Abstract
In this work, we give provable sieving algorithms for the Shortest Vector Problem (SVP) and the Closest Vector Problem (CVP) on lattices in ℓp norm (1≤p≤∞). The running time we obtain is better than existing provable sieving algorithms. We give a new linear sieving procedure that works for all ℓp norm (1≤p≤∞). The main idea is to divide the space into hypercubes such that each vector can be mapped efficiently to a sub-region. We achieve a time complexity of 22.751n+o(n), which is much less than the 23.849n+o(n) complexity of the previous best algorithm. We also introduce a mixed sieving procedure, where a point is mapped to a hypercube within a ball and then a quadratic sieve is performed within each hypercube. This improves the running time, especially in the ℓ2 norm, where we achieve a time complexity of 22.25n+o(n), while the List Sieve Birthday algorithm has a running time of 22.465n+o(n). We adopt our sieving techniques to approximation algorithms for SVP and CVP in ℓp norm (1≤p≤∞) and show that our algorithm has a running time of 22.001n+o(n), while previous algorithms have a time complexity of 23.169n+o(n).
Highlights
A lattice L is the set of all integer combinations of linearly independent vectors b1, . . . , bn ∈ Rd, nL = L(b1, . . . , bn ) := { ∑ zi bi : zi ∈ Z} .Academic Editor: Frank WernerReceived: 26 October 2021Accepted: 9 December 2021Published: 13 December 2021Publisher’s Note: MDPI stays neutral with regard to jurisdictional claims in published maps and institutional affiliations. i =1We call n the rank of the lattice and d the dimension of the lattice
Ref. [47] gave a 1 + ε approximation algorithm for Closest Vector Problem (CVP) for allp norms that runs in a time of (2 + 1/ε)O(n)
The first NP hardness result for CVP in allp norms and Shortest Vector Problem (SVP) in the∞ norm was given by Van Emde Boas [50]
Summary
A lattice L is the set of all integer combinations of linearly independent vectors b1 , . . . , bn ∈ Rd , n. Given a basis for a lattice L ⊆ Rd , the goal of SVP is to compute the shortest non-zero vector in L, while the goal of CVP is to compute a lattice vector at a minimum distance to a given target vector t. The length/distance is defined in terms of thep norm, which is given by kxk p and kxk∞ These lattice problems have been mostly studied in the Euclidean norm (p = 2). Starting with the seminal work of [1], algorithms for solving these problems either exactly or approximately have been studied intensely These algorithms have found applications in various fields, such as factoring polynomials over rationals [1], integer programming [2–5], cryptanalysis [6–8], checking the solvability by radicals [9], and solving low-density subsetsum problems [10]. Many powerful cryptographic primitives have been constructed whose security is based on the worst-case hardness of these or related lattice problems [11–19]
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
