Abstract
Let \(X \in {{\mathbb Z}}^{n \times m}\), with each entry independently and identically distributed from an integer Gaussian distribution. We consider the orthogonal lattice \(\varLambda ^\perp (X)\) of X, i.e., the set of vectors \(\mathbf {v}\in {{\mathbb Z}}^m\) such that \(X \mathbf {v}= \mathbf {0}\). In this work, we prove probabilistic upper bounds on the smoothing parameter and the \((m-n)\)-th minimum of \(\varLambda ^\perp (X)\). These bounds improve and the techniques build upon prior works of Agrawal et al. (Adv Cryptol 2013:97–116, 2013), and of Aggarwal and Regev (Chic J Theor Comput Sci 7:1–11, 2016).
Similar content being viewed by others
Notes
Note that an equivalent description of the distribution for X would be \(X \leftarrow (D_{{{\mathbb Z}},s})^{n \times m}\). Our choice follows prior works.
We recall that \(\eta _{\varepsilon }({{\mathbb Z}}^n) = {\mathcal {O}}(\sqrt{ \ln (n/\varepsilon )})\) (see Sect. 2).
The statistical distance between two distributions X and Y is half their \(\ell _1\)-distance, i.e., \(\varDelta (X,Y):=\frac{1}{2}\left\Vert X-Y\right\Vert _1 = \frac{1}{2} \sum _{\omega \in \varOmega } |X(\omega ) - Y(\omega )|\).
In fact, the following stronger result is proved in [13]: the number of primes in the interval \((x-x^{\alpha },x)\) is at least \(\frac{x^\alpha }{\log x}\) for \(\alpha < 7/12\). To simplify our statements, we use a looser bound.
References
Aggarwal D., Regev O.: A note on discrete Gaussian combinations of lattice vectors. Chic. J. Theor. Comput. Sci. 7, 1–11 (2016).
Agrawal S., Gentry C., Halevi S., Sahai A.: Discrete Gaussian leftover hash lemma over infinite domains. Adv. Cryptol. 2013, 97–116 (2013).
Agrawal S., Libert B., Stehlé D.: Fully secure functional encryption for inner products, from standard assumptions. Adv. Cryptol. 2016, 333–362 (2016).
Alamati N., Peikert C., Stephens-Davidowitz N.: New (and old) proof systems for lattice problems. Public-Key Cryptogr. 2018, 619–643 (2018).
Banaszczyk W.: New bounds in some transference theorems in the geometry of numbers. Math. Ann. 296, 625–636 (1993).
Belfiore J.-C.: Lattice codes for the compute-and-forward protocol: the flatness factor. In: 2011 IEEE Information Theory Workshop, ITW 2011, vol. 10 (2011)
Chen J., Stehlé D., Villard G.: A new view on HJLS and PSLQ: Sums and projections of lattices. In: Proceedings of the 38th International Symposium on Symbolic and Algebraic Computation, pp. 149–156 (2013)
Conway J.H., Sloane N.J.A.: Sphere Packings, Lattices, and Groups, Third edn. Springer-Verlag, New York (1993).
Dadush D., Regev O., Stephens-Davidowitz N.: On the closest vector problem with a distance guarantee. In: Proceedings of the 2014 IEEE 29th Conference on Computational Complexity, pp. 98–109 (2014)
Garg S., Gentry C., Halevi S.: Candidate multilinear maps from ideal lattices. Adv. Cryptol. 2013, 1–17 (2013).
Gentry C., Peikert C., Vaikuntanathan V.: Trapdoors for hard lattices and new cryptographic constructions. In: Proceedings of the 14th Annual ACM Symposium on Theory of Computing, pp. 197–206 (2008)
Havas G., Majewski B.S., Matthews K.R.: Extended GCD and Hermite normal form algorithms via lattice basis reduction. Exp. Math. 7(2), 125–136 (1998).
Heath-Brown D.R.: The number of primes in a short interval. J. Reine Angew. Math. 389, 22–63 (1988).
Impagliazzo R., Levin L.A., Luby M.: Pseudo-random generation from one-way functions. In: Proceedings of the 21st Annual ACM Symposium on Theory of Computing, pp. 12–24. ACM (1989)
Lenstra A.K., Lenstra H.W., Lovász L.: Factoring polynomials with rational coefficients. Math. Ann. 261, 515–534 (1982).
Ling S., Phan D.H., Stehlé D., Steinfeld R.: Hardness of \(k\)-LWE and applications in traitor tracing. In: Algorithmica, pp. 1318–1352 (2017)
Micciancio D., Regev O.: Worst-case to average-case reductions based on Gaussian measures. SIAM J. Comput. 37(1), 267–302 (2007). Preliminary version in FOCS 2004.
Nguyen P.: La géométrie des nombres en cryptologie. PhD thesis, Université Paris, vol. 7 (1999)
Nguyen P.: The LLL Algorithm: Survey and Applications, 1st edn. Springer, New York (2009).
Nguyen P., Stern J.: Merkle-Hellman revisited: a cryptanalysis of the Qu-Vanstone cryptosystem based on group factorizations. Adv. Cryptol. 1997, 198–212 (1997).
Nguyen P., Stern J.: The hardness of the hidden subset sum problem and its cryptographic implications. In: Advances in Cryptology—CRYPTO 1999, pp. 31–46 (1999)
Peikert C.: Limits on the hardness of lattice problems in \(\ell _p\) norms. Comput. Complex. 17(2), 300–351 (2008).
Peikert C., Regev O., Stephens-Davidowitz N.: Pseudorandomness of ring-LWE for any ring and modulus. In: Proceedings of the 49th Annual ACM Symposium on Theory of Computing, pp. 461–473. ACM (2017)
van Dijk M., Gentry C., Halevi S., Vaikuntanathan V.: Fully homomorphic encryption over the integers. In: Advances in Cryptology—EUROCRYPT 2010, pp. 24–43 (2010)
Acknowledgements
This work has been supported by ERC Starting Grant ERC-2013-StG-335086-LATTAC and by the European Union PROMETHEUS project (Horizon 2020 Research and Innovation Program, grant 780701). Most of the work leading to this article was done while the first and last authors were at ENS de Lyon.
Author information
Authors and Affiliations
Corresponding author
Additional information
Communicated by S. D. Galbraith.
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
About this article
Cite this article
Kirshanova, E., Nguyen, H., Stehlé, D. et al. On the smoothing parameter and last minimum of random orthogonal lattices. Des. Codes Cryptogr. 88, 931–950 (2020). https://doi.org/10.1007/s10623-020-00719-w
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s10623-020-00719-w