On the Lattice Distortion Problem

We introduce and study the \emph{Lattice Distortion Problem} (LDP). LDP asks how "similar" two lattices are. I.e., what is the minimal distortion of a linear bijection between the two lattices? LDP generalizes the Lattice Isomorphism Problem (the lattice analogue of Graph Isomorphism), which simply asks whether the minimal distortion is one. As our first contribution, we show that the distortion between any two lattices is approximated up to a $n^{O(\log n)}$ factor by a simple function of their successive minima. Our methods are constructive, allowing us to compute low-distortion mappings that are within a $2^{O(n \log \log n/\log n)}$ factor of optimal in polynomial time and within a $n^{O(\log n)}$ factor of optimal in singly exponential time. Our algorithms rely on a notion of basis reduction introduced by Seysen (Combinatorica 1993), which we show is intimately related to lattice distortion. Lastly, we show that LDP is NP-hard to approximate to within any constant factor (under randomized reductions), by a reduction from the Shortest Vector Problem.

[1]  Jacques Stern,et al.  The Two Faces of Lattices in Cryptology , 2001, CaLC.

[2]  Alan M. Frieze,et al.  A new rounding procedure for the assignment problem with applications to dense graph arrangement problems , 2002, Math. Program..

[3]  Carl Ludwig Siegel,et al.  A Mean Value Theorem in Geometry of Numbers , 1945 .

[4]  C. P. Schnorr,et al.  A Hierarchy of Polynomial Time Lattice Basis Reduction Algorithms , 1987, Theor. Comput. Sci..

[5]  László Babai,et al.  Graph isomorphism in quasipolynomial time [extended abstract] , 2015, STOC.

[6]  Philipp Birken,et al.  Numerical Linear Algebra , 2011, Encyclopedia of Parallel Computing.

[7]  Franklin T. Luk,et al.  An improved LLL algorithm , 2008 .

[8]  Wilhelm Plesken,et al.  Computing Isometries of Lattices , 1997, J. Symb. Comput..

[9]  Jeffrey C. Lagarias,et al.  Korkin-Zolotarev bases and successive minima of a lattice and its reciprocal lattice , 1990, Comb..

[10]  Daniele Micciancio,et al.  Worst-case to average-case reductions based on Gaussian measures , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[11]  Daniele Micciancio,et al.  A Deterministic Single Exponential Time Algorithm for Most Lattice Problems based on Voronoi Cell Computations ( Extended Abstract ) , 2009 .

[12]  Daniele Micciancio,et al.  Efficient reductions among lattice problems , 2008, SODA '08.

[13]  M. Seysen,et al.  Simultaneous reduction of a lattice basis and its reciprocal basis , 1993, Comb..

[14]  Oded Regev,et al.  Tensor-based hardness of the shortest vector problem to within almost polynomial factors , 2007, STOC '07.

[15]  Craig Gentry,et al.  Trapdoors for hard lattices and new cryptographic constructions , 2008, IACR Cryptol. ePrint Arch..

[16]  Oded Regev,et al.  On the Lattice Isomorphism Problem , 2013, SODA.

[17]  Mathieu Dutour Sikiric,et al.  Complexity and algorithms for computing Voronoi cells of lattices , 2008, Math. Comput..

[18]  Ravi Kumar,et al.  A sieve algorithm for the shortest lattice vector problem , 2001, STOC '01.

[19]  Miklós Ajtai,et al.  Generating Hard Instances of Lattice Problems , 1996, Electron. Colloquium Comput. Complex..

[20]  M. Ajtai The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract) , 1998, STOC '98.

[21]  W. Banaszczyk New bounds in some transference theorems in the geometry of numbers , 1993 .

[22]  Ravi Kannan,et al.  Minkowski's Convex Body Theorem and Integer Programming , 1987, Math. Oper. Res..

[23]  Vikraman Arvind,et al.  Approximate Graph Isomorphism , 2012, MFCS.

[24]  W. Fischer,et al.  Sphere Packings, Lattices and Groups , 1990 .

[25]  Hendrik W. Lenstra,et al.  Lattices with Symmetry , 2014, Journal of Cryptology.

[26]  Nicolas Gama,et al.  Finding short lattice vectors within mordell's inequality , 2008, STOC.

[27]  Nicolas Gama,et al.  Rankin's Constant and Blockwise Lattice Reduction , 2006, CRYPTO.

[28]  Vinod Vaikuntanathan,et al.  Lattice-based FHE as secure as PKE , 2014, IACR Cryptol. ePrint Arch..

[29]  Craig Gentry,et al.  Fully homomorphic encryption using ideal lattices , 2009, STOC '09.

[30]  Subhash Khot,et al.  Hardness of approximating the shortest vector problem in lattices , 2004, 45th Annual IEEE Symposium on Foundations of Computer Science.

[31]  Phong Q. Nguyen The Two Faces of Lattices in Cryptology , 2001, Selected Areas in Cryptography.

[32]  Jean-Pierre Seifert,et al.  Approximating Shortest Lattice Vectors is Not Harder Than Approximating Closest Lattice Vectors , 1999, Electron. Colloquium Comput. Complex..

[33]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[34]  A. Korkine,et al.  Sur les formes quadratiques , 1873 .

[35]  Adi Shamir,et al.  A polynomial time algorithm for breaking the basic Merkle-Hellman cryptosystem , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).

[36]  Oded Regev,et al.  On lattices, learning with errors, random linear codes, and cryptography , 2005, STOC '05.