A New Class of Algorithms for Finding Short Vectors in Lattices Lifted from Co-dimension $k$ Codes (2401.12383v1)
Abstract: We introduce a new class of algorithms for finding a short vector in lattices defined by codes of co-dimension $k$ over $\mathbb{Z}_Pd$, where $P$ is prime. The co-dimension $1$ case is solved by exploiting the packing properties of the projections mod $P$ of an initial set of non-lattice vectors onto a single dual codeword. The technical tools we introduce are sorting of the projections followed by single-step pairwise Euclidean reduction of the projections, resulting in monotonic convergence of the positive-valued projections to zero. The length of vectors grows by a geometric factor each iteration. For fixed $P$ and $d$, and large enough user-defined input sets, we show that it is possible to minimize the number of iterations, and thus the overall length expansion factor, to obtain a short lattice vector. Thus we obtain a novel approach for controlling the output length, which resolves an open problem posed by Noah Stephens-Davidowitz (the possibility of an approximation scheme for the shortest-vector problem (SVP) which does not reduce to near-exact SVP). In our approach, one may obtain short vectors even when the lattice dimension is quite large, e.g., 8000. For fixed $P$, the algorithm yields shorter vectors for larger $d$. We additionally present a number of extensions and generalizations of our fundamental co-dimension $1$ method. These include a method for obtaining many different lattice vectors by multiplying the dual codeword by an integer and then modding by $P$; a co-dimension $k$ generalization; a large input set generalization; and finally, a "block" generalization, which involves the replacement of pairwise (Euclidean) reduction by a $k$-party (non-Euclidean) reduction. The $k$-block generalization of our algorithm constitutes a class of polynomial-time algorithms indexed by $k\geq 2$, which yield successively improved approximations for the short vector problem.
- H. Lenstra, A. Lenstra, and L. Lovász, Factoring polynomials with rational coefficients., Mathematische Annalen 261, 515 (1982).
- N. Stephens-Davidowitz, Algorithms for lattice problems (2020), bootcamp for “Lattices: Algorithms, Complexity, and Cryptography” held by Simons Institute for the Theory of Computing.
- P. Q. Nguyen and D. Stehlé, An LLL algorithm with quadratic complexity, SIAM Journal on Computing 39, 874 (2009), https://doi.org/10.1137/070705702 .
- A. B. Khesin, J. Z. Lu, and P. W. Shor, Publicly verifiable quantum money from random lattices (2022), arXiv:2207.13135.
- T. Darmstadt, https://www.latticechallenge.org/svp-challenge/ (2010).
- D. Goldstein and A. Mayer, On the equidistribution of Hecke points, Forum Mathematicum 15, 165 (2003).
- In fact, one may instead solve the specific problem of finding a vector 𝒘𝒘\bm{w}bold_italic_w which is orthogonal to the dual lattice vector. Such a vector automatically lies in the lattice. This is a useful perspective if one wants to avoid the additional structure given by the modulus.
- C. L. Siegel, Über einige anwendungen diophantischer approximationen, in On Some Applications of Diophantine Approximations: a translation of Carl Ludwig Siegel’s Über einige Anwendungen diophantischer Approximationen by Clemens Fuchs, with a commentary and the article Integral points on curves: Siegel’s theorem after Siegel’s proof by Clemens Fuchs and Umberto Zannier, edited by U. Zannier (Scuola Normale Superiore, Pisa, 2014) pp. 81–138.
- C. Schnorr, A hierarchy of polynomial time lattice basis reduction algorithms, Theoretical Computer Science 53, 201 (1987).