slide reduction revisited filling the gaps in svp
play

Slide Reduction, RevisitedFilling the Gaps in SVP Approximation - PowerPoint PPT Presentation

Feb 09, 2024 •254 likes •1.07k views

Background Our results Our technical ideas Conclusion Slide Reduction, RevisitedFilling the Gaps in SVP Approximation Noah Stephens- Divesh Aggarwal Jianwei Li Phong Q. Nguyen Davidowitz NUS RHUL ENS Cornell University Crypto 2020

  1. Background Our results Our technical ideas Conclusion Slide Reduction, Revisited—Filling the Gaps in SVP Approximation Noah Stephens- Divesh Aggarwal Jianwei Li Phong Q. Nguyen Davidowitz NUS RHUL ENS Cornell University Crypto 2020 1 / 31

  2. Background Our results Our technical ideas Conclusion Outline Background 1 Our results 2 3 Our technical ideas Conclusion 4 2 / 31

  3. Background Our results Our technical ideas Conclusion Background 1 Our results 2 Our technical ideas 3 Conclusion 4 3 / 31

  4. Background Our results Our technical ideas Conclusion Lattice and basis An n -rank lattice L is a set of all integer linear combinations of n linearly independent vectors b 1 , . . . , b n : L = { z 1 b 1 + · · · + z n b n , z i ∈ Z } . B := ( b 1 , . . . , b n ) is called a basis of L . A Lattice of rank 2 4 / 31

  5. Background Our results Our technical ideas Conclusion Lattice and basis An n -rank lattice L is a set of all integer linear combinations of n linearly independent vectors b 1 , . . . , b n : L = { z 1 b 1 + · · · + z n b n , z i ∈ Z } . B := ( b 1 , . . . , b n ) is called a basis of L . A Lattice of rank 2 4 / 31

  6. Background Our results Our technical ideas Conclusion Lattice and basis An n -rank lattice L is a set of all integer linear combinations of n linearly independent vectors b 1 , . . . , b n : L = { z 1 b 1 + · · · + z n b n , z i ∈ Z } . B := ( b 1 , . . . , b n ) is called a basis of L . A Lattice of rank 2 4 / 31

  7. Background Our results Our technical ideas Conclusion The most important lattice problem is the shortest vector problem (SVP) Given a basis of a lattice L , SVP is to find a shortest nonzero vector v in L , i.e., � v � = min x ∈ L � = 0 � x � � λ 1 ( L ) . Two natural relaxations f -approximate SVP ( f -SVP): Given a lattice L , find a non-zero vector v ∈ L s.t. � v � ≤ f · λ 1 ( L ) . f -Hermite SVP ( f -HSVP): Given an n -rank lattice L , find a non-zero vector v ∈ L s.t. � v � ≤ f · vol ( L ) 1 / n , where vol ( L ) is the determinant of L . 5 / 31

  8. Background Our results Our technical ideas Conclusion The most important lattice problem is the shortest vector problem (SVP) Given a basis of a lattice L , SVP is to find a shortest nonzero vector v in L , i.e., � v � = min x ∈ L � = 0 � x � � λ 1 ( L ) . Two natural relaxations f -approximate SVP ( f -SVP): Given a lattice L , find a non-zero vector v ∈ L s.t. � v � ≤ f · λ 1 ( L ) . f -Hermite SVP ( f -HSVP): Given an n -rank lattice L , find a non-zero vector v ∈ L s.t. � v � ≤ f · vol ( L ) 1 / n , where vol ( L ) is the determinant of L . 5 / 31

  9. Background Our results Our technical ideas Conclusion The most important lattice problem is the shortest vector problem (SVP) Given a basis of a lattice L , SVP is to find a shortest nonzero vector v in L , i.e., � v � = min x ∈ L � = 0 � x � � λ 1 ( L ) . Two natural relaxations f -approximate SVP ( f -SVP): Given a lattice L , find a non-zero vector v ∈ L s.t. � v � ≤ f · λ 1 ( L ) . f -Hermite SVP ( f -HSVP): Given an n -rank lattice L , find a non-zero vector v ∈ L s.t. � v � ≤ f · vol ( L ) 1 / n , where vol ( L ) is the determinant of L . 5 / 31

