On the Lattice Smoothing Parameter Problem

@article{Chung2013OnTL,
  title={On the Lattice Smoothing Parameter Problem},
  author={Kai-Min Chung and Daniel Dadush and Feng-Hao Liu and Chris Peikert},
  journal={2013 IEEE Conference on Computational Complexity},
  year={2013},
  pages={230-241}
}
The smoothing parameter ηε(L) of a Euclidean lattice L, introduced by Micciancio and Regev (FOCS'04; SICOMP'07), is (informally) the smallest amount of Gaussian noise that “smooths out” the discrete structure of L (up to error ε). It plays a central role in the best known worst-case/average-case reductions for lattice problems, a wealth of lattice-based cryptographic constructions, and (implicitly) the tightest known transference theorems for fundamental lattice quantities. In this work we… 
View on IEEE
arxiv.org
22 Citations
Highly Influential Citations
1
Background Citations
6
Methods Citations
3
Results Citations
1

22 Citations

On the Gaussian Measure Over Lattices
We study the Gaussian mass of a lattice coset ρs(L − t) := ∑ y∈L exp(−π‖y − t‖/s) , where L ⊂ R is a lattice and t ∈ R is a vector describing a shift of the lattice. In particular, we use bounds on
New (and Old) Proof Systems for Lattice Problems
TLDR
It is shown that \(\textsf {GapSPP}\) admits SZK proofs for remarkably low approximation factors, improving on prior work by up to roughly \(\sqrt{n}\).
Towards Strong Reverse Minkowski-Type Inequalities for Lattices
  • D. Dadush, O. Regev
  • Mathematics
    2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS)
  • 2016
TLDR
A natural reverse Minkowski-type inequality for lattices is presented, which gives upper bounds on the number of lattice points in a Euclidean ball in terms of sublattice determinants, and implies the l2 case of the Kannan and Lovasz conjecture.
Solving the Shortest Vector Problem in 2n Time Using Discrete Gaussian Sampling: Extended Abstract
TLDR
The SVP result follows from a natural reduction from SVP to DGS, and a more refined algorithm for DGS above the so-called smoothing parameter of the lattice, which can generate 2n/2 discrete Gaussian samples in just 1.93-approximate decision SVP.
Improved Classical and Quantum Algorithms for the Shortest Vector Problem via Bounded Distance Decoding
TLDR
This paper presents new algorithms that improve the state-of-the-art for provable classical/quantum algorithms for SVP and conjecture that for most lattices this quantity is a 2 o ( n ) .
Chris Peikert – Research Statement
TLDR
My research is dedicated to developing new, stronger mathematical foundations for cryptography, with a particular focus on geometric objects called lattices, which have the potential to yield cryptographic schemes with unique and attractive security guarantees and resistance to quantum attacks.
AWGN-Goodness Is Enough: Capacity-Achieving Lattice Codes Based on Dithered Probabilistic Shaping
TLDR
This paper shows that any sequence of infinite lattice constellations can be shaped into a capacity-achieving sequence of codes for the power-constrained Gaussian channel under lattice decoding and non-uniform signaling, and gets a simple characterization of the finite-blocklength behavior of the scheme, showing that it approaches the optimal dispersion coefficient for high signal-to-noise ratio.
On the Closest Vector Problem with a Distance Guarantee
TLDR
A substantially more efficient variant of the LLM algorithm is presented, and via an improved analysis, it is shown that it can decode up to a distance proportional to the reciprocal of the smoothing parameter of the dual lattice.
Towards a Ring Analogue of the Leftover Hash Lemma
TLDR
This work presents an approach for generalizing the “regularity lemma” of Lyubashevsky et al. to certain conditional distributions, and presents three instantiations of this approach, proving that the regularityLemma holds for three natural conditional distributions.
Just how hard are rotations of ℤn? Algorithms and cryptography with the simplest lattice
TLDR
It is shown that ZSVP is in a certain sense strictly easier than SVP on arbitrary lattices and a simple public-key encryption scheme that is secure if (an appropriate variant of) ZS VP is actually hard, and a 2-time algorithm is obtained, i.e., a non-trivial speedup over the best known algorithm for S VP on general lattices.
...
...

References

SHOWING 1-10 OF 41 REFERENCES
Limits on the Hardness of Lattice Problems in ℓp Norms
  • Chris Peikert
  • Computer Science, Mathematics
    Twenty-Second Annual IEEE Conference on Computational Complexity (CCC'07)
  • 2007
TLDR
The results improve prior approximation factors for ℓp norms by up to up to $$\sqrt{n}$$ factors, and provide some evidence that lattice problems in ™p norms (for p > 2) may not be substantially harder than they are in the ™2 norm.
On the Limits of Nonapproximability of Lattice Problems
We show simple constant-round interactive proof systems for problems capturing the approximability, to within a factor of n, of optimization problems in integer lattices, specifically, the closest
Worst-case to average-case reductions based on Gaussian measures
TLDR
It is shown that solving modular linear equation on the average is at least as hard as approximating several lattice problems in the worst case within a factor almost linear in the rank of the lattice, and it is proved that the distribution that one obtains after adding Gaussian noise to the lattices has the following interesting property.
New lattice-based cryptographic constructions
  • O. Regev
  • Mathematics, Computer Science
    JACM
  • 2004
TLDR
A new public key cryptosystem whose security guarantee is considerably stronger than previous results is provided, and a family of collision resistant hash functions with an improved security guarantee in terms of the unique shortest vector problem is proposed.
Lattice problems in NP ∩ coNP
We show that the problems of approximating the shortest and closest vector in a lattice to within a factor of &nradic; lie in NP intersect coNP. The result (almost) subsumes the three
Generating Hard Instances of Lattice Problems
  • M. Ajtai
  • Mathematics, Computer Science
    Electron. Colloquium Comput. Complex.
  • 1996
We give a random class of lattices in Z n so that, if there is a probabilistic polynomial time algorithm which nds a short vector in a random lattice with a probability of at least 1 2 then there is
An Efficient and Parallel Gaussian Sampler for Lattices
TLDR
To the knowledge, this is the first algorithm and rigorous analysis demonstrating the security of a perturbation-like technique and a new Gaussian sampling algorithm for lattices that is efficient and highly parallelizable.
The complexity of the covering radius problem
TLDR
The computational complexity of the covering radius problem for lattices, and approximation versions of the problem for both lattices and linear codes are studied, and it is proved that the problem is NP-hard for any constant approximation factor, it is Π2- hard for some constant approximation factors, and that it is unlikely to be Π1-hardfor approximation factors larger than 2.
Enumerative Lattice Algorithms in any Norm Via M-ellipsoid Coverings
TLDR
A novel algorithm for enumerating lattice points in any convex body known as the M-ellipsoid is given, and an expected O(f*(n))^n-time algorithm for Integer Programming, where f*( n) denotes the optimal bound in the so-calledflatnesstheorem, which is conjectured to be f* (n) = O(n).
Trapdoors for hard lattices and new cryptographic constructions
TLDR
A new notion of trapdoor function with preimage sampling, simple and efficient "hash-and-sign" digital signature schemes, and identity-based encryption are included.
...
...