Document Open Access Logo

Improved Hardness of BDD and SVP Under Gap-(S)ETH

Authors Huck Bennett, Chris Peikert, Yi Tang

PDF
Thumbnail PDF

File

LIPIcs.ITCS.2022.19.pdf
  • Filesize: 0.74 MB
  • 12 pages

Document Identifiers

Author Details

Huck Bennett
  • Oregon State University, Corvallis, OR, USA
Chris Peikert
  • University of Michigan, Ann Arbor, MI, USA
Yi Tang
  • University of Michigan, Ann Arbor, MI, USA

Funding

This material is based upon work supported by the National Science Foundation under Award CCF-2006857. The views expressed are those of the authors and do not necessarily reflect the official policy or position of the National Science Foundation.

Acknowledgements

We thank Noah Stephens-Davidowitz for helpful comments.

Cite AsGet BibTex

Huck Bennett, Chris Peikert, and Yi Tang. Improved Hardness of BDD and SVP Under Gap-(S)ETH. In 13th Innovations in Theoretical Computer Science Conference (ITCS 2022). Leibniz International Proceedings in Informatics (LIPIcs), Volume 215, pp. 19:1-19:12, Schloss Dagstuhl – Leibniz-Zentrum für Informatik (2022)
https://doi.org/10.4230/LIPIcs.ITCS.2022.19

Abstract

We show improved fine-grained hardness of two key lattice problems in the 𝓁_p norm: Bounded Distance Decoding to within an α factor of the minimum distance (BDD_{p, α}) and the (decisional) γ-approximate Shortest Vector Problem (GapSVP_{p,γ}), assuming variants of the Gap (Strong) Exponential Time Hypothesis (Gap-(S)ETH). Specifically, we show: 1) For all p ∈ [1, ∞), there is no 2^{o(n)}-time algorithm for BDD_{p, α} for any constant α > α_kn, where α_kn = 2^{-c_kn} < 0.98491 and c_kn is the 𝓁₂ kissing-number constant, unless non-uniform Gap-ETH is false. 2) For all p ∈ [1, ∞), there is no 2^{o(n)}-time algorithm for BDD_{p, α} for any constant α > α^‡_p, where α^‡_p is explicit and satisfies α^‡_p = 1 for 1 ≤ p ≤ 2, α^‡_p < 1 for all p > 2, and α^‡_p → 1/2 as p → ∞, unless randomized Gap-ETH is false. 3) For all p ∈ [1, ∞) ⧵ 2 ℤ and all C > 1, there is no 2^{n/C}-time algorithm for BDD_{p, α} for any constant α > α^†_{p, C}, where α^†_{p, C} is explicit and satisfies α^†_{p, C} → 1 as C → ∞ for any fixed p ∈ [1, ∞), unless non-uniform Gap-SETH is false. 4) For all p > p₀ ≈ 2.1397, p ∉ 2ℤ, and all C > C_p, there is no 2^{n/C}-time algorithm for GapSVP_{p, γ} for some constant γ > 1, where C_p > 1 is explicit and satisfies C_p → 1 as p → ∞, unless randomized Gap-SETH is false. Our results for BDD_{p, α} improve and extend work by Aggarwal and Stephens-Davidowitz (STOC, 2018) and Bennett and Peikert (CCC, 2020). Specifically, the quantities α_kn and α^‡_p (respectively, α^†_{p,C}) significantly improve upon the corresponding quantity α_p^* (respectively, α_{p,C}^*) of Bennett and Peikert for small p (but arise from somewhat stronger assumptions). In particular, Item 1 improves the smallest value of α for which BDD_{p, α} is known to be exponentially hard in the Euclidean norm (p = 2) to an explicit constant α < 1 for the first time under a general-purpose complexity assumption. Items 1 and 3 crucially use the recent breakthrough result of Vlăduţ (Moscow Journal of Combinatorics and Number Theory, 2019), which showed an explicit exponential lower bound on the lattice kissing number. Finally, Item 4 answers a natural question left open by Aggarwal, Bennett, Golovnev, and Stephens-Davidowitz (SODA, 2021), which showed an analogous result for the Closest Vector Problem.

Subject Classification

ACM Subject Classification
  • Theory of computation → Problems, reductions and completeness
  • Theory of computation → Computational geometry
Keywords
  • lattices
  • lattice-based cryptography
  • fine-grained complexity
  • Bounded Distance Decoding
  • Shortest Vector Problem

Metrics

  • Access Statistics
  • Total Accesses (updated on a weekly basis)
    0
    PDF Downloads
    0
    Metadata Views

