On lattices, learning with errors, random linear codes, and cryptography
Proceedings of the thirty-seventh annual ACM symposium on Theory of computing
ACM Transactions on Algorithms (TALG)
Lattices that admit logarithmic worst-case to average-case connection factors
Proceedings of the thirty-ninth annual ACM symposium on Theory of computing
Foundations and Trends® in Theoretical Computer Science
Generalized Compact Knapsacks, Cyclic Lattices, and Efficient One-Way Functions
Computational Complexity
Special Issue On Worst-case Versus Average-case Complexity Editors' Foreword
Computational Complexity
Efficient reductions among lattice problems
Proceedings of the nineteenth annual ACM-SIAM symposium on Discrete algorithms
Trapdoors for hard lattices and new cryptographic constructions
STOC '08 Proceedings of the fortieth annual ACM symposium on Theory of computing
Limits on the Hardness of Lattice Problems in lp Norms
Computational Complexity
SWIFFT: A Modest Proposal for FFT Hashing
Fast Software Encryption
Explicit Hard Instances of the Shortest Vector Problem
PQCrypto '08 Proceedings of the 2nd International Workshop on Post-Quantum Cryptography
On lattices, learning with errors, random linear codes, and cryptography
Journal of the ACM (JACM)
Proceedings of the forty-second ACM symposium on Theory of computing
The geometry of lattice cryptography
Foundations of security analysis and design VI
Generalized compact knapsacks are collision resistant
ICALP'06 Proceedings of the 33rd international conference on Automata, Languages and Programming - Volume Part II
| Hi-index | 0.00 |
Lattices have received considerable attention as a potential source of computational hardness to be used in cryptography, after a breakthrough result of Ajtai [in Proceedings of the 28th Annual ACM Symposium on Theory of Computing, Philadelphia, PA, 1996, pp. 99--108] connecting the average-case and worst-case complexity of various lattice problems. The purpose of this paper is twofold. On the expository side, we present a rigorous self-contained proof of results along the lines of Ajtai's seminal work. At the same time, we explore to what extent Ajtai's original results can be quantitatively improved. As a by-product, we define a random class of lattices such that computing short nonzero vectors in the class with nonnegligible probability is at least as hard as approximating the length of the shortest nonzero vector in any n-dimensional lattice within worst-case approximation factors $\gamma(n) = n^{3} \omega(\sqrt{\log n\log\log n})$. This improves previously known best connection factor $\gamma(n) = n^{4+\epsilon}$ [J.-Y. Cai and A. P. Nerurkar, in Proceedings of the 38th Annual IEEE Symposium on Foundations of Computer Science, Miami Beach, FL, 1997, pp. 468--477]. We also show how our reduction implies the existence of collision resistant cryptographic hash functions based on the worst-case inapproximability of the shortest vector problem within the same factors $\gamma(n) = n^{3} \omega(\sqrt{\log n\log\log n})$.In the process we distill various new lattice problems that might be of independent interest, related to the covering radius, the bounded distance decoding problem, approximate counting of lattice points inside convex bodies, and the efficient construction of lattices with good geometric and algorithmic decoding properties. We also show how further investigation of these new lattice problems might lead to even stronger connections between the average-case and worst-case complexity of the shortest vector problem, possibly leading to connection factors as low as $\gamma(n) = n^{1.5} \omega(\log n)$.