Sectrix of Maclaurin: Difference between revisions

In computer science, lattice problems are a class of optimization problems on lattices. The conjectured intractability of such problems is central to construction of secure lattice-based cryptosystems. For applications in such cryptosystems, lattices over vector spaces (often ${\displaystyle \mathbb {Q} ^{n}}$) or free modules (often ${\displaystyle \mathbb {Z} ^{n}}$) are generally considered.

For all the problems below, assume that we are given (in addition to other more specific inputs) a basis for the vector space V and a norm N. The norms usually considered are L². However, other norms (such as L^p) are also considered and show up in a variety of results.^[1] Let ${\displaystyle \lambda (L)}$ denote the length of the shortest non-zero vector in the lattice L: ${\displaystyle \lambda (L)=\mathbf {min} \{\|v\|_{N}|v\in \mathbf {L} ,v\neq 0\}}$.

Shortest vector problem (SVP)

In SVP, a basis of a vector space V and a norm N (often L²) are given for a lattice L and one must find the shortest non-zero vector in V, as measured by N, in L. In other words, the algorithm should output a non-zero vector v such that ${\displaystyle N(v)=\lambda (L)}$.

In the ${\displaystyle \gamma }$-approximation version ${\displaystyle SVP_{\gamma }}$, one must find a non-zero lattice vector of length at most ${\displaystyle \gamma \lambda (L)}$.

Known results

The exact version of the problem is NP-hard.^[2] Approach techniques: Lenstra–Lenstra–