Ideal forms of Coppersmith's theorem and Guruswami-Sudan list decoding

We develop a framework for solving polynomial equations with size constraints on solutions. We obtain our results by showing how to apply a technique of Coppersmith for finding small solutions of polynomial equations modulo integers to analogous problems over polynomial rings, number fields, and function fields. This gives us a unified view of several problems arising naturally in cryptography, coding theory, and the study of lattices. We give (1) a polynomial-time algorithm for finding small solutions of polynomial equations modulo ideals over algebraic number fields, (2) a faster variant of the Guruswami-Sudan algorithm for list decoding of Reed-Solomon codes, and (3) an algorithm for list decoding of algebraic-geometric codes that handles both single-point and multi-point codes. Coppersmith's algorithm uses lattice basis reduction to find a short vector in a carefully constructed lattice; powerful analogies from algebraic number theory allow us to identify the appropriate analogue of a lattice in each application and provide efficient algorithms to find a suitably short vector, thus allowing us to give completely parallel proofs of the above theorems.

[1]  Ravi Kumar,et al.  A sieve algorithm for the shortest lattice vector problem , 2001, STOC '01.

[2]  Chris Peikert,et al.  Lattices that admit logarithmic worst-case to average-case connection factors , 2007, STOC '07.

[3]  Don Coppersmith,et al.  Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities , 1997, Journal of Cryptology.

[4]  Chris Peikert,et al.  List-Decoding Barnes–Wall Lattices , 2011, 2012 IEEE 27th Conference on Computational Complexity.

[5]  Amin Shokrollahi,et al.  List Decoding of Algebraic-Geometric Codes , 1999, IEEE Trans. Inf. Theory.

[6]  Tsuyoshi Takagi,et al.  Number field cryptography , 2003 .

[7]  Madhu Sudan,et al.  Ideal Error-Correcting Codes: Unifying Algebraic and Number-Theoretic Algorithms , 2001, AAECC.

[8]  László Lovász,et al.  Factoring polynomials with rational coefficients , 1982 .

[9]  Nick Howgrave-Graham,et al.  Approximate Integer Common Divisors , 2001, CaLC.

[10]  Guillaume Quintin,et al.  An algorithm for list decoding number field codes , 2011, 2012 IEEE International Symposium on Information Theory Proceedings.

[11]  Don Coppersmith,et al.  Matrix multiplication via arithmetic progressions , 1987, STOC.

[12]  Victor Shoup,et al.  OAEP Reconsidered , 2001, CRYPTO.

[13]  H. Lenstra,et al.  Algorithms in algebraic number theory , 1992, math/9204234.

[14]  M. Ajtai The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract) , 1998, STOC '98.

[15]  Joe Kilian Advances in Cryptology — CRYPTO 2001 , 2001, Lecture Notes in Computer Science.

[16]  Leonard M. Adleman,et al.  NP-complete decision problems for quadratic polynomials , 1976, STOC '76.

[17]  Daniel J. Bernstein List Decoding for Binary Goppa Codes , 2011, IWCC.

[18]  Peter Trifonov Efficient Interpolation in the Guruswami–Sudan Algorithm , 2010, IEEE Transactions on Information Theory.

[19]  D. Goss NUMBER THEORY IN FUNCTION FIELDS (Graduate Texts in Mathematics 210) , 2003 .

[20]  Alexander May,et al.  Using LLL-Reduction for Solving RSA and Factorization Problems , 2010, The LLL Algorithm.

[21]  Anne Abt Diophantine Equations Over Function Fields , 2016 .

[22]  D. J. Bernstein Reducing lattice bases to find small-height values of univariate polynomials , 2008 .

[23]  Nicholas Coxon,et al.  List decoding of number field codes , 2013, Designs, Codes and Cryptography.

[24]  Damien Stehlé,et al.  Short Bases of Lattices over Number Fields , 2010, ANTS.

[25]  Moni Naor,et al.  Oblivious transfer and polynomial evaluation , 1999, STOC '99.

[26]  Michael Rosen,et al.  Number Theory in Function Fields , 2002 .

[27]  J. Gathen Hensel and Newton methods in valuation rings , 1984 .

