One of the main motivations for research on the hardness of lattice problems is their applications in cryptography, as was demonstrated by Ajtai , who came up with a construction of cryptographic primitives whose security relies on the worst-case hardness of certain lattice problems
- Two main computational problems associated with lattices are the Shortest Vector Problem (SVP) and the Closest Vector Problem (CVP)
- The problem CVP is an inhomogeneous variant of SVP, in which given a lattice and some target point one has to find the closest lattice
- The main result of this paper improves the best NP-hardness factor known for SVP under randomized quasipolynomial reductions
- The tensor product of linear codes is used to amplify the NP-hardness of approximating the minimum distance in a linear code of block length n to arbitrarily large constants under polynomial-time reductions and to 2(log n)1−ε under quasipolynomial-time reductions . This example motivates one to use the tensor product of lattices to increase the hardness factor known for approximating SVP
- There exist c, c > 0, such that for any 1 ≤ p ≤ ∞, there exists a c > 0 such that for any k = k(N ), there is no polynomial-time algorithm that approximates SVP in the p norm on N c kdimensional lattices to within a factor of 2c k unless SAT is in RTIME(nO(k(nc))).
- This example motivates one to use the tensor product of lattices to increase the hardness factor known for approximating SVP.
- Theorem 1.2 follows : the authors start with Khot’s basic SVP instances, which are known to be hard to approximate to within some constant.
- The tensor product of L1 and L2 is defined as the n1n2-dimensional lattice generated by the n1n2 × m1m2 matrix B1 ⊗ B2 and is denoted by L = L1 ⊗ L2.
- The authors use the tensor product of lattices and a technique of  to boost the hardness factor to an almost polynomial factor in the 2 norm.
- There are a constant γ < 1 and a polynomial-time randomized reduction from SAT to SVP outputting a lattice basis B, satisfying L(B) ⊆ Zn for some integer n, and an integer d that with probability 9/10 have the following properties:
- Let (B, d) be a NO instance of the SVP variant given in Theorem 3.2, and denote by L1 the lattice generated by the basis B.
- The proof of this lemma is based on some properties of sub-lattices of NO instances which are established in the following claim.
- In running time of nO(k(nc)) the authors can generate the SVP instance (B⊗k, dk) where B⊗k is the k-fold tensor product of B, i.e., the matrix that generates the lattice L(B)⊗k.
- Using Theorem 1.2, the authors see that SVP on N -dimensional lattices is hard to approximate to within 2Ω((log N )1−ε) unless NP ⊆ RTIME(2poly(log n)), as desired.
- In the early 1980s, Lenstra, Lenstra and Lovasz (LLL) presented the first polynomial-time approximation algorithm for SVP . Their algorithm achieves an approximation factor of 2O(n), where n is the dimension of the lattice. Using their algorithm, Babai gave an approximation algorithm for CVP achieving the same approximation factor . A few years later, improved algorithms were presented for both problems, obtaining a slightly sub-exponential approximation factor, namely 2O(n(log log n)2/ log n) , and this has since been improved slightly . The best algorithm known for solving SVP exactly requires exponential running time in n [17, 4]. All the above results hold with respect to any p norm.
- D. Aharonov and O. Regev. Lattice problems in NP intersect coNP. Journal of the ACM, 52(5):749– 765, 2005. Preliminary version in FOCS’04.
- M. Ajtai. The shortest vector problem in l2 is NP-hard for randomized reductions (extended abstract). In Proceedings of the thirtieth annual ACM symposium on theory of computing - STOC ’98, pages 10–19, Dallas, Texas, USA, May 1998.
- M. Ajtai. Generating hard instances of lattice problems. In Complexity of computations and proofs, volume 13 of Quad. Mat., pages 1–32. Dept. Math., Seconda Univ. Napoli, Caserta, 2004.
- M. Ajtai, R. Kumar, and D. Sivakumar. A sieve algorithm for the shortest lattice vector problem. In Proc. 33th ACM Symp. on Theory of Computing (STOC), pages 601–610, 2001.
- N. Alon and J. H. Spencer. The probabilistic method. Wiley-Interscience Series in Discrete Mathematics and Optimization. Wiley-Interscience [John Wiley & Sons], New York, second edition, 2000.
- S. Arora, L. Babai, J. Stern, and E. Z. Sweedyk. The hardness of approximate optima in lattices, codes, and systems of linear equations. Journal of Computer and System Sciences, 54(2):317–331, Apr. 1997. Preliminary version in FOCS 1993.
- L. Babai. On Lovasz lattice reduction and the nearest lattice point problem. Combinatorica, 6(1):1–13, 1986.
- M. Bellare, S. Goldwasser, C. Lund, and A. Russell. Efficient probabilistically checkable proofs and applications to approximation. In Proc. 25th ACM Symposium on Theory of Computing (STOC), pages 294–304, 1993.
- R. Bhatia. Matrix Analysis. Springer, 1997.
- J.-Y. Cai and A. Nerurkar. Approximating the SVP to within a factor (1+1/dimε) is NP-hard under randomized reductions. J. Comput. Syst. Sci., 59(2):221–239, 1999.
- H. Cohen. A course in computational algebraic number theory, volume 138 of Graduate Texts in Mathematics. Springer-Verlag, Berlin, 1993.
- E. de Shalit and O. Parzanchevski. On tensor products of semistable lattices. Preprint, 2006.
- I. Dinur. Approximating SVP∞ to within almost-polynomial factors is NP-hard. Theoretical Computer Science, 285(1):55–71, 2002.
- I. Dinur, G. Kindler, R. Raz, and S. Safra. Approximating CVP to within almost-polynomial factors is NP-hard. Combinatorica, 23(2):205–243, 2003. Preliminary version in FOCS 1998.
- I. Dumer, D. Micciancio, and M. Sudan. Hardness of approximating the minimum distance of a linear code. IEEE Trans. Inform. Theory, 49(1):22–37, 2003.
- O. Goldreich and S. Goldwasser. On the limits of nonapproximability of lattice problems. J. Comput. System Sci., 60(3):540–563, 2000.
- R. Kannan. Minkowski’s convex body theorem and integer programming. Math. Oper. Res., 12:415– 440, 1987.
- S. Khot. Hardness of approximating the shortest vector problem in lattices. Journal of the ACM, 52(5):789–808, Sept. 2005. Preliminary version in FOCS 2004.
- A. Lenstra, H. Lenstra, and L. Lovasz. Factoring polynomials with rational coefficients. Math. Ann., 261:515–534, 1982.
- D. Micciancio. The shortest vector problem is NP-hard to approximate to within some constant. SIAM Journal on Computing, 30(6):2008–2035, Mar. 2001. Preliminary version in FOCS 1998.
- D. Micciancio and S. Goldwasser. Complexity of Lattice Problems: A Cryptographic Perspective, volume 671 of The Kluwer International Series in Engineering and Computer Science. Kluwer Academic Publishers, Boston, MA, 2002.
- J. Milnor and D. Husemoller. Symmetric bilinear forms. Springer-Verlag, Berlin, 1973.
- H. Minkowski. Geometrie der Zahlen. I. B. G. Teubner, Leipzig, 1896.
- O. Regev and R. Rosen. Lattice problems and norm embeddings. In Proc. 38th ACM Symp. on Theory of Computing (STOC), pages 447–456, 2006.
- C.-P. Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical Computer Science, 53(2-3):201–224, 1987.
- P. van Emde Boas. Another NP-complete problem and the complexity of computing short vectors in a lattice. Technical Report 81-04, Math Inst., University Of Amsterdam, Amsterdam, 1981.