algorithms for the densest sublattice problem
play

Algorithms for the Densest Sublattice Problem Daniele Micciancio - PowerPoint PPT Presentation

May 24, 2023 •186 likes •1.06k views

Algorithms for the Densest Sublattice Problem Daniele Micciancio (UCSD) (Joint work with D. Dadush SODA 2013) January 2013 Daniele Micciancio Algorithms for the Densest Sublattice Problem (Point) Lattices Traditional area of mathematics

  1. Algorithms for the Densest Sublattice Problem Daniele Micciancio (UCSD) (Joint work with D. Dadush – SODA 2013) January 2013 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  2. (Point) Lattices Traditional area of mathematics ◦ ◦ ◦ Lagrange Gauss Minkowski Daniele Micciancio Algorithms for the Densest Sublattice Problem

  3. (Point) Lattices Traditional area of mathematics ◦ ◦ ◦ Lagrange Gauss Minkowski Key to many algorithmic applications Cryptanalysis (e.g., breaking low-exponent RSA) Coding Theory (e.g., wireless communications) Optimization (e.g., Integer Programming with fixed number of variables) Cryptography (e.g., Cryptographic functions from worst-case complexity assumptions, Fully Homomorphic Encryption) Daniele Micciancio Algorithms for the Densest Sublattice Problem

  4. Outline Daniele Micciancio Algorithms for the Densest Sublattice Problem

  5. Lattices: Definition e 1 e 2 The simplest lattice in n -dimensional space is the integer lattice Λ = Z n Daniele Micciancio Algorithms for the Densest Sublattice Problem

  6. Lattices: Definition b 1 e 1 b 2 e 2 The simplest lattice in Other lattices are obtained by n -dimensional space is the applying a linear transformation integer lattice Λ = B Z n ( B ∈ R d × n ) Λ = Z n Daniele Micciancio Algorithms for the Densest Sublattice Problem

  7. Lattice Determinant / Density b 1 e 1 b 2 e 2 Definition (Determinant) The determinant of a lattice is the volume of a fundamental region 1 det( B Z n ) = vol n ( B [0 , 1) n ) = density(Λ) Daniele Micciancio Algorithms for the Densest Sublattice Problem

  8. The Densest Sublattice Problem (DSP) Definition (Densest Sublattice Problem ( k -DSP)) Given a lattice Λ, find a k -dimensional sublattice Λ ′ ⊆ Λ that minimizes det(Λ ′ ). Daniele Micciancio Algorithms for the Densest Sublattice Problem

  9. The Densest Sublattice Problem (DSP) Definition (Densest Sublattice Problem ( k -DSP)) Given a lattice Λ, find a k -dimensional sublattice Λ ′ ⊆ Λ that minimizes det(Λ ′ ). Λ ′ = Λ ∩ S , dim( S ) = k Λ ′ = b Z and det(Λ ′ ) = � b � Daniele Micciancio Algorithms for the Densest Sublattice Problem

  10. The Densest Sublattice Problem (DSP) Definition (Densest Sublattice Problem ( k -DSP)) Given a lattice Λ, find a k -dimensional sublattice Λ ′ ⊆ Λ that minimizes det(Λ ′ ). Λ ′ = Λ ∩ S , dim( S ) = k Λ ′ = b Z and det(Λ ′ ) = � b � Small det ⇔ High density Daniele Micciancio Algorithms for the Densest Sublattice Problem

  11. The Densest Sublattice Problem (DSP) Definition (Densest Sublattice Problem ( k -DSP)) Given a lattice Λ, find a k -dimensional sublattice Λ ′ ⊆ Λ that minimizes det(Λ ′ ). Λ ′ = Λ ∩ S , dim( S ) = k Λ ′ = b Z and det(Λ ′ ) = � b � Small det ⇔ High density 1-DSP = SVP (Shortest Vector Problem) Daniele Micciancio Algorithms for the Densest Sublattice Problem

  12. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n b ∗ b 2 2 b ∗ 1 = b 1 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  13. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ b ∗ b 2 2 b ∗ 1 = b 1 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  14. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ Daniele Micciancio Algorithms for the Densest Sublattice Problem

