On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem

  • Vadim Lyubashevsky
  • Daniele Micciancio
Conference paper

DOI: 10.1007/978-3-642-03356-8_34

Part of the Lecture Notes in Computer Science book series (LNCS, volume 5677)
Cite this paper as:
Lyubashevsky V., Micciancio D. (2009) On Bounded Distance Decoding, Unique Shortest Vectors, and the Minimum Distance Problem. In: Halevi S. (eds) Advances in Cryptology - CRYPTO 2009. Lecture Notes in Computer Science, vol 5677. Springer, Berlin, Heidelberg


We prove the equivalence, up to a small polynomial approximation factor \(\sqrt{n/\log n}\), of the lattice problems uSVP (unique Shortest Vector Problem), BDD (Bounded Distance Decoding) and GapSVP (the decision version of the Shortest Vector Problem). This resolves a long-standing open problem about the relationship between uSVP and the more standard GapSVP, as well the BDD problem commonly used in coding theory. The main cryptographic application of our work is the proof that the Ajtai-Dwork ([2]) and the Regev ([33]) cryptosystems, which were previously only known to be based on the hardness of uSVP, can be equivalently based on the hardness of worst-case GapSVP\({_{O({n^{2.5}})}}\) and GapSVP\({_{O(n^{2})}}\), respectively. Also, in the case of uSVP and BDD, our connection is very tight, establishing the equivalence (within a small constant approximation factor) between the two most central problems used in lattice based public key cryptography and coding theory.

Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2009

Authors and Affiliations

  • Vadim Lyubashevsky
    • 1
  • Daniele Micciancio
    • 2
  1. 1.School of Computer ScienceTel Aviv UniversityTel AvivIsrael
  2. 2.Computer Science and Engineering DepartmentUniversity of California at San DiegoLa JollaUSA

Personalised recommendations