# On the Lattice Smoothing Parameter Problem

@article{Chung2013OnTL, title={On the Lattice Smoothing Parameter Problem}, author={Kai-Min Chung and Daniel Dadush and Feng-Hao Liu and Chris Peikert}, journal={2013 IEEE Conference on Computational Complexity}, year={2013}, pages={230-241} }

The smoothing parameter ηε(L) of a Euclidean lattice L, introduced by Micciancio and Regev (FOCS'04; SICOMP'07), is (informally) the smallest amount of Gaussian noise that “smooths out” the discrete structure of L (up to error ε). It plays a central role in the best known worst-case/average-case reductions for lattice problems, a wealth of lattice-based cryptographic constructions, and (implicitly) the tightest known transference theorems for fundamental lattice quantities. In this work we…

## 22 Citations

On the Gaussian Measure Over Lattices

- Mathematics
- 2017

We study the Gaussian mass of a lattice coset ρs(L − t) := ∑ y∈L exp(−π‖y − t‖/s) , where L ⊂ R is a lattice and t ∈ R is a vector describing a shift of the lattice. In particular, we use bounds on…

New (and Old) Proof Systems for Lattice Problems

- Computer Science, MathematicsPublic Key Cryptography
- 2018

It is shown that \(\textsf {GapSPP}\) admits SZK proofs for remarkably low approximation factors, improving on prior work by up to roughly \(\sqrt{n}\).

Towards Strong Reverse Minkowski-Type Inequalities for Lattices

- Mathematics2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)
- 2016

A natural reverse Minkowski-type inequality for lattices is presented, which gives upper bounds on the number of lattice points in a Euclidean ball in terms of sublattice determinants, and implies the l2 case of the Kannan and Lovasz conjecture.

Solving the Shortest Vector Problem in 2n Time Using Discrete Gaussian Sampling: Extended Abstract

- Computer Science, MathematicsSTOC
- 2015

The SVP result follows from a natural reduction from SVP to DGS, and a more refined algorithm for DGS above the so-called smoothing parameter of the lattice, which can generate 2n/2 discrete Gaussian samples in just 1.93-approximate decision SVP.

Improved Classical and Quantum Algorithms for the Shortest Vector Problem via Bounded Distance Decoding

- Computer Science
- 2020

This paper presents new algorithms that improve the state-of-the-art for provable classical/quantum algorithms for SVP and conjecture that for most lattices this quantity is a 2 o ( n ) .

Chris Peikert – Research Statement

- Computer Science, Mathematics
- 2014

My research is dedicated to developing new, stronger mathematical foundations for cryptography, with a particular focus on geometric objects called lattices, which have the potential to yield cryptographic schemes with unique and attractive security guarantees and resistance to quantum attacks.

AWGN-Goodness Is Enough: Capacity-Achieving Lattice Codes Based on Dithered Probabilistic Shaping

- Computer ScienceIEEE Transactions on Information Theory
- 2019

This paper shows that any sequence of infinite lattice constellations can be shaped into a capacity-achieving sequence of codes for the power-constrained Gaussian channel under lattice decoding and non-uniform signaling, and gets a simple characterization of the finite-blocklength behavior of the scheme, showing that it approaches the optimal dispersion coefficient for high signal-to-noise ratio.

On the Closest Vector Problem with a Distance Guarantee

- Computer Science2014 IEEE 29th Conference on Computational Complexity (CCC)
- 2014

A substantially more efficient variant of the LLM algorithm is presented, and via an improved analysis, it is shown that it can decode up to a distance proportional to the reciprocal of the smoothing parameter of the dual lattice.

Towards a Ring Analogue of the Leftover Hash Lemma

- Mathematics, Computer ScienceJ. Math. Cryptol.
- 2021

This work presents an approach for generalizing the “regularity lemma” of Lyubashevsky et al. to certain conditional distributions, and presents three instantiations of this approach, proving that the regularityLemma holds for three natural conditional distributions.