  10. Background Our results Our technical ideas Conclusion The most important lattice problem is the shortest vector problem (SVP) Given a basis of a lattice L , SVP is to find a shortest nonzero vector v in L , i.e., � v � = min x ∈ L � = 0 � x � � λ 1 ( L ) . Two natural relaxations f -approximate SVP ( f -SVP): Given a lattice L , find a non-zero vector v ∈ L s.t. � v � ≤ f · λ 1 ( L ) . f -Hermite SVP ( f -HSVP): Given an n -rank lattice L , find a non-zero vector v ∈ L s.t. � v � ≤ f · vol ( L ) 1 / n , where vol ( L ) is the determinant of L . 5 / 31

  11. Background Our results Our technical ideas Conclusion Hardness of SVP There is some constant c > 0 s.t. n c / log log n -SVP on n -rank lattices is NP-hard under reasonable complexity theoretic assumptions. a b c d a M. Ajtai. The shortest vector problem in L 2 is NP-hard for randomized reductions. STOC 1998. b D. Micciancio. The shortest vector in a lattice is hard to approximate to within some constant. SIAM J. Comput 2000 and FOCS 1998. c S. Khot. Hardness of approximating the shortest vector problem in lattices. JACM 2005 and FOCS 2004. d I. Haviv and O. Regev. Tensor-based hardness of the shortest vector problem to within almost polyno-mial factors.Theory of Computing 2012 and STOC 2007. 6 / 31

  12. Background Our results Our technical ideas Conclusion Cryptography VS Cryptanalysis Lattice cryptography From Ajtai 1996’s beginning, many cryptographic primitives have been constructed whose security is based on the (worst-case) hardness of n c -SVP for some constant c . a NIST PQC Round 3 submission a M. Ajtai.Generating Hard Instances of Lattice Problems. STOC 1996. Lattice cryptanalysis How to do lattice cryptanalysis? How to estimate the concrete security of lattice cryptographic schemes? ⇒ Solve n c -(H)SVP ⇒ Lattice reduction 7 / 31

  13. Background Our results Our technical ideas Conclusion Cryptography VS Cryptanalysis Lattice cryptography From Ajtai 1996’s beginning, many cryptographic primitives have been constructed whose security is based on the (worst-case) hardness of n c -SVP for some constant c . a NIST PQC Round 3 submission a M. Ajtai.Generating Hard Instances of Lattice Problems. STOC 1996. Lattice cryptanalysis How to do lattice cryptanalysis? How to estimate the concrete security of lattice cryptographic schemes? ⇒ Solve n c -(H)SVP ⇒ Lattice reduction 7 / 31

  14. Background Our results Our technical ideas Conclusion Cryptography VS Cryptanalysis Lattice cryptography From Ajtai 1996’s beginning, many cryptographic primitives have been constructed whose security is based on the (worst-case) hardness of n c -SVP for some constant c . a NIST PQC Round 3 submission a M. Ajtai.Generating Hard Instances of Lattice Problems. STOC 1996. Lattice cryptanalysis How to do lattice cryptanalysis? How to estimate the concrete security of lattice cryptographic schemes? ⇒ Solve n c -(H)SVP ⇒ Lattice reduction 7 / 31

  15. Background Our results Our technical ideas Conclusion Cryptography VS Cryptanalysis Lattice cryptography From Ajtai 1996’s beginning, many cryptographic primitives have been constructed whose security is based on the (worst-case) hardness of n c -SVP for some constant c . a NIST PQC Round 3 submission a M. Ajtai.Generating Hard Instances of Lattice Problems. STOC 1996. Lattice cryptanalysis How to do lattice cryptanalysis? How to estimate the concrete security of lattice cryptographic schemes? ⇒ Solve n c -(H)SVP ⇒ Lattice reduction 7 / 31

  16. Background Our results Our technical ideas Conclusion Cryptography VS Cryptanalysis Lattice cryptography From Ajtai 1996’s beginning, many cryptographic primitives have been constructed whose security is based on the (worst-case) hardness of n c -SVP for some constant c . a NIST PQC Round 3 submission a M. Ajtai.Generating Hard Instances of Lattice Problems. STOC 1996. Lattice cryptanalysis How to do lattice cryptanalysis? How to estimate the concrete security of lattice cryptographic schemes? ⇒ Solve n c -(H)SVP ⇒ Lattice reduction 7 / 31

