Abstract
Let p > 1 be any fixed real. We show that assuming NP ⊈ RP, there is no polynomial time algorithm that approximates the Shortest Vector Problem (SVP) in ℓ p norm within a constant factor. Under the stronger assumption NP ⊈ RTIME(2 poly(log n)), we show that there is no polynomial-time algorithm with approximation ratio 2 (log n) 1/2-ε where n is the dimension of the lattice and ε > 0 is an arbitrarily small constant. We first give a new (randomized) reduction from Closest Vector Problem (CVP) to SVP that achieves some constant factor hardness. The reduction is based on BCH Codes. Its advantage is that the SVP instances produced by the reduction behave well under the augmented tensor product, a new variant of tensor product that we introduce. This enables us to boost the hardness factor to 2 (log n)1/2-ε.
Original language | English (US) |
---|---|
Pages (from-to) | 789-808 |
Number of pages | 20 |
Journal | Journal of the ACM |
Volume | 52 |
Issue number | 5 |
DOIs | |
State | Published - Sep 2005 |
Keywords
- Approximation algorithms
- Cryptography
- Hardness of approximation
- Lattices
- Shortest vector problem
ASJC Scopus subject areas
- Software
- Control and Systems Engineering
- Information Systems
- Hardware and Architecture
- Artificial Intelligence