Just how hard are rotations of ℤn? Algorithms and cryptography with the simplest lattice

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2021

It is shown that ZSVP is in a certain sense strictly easier than SVP on arbitrary lattices and a simple public-key encryption scheme that is secure if (an appropriate variant of) ZS VP is actually hard, and a 2-time algorithm is obtained, i.e., a non-trivial speedup over the best known algorithm for S VP on general lattices.

## References

SHOWING 1-10 OF 41 REFERENCES

Limits on the Hardness of Lattice Problems in ℓp Norms

- Computer Science, MathematicsTwenty-Second Annual IEEE Conference on Computational Complexity (CCC'07)
- 2007

The results improve prior approximation factors for ℓp norms by up to up to $$\sqrt{n}$$ factors, and provide some evidence that lattice problems in ™p norms (for p > 2) may not be substantially harder than they are in the ™2 norm.

On the Limits of Nonapproximability of Lattice Problems

- Computer Science, MathematicsJ. Comput. Syst. Sci.
- 2000

We show simple constant-round interactive proof systems for problems capturing the approximability, to within a factor of n, of optimization problems in integer lattices, specifically, the closest…

Worst-case to average-case reductions based on Gaussian measures

- Computer Science, Mathematics45th Annual IEEE Symposium on Foundations of Computer Science
- 2004

It is shown that solving modular linear equation on the average is at least as hard as approximating several lattice problems in the worst case within a factor almost linear in the rank of the lattice, and it is proved that the distribution that one obtains after adding Gaussian noise to the lattices has the following interesting property.

New lattice-based cryptographic constructions

- Mathematics, Computer ScienceJACM
- 2004

A new public key cryptosystem whose security guarantee is considerably stronger than previous results is provided, and a family of collision resistant hash functions with an improved security guarantee in terms of the unique shortest vector problem is proposed.

Lattice problems in NP ∩ coNP

- MathematicsJACM
- 2005

We show that the problems of approximating the shortest and closest vector in a lattice to within a factor of &nradic; lie in NP intersect coNP. The result (almost) subsumes the three…

Generating Hard Instances of Lattice Problems

- Mathematics, Computer ScienceElectron. Colloquium Comput. Complex.
- 1996

We give a random class of lattices in Z n so that, if there is a probabilistic polynomial time algorithm which nds a short vector in a random lattice with a probability of at least 1 2 then there is…

An Efficient and Parallel Gaussian Sampler for Lattices

- Computer Science, MathematicsCRYPTO
- 2010

To the knowledge, this is the first algorithm and rigorous analysis demonstrating the security of a perturbation-like technique and a new Gaussian sampling algorithm for lattices that is efficient and highly parallelizable.

The complexity of the covering radius problem

- Computer Science, Mathematicscomputational complexity
- 2005

The computational complexity of the covering radius problem for lattices, and approximation versions of the problem for both lattices and linear codes are studied, and it is proved that the problem is NP-hard for any constant approximation factor, it is Π2- hard for some constant approximation factors, and that it is unlikely to be Π1-hardfor approximation factors larger than 2.

Enumerative Lattice Algorithms in any Norm Via M-ellipsoid Coverings

- Mathematics, Computer Science2011 IEEE 52nd Annual Symposium on Foundations of Computer Science
- 2011

A novel algorithm for enumerating lattice points in any convex body known as the M-ellipsoid is given, and an expected O(f*(n))^n-time algorithm for Integer Programming, where f*( n) denotes the optimal bound in the so-calledflatnesstheorem, which is conjectured to be f* (n) = O(n).

Trapdoors for hard lattices and new cryptographic constructions

- Computer Science, MathematicsIACR Cryptol. ePrint Arch.
- 2007

A new notion of trapdoor function with preimage sampling, simple and efficient "hash-and-sign" digital signature schemes, and identity-based encryption are included.