Subhash Khot
Abstract
Let p > 1 be any fixed real. We show that assuming NP ⊈ RP, there is no polynomial time algorithm that approximates the Shortest Vector Problem (SVP) in ℓp norm within a constant factor. Under the stronger assumption NP ⊈ RTIME(2poly(log n)), we show that there is no polynomial-time algorithm with approximation ratio 2(log n)1/2−ϵ where n is the dimension of the lattice and ϵ > 0 is an arbitrarily small constant.We first give a new (randomized) reduction from Closest Vector Problem (CVP) to SVP that achieves some constant factor hardness. The reduction is based on BCH Codes. Its advantage is that the SVP instances produced by the reduction behave well under the augmented tensor product, a new variant of tensor product that we introduce. This enables us to boost the hardness factor to 2(log n)1/2-ϵ.
- Aharonov, D., and Regev, O. 2004. Lattice problems in np ∩ conp. In Proceedings of the 45th IEEE Symposium on Foundations of Computer Science. IEEE Computer Society Press, Los Alamitos, CA. Google Scholar
- Ajtai, M. 1996. Generating hard instances of lattice problems. In Proceedings of the 28th ACM Symposium on the Theory of Computing. ACM, New York, 99--108. Google Scholar
- Ajtai, M. 1998. The shortest vector problem in L2 is NP-hard for randomized reductions. In Proceedings of the 30th ACM Symposium on the Theory of Computing. ACM, New York, 10--19. Google Scholar
- Ajtai, M., and Dwork, C. 1997. A public-key cryptosystem with worst-case/average-case equivalence. In Proceedings of the 29th ACM Symposium on the Theory of Computing. ACM, New York, 284--293. Google Scholar
- Ajtai, M., Kumar, R., and Sivakumar, D. 2001. A sieve algorithm for the shortest lattice vector problem. In Proceedings of the 33rd ACM Symposium on the Theory of Computing. ACM, New York, 601--610. Google Scholar
- Alon, N., Spencer, J., and Erdos, P. 1991. The Probabilistic Method. Wiley-Interscience Series.Google Scholar
- Arora, S., Babai, L., Stern, J., and Sweedyk, E. 1997. The hardness of approximate optima in lattices, codes and systems of linear equations. J. Comput. Syst. Sci. 54, 317--331. Google Scholar
- Banaszczyk, W. 1993. New bounds in some transference theorems in the geometry of numbers. Math. Ann. 296, 625--635.Google Scholar
- Cai, J. 2003. Applications of a new transference theorem to Ajtai's connection factor. Discr. Appli. Math. 126, 1, 9--31. Google Scholar
- Cai, J., and Nerurkar, A. 1997. An improved worst-case to average-case connection for lattice problems. In Proceedings of the 38th IEEE Symposium on Foundations of Computer Science. IEEE Computer Society Press, Los Alamitos, CA. Google Scholar
- Cai, J., and Nerurkar, A. 1999. Approximating the SVP to within a factor (1 + 1/dimε) is NP-hard under randomized reductions. J. Comput. Syst. Sci. 59, 2, 221--239. Google Scholar
- Dinur, I. 2003. Approximating SVP∞ to within almost polynomial factors is NP-hard. Combinatorica 23, 2, 205--243. Google Scholar
- Dinur, I., Kindler, G., and Safra, S. 1998. Approximating CVP to within almost-polynomial factors is NP-hard. In Proceedings of the 39th IEEE Symposium on Foundations of Computer Science. IEEE Computer Society Press, Los Alamitos, CA. Google Scholar
- Dumer, I., Micciancio, D., and Sudan, M. 1999. Hardness of approximating the minimum distance of a linear code. In Proceedings of the 40th IEEE Symposium on Foundations of Computer Science. IEEE Computer Society Press, Los Alamitos, CA. Google Scholar
- Gauss, C. 1801. Disquisitiones arithmetica (Leipzig, 1801: art. 171). Yale Univ. Press. (English translation by A. A. Clarke, 1966.)Google Scholar
- Goldreich, O., and Goldwasser, S. 2000. On the limits of non-approximability of lattice problems. J. Comput. Syst. Sci. 60, 3, 540--563. Google Scholar