  15. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ Any t can be efficiently rounded to v ∈ Λ Daniele Micciancio Algorithms for the Densest Sublattice Problem

  16. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ Any t can be efficiently rounded to v ∈ Λ � t − v � ≤ 1 i � b ∗ �� i � 2 2 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  17. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ Any t can be efficiently rounded to v ∈ Λ � t − v � ≤ 1 i � b ∗ �� i � 2 2 v solves CVP when � t − v � ≤ min � b ∗ i � / 2 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  18. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ Any t can be efficiently rounded to v ∈ Λ � t − v � ≤ 1 i � b ∗ �� i � 2 2 v solves CVP when � t − v � ≤ min � b ∗ i � / 2 Lemma (Nearest Plane Algorithm [Babai 1986]) Rounding w.r.t B ∗ approximates CVP within √ n · max i � b ∗ i � min i � b ∗ i � Daniele Micciancio Algorithms for the Densest Sublattice Problem

  19. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Daniele Micciancio Algorithms for the Densest Sublattice Problem

  20. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Sort � b 1 � ≤ � b 2 � ≤ . . . ≤ � b n � Daniele Micciancio Algorithms for the Densest Sublattice Problem

  21. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Sort � b 1 � ≤ � b 2 � ≤ . . . ≤ � b n � Still, typically � b ∗ 1 � > � b ∗ 2 � > . . . > � b ∗ n � Daniele Micciancio Algorithms for the Densest Sublattice Problem

  22. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Sort � b 1 � ≤ � b 2 � ≤ . . . ≤ � b n � Still, typically � b ∗ 1 � > � b ∗ 2 � > . . . > � b ∗ n � This is unavoidable, even for k = 2, e.g., for “exagonal” lattice 2 � = � b 1 � 2 � b 1 � 2 � = � b 1 � · � b 1 � 2 det(Λ) ≤ γ 2 = √ ≈ 1 . 1547 � b ∗ � b 1 � · � b ∗ 3 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  23. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Sort � b 1 � ≤ � b 2 � ≤ . . . ≤ � b n � Still, typically � b ∗ 1 � > � b ∗ 2 � > . . . > � b ∗ n � This is unavoidable, even for k = 2, e.g., for “exagonal” lattice 2 � = � b 1 � 2 � b 1 � 2 � = � b 1 � · � b 1 � 2 det(Λ) ≤ γ 2 = √ ≈ 1 . 1547 � b ∗ � b 1 � · � b ∗ 3 Minimizing � b 1 � / � b ∗ 2 � is equivalent to SVP Daniele Micciancio Algorithms for the Densest Sublattice Problem

  24. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Sort � b 1 � ≤ � b 2 � ≤ . . . ≤ � b n � Still, typically � b ∗ 1 � > � b ∗ 2 � > . . . > � b ∗ n � This is unavoidable, even for k = 2, e.g., for “exagonal” lattice 2 � = � b 1 � 2 � b 1 � 2 � = � b 1 � · � b 1 � 2 det(Λ) ≤ γ 2 = √ ≈ 1 . 1547 � b ∗ � b 1 � · � b ∗ 3 Minimizing � b 1 � / � b ∗ 2 � is equivalent to SVP Hemite constant: � 2 � � b 1 � γ n = sup inf = Θ( n ) det(Λ) 1 / n B Λ Daniele Micciancio Algorithms for the Densest Sublattice Problem

  25. LLL basis reduction algorithm Theorem (Lenstra, Lenstra, Lovasz (LLL) 1982) Every lattice has an efficiently computable basis such that i � for all i, and max i � b ∗ i � � b ∗ γ 2 · � b ∗ i � = 2 O ( n ) i +1 � ≥ ˜ min i � b ∗ Daniele Micciancio Algorithms for the Densest Sublattice Problem

  26. LLL basis reduction algorithm Theorem (Lenstra, Lenstra, Lovasz (LLL) 1982) Every lattice has an efficiently computable basis such that i � for all i, and max i � b ∗ i � � b ∗ γ 2 · � b ∗ i � = 2 O ( n ) i +1 � ≥ ˜ min i � b ∗ B = [ b 1 , . . . , b n ] Daniele Micciancio Algorithms for the Densest Sublattice Problem

