On the Closest Vector Problem with a Distance Guarantee

We present a new efficient algorithm for the search version of the approximate Closest Vector Problem with Preprocessing (CVPP). Our algorithm achieves an approximation factor of O(n/√log n), improving on the previous best of O(n1.5) due to Lag arias, Lenstra, and Schnorr [1]. We also show, somewhat surprisingly, that only O(n) vectors of preprocessing advice are sufficient to solve the problem (with the slightly worse approximation factor of O(n)). We remark that this still leaves a large gap with respect to the decisional version of CVPP, where the best known approximation factor is O(√n/log n) due to Aharonov and Regev [2]. To achieve these results, we show a reduction to the same problem restricted to target points that are close to the lattice and a more efficient reduction to a harder problem, Bounded Distance Decoding with preprocessing (BDDP). Combining either reduction with the previous best-known algorithm for BDDP by Liu, Lyubashevsky, and Micciancio [3] gives our main result. In the setting of CVP without preprocessing, we also give a reduction from (1+∈)γ approximate CVP to γ approximate CVP where the target is at distance at most 1+1/∈ times the minimum distance (the length of the shortest non-zero vector) which relies on the lattice sparsification techniques of Dadush and Kun [4]. As our final and most technical contribution, we present a substantially more efficient variant of the LLM algorithm (both in terms of run-time and amount of preprocessing advice), and via an improved analysis, show that it can decode up to a distance proportional to the reciprocal of the smoothing parameter of the dual lattice [5]. We show that this is never smaller than the LLM decoding radius, and that it can be up to an wide Ω(√n) factor larger.

[1]  Daniel Dadush,et al.  Lattice Sparsification and the Approximate Closest Vector Problem , 2013, SODA.

[2]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[3]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[4]  Subhash Khot,et al.  Hardness of approximating the shortest vector problem in lattices , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[5]  Daniele Micciancio,et al.  The hardness of the closest vector problem with preprocessing , 2001, IEEE Trans. Inf. Theory.

[6]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[7]  Guy Kindler,et al.  Approximating CVP to Within Almost-Polynomial Factors is NP-Hard , 2003, Proceedings 39th Annual Symposium on Foundations of Computer Science (Cat. No.98CB36280).

[8]  Uriel Feige,et al.  The inapproximability of lattice and coding problems with preprocessing , 2002, Proceedings 17th IEEE Annual Conference on Computational Complexity.

[9]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[10]  Guy Kindler,et al.  Approximating CVP to Within Almost-Polynomial Factors is NP-Hard , 1998, Electron. Colloquium Comput. Complex..

[11]  Nisheeth K. Vishnoi,et al.  Hardness of Approximating the Closest Vector Problem with Pre-Processing , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[12]  Ravi Kumar,et al.  A sieve algorithm for the shortest lattice vector problem , 2001, STOC '01.

[13]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[14]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.

[15]  Nisheeth K. Vishnoi,et al.  $2^{\log^{1-\eps} n}$ Hardness for Closest Vector Problem with Preprocessing , 2011, ArXiv.

[16]  Ravi Kannan,et al.  Minkowski's Convex Body Theorem and Integer Programming , 1987, Math. Oper. Res..

[17]  Subhash Khot,et al.  Inapproximability Results for Computational Problems on Lattices , 2010, The LLL Algorithm.

[18]  Shafi Goldwasser,et al.  Complexity of lattice problems - a cryptographic perspective , 2002, The Kluwer international series in engineering and computer science.

[19]  Oded Regev,et al.  Hardness of the covering radius problem on lattices , 2006, 21st Annual IEEE Conference on Computational Complexity (CCC'06).

[20]  Daniele Micciancio,et al.  On Bounded Distance Decoding for General Lattices , 2006, APPROX-RANDOM.

[21]  Jeffrey C. Lagarias,et al.  Korkin-Zolotarev bases and successive minima of a lattice and its reciprocal lattice , 1990, Comb..

[22]  Oded Goldreich,et al.  On the Limits of Nonapproximability of Lattice Problems , 2000, J. Comput. Syst. Sci..

[23]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[24]  Daniele Micciancio,et al.  A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations ( Extended Abstract ) , 2009 .

[25]  Feng-Hao Liu,et al.  On the Lattice Smoothing Parameter Problem , 2013, 2013 IEEE Conference on Computational Complexity.

[26]  Roman Vershynin,et al.  Introduction to the non-asymptotic analysis of random matrices , 2010, Compressed Sensing.

[27]  Oded Regev,et al.  Tensor-based hardness of the shortest vector problem to within almost polynomial factors , 2007, STOC '07.

[29]  Philip N. Klein,et al.  Finding the closest lattice vector when it's unusually close , 2000, SODA '00.

[30]  Ravi Kannan,et al.  Improved algorithms for integer programming and related lattice problems , 1983, STOC.

[31]  Dorit Aharonov,et al.  Lattice problems in NP ∩ coNP , 2005, JACM.

[32]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[33]  Oded Regev,et al.  On the Complexity of Lattice Problems with Polynomial Approximation Factors , 2010, The LLL Algorithm.

[34]  Oded Regev Improved Inapproximability of Lattice and Coding Problems With Preprocessing , 2004, IEEE Trans. Inf. Theory.