- Goldreich, O., Micciancio, D., Safra, S., and Seifert, J. 1999. Approximating shortest lattice vectors is not harder than approximating closest lattice vectors. Inf. Proc. Lett. 71, 2, 55--61. Google Scholar
- Hastad, J. 1988. Dual vectors and lower bounds for the nearest lattice point problem. Combinatorica 8, 75--81.Google Scholar
- Kannan, R. 1983. Improved algorithms for integer programming and related lattice problems. In Proceedings of the 15th ACM Symposium on Theory of Computing. ACM, New York, 193--206. Google Scholar
- Kannan, R. 1987. Minkowski's convex body theorem and integer programming. Math. Oper. Res. 12, 415--440. Google Scholar
- Khot, S. 2003. Hardness of approximating the shortest vector problem in high Lp norms. In Proceedings of the 44th IEEE Symposium on Foundations of Computer Science. IEEE Computer Society Press, Los Alamitos, CA. Google Scholar
- Kumar, R., and Sivakumar, D. 2001. Complexity of SVP---A reader's digest. Complexity Theory Column, L. Hemaspaandra, Ed. SIGACT News 32, 3.Google Scholar
- Lagarias, J., Lenstra, H., and Schnorr, C. 1990. Korkine--Zolotarev bases and successive minima of a lattice and its reciprocal lattice. Combinatorica 10, 333--348.Google Scholar
- Lagarias, J., and Odlyzko, A. 1985. Solving low-density subset sum problems. J. ACM 32, 1, 229--246. Google Scholar
- Landau, S., and Miller, G. 1985. Solvability of radicals is in polynomial time. J. Comput. Syst. Sci. 30, 2, 179--208.Google Scholar
- Lenstra, A., Lenstra, H., and Lovász, L. 1982. Factoring polynomials with rational coefficients. Math. Ann. 261, 513--534.Google Scholar
- Lenstra, H. 1981. Integer programming with a fixed number of variables. Tech. Report 81-03. Univ. of Amsterdam, Amsterdam, The Netherland.Google Scholar
- Micciancio, D. 2000. The shortest vector problem is NP-hard to approximate to within some constant. SIAM J. Comput. 30, 6, 2008--2035. Google Scholar
- Micciancio, D., and Goldwasser, S. 2002. Complexity of Lattice Problems, A Cryptographic Perspective. Kluwer Academic Publishers. Google Scholar
- Minkowski, H. 1910. Geometrie der zahlen. Tuebner.Google Scholar
- Regev, O. 2003. New lattice based cryptographic constructions. In Proceedings of the 35th ACM Symposium on the Theory of Computing. ACM, New York. Google Scholar
- Schnorr, C. 1987. A hierarchy of polynomial-time basis reduction algorithms. Theoret. Comput. Sci. 53, 2-3, 201--224. Google Scholar
- van Emde Boas, P. 1981. Another NP-complete problem and the complexity of computing short vectors in a lattice. Tech. Report 81-04. Mathematische Instiut, Univ. of Amsterdam, Amsterdam, The Netherland.Google Scholar
Index Terms
- Hardness of approximating the shortest vector problem in lattices
Recommendations
Hardness of approximating the Shortest Vector Problem in high ℓp norms
Special issue on FOCS 2003We present a new hardness of approximation result for the Shortest Vector Problem in @?"p norm (denoted by SVP"p). Assuming NP @? ZPP, we show that for every @e>0, there is a constant p(@e) such that for all integers p>=p(@e), the problem SVP"p has no ...
The complexity of the covering radius problem
We initiate the study of the computational complexity of the covering radius problem for lattices, and approximation versions of the problem for both lattices and linear codes. We also investigate the computational complexity of the shortest linearly ...
Tensor-based hardness of the shortest vector problem to within almost polynomial factors
STOC '07: Proceedings of the thirty-ninth annual ACM symposium on Theory of computingWe show that unless NP ⊆ RTIME (2poly(log n)), for any ε > 0 there is no polynomial-time algorithm approximating the Shortest Vector Problem (SVP) on n-dimensional lattices inthe lp norm (1 ≤q p<∞) to within a factor of 2(log n)1-ε. This improves the ...
Comments