New (and Old) Proof Systems for Lattice Problems

We continue the study of statistical zero-knowledge (SZK) proofs, both interactive and noninteractive, for computational problems on point lattices. We are particularly interested in the problem \(\textsf {GapSPP}\) of approximating the \(\varepsilon \) -smoothing parameter (for some \(\varepsilon < 1/2\)) of an n-dimensional lattice. The smoothing parameter is a key quantity in the study of lattices, and \(\textsf {GapSPP}\) has been emerging as a core problem in lattice-based cryptography, e.g., in worst-case to average-case reductions. We show that \(\textsf {GapSPP}\) admits SZK proofs for remarkably low approximation factors, improving on prior work by up to roughly \(\sqrt{n}\). Specifically: There is a noninteractive SZK proof for \(O(\log (n) \sqrt{\log (1/\varepsilon )})\)-approximate \(\textsf {GapSPP}\). Moreover, for any negligible \(\varepsilon \) and a larger approximation factor \(\widetilde{O}(\sqrt{n \log (1/\varepsilon )})\), there is such a proof with an efficient prover. There is an (interactive) SZK proof with an efficient prover for \(O(\log n + \sqrt{\log (1/\varepsilon )/\log n})\)-approximate coGapSPP. We show this by proving that \(O(\log n)\)-approximate \(\textsf {GapSPP}\) is in \(\mathsf {coNP} \).

[1]  Oded Regev,et al.  On the Lattice Isomorphism Problem , 2013, SODA.

[2]  Craig Gentry,et al.  (Leveled) fully homomorphic encryption without bootstrapping , 2012, ITCS '12.

[3]  Hendrik W. Lenstra,et al.  Integer Programming with a Fixed Number of Variables , 1983, Math. Oper. Res..

[4]  Chris Peikert,et al.  Public-key cryptosystems from the worst-case shortest vector problem: extended abstract , 2009, STOC '09.

[5]  László Babai,et al.  On Lovász’ lattice reduction and the nearest lattice point problem , 1986, Comb..

[6]  Silvio Micali,et al.  How to play ANY mental game , 1987, STOC.

[7]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[8]  Shafi Goldwasser,et al.  Complexity of lattice problems , 2002 .

[9]  Tatsuaki Okamoto On Relationships between Statistical Zero-Knowledge Proofs , 2000, J. Comput. Syst. Sci..

[10]  Wojciech Banaszczyk,et al.  Inequalities for convex bodies and polar reciprocal lattices inRn , 1995, Discret. Comput. Geom..

[11]  Daniel Dadush,et al.  Towards Strong Reverse Minkowski-Type Inequalities for Lattices , 2016, 2016 IEEE 57th Annual Symposium on Foundations of Computer Science (FOCS).

[12]  Mihir Bellare,et al.  New Paradigms for Digital Signatures and Message Authentication Based on Non-Interative Zero Knowledge Proofs , 1989, CRYPTO.

[13]  Salil P. Vadhan,et al.  Zero knowledge with efficient provers , 2006, STOC '06.

[14]  Chris Peikert,et al.  Trapdoors for Lattices: Simpler, Tighter, Faster, Smaller , 2012, IACR Cryptol. ePrint Arch..

[15]  Ravi Kannan,et al.  Improved algorithms for integer programming and related lattice problems , 1983, STOC.

[16]  Dorit Aharonov,et al.  Lattice problems in NP ∩ coNP , 2005, JACM.

[17]  Silvio Micali,et al.  Proofs that yield nothing but their validity or all languages in NP have zero-knowledge proof systems , 1991, JACM.

[18]  Moni Naor,et al.  Zaps and Their Applications , 2007, SIAM J. Comput..

[19]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[20]  László Babai,et al.  Trading group theory for randomness , 1985, STOC '85.

[21]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2009, JACM.

[22]  Moni Naor,et al.  Public-key cryptosystems provably secure against chosen ciphertext attacks , 1990, STOC '90.