  17. Background Our results Our technical ideas Conclusion Cryptography VS Cryptanalysis Lattice cryptography From Ajtai 1996’s beginning, many cryptographic primitives have been constructed whose security is based on the (worst-case) hardness of n c -SVP for some constant c . a NIST PQC Round 3 submission a M. Ajtai.Generating Hard Instances of Lattice Problems. STOC 1996. Lattice cryptanalysis How to do lattice cryptanalysis? How to estimate the concrete security of lattice cryptographic schemes? ⇒ Solve n c -(H)SVP ⇒ Lattice reduction 7 / 31

  18. Background Our results Our technical ideas Conclusion Lattice reduction Given a lattice, find a good basis consisting of reasonably short and almost orthogonal vectors. 8 / 31

  19. Background Our results Our technical ideas Conclusion Importance Lattice reduction is the classical approach for solving f -(H)SVP: It has proved invaluable in many fields of computer science and mathematics. Notably in cryptology: It is a popular tool to both public-key cryptography and cryptanalysis; Its importance is growing as lattice-based cryptography becomes the most popular candidate for PQC. 9 / 31

  20. Background Our results Our technical ideas Conclusion Importance Lattice reduction is the classical approach for solving f -(H)SVP: It has proved invaluable in many fields of computer science and mathematics. Notably in cryptology: It is a popular tool to both public-key cryptography and cryptanalysis; Its importance is growing as lattice-based cryptography becomes the most popular candidate for PQC. 9 / 31

  21. Background Our results Our technical ideas Conclusion Importance Lattice reduction is the classical approach for solving f -(H)SVP: It has proved invaluable in many fields of computer science and mathematics. Notably in cryptology: It is a popular tool to both public-key cryptography and cryptanalysis; Its importance is growing as lattice-based cryptography becomes the most popular candidate for PQC. 9 / 31

Recommend

Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL,

Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL,

Background on lattice reduction Our results Our technical ideas and argument Conclusion and open problems Slide Reduction, RevisitedFilling the Gaps in Lattice SVP Approximation Jianwei Li ISG, RHUL, UK London-ish Lattice Coding &

1.91k views • 167 slides
Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong

Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong

Seminar of Lattice Analysis 01 Slide Reduction Revisited Wenling Liu, Shanghai Jiao Tong University. Wenling Liu @ SJTU Table of Contents Lattice Backgrounds LenstraLenstraLov asz Reduction Hemite SVP reduction and DBKZ Algorithm

930 views • 49 slides
Nursing Grand Rounds Point of Care Scholars: Filling the Gaps in Evidence with Research

Nursing Grand Rounds Point of Care Scholars: Filling the Gaps in Evidence with Research

7/24/2014 Nursing Grand Rounds Point of Care Scholars: Filling the Gaps in Evidence with Research Christin Zwolski DPT, PT, OCS Deborah Williams RN, CNOR Jennifer Bekins MS, CCC-SLP Objective Discuss newly discovered gaps in nursing and

618 views • 23 slides
Filling the Gaps and Patching the Cracks Connected Care for Home Health Care Agencies Barbara

Filling the Gaps and Patching the Cracks Connected Care for Home Health Care Agencies Barbara

Filling the Gaps and Patching the Cracks Connected Filling the Gaps and Patching the Cracks Connected Care for Home Health Care Agencies Barbara Katz, RN, MSN President, BK Healthcare Consulting, LLC www.bkhealthconsulting.com Learning

596 views • 32 slides
Webinar powered by Q Cells Filling in the gaps: The evolution of high-density module design

Webinar powered by Q Cells Filling in the gaps: The evolution of high-density module design

Webinar powered by Q Cells Filling in the gaps: The evolution of high-density module design Jrgen Steinberger Mark Hutchins Bengt Jckel Q Cells Frauenhofer CSP Filling in the gaps: The evolution of high-density module design

367 views • 12 slides
Recommending Remedial Learning Materials to the Students by Filling their Knowledge Gaps Konstantin

Recommending Remedial Learning Materials to the Students by Filling their Knowledge Gaps Konstantin

Recommending Remedial Learning Materials to the Students by Filling their Knowledge Gaps Konstantin Bauman Stern School of Business, New York University (joint work with Alexander Tuzhilin) EdRecSys October 13, 2016 Outline of the Talk

