We study the algorithmic complexity of lattice problems based on the sieving technique due to M. Ajtai, R. Kumar and D. Sivakumar [“A sieve algorithm for the shortest lattice vector”, in: Proceedings of the thirty-third annual ACM symposium on theory of computing (STOC 2001). New York, NY: Association for Computing Machinery (ACM). 601–610 (2001; doi:10.1145/380752.380857)]. Given a k-dimensional subspace M⊆ℝ n and a full rank integer lattice ℒ⊆ℚ n , the subspace avoiding problem SAP, defined by J. Blömer and S. Naewe [Lect. Notes Comput. Sci. 4596, 65–77 (2007; Zbl 1171.11328)], is to find a shortest vector in ℒ∖M. We first give a 2 O(n+klogk) time algorithm to solve the subspace avoiding problem. Applying this algorithm we obtain the following results. 1. We give a 2 O(n) time algorithm to compute ith successive minima of a full rank lattice ℒ⊂ℚ n if i is O(n logn). 2. We give a 2 O(n) time algorithm to solve a restricted closest vector problem (CVP), where the inputs fulfil a promise about the distance of the input vector from the lattice. 3. We also show that unrestricted CVP has a 2 O(n) exact algorithm if there is a 2 O(n) time exact algorithm for solving CVP with additional input v i ∈ℒ, 1≤i≤n, where ∥v i ∥ p is the ith successive minima of ℒ for each i. We also give a new approximation algorithm for SAP and the convex body avoiding problem which is a generalization of SAP. Several of our algorithms work for gauge functions as metric, where the gauge function has a natural restriction and is accessed by an oracle.
Data provided are for informational purposes only. Although carefully collected, accuracy cannot be guaranteed. The impact factor represents a rough estimation of the journal's impact factor and does not reflect the actual current impact factor. Publisher conditions are provided by RoMEO. Differing provisions from the publisher's actual policy or licence agreement may be applicable.
"In 2001 Ajtai et al. proposed the first sieve algorithm for solving the SVP . There are many variants of the sieving algorithm [22, 6, 5] that try to improve the computational costs of the algorithm. In 2009 Micciancio and Voulgaris proposed a practical sieving algorithm, called the Gauss Sieve algorithm . "
[Show abstract][Hide abstract]ABSTRACT: In this paper, we report that we have solved the SVP Challenge over a 128-dimensional lattice in Ideal Lattice Challenge from TU Darmstadt, which is currently the highest dimension in the challenge that has ever been solved. The security of lattice-based cryptography is based on the hardness of solving the shortest vector problem (SVP) in lattices. In 2010, Micciancio and Voulgaris proposed a Gauss Sieve algorithm for heuristically solving the SVP using a list L of Gauss-reduced vectors. Milde and Schneider proposed a parallel implementation method for the Gauss Sieve algorithm. However, the efficiency of the more than 10 threads in their implementation decreased due to the large number of non-Gauss-reduced vectors appearing in the distributed list of each thread. In this paper, we propose a more practical parallelized Gauss Sieve algorithm. Our algorithm deploys an additional Gauss-reduced list V of sample vectors assigned to each thread, and all vectors in list L remain Gauss-reduced by mutually reducing them using all sample vectors in V. Therefore, our algorithm allows the Gauss Sieve algorithm to run for large dimensions with a small communication overhead. Finally, we succeeded in solving the SVP Challenge over a 128-dimensional ideal lattice generated by the cyclotomic polynomial x
128 + 1 using about 30,000 CPU hours.
"These problems are central to the geometry of numbers and have applications to integer programming, factoring polynomials, cryptography etc. The fastest known algorithms for solving SVP in general norms, are 2 O(n) time randomized algorithms based on the AKS sieve [1, 2]. Finding deterministic algorithms of this complexity for both SVP and CVP has been an important open problem. "
[Show abstract][Hide abstract]ABSTRACT: We give a deterministic 2(o(n))algorithm for computing an M-ellipsoid of a convex body, matching a known lower bound. This leads to a nearly optimal deterministic algorithm for estimating the volume of a convex body and improved deterministic algorithms for fundamental lattice problems under general norms.
Preview · Article · Sep 2013 · Proceedings of the National Academy of Sciences