Related Versions

References

  1. Divesh Aggarwal, Huck Bennett, Alexander Golovnev, and Noah Stephens-Davidowitz. Fine-grained hardness of CVP(P) - everything that we can prove (and nothing else). In SODA, 2021. Google Scholar
  2. Divesh Aggarwal and Eldon Chung. A note on the concrete hardness of the shortest independent vector in lattices. Inf. Process. Lett., 167:106065, 2021. URL: https://doi.org/10.1016/j.ipl.2020.106065.
  3. Divesh Aggarwal and Noah Stephens-Davidowitz. (Gap/S)ETH hardness of SVP. In STOC, pages 228-238, 2018. Google Scholar
  4. Miklós Ajtai. The shortest vector problem in L₂ is NP-hard for randomized reductions (extended abstract). In STOC, pages 10-19, 1998. Google Scholar
  5. Miklós Ajtai and Cynthia Dwork. A public-key cryptosystem with worst-case/average-case equivalence. In STOC, pages 284-293, 1997. Google Scholar
  6. Sanjeev Arora, László Babai, Jacques Stern, and Z. Sweedyk. The hardness of approximate optima in lattices, codes, and systems of linear equations. J. Comput. Syst. Sci., 54(2):317-331, 1997. URL: https://doi.org/10.1006/jcss.1997.1472.
  7. Shi Bai, Damien Stehlé, and Weiqiang Wen. Improved reduction from the bounded distance decoding problem to the unique shortest vector problem in lattices. In ICALP, pages 76:1-76:12, 2016. Google Scholar
  8. Huck Bennett, Alexander Golovnev, and Noah Stephens-Davidowitz. On the quantitative hardness of CVP. In FOCS, 2017. Google Scholar
  9. Huck Bennett and Chris Peikert. Hardness of bounded distance decoding on lattices in 𝓁_p norms. In CCC, 2020. URL: https://doi.org/10.4230/LIPIcs.CCC.2020.36.
  10. N. D. Elkies, A. M. Odlyzko, and J. A. Rush. On the packing densities of superballs and other bodies. Inventiones mathematicae, 105:613-639, December 1991. Google Scholar
  11. Craig Gentry, Chris Peikert, and Vinod Vaikuntanathan. Trapdoors for hard lattices and new cryptographic constructions. In STOC, pages 197-206, 2008. Google Scholar
  12. Ishay Haviv and Oded Regev. Tensor-based hardness of the shortest vector problem to within almost polynomial factors. Theory of Computing, 8(1):513-531, 2012. Preliminary version in STOC 2007. Google Scholar
  13. Subhash Khot. Hardness of approximating the shortest vector problem in lattices. J. ACM, 52(5):789-808, 2005. Preliminary version in FOCS 2004. Google Scholar
  14. Subhash Khot. Hardness of approximating the shortest vector problem in high 𝓁_p norms. J. Comput. Syst. Sci., 72(2):206-219, 2006. Google Scholar
  15. Yi-Kai Liu, Vadim Lyubashevsky, and Daniele Micciancio. On bounded distance decoding for general lattices. In RANDOM, pages 450-461, 2006. Google Scholar
  16. Vadim Lyubashevsky and Daniele Micciancio. On bounded distance decoding, unique shortest vectors, and the minimum distance problem. In CRYPTO, pages 577-594, 2009. Google Scholar
  17. J. E. Mazo and A. M. Odlyzko. Lattice points in high-dimensional spheres. Monatshefte für Mathematik, 110:47-61, March 1990. Google Scholar
  18. Daniele Micciancio. The shortest vector in a lattice is hard to approximate to within some constant. SIAM J. Comput., 30(6):2008-2035, 2000. Preliminary version in FOCS 1998. Google Scholar
  19. Daniele Micciancio. The hardness of the closest vector problem with preprocessing. IEEE Trans. Information Theory, 47(3):1212-1215, 2001. URL: https://doi.org/10.1109/18.915688.
  20. Daniele Micciancio. Inapproximability of the shortest vector problem: Toward a deterministic reduction. Theory of Computing, 8(1):487-512, 2012. Google Scholar
  21. Daniele Micciancio. Locally dense codes. In CCC, pages 90-97, 2014. URL: https://doi.org/10.1109/CCC.2014.17.
  22. Daniele Micciancio and Oded Regev. Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput., 37(1):267-302, 2007. Preliminary version in FOCS 2004. Google Scholar
  23. Oded Regev. On lattices, learning with errors, random linear codes, and cryptography. J. ACM, 56(6):1-40, 2009. Preliminary version in STOC 2005. Google Scholar
  24. Oded Regev and Ricky Rosen. Lattice problems and norm embeddings. In STOC, pages 447-456, 2006. Google Scholar
  25. Peter van Emde Boas. Another NP-complete problem and the complexity of computing short vectors in a lattice. Technical Report 81-04, University of Amsterdam, 1981. Google Scholar
  26. Serge Vlăduţ. Lattices with exponentially large kissing numbers. Mosc. J. Comb. Number Theory, 8(2):163-177, 2019. URL: https://doi.org/10.2140/moscow.2019.8.163.
Questions / Remarks / Feedback
X

Feedback for Dagstuhl Publishing


Thanks for your feedback!

Feedback submitted

Could not send message

Please try again later or send an E-mail
© 2023-2024 Schloss Dagstuhl – LZI GmbH Imprint Privacy Contact