[28]  Henning Stichtenoth,et al.  Algebraic function fields and codes , 1993, Universitext.

[29]  Claude-Pierre Jeannerod,et al.  On the complexity of polynomial matrix computations , 2003, ISSAC '03.

[30]  Peter Beelen,et al.  Efficient list decoding of a class of algebraic-geometry codes , 2010, Adv. Math. Commun..

[31]  Venkatesan Guruswami,et al.  "Soft-decision" decoding of Chinese remainder codes , 2000, Proceedings 41st Annual Symposium on Foundations of Computer Science.

[32]  Alexander May,et al.  New RSA vulnerabilities using lattice reduction methods , 2003 .

[33]  Michael Alekhnovich Linear diophantine equations over polynomials and soft decoding of Reed-Solomon codes , 2005, IEEE Trans. Inf. Theory.

[34]  Don Coppersmith,et al.  Divisors in residue classes, constructively , 2008, Math. Comput..

[35]  R. C. Mason Diophantine Equations Over Function Fields , 1984 .

[36]  Peter Beelen,et al.  Key equations for list decoding of Reed-Solomon codes and how to solve them , 2010, J. Symb. Comput..

[37]  Dino J. Lorenzini An Invitation to Arithmetic Geometry , 1996 .

[38]  Laurent Bernardin Factorization of multivariate polynomials over finite fields , 1999 .

[39]  Ron M. Roth,et al.  Efficient decoding of Reed-Solomon codes beyond half the minimum distance , 2000, IEEE Trans. Inf. Theory.

[40]  S. Liberty,et al.  Linear Systems , 2010, Scientific Parallel Computing.

[41]  Paul S. Wang Factoring multivariate polynomials over algebraic number fields , 1976 .

[42]  Venkatesan Guruswami,et al.  Explicit Codes Achieving List Decoding Capacity: Error-Correction With Optimal Redundancy , 2005, IEEE Transactions on Information Theory.

[43]  Chris Peikert,et al.  On Ideal Lattices and Learning with Errors over Rings , 2010, JACM.

[44]  Don Coppersmith,et al.  Finding Small Solutions to Small Degree Polynomials , 2001, CaLC.

[45]  Arjen K. Lenstra,et al.  Factoring polynominals over algebraic number fields , 1983, EUROCAL.

[46]  Miklós Ajtai,et al.  The shortest vector problem in L2 is NP-hard for randomized reductions (extended abstract) , 1998, STOC '98.

[47]  Dan Boneh,et al.  An Attack on RSA Given a Small Fraction of the Private Key Bits , 1998, ASIACRYPT.

[48]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[49]  Dan Boneh,et al.  Finding smooth integers in short intervals using CRT decoding , 2000, STOC '00.

[50]  Venkatesan Guruswami,et al.  Improved decoding of Reed-Solomon and algebraic-geometry codes , 1999, IEEE Trans. Inf. Theory.

[51]  Claude-Pierre Jeannerod,et al.  Faster Algorithms for Multivariate Interpolation With Multiplicities and Simultaneous Polynomial Approximations , 2014, IEEE Transactions on Information Theory.

[52]  Johannes Blömer,et al.  New Partial Key Exposure Attacks on RSA , 2003, CRYPTO.

[53]  Alexander Vardy,et al.  Correcting errors beyond the Guruswami-Sudan radius in polynomial time , 2005, 46th Annual IEEE Symposium on Foundations of Computer Science (FOCS'05).

[54]  Claus Fieker,et al.  On Lattices over Number Fields , 1996, ANTS.

[55]  S. Konyagin,et al.  On polynomial congruences , 1994 .

[56]  Phong Q. Nguyen,et al.  Noisy Polynomial Interpolation and Noisy Chinese Remaindering , 2000, EUROCRYPT.

[57]  Nadia Heninger,et al.  Approximate common divisors via lattices , 2011, IACR Cryptol. ePrint Arch..

[58]  Virginia Vassilevska Williams,et al.  Multiplying matrices faster than coppersmith-winograd , 2012, STOC '12.

[59]  Ming-Deh A. Huang,et al.  Efficient Algorithms for the Riemann-Roch Problem and for Addition in the Jacobian of a Curve , 1994, J. Symb. Comput..