  27. LLL basis reduction algorithm Theorem (Lenstra, Lenstra, Lovasz (LLL) 1982) Every lattice has an efficiently computable basis such that i � for all i, and max i � b ∗ i � � b ∗ γ 2 · � b ∗ i � = 2 O ( n ) i +1 � ≥ ˜ min i � b ∗ B = [ b 1 , . . . , b n ] Locally modify each 2-dim sublattice [ b i , b i +1 ] so � b ∗ i � is (almost) minimal Daniele Micciancio Algorithms for the Densest Sublattice Problem

  28. LLL basis reduction algorithm Theorem (Lenstra, Lenstra, Lovasz (LLL) 1982) Every lattice has an efficiently computable basis such that i � for all i, and max i � b ∗ i � � b ∗ γ 2 · � b ∗ i � = 2 O ( n ) i +1 � ≥ ˜ min i � b ∗ B = [ b 1 , . . . , b n ] Locally modify each 2-dim sublattice [ b i , b i +1 ] so � b ∗ i � is (almost) minimal LLL terminates because each local modification makes “progress” towards reducing the basis Daniele Micciancio Algorithms for the Densest Sublattice Problem

Recommend

Densest/Heaviest k -subgraph on Interval Graphs, Chordal Graphs and Planar Graphs Presented by

Densest/Heaviest k -subgraph on Interval Graphs, Chordal Graphs and Planar Graphs Presented by

Densest/Heaviest k -subgraph on Interval Graphs, Chordal Graphs and Planar Graphs Presented by Jian Li, Fudan University Mar 2007, HKUST May 8, 2006 1 / 25 Problem Definition: Densest k -Subgraph Problem(DS- k ): Input: G ( V, E ) , k > 0 .

398 views • 25 slides
CORE DECOMPOSITION AND DENSEST SUBGRAPH IN MULTILAYER NETWORKS CORE DECOMPOSITION AND DENSEST

CORE DECOMPOSITION AND DENSEST SUBGRAPH IN MULTILAYER NETWORKS CORE DECOMPOSITION AND DENSEST

E. GALIMBERTI, F. BONCHI, F. GULLO CORE DECOMPOSITION AND DENSEST SUBGRAPH IN MULTILAYER NETWORKS CORE DECOMPOSITION AND DENSEST SUBGRAPH IN MULTILAYER NETWORKS AGENDA Multilayer Networks Core Decomposition and Densest Subgraph

759 views • 27 slides
Whats the densest sphere packing in a million dimensions? Henry Cohn Microsoft Research New

Whats the densest sphere packing in a million dimensions? Henry Cohn Microsoft Research New

Whats the densest sphere packing in a million dimensions? Henry Cohn Microsoft Research New England Arnold Ross Lecture November 5, 2014 The sphere packing problem How densely can we pack identical spheres into space? Not allowed to

586 views • 41 slides
Hyperbolic Color Codes on Densest Tessellations Clarice Dias de Albuquerque (UFCA) Reginaldo

Hyperbolic Color Codes on Densest Tessellations Clarice Dias de Albuquerque (UFCA) Reginaldo

Hyperbolic Color Codes on Densest Tessellations Hyperbolic Color Codes on Densest Tessellations Clarice Dias de Albuquerque (UFCA) Reginaldo Palazzo Junior (UNICAMP) 27/07/2018 Hyperbolic Color Codes on Densest Tessellations Topological

545 views • 35 slides
Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem

Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem

Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem E ff ective method: Measured in the resources solved in dependence of the size of the problem Time Memory Algorithms

477 views • 16 slides
The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V. Vazirani, Chapter 27 - Problem statement, general discussion - Lattices: brief introduction - The Gauss algorithm in R 2 - Lower bound via

295 views • 13 slides
Two-step melting of three-sublattice order Kedar Damle, TIFR, Mumbai JNU-ICTP Workshop Feb 10

