Advertisement

Designs, Codes and Cryptography

, Volume 86, Issue 1, pp 137–150 | Cite as

The closest vector problem in tensored root lattices of type A and in their duals

  • Léo Ducas
  • Wessel P. J. van Woerden
Article
  • 170 Downloads

Abstract

In this work we consider the closest vector problem (CVP)—a problem also known as maximum-likelihood decoding—in the tensor of two root lattices of type A (\(A_m \otimes A_n\)), as well as in their duals (\(A^*_m \otimes A^*_n\)). This problem is mainly motivated by lattice based cryptography, where the cyclotomic rings \({\mathbb {Z}}[\zeta _c]\) (resp. its co-different \({\mathbb {Z}}[\zeta _c]^\vee \)) play a central role, and turn out to be isomorphic as lattices to tensors of \(A^*\) lattices (resp. A root lattices). In particular, our results lead to solving CVP in \({\mathbb {Z}}[\zeta _c]\) and in \({\mathbb {Z}}[\zeta _c]^\vee \) for conductors of the form \(c = 2^\alpha p^\beta q^\gamma \) for any two odd primes pq. For the primal case \(A_m \otimes A_n\), we provide a full characterization of the Voronoi region in terms of simple cycles in the complete directed bipartite graph \(K_{m+1,n+1}\). This leads—relying on the Bellman-Ford algorithm for negative cycle detection—to a CVP algorithm running in polynomial time. Precisely, our algorithm performs \(O(l\ m^2 n^2 \min \{m,n\})\) operations on reals, where l is the number of bits per coordinate of the input target. For the dual case, we use a gluing-construction to solve CVP in sub-exponential time \(O(n m^{n+1})\).

Keywords

Lattice based cryptography Cyclotomic lattices Tensored root lattices Closest vector problem Maximum likelihood decoding 

Mathematics Subject Classification

11H71 11T71 94B75 94B35 

Notes

Acknowledgements

The authors wish to thank Onno Berrevoets, Marcello Bonsangue, Daniel Dadush and Daan van Gent for their interest and helpful feedback on this work. This work has been supported by a grant from CWI from budget for public–private-partnerships and in part by a grant from NXP Semiconductors.

References

  1. 1.
    Babai L.: On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986). doi: 10.1007/BF02579403.MathSciNetCrossRefzbMATHGoogle Scholar
  2. 2.
    Bonifas N., Dadush D.: Short paths on the Voronoi graph and the closest vector problem with preprocessing. CoRR (2014). http://arxiv.org/abs/1412.6168.
  3. 3.
    Conway J., Sloane N.: Fast quantizing and decoding and algorithms for lattice quantizers and codes. IEEE Trans. Inf. Theory 28(2), 227–232 (1982). doi: 10.1109/TIT.1982.1056484.MathSciNetCrossRefzbMATHGoogle Scholar
  4. 4.
    Conway J., Sloane N.: Voronoi regions of lattices, second moments of polytopes, and quantization. IEEE Trans. Inf. Theory 28(2), 211–226 (1982).MathSciNetCrossRefzbMATHGoogle Scholar
  5. 5.
    Conway J., Sloane N.: Sphere Packings. Lattices and Groups. Grundlehren der mathematischen Wissenschaften. Springer, New York (1998).Google Scholar
  6. 6.
    Cormen T.H., Leiserson C.E., Rivest R.L., Stein C.: Introduction to Algorithms, 3rd edn. MIT Press, Cambridge (2009).zbMATHGoogle Scholar
  7. 7.
    Lyubashevsky V., Peikert C., Regev O.: On Ideal Lattices and Learning with Errors over Rings, pp. 1–23. Springer, Berlin (2010). doi: 10.1007/978-3-642-13190-5_1.zbMATHGoogle Scholar
  8. 8.
    Lyubashevsky V., Peikert C., Regev O.: A Toolkit for Ring-LWE Cryptography, pp. 35–54. Springer, Berlin (2013). doi: 10.1007/978-3-642-38348-9_3.zbMATHGoogle Scholar
  9. 9.
    McKilliam R.G., Clarkson I.V.L., Quinn B.G.: An algorithm to compute the nearest point in the lattice \({A}_n^*\). CoRR 54, 4378–4381 (2008). http://arxiv.org/abs/0801.1364.
  10. 10.
    McKilliam R.G., Clarkson I.V.L., Smith W.D., Quinn B.G.: A linear-time nearest point algorithm for the lattice \({A}_n^*\). In: International Symposium on Information Theory and Its Applications, 2008. ISITA 2008, pp. 1–5 (2008). doi: 10.1109/ISITA.2008.4895596.
  11. 11.
    Micciancio D., Voulgaris P.: A deterministic single exponential time algorithm for most lattice problems based on voronoi cell computations. In: Proceedings of the Forty-second ACM Symposium on Theory of Computing, STOC ’10, pp. 351–358. ACM, New York, NY, USA (2010). doi: 10.1145/1806689.1806739.
  12. 12.
    Oggier F., Viterbo E.: Algebraic Number Theory and Code Design for Rayleigh Fading Channels. Now Publishers Inc, Hanover (2004).zbMATHGoogle Scholar
  13. 13.
    Voronoi G.: Nouvelles applications des paramètres continus à la théorie des formes quadratiques. deuxième mémoire. recherches sur les parallélloèdres primitifs. Journal für die reine und angewandte Mathematik 134, 198–287 (1908). http://eudml.org/doc/149291.

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  1. 1.CWI (Centrum Wiskunde & Informatica)AmsterdamThe Netherlands
  2. 2.Mathematical Institute and LIACSLeiden UniversityLeidenThe Netherlands

Personalised recommendations