Hardness of approximating the shortest vector problem in lattices

Research output: Contribution to journalArticlepeer-review

Abstract

Let p > 1 be any fixed real. We show that assuming NP ⊈ RP, there is no polynomial time algorithm that approximates the Shortest Vector Problem (SVP) in ℓ p norm within a constant factor. Under the stronger assumption NP ⊈ RTIME(2 poly(log n)), we show that there is no polynomial-time algorithm with approximation ratio 2 (log n) 1/2-ε where n is the dimension of the lattice and ε > 0 is an arbitrarily small constant. We first give a new (randomized) reduction from Closest Vector Problem (CVP) to SVP that achieves some constant factor hardness. The reduction is based on BCH Codes. Its advantage is that the SVP instances produced by the reduction behave well under the augmented tensor product, a new variant of tensor product that we introduce. This enables us to boost the hardness factor to 2 (log n)1/2-ε.

Original languageEnglish (US)
Pages (from-to)789-808
Number of pages20
JournalJournal of the ACM
Volume52
Issue number5
DOIs
StatePublished - Sep 2005

Keywords

  • Approximation algorithms
  • Cryptography
  • Hardness of approximation
  • Lattices
  • Shortest vector problem

ASJC Scopus subject areas

  • Software
  • Control and Systems Engineering
  • Information Systems
  • Hardware and Architecture
  • Artificial Intelligence

Fingerprint Dive into the research topics of 'Hardness of approximating the shortest vector problem in lattices'. Together they form a unique fingerprint.

Cite this