745 views • 46 slides
More Data Representation (filling in some gaps) January 18, 2013 1 / 14 Outline Some more

More Data Representation (filling in some gaps) January 18, 2013 1 / 14 Outline Some more

More Data Representation (filling in some gaps) January 18, 2013 1 / 14 Outline Some more comments on integers Carry out vs. overflow Identifying negative integers Representing characters and strings ASCII encoding Strings in MIPS and

396 views • 14 slides
ECA Recent initiatives on gender statistics - filling the gender data gaps Fatouma Sissoko

ECA Recent initiatives on gender statistics - filling the gender data gaps Fatouma Sissoko

7th th Global lobal Fo Foru rum m on on Gender ender St Stat atistic istics ECA Recent initiatives on gender statistics - filling the gender data gaps Fatouma Sissoko African Centre for Statistics Tokyo, Japan, 14-16 November 2018

396 views • 16 slides
TESSELLATIONS Tessellation: Tiling a plane Filling a plane with a shape or image no gaps

TESSELLATIONS Tessellation: Tiling a plane Filling a plane with a shape or image no gaps

9/23/11 TESSELLATIONS Tessellation: Tiling a plane Filling a plane with a shape or image no gaps From Latin tessella - a small cubical piece of clay, stone or glass used to make mosaics. The word "tessella"

491 views • 12 slides
Filling Gaps in the Legal and Normative Framework Khalid Koser Academic Dean and Head of the New

Filling Gaps in the Legal and Normative Framework Khalid Koser Academic Dean and Head of the New

Filling Gaps in the Legal and Normative Framework Khalid Koser Academic Dean and Head of the New Issues in Security Programme 31 March 2011 www.gcsp.ch Agenda The development of soft law Translating soft law

396 views • 5 slides
Tessellation: Tiling a plane Filling a plane with a shape or image no gaps From Latin

Tessellation: Tiling a plane Filling a plane with a shape or image no gaps From Latin

9/23/11 Tessellation: Tiling a plane Filling a plane with a shape or image no gaps From Latin tessella - a small cubical piece of clay, stone or glass used to make mosaics. The word "tessella" means

341 views • 4 slides
Filling the Void: Addressing Todays Skills Gaps in Internal Audit Paul McDonald , senior

Filling the Void: Addressing Todays Skills Gaps in Internal Audit Paul McDonald , senior

RELEVANCE EXCELLENCE RESULTS Filling the Void: Addressing Todays Skills Gaps in Internal Audit Paul McDonald , senior executive director, Robert Half Larry Harrington , CIA, CRMA, QIAL, chief audit executive , Raytheon Company, global

712 views • 29 slides
Floating, Flexing, and Filling Tetris Gaps: LESSONS FROM K-12 BLENDED LEARNING CATHOLIC SCHOOLS

Floating, Flexing, and Filling Tetris Gaps: LESSONS FROM K-12 BLENDED LEARNING CATHOLIC SCHOOLS

Floating, Flexing, and Filling Tetris Gaps: LESSONS FROM K-12 BLENDED LEARNING CATHOLIC SCHOOLS Fr. Nate Wills, CSC, PhD Institute for Educational Initiatives University of Notre Dame nwills1@nd.edu What is Blended Learning? Blended Learning

1.13k views • 84 slides
OCB Working Group on Carbon Gaps OCB is a network of scientists working across disciplines to

OCB Working Group on Carbon Gaps OCB is a network of scientists working across disciplines to

Ocean Carbon & Biogeochemistry (OCB) Webinar Filling the gaps in observation-based estimates of airsea carbon fluxes May 5, 2020 Website/agenda: https://tinyurl.com/ybevr4oh OCB Working Group on Carbon Gaps OCB is a network of scientists

358 views • 3 slides
Session 8 Recent initiatives on gender statistics in the ESCAP region: filling gender data gaps

Session 8 Recent initiatives on gender statistics in the ESCAP region: filling gender data gaps

Global Forum on Gender Statistics 14 16 November 2018, Tokyo Session 8 Recent initiatives on gender statistics in the ESCAP region: filling gender data gaps Sharita Serrao Statistics Division http://www.unescap.org/our-work/statistics

