On the hardness of the shortest vector problem

An n-dimensional lattice is the set of all integral linear combinations of n linearly independent vectors in ' tm. One of the most studied algorithmic problems on lattices is the shortest vector problem (SVP): given a lattice, find the shortest non-zero vector in it. We prove that the shortest vector problem is NP-hard (for randomized reductions) to approximate within some constant factor greater than 1 in any 1, norm (p 1). In particular, we prove the NP-hardness of approximating SVP in the Euclidean norm 12 within any factor less than 4v. The same NP-hardness results hold for deterministic non-uniform reductions. A deterministic uniform reduction is also given under a reasonable number theoretic conjecture concerning the distribution of smooth numbers. In proving the NP-hardness of SVP we develop a number of technical tools that might be of independent interest. In particular, a lattice packing is constructed with the property that the number of unit spheres contained in an n-dimensional ball of radius greater than 1 + x/2 grows exponentially in n, and a new constructive version of Sauer's lemma (a combinatorial result somehow related to the notion of VCdimension) is presented, considerably simplifying all previously known constructions. Thesis Supervisor: Shafi Goldwasser Title: RSA Professor of Computer Science