Jianwei Li
ABSTRACT
Let $(\mathbfb _1, łdots, \mathbfb _n )$ be a lattice basis with Gram-Schmidt orthogonalization $(\mathbfb _1^\ast, łdots, \mathbfb _n ^\ast )$, the ratios %quantities $\|\mathbfb _1 \|/\|\mathbfb _i ^\ast \|$ for $i = 1, łdots, n$ do arise in the analysis of many lattice algorithms and are somehow related to their performances. In this paper, we study the problem of minimizing the ratio $\|\mathbfb _1 \|/\|\mathbfb _n ^\ast \|$ over all bases $(\mathbfb _1, łdots, \mathbfb _n )$ of a given n-rank lattice. We first prove that there exists a basis $(\mathbfb _1, łdots, \mathbfb _n )$ for any n-rank lattice L such that $\|\mathbfb _1\| = \min_\mathbfv \in L\backslash\\mathbf0 \ \|\mathbfv \|$, $\|\mathbfb _1 \|/\|\mathbfb _i ^\ast \| łeq i$ and $\|\mathbfb _i \|/\|\mathbfb _i ^\ast \| łeq i^1.5 $ for $1 łeq i łeq n$. This leads us to introduce a new NP-hard computational problem, namely % that is, the \em smallest ratio problem (SRP): given an n-rank lattice L, find a basis $(\mathbfb _1, łdots, \mathbfb _n )$ of L such that $\|\mathbfb _1 \|/\|\mathbfb _n ^\ast \|$ is minimal. The problem inspires a new lattice invariant μ_n (L) = \min\\|\mathbfb _1\|/\|\mathbfb _n^\ast \|: (\mathbfb _1, łdots, \mathbfb _n) \textrm is a basis of L\ $ and a new lattice constant μ_n = \max μ_n (L)$ over all n-rank lattices L: both the minimum and maximum are justified. Some properties of μ_n (L)$ and μ_n $ are investigated. We also present an exact algorithm and an approximation algorithm for SRP. This is the first sound study of SRP. Our work is a tiny step towards solving an open problem proposed by Dadush-Regev-Stephens-Davidowitz (CCC '14) for tackling the closest vector problem with preprocessing, i.e., whether there exists a basis $(\mathbfb _1, łdots, \mathbfb _n )$ for any n-rank lattice s.t. $\max_1 łe i łe j łe n \|\vecb _i ^\ast \|/\vecb _j ^\ast \| łe \textrmpoly (n)$.
- D. Aggarwal, J. Li, P. Q. Nguyen, and N. Stephens-Davidowitz. Slide reduction, revisited -- filling the gaps in SVP approximation. In CRYPTO, pages 274--295, 2020.Google Scholar
Digital Library
- M. Ajtai. The shortest vector problem in $L_2$ is NP-hard for randomized reductions (extended abstract). In STOC, pages 10--19, 1998.Google ScholarDigital Library
- M. Ajtai. Optimal lower bounds for the Korkine-Zolotareff parameters of a lattice and for Schnorr's algorithm for the shortest vector problem. Theory of Computing, 4(1):21--51, 2008. Preliminary version in STOC 2003.Google ScholarCross Ref
- L. Babai. On Lová sz' lattice reduction and the nearest lattice point problem. Combinatorica, 6(1):1--13, 1986.Google ScholarDigital Library
- A. M. Bergé and J. Martinet. Sur un problème de dualite lié aux sphères en géométrie des nombres. Journal of Number Theory, 32:14--42, 1989.Google ScholarCross Ref
- D. Dadush, O. Regev, and N. Stephens-Davidowitz. On the closest vector problem with a distance guarantee. In CCC, pages 98--109, 2014. Full version at https://arxiv.org/pdf/1409.8063.pdf.Google ScholarDigital Library
- I. Dinur, G. Kindler, R. Raz, and S. Safra. Approximating CVP to within almost-polynomial factors is NP-hard. Combinatorica, 23(2):205--243, 2003.Google ScholarDigital Library
- N. Gama, N. Howgrave-Graham, H. Koy, and P. Nguyen. Rankin's constant and blockwise lattice reduction. In CRYPTO, pages 112--130, 2006.Google ScholarDigital Library
- N. Gama, N. Howgrave-Graham, and P. Q. Nguyen. Symplectic lattice reduction and NTRU. In EUROCRYPT, pages 233--253, 2006.Google ScholarDigital Library
- N. Gama and P. Q. Nguyen. Finding short lattice vectors within Mordell's inequality. In STOC, pages 207--216, 2008.Google ScholarDigital Library
- N. Gama, P. Q. Nguyen, and O. Regev. Lattice enumeration using extreme pruning. In EUROCRYPT, pages 257--278, 2010.Google ScholarDigital Library
- G. Hanrot, X. Pujol, and D. Stehlé. Analyzing blockwise lattice algorithms using dynamical systems. In CRYPTO, pages 447--464, 2011.Google ScholarCross Ref
- G. Hanrot and D. Stehlé . Improved analysis of Kannan's shortest lattice vector algorithm. In CRYPTO, pages 170--186, 2007.Google ScholarCross Ref
- G. Hanrot and D. Stehlé. Worst-case Hermite-Korkine-Zolotarev reduced lattice bases. Available at http://arxiv.org/abs/0801.3331, 2008.Google Scholar