492 views • 11 slides
Reduction Revisited: Verifying Round-Based Distributed Algorithms Stephan Merz INRIA Nancy &

Reduction Revisited: Verifying Round-Based Distributed Algorithms Stephan Merz INRIA Nancy &

Reduction Revisited: Verifying Round-Based Distributed Algorithms Stephan Merz INRIA Nancy & LORIA joint work with Bernadette Charron-Bost, LIX & CNRS MPC 2010 June 23, 2010 Stephan Merz (INRIA Nancy) Reduction Revisited MPC 2010 1

576 views • 56 slides
Graph Reduction Hardware Revisited Rob Stewart ( R.Stewart@hw.ac.uk ) 1 Evgenij Belikov 1

Graph Reduction Hardware Revisited Rob Stewart ( R.Stewart@hw.ac.uk ) 1 Evgenij Belikov 1

Graph Reduction Hardware Revisited Rob Stewart ( R.Stewart@hw.ac.uk ) 1 Evgenij Belikov 1 Hans-Wolfgang Loidl 1 Paulo Garcia 2 14 th June 2018 1 Mathematical and Computer Sciences Heriot-Wat University Edinburgh, UK 2 United Technologies Research

564 views • 31 slides
Failure in Composites: Filling the knowledge gaps Giuliano Allegri ACCIS 2018 Conference

Failure in Composites: Filling the knowledge gaps Giuliano Allegri ACCIS 2018 Conference

1 Failure in Composites: Filling the knowledge gaps Giuliano Allegri ACCIS 2018 Conference November 22 nd , 2018 2 Failure of Composites Scopus search - Title-Abs-Key ( composites AND failure AND ( delamination OR interlaminar OR

807 views • 15 slides
Safe filling for all Higher standards in low-capacity filling 1 Safe filling for all! The Kosan

Safe filling for all Higher standards in low-capacity filling 1 Safe filling for all! The Kosan

Safe filling for all Higher standards in low-capacity filling 1 Safe filling for all! The Kosan Crisplant Group World leading provider of solutions and services to the LP gas industry Equipment installed in more than 2600 sites in

330 views • 22 slides
Filling the financing gaps in basic education the case for innovative finance UNESCO Future

Filling the financing gaps in basic education the case for innovative finance UNESCO Future

EFA Global Monitoring Report Filling the financing gaps in basic education the case for innovative finance UNESCO Future Seminar - 14 September 2010 Kevin Watkins Director, Education for All Global Monitoring Report Why innovative

687 views • 12 slides
Harm Reduction in Nigeria Needs, gaps, and responses to ensure access to effective HIV

Harm Reduction in Nigeria Needs, gaps, and responses to ensure access to effective HIV

Harm Reduction in Nigeria Needs, gaps, and responses to ensure access to effective HIV prevention, treatment and care for people who inject drugs February 2018 This document is made possible by the generous support of the American people

1.78k views • 18 slides
Estimating resource needs and gaps for harm reduction in Asia Anne Bergenstrom IHRAs 20 th

Estimating resource needs and gaps for harm reduction in Asia Anne Bergenstrom IHRAs 20 th

United Nations Regional Task Force on Injecting Drug use and HIV/AIDS for Asia and the Pacific Estimating resource needs and gaps for harm reduction in Asia Anne Bergenstrom IHRAs 20 th International Conference 20-23 April 2009 Bangkok,

170 views • 15 slides
Good Agricultural Practices (GAPs) Slide 1: Cover slide Notes to instructor: Welcome

Good Agricultural Practices (GAPs) Slide 1: Cover slide Notes to instructor: Welcome

Good Agricultural Practices (GAPs) Slide 1: Cover slide Notes to instructor: Welcome participants to this training session. If this session is part of a larger workshop, tell the participants in this next session, an overview of Good

516 views • 9 slides
SoC Pain Points and Gaps An Overview - MUKUND PAI Intel Corp. All Discussions in this Slide

SoC Pain Points and Gaps An Overview - MUKUND PAI Intel Corp. All Discussions in this Slide

SoC Pain Points and Gaps An Overview - MUKUND PAI Intel Corp. All Discussions in this Slide Deck are my own observations and conclusions. SoC Challenges IP-SOC EcoSystem needs to evolve for the future Every SoC procures IP thru

459 views • 11 slides

More recommend