Generating Hard Instances of the Short Basis Problem
A class of random lattices is given, in  so that (a) a random lattice can be generated in polynomial time together with a short vector in it, and (b) assuming that certain worst-case lattice problems have no polynomial time solutions, there is no polynomial time algorithm which finds a short vector in a random lattice with a polynomially large probability. In this paper we show that lattices of the same random class can be generated not only together with a short vector in them, but also together with a short basis. The existence of a known short basis may make the construction more applicable for cryptographic protocols.
KeywordsPolynomial Time Main Diagonal Cryptographic Protocol Lower Triangular Matrix Random Lattice
Unable to display preview. Download preview PDF.
- 1.M. Ajtai, Generating Hard Instances of Lattice Problems, Proceedings of the 28th Annual ACM Symposium on Theory of Computing, 1996, or Electronic Colloquium on Computational Complexity, 1996, http://www.eccc.uni-trier.de/eccc/
- 2.M. Ajtai and C. Dwork, A Public-Key Cryptosystem with Worst-Case/Average-Case Equivalence, Proceedings of the 29th Annual ACM Symposium on Theory of Computing, 1997, orGoogle Scholar
- 3.J-Y Cai, Some Recent Progress on the Complexity of Lattice Problems, Electronic Colloquium on Computational Complexity, 1999, http://www.eccc.uni-trier.de/eccc/, to appear in the Proceedings of the IEEE Conference of Computational Complexity, 1999.
- 4.J-Y Cai, A. Nerurkar. An Improved Worst-Case to Average-Case Connection for Lattice Problems. In Proc. 38th IEEE Symposium on Foundations of Computer Science, 1997, 468–477.Google Scholar
- 5.O. Goldreich, S. Goldwasser, S. Halevi, Collision-free hashing from lattice problems, Electronic Colloquium, on Computational Complexity, 1996, http://www.eccc.unitrier.de/eccc/