[23]  Daniele Micciancio,et al.  Statistical Zero-Knowledge Proofs with Efficient Provers: Lattice Problems and More , 2003, CRYPTO.

[24]  Kousha Etessami,et al.  Recursive Markov chains, stochastic grammars, and monotone systems of nonlinear equations , 2005, JACM.

[25]  Oded Regev,et al.  A reverse Minkowski theorem , 2016, STOC.

[26]  SahaiAmit,et al.  A complete problem for statistical zero knowledge , 2003 .

[27]  Daniel Dadush,et al.  Solving the Closest Vector Problem in 2^n Time -- The Discrete Gaussian Strikes Again! , 2015, 2015 IEEE 56th Annual Symposium on Foundations of Computer Science.

[28]  Silvio Micali,et al.  A Completeness Theorem for Protocols with Honest Majority , 1987, STOC 1987.

[29]  W. Hoeffding Probability Inequalities for sums of Bounded Random Variables , 1963 .

[30]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[31]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[32]  Shafi Goldwasser,et al.  Complexity of lattice problems - a cryptographic perspective , 2002, The Kluwer international series in engineering and computer science.

[33]  Damien Stehlé,et al.  Classical hardness of learning with errors , 2013, STOC '13.

[34]  Venkatesan Guruswami,et al.  The complexity of the covering radius problem , 2004, Proceedings. 19th IEEE Annual Conference on Computational Complexity, 2004..

[35]  Jacques Stern,et al.  The Two Faces of Lattices in Cryptology , 2001, CaLC.

[36]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[37]  Santosh S. Vempala,et al.  Enumerative Lattice Algorithms in any Norm Via M-ellipsoid Coverings , 2010, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[38]  Andrew Odlyzko,et al.  The Rise and Fall of Knapsack Cryptosystems , 1998 .

[39]  Philip N. Klein,et al.  Finding the closest lattice vector when it's unusually close , 2000, SODA '00.

[40]  Oded Goldreich,et al.  On the Limits of Nonapproximability of Lattice Problems , 2000, J. Comput. Syst. Sci..

[41]  Daniel Dadush,et al.  Solving the Shortest Vector Problem in 2n Time Using Discrete Gaussian Sampling: Extended Abstract , 2014, STOC.

[42]  Feng-Hao Liu,et al.  On the Lattice Smoothing Parameter Problem , 2013, 2013 IEEE Conference on Computational Complexity.

[43]  Amit Sahai,et al.  Can Statistical Zero Knowledge Be Made Non-interactive? or On the Relationship of SZK and NISZK , 1998, CRYPTO.

[44]  Ran Canetti,et al.  Universally composable security: a new paradigm for cryptographic protocols , 2001, Proceedings 2001 IEEE International Conference on Cluster Computing.

[45]  Silvio Micali,et al.  The knowledge complexity of interactive proof-systems , 1985, STOC '85.

[46]  Stathis Zachos,et al.  Does co-NP Have Short Interactive Proofs? , 1987, Inf. Process. Lett..

[47]  Vinod Vaikuntanathan,et al.  Noninteractive Statistical Zero-Knowledge Proofs for Lattice Problems , 2008, CRYPTO.

[48]  Vinod Vaikuntanathan,et al.  Efficient Fully Homomorphic Encryption from (Standard) LWE , 2011, 2011 IEEE 52nd Annual Symposium on Foundations of Computer Science.

[49]  Amit Sahai,et al.  Honest-verifier statistical zero-knowledge equals general statistical zero-knowledge , 1998, STOC '98.

[50]  Roman Vershynin,et al.  Introduction to the non-asymptotic analysis of random matrices , 2010, Compressed Sensing.

[51]  Antoine Joux,et al.  Lattice Reduction: A Toolbox for the Cryptanalyst , 1998, Journal of Cryptology.

[52]  Manuel Blum,et al.  Noninteractive Zero-Knowledge , 1991, SIAM J. Comput..

[53]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..