- J. Håstad and J. C. Lagarias. Simultaneously good bases of a lattice and its reciprocal lattice. Mathematische Annalen, 287(1):163--174, 1990.Google ScholarCross Ref
- I. Haviv and O. Regev. Tensor-based hardness of the shortest vector problem to within almost polynomial factors. Theory of Computing, 8(1):513--531, 2012.Google ScholarCross Ref
- B. Helfrich. Algorithms to construct Minkowski reduced and Hermite reduced lattice bases. Theoretical Computer Science, 41:125--139, 1985.Google ScholarDigital Library
- C. Hermite. Extraits de lettres de M. Hermite à M. Jacobi sur différents objets de la théorie des nombres, deuxième lettre. J. Reine Angew. Math., 40:279--290, 1850.Google ScholarCross Ref
- R. Kannan. Minkowski's convex body theorem and integer programming. Math. Oper. Res., 12(3):415--440, 1987. Preliminary version in STOC 1983.Google ScholarDigital Library
- A. Korkine and G. Zolotareff. Sur les formes quadratiques. Mathematische Annalen, 6:366--389, 1873.Google ScholarCross Ref
- J. C. Lagarias, H. W. Lenstra Jr., and C. P. Schnorr. Korkine-Zolotarev bases and successive minima of a lattice and its reciprocal. Combinatorica, 10:333--348, 1990.Google ScholarCross Ref
- A. K. Lenstra. Lattices and factorization of polynomials over algebraic number fields. In EUROCAL, pages 32--39, 1982.Google ScholarCross Ref
- A. K. Lenstra, H. W. Lenstra Jr., and L. Lovász. Factoring polynomials with rational coefficients. Mathematische Annalen, 261:366--389, 1982.Google ScholarCross Ref
- J. Li. On the smallest ratio problem of lattice bases. Full version of ISSAC '21 on pure.royalholloway.ac.uk.Google Scholar
- J. Li and P. Q. Nguyen. Approximating the densest sublattice from Rankin's inequality. LMS J. Comput. Math., 17(Special Issue A):92--111, 2014. Contributed to ANTS-XI, 2014.Google Scholar
- J. Li and P. Q. Nguyen. Computing a lattice basis revisited. In ISSAC, pages 275--282, 2019.Google ScholarDigital Library
- J. Li and P. Q. Nguyen. A complete analysis of the BKZ lattice reduction algorithm. Available at https://eprint.iacr.org/2020/1237.pdf, 2020.Google Scholar
- D. Micciancio and S. Goldwasser. Complexity of lattice problems: a cryptographic perspective. Kluwer Academic Publishers, 2002.Google ScholarCross Ref
- D. Micciancio and M. Walter. Practical, predictable lattice basis reduction. In EUROCRYPT, pages 820--849, 2016.Google ScholarDigital Library
- A. Neumaier. Bounding basis reduction properties. Designs, Codes and Cryptography, 84:237--259, 2017.Google ScholarDigital Library
- R. A. Rankin. On positive definite quadratic forms. Journal of the London Mathematical Society, 28:309--314, 1953.Google ScholarCross Ref
- C. P. Schnorr. A hierarchy of polynomial time lattice basis reduction algorithms. Theoretical Computer Science, 53:201--224, 1987.Google ScholarDigital Library
- C. P. Schnorr and M. Euchner. Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program., 66:181--199, 1994.Google ScholarDigital Library
- M. Seysen. Simultaneous reduction of a lattice basis its reciprocal basis. Combinatorica, 13(3):363--376, 1993.Google ScholarCross Ref
- P. van Emde Boas. Another NP-complete problem and the complexity of computing short vectors in a lattice. Tecnical Report 81-04, Department of Mathmatics, University of Amsterdam, 1981.Google Scholar
Index Terms
- On the Smallest Ratio Problem of Lattice Bases
Recommendations
The Average Distance Problem with Perimeter-to-Area Ratio Penalization
In this paper we consider the functional $E_{p,\lambda}(\Omega):=\int_\Omega {\rm dist}^p(x,\partial \Omega ){\,{\operatorname{d}}} x+\lambda \frac{\mathcal{H}^1(\partial \Omega)}{\mathcal{H}^2(\Omega)}.$ Here $p\geq 1$, $\lambda>0$ are given parameters, ...
Border bases for lattice ideals
The main ingredient to construct an O -border basis of an ideal I ź K x 1 , ź , x n is the order ideal O , which is a basis of the K-vector space K x 1 , ź , x n / I . In this paper we give a procedure to find all the possible order ideals associated ...
A Lattice Reduction Algorithm Based on Sublattice BKZ
Provable and Practical SecurityAbstractWe present m-SubBKZ reduction algorithm that outputs a reduced lattice basis, containing a vector shorter than the original BKZ. The work is based on the properties of sublattices and the Gaussian Heuristic of the full lattice and sublattices. By ...
Comments