Corpus ID: 1480070

Generating Hard Instances of Lattice Problems

@article{Ajtai1996GeneratingHI,
  title={Generating Hard Instances of Lattice Problems},
  author={Mikl{\'o}s Ajtai},
  journal={Electron. Colloquium Comput. Complex.},
  year={1996},
  volume={3}
}
  • M. Ajtai
  • Published 1996
  • Computer Science
  • Electron. Colloquium Comput. Complex.
We give a random class of lattices in Z n so that, if there is a probabilistic polynomial time algorithm which nds a short vector in a random lattice with a probability of at least 1 2 then there is also a probabilistic polynomial time algorithm which solves the following three lattice problems in every lattice in Z n with a probability exponentially close to one. (1) Find the length of a shortest nonzero vector in an n-dimensional lattice, approximately, up to a polynomial factor. (2) Find the… Expand
Generating hard instances of lattice problems (extended abstract)
  • M. Ajtai
  • Mathematics, Computer Science
  • STOC '96
  • 1996
We give a random class of lattices in Zn whose elements can be generated together with a short vector in them so that, if there is a probabilistic polynomial time algorithm which finds a short vectorExpand
The worst-case behavior of schnorr's algorithm approximating the shortest nonzero vector in a lattice
  • M. Ajtai
  • Mathematics, Computer Science
  • STOC '03
  • 2003
TLDR
It is shown that if k=o(n), this bound on the performance of Schnorr's algorithm cannot be improved (apart from a constant factor in the exponent), namely there is a lattice and a basis so that if they are given as an input to the algorithm then the resulting approximating factor of the output is at least k ε n/k. Expand
Generating Hard Instances of the Short Basis Problem
  • M. Ajtai
  • Mathematics, Computer Science
  • ICALP
  • 1999
TLDR
It is shown that lattices of the same random class can be generated not only together with a short vector in them, but also together withA short basis, which may make the construction more applicable for cryptographic protocols. Expand
Closest Vectors, Successive Minima, and Dual HKZ-Bases of Lattices
In this paper we introduce a new technique to solve lattice problems. The technique is based on dual HKZ-bases. Using this technique we show how to solve the closest vector problem in lattices withExpand
The Parameterized Complexity of Some Fundamental Problems of Linear Codes and Integer Lattices
The parameterized complexity of a number of fundamental problems of linear codes and integer lattices is explored. Concerning codes, the main results are that Maximum Likelihood Decoding and WeightExpand
On the complexity of computing short linearly independent vectors and short bases in a lattice
TLDR
The strongest result in this direction states that under reasonable complexity-theoretic assumptions, approximating the length of a shortest set of linearly independent vectors (shortest basis) within a factor of n/a is not NP-hard. Expand
Generating a Lattice of a given Genus
A full-rank lattice L in R is a discrete subgroup of R which is the set of all integer linear combinations of n-linearly independent vectors, say b1, · · · ,bn i.e., L = { ∑n i=1 zibi | z1, · · · ,Expand
Optimal lower bounds for the Korkine-Zolotareff parameters of a lattice and for Schnorr's algorithm for the shortest vector problem
  • M. Ajtai
  • Computer Science, Mathematics
  • Theory Comput.
  • 2008
TLDR
It is shown that if k = o(n), this bound on the performance of Schnorr’s algorithm cannot be improved (apart from a constant factor in the exponent), and the existence of a basis in Rn which is KZ-reduced on all k-segments and where the ratio ‖b1‖/shortest(L) is at least kcn/k is proved. Expand
The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract)
  • M. Ajtai
  • Computer Science, Mathematics
  • STOC '98
  • 1998
TLDR
There is a prob-abilistic Turing-machine which in polynomial time reduces any problem in NP to instances of the shortest vector problem, provided that it can use an oracle which returns the solution of the longest vector problem if an instance of it is presented (by giving a basis of the corresponding lattice). Expand
An LLL Algorithm for Module Lattices
TLDR
This work introduces an algorithm that efficiently finds short vectors in rank-n modules when given access to an oracle that finds short Vector Problem oracle for a lattice that depends only on K and provides a generalization to R-modules contained in \(K^n\) for arbitrary number fields K and dimension n. Expand
...
1
2
3
4
5
...

References

SHOWING 1-5 OF 5 REFERENCES
Solving low density subset sum problems
  • J. Lagarias, A. Odlyzko
  • Computer Science, Mathematics
  • 24th Annual Symposium on Foundations of Computer Science (sfcs 1983)
  • 1983
TLDR
This method gives a polynomial time attack on knapsack public key cryptosystems that can be expected to break them if they transmit information at rates below dc (n), as n → ∞. Expand
Schrijver, \Geometric Algorithms and Combinatorial Optimization
  • Schrijver, \Geometric Algorithms and Combinatorial Optimization
  • 1988
Brickell, \Breaking iterated knapsacks", in: Advances in Cryptology
  • Proceedings of CRYPTO 84
  • 1985
Adleman, \On breaking the iterated Merkle-Hellman public key cryptosystem" , in: Advances in Cryptology
  • Proceedings of CRYPTO 82
  • 1983
Lovv asz \Factoring polynomials with rational coeecients
  • Math. Ann
  • 1982