Two-step melting of three-sublattice order Kedar Damle, TIFR, Mumbai JNU-ICTP Workshop Feb 10

Two-step melting of three-sublattice order Kedar Damle, TIFR, Mumbai JNU-ICTP Workshop Feb 10 2015 Symmetry breaking transitions: Generalities Symmetry-breaking state characterized by long-range correlations of order-parameter O

764 views • 30 slides
Algorithms and Architecture 1 Introduction to Algorithms Alexandre David 1 Outline Notion

Algorithms and Architecture 1 Introduction to Algorithms Alexandre David 1 Outline Notion

Algorithms and Architecture 1 Introduction to Algorithms Alexandre David 1 Outline Notion of algorithms, GCD example. Algorithmic problem solving. Problem types. Sorting example. Numerical example. Analyzing algorithms.

333 views • 12 slides
BI G OH NOTATI ON Classification of Algorithms The running time of most algorithms is

BI G OH NOTATI ON Classification of Algorithms The running time of most algorithms is

BI G OH NOTATI ON Classification of Algorithms The running time of most algorithms is proportional to one of the following functions : instructions run only once constant solve a big problem by log N transforming it into a smaller problem

476 views • 8 slides
CARLA HST Results OR THE HST GRISM CONFIRMATION RESULTS OF THE 20 DENSEST CARLA CANDIDATE

CARLA HST Results OR THE HST GRISM CONFIRMATION RESULTS OF THE 20 DENSEST CARLA CANDIDATE

CARLA HST Results OR THE HST GRISM CONFIRMATION RESULTS OF THE 20 DENSEST CARLA CANDIDATE CLUSTERS AT 1.4<z<2.8 Gal Noirot +the CARLA Collaboration Daniel Stern, Jol Vernet, Carlos De Breuck, Simona Mei, Audrey Galametz, Dominika

311 views • 18 slides
Algorithms Theory Algorithms Theory 13 13 Bin Packing Bi P ki P.D. Dr. Alexander Souza

Algorithms Theory Algorithms Theory 13 13 Bin Packing Bi P ki P.D. Dr. Alexander Souza

Algorithms Theory Algorithms Theory 13 13 Bin Packing Bi P ki P.D. Dr. Alexander Souza Winter term 11/12 Bin packing 1. Problem definition and general observations 2 Approximation algorithms for the online bin packing problem 2.

148 views • 12 slides
Using Genetic Algorithms to solve the Minimum Labeling Spanning Tree Problem MLST; problem

Using Genetic Algorithms to solve the Minimum Labeling Spanning Tree Problem MLST; problem

Using Genetic Algorithms to solve the Minimum Labeling Spanning Tree Problem MLST; problem set-up Genetic Algorithms Oliver Rourke, oliverr@umd.edu MLST: GA Advisor: Dr Bruce L. Golden, bgolden@rhsmith.umd.edu MLST: GA++ R. H. Smith

479 views • 47 slides
Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr

Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr

Context Low-qubits k -xor algorithms k -xor algorithms with qRAM Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr Schrottenloher 2 1 IAIK, Graz University of Technology, Austria 2 Inria, France December

428 views • 24 slides
densest packings with congruent copies of a convex body (Part 2) David de Laat (TU Delft)

densest packings with congruent copies of a convex body (Part 2) David de Laat (TU Delft)

Computing upper bounds for densest packings with congruent copies of a convex body (Part 2) David de Laat (TU Delft) Fernando Oliveira (FU Berlin Universidade de S ao Paulo) Frank Vallentin (Universit at zu K oln) Second ERC

765 views • 31 slides
Top-Down Approach to Algorithms Understanding Algorithms Amtoft (Howell) Introduction Sorting

Top-Down Approach to Algorithms Understanding Algorithms Amtoft (Howell) Introduction Sorting

Top-Down Approach to Algorithms Understanding Algorithms Amtoft (Howell) Introduction Sorting Reduction: Solve a problem by using a solution to a Maximum Subsequence Sum simpler problem. Top-Down Approach to Algorithms Understanding

