Generating Hard Instances of Lattice Problems
نویسنده
چکیده
We give a random class of lattices in Z n so that, if there is a probabilistic polynomial time algorithm which nds a short vector in a random lattice with a probability of at least 1 2 then there is also a probabilistic polynomial time algorithm which solves the following three lattice problems in every lattice in Z n with a probability exponentially close to one. (1) Find the length of a shortest nonzero vector in an n-dimensional lattice, approximately, up to a polynomial factor. (2) Find the shortest nonzero vector in an n-dimensional lattice L where the shortest vector v is unique in the sense that any other vector whose length is at most n c kvk is parallel to v, where c is a suuciently large absolute constant. (3) Find a basis b 1 ; :::; b n in the n-dimensional lattice L whose length, deened as max n i=1 kb i k, is the smallest possible up to a polynomial factor. A large number of the existing techniques of cryptography include the generation of a speciic instance of a problem in NP (together with a solution) which for some reason is thought to be diicult to solve. As an example we may think about factor-ization. Here a party of a cryptographic protocol is supposed to provide a composite number m so that the factorization of m is known to her but she has some serious reason to believe that nobody else will be able to factor m. The most compelling reason for such a belief would be a mathematical proof of the fact that the prime factors of m cannot be found in less then k step in some realistic model of computation, where k is a very large number. For the moment we do not have any proof of this type, neither for speciic numerical values of m and k, nor in some assymptotic sense. In spite of the lack of mathematical proofs, in two cases at least, we may expect that a problem will be diicult to solve. One is the class of NP-complete problems. Here we may say that if there is a problem at all which is diicult to solve, then an NP-complete problem will provide such an example. The other case is, if the problem is a very famous question (e.g. prime factorization), which for a long time were unsuccesfully attacked by …
منابع مشابه
Development of a Lattice-based Cryptosystem
Plantard T. , Rose M. and Willy S. (2009). Improvement of Lattice-based Cryptography using CRT. School of Computer and Software Engineering, University of Wollongong NSW, Australia. Ajtai, M. (1996). Generating Hard Instances of Lattice Problems. In Proceedings of the 28th annual ACM Symposium on Theory of Computing, New York, USA. Alese, B. K. (2000). Vulnerability Analysis of Encryption/Decry...
متن کاملFinding Hard Instances of the Satisfiability Problem
Finding sets of hard instances of propositional satissability is of interest for understanding the complexity of SAT, and for experimentally evaluating SAT algorithms. In discussing this we consider the performance of the most popular SAT algorithms on random problems, the theory of average case complexity, the threshold phenomenon, known lower bounds for certain classes of algorithms, and the ...
متن کاملTowards efficient lattice-based cryptography
One essential quest in cryptography is the search for hard instances of a given computational problem that is known to be hard in the worst-case. In lattice cryptography we are in the unique situation that we have found a way of picking random instances which are at least as hard as well-studied lattice problems in the worst-case. At the same time, no attack running in subexponential time is kn...
متن کاملN ov 2 00 3 Many Hard Examples in Exact Phase Transitions with Application to Generating Hard Satisfiable Instances
This paper analyzes the resolution complexity of two random CSP models (i.e. Model RB/RD) for which we can establish the existence of phase transitions and identify the threshold points exactly. By encoding CSPs into CNF formulas, this paper proves that almost all instances of Model RB/RD have no tree-like resolution proofs of less than exponential size. Thus, we not only introduce new families...
متن کاملMany Hard Examples in Exact Phase Transitions with Application to Generating Hard Satisfiable Instances
This paper first analyzes the resolution complexity of two random CSP models (i.e. Model RB/RD) for which we can establish the existence of phase transitions and identify the threshold points exactly. By encoding CSPs into CNF formulas, it is proved that almost all instances of Model RB/RD have no tree-like resolution proofs of less than exponential size. Thus, we not only introduce new familie...
متن کامل1 N ov 2 00 3 Many Hard Examples in Exact Phase Transitions with Application to Generating Hard Satisfiable Instances
Abstract. This paper first analyzes the resolution complexity of two random CSP models (i.e. Model RB/RD) for which we can establish the existence of phase transitions and identify the threshold points exactly. By encoding CSPs into CNF formulas, it is proved that almost all instances of Model RB/RD have no tree-like resolution proofs of less than exponential size. Thus, we not only introduce n...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- Electronic Colloquium on Computational Complexity (ECCC)
دوره 3 شماره
صفحات -
تاریخ انتشار 1996