621 views • 35 slides
Algorithms Software Development Method 1. Specify the problem requirements 2. Analyze the

Algorithms Software Development Method 1. Specify the problem requirements 2. Analyze the

Algorithms Software Development Method 1. Specify the problem requirements 2. Analyze the problem 3. Design the algorithm to solve the problem 4. Implement the algorithm 5. Test and verify the completed program 6. Maintain and update the

497 views • 13 slides
Algorithms Theory Algorithms Theory 10 10 Greedy Algorithms G d Al ith Dr. Alexander

Algorithms Theory Algorithms Theory 10 10 Greedy Algorithms G d Al ith Dr. Alexander

Algorithms Theory Algorithms Theory 10 10 Greedy Algorithms G d Al ith Dr. Alexander Souza Winter term 11/12 Greedy algorithms 1 1. Introductory remarks Introductory remarks 2. Basic examples: The coin-changing problem

504 views • 19 slides
Masters thesis by Kristoffer Vinther Sorting Algorithms The Problem Given a set of

Masters thesis by Kristoffer Vinther Sorting Algorithms The Problem Given a set of

Masters thesis by Kristoffer Vinther Sorting Algorithms The Problem Given a set of elements, put them in non-decreasing order. Motivation Very commonly used as a subroutine in other algorithms (such as graph-, geometric-, and

401 views • 38 slides
CSE 521 Algorithms The Network Flow Problem 2 The Network Flow Problem 4 a x 3 5 3 7 7 4

CSE 521 Algorithms The Network Flow Problem 2 The Network Flow Problem 4 a x 3 5 3 7 7 4

CSE 521 Algorithms The Network Flow Problem 2 The Network Flow Problem 4 a x 3 5 3 7 7 4 s b y t 6 6 1 4 5 c z How much stuff can flow from s to t? 4 Soviet Rail Network, 1955 Reference: On the history of the transportation

1.05k views • 84 slides
Computing upper bounds for densest packings with congruent copies of a convex body Fernando Mario

Computing upper bounds for densest packings with congruent copies of a convex body Fernando Mario

Computing upper bounds for densest packings with congruent copies of a convex body Fernando Mario de Oliveira Filho (FU Berlin) Frank Vallentin (TU Delft, CWI Amsterdam) ERC Workshop: High complexity discrete geometry, FU Berlin October 26, 2011

461 views • 28 slides
Greedy algorithms Greedy algorithms Find the best solution to a local problem and (hope) it

Greedy algorithms Greedy algorithms Find the best solution to a local problem and (hope) it

Greedy algorithms Greedy algorithms Find the best solution to a local problem and (hope) it solves the global problem Greedy algorithm Greedy algorithms find the global maximum when: 1. optimal substructure optimal solution to a

953 views • 18 slides
Efficient Algorithms and Problem Complexity Introduction to Problem Complexity Frank

Efficient Algorithms and Problem Complexity Introduction to Problem Complexity Frank

Efficient Algorithms and Problem Complexity Introduction to Problem Complexity Frank Drewes Department of Computing Science Ume a University Frank Drewes (Ume a University) Efficient Algorithms and Problem Complexity Lecture 8

356 views • 12 slides
Approximation Algorithms Q. Suppose I need to solve an NP-hard problem. What should I do? A.

Approximation Algorithms Q. Suppose I need to solve an NP-hard problem. What should I do? A.

Approximation Algorithms Q. Suppose I need to solve an NP-hard problem. What should I do? A. Theory says you're unlikely to find a poly-time algorithm. Must sacrifice one of three desired features. Solve problem to optimality. Solve

247 views • 20 slides
ALGORITHMS AND FLOWCHARTS ALGORITHMS AND FLOWCHARTS A typical programming task can be divided

ALGORITHMS AND FLOWCHARTS ALGORITHMS AND FLOWCHARTS A typical programming task can be divided

ALGORITHMS AND FLOWCHARTS ALGORITHMS AND FLOWCHARTS A typical programming task can be divided into two phases: Problem solving phase produce an ordered sequence of steps that describe solution of problem this sequence of steps is

407 views • 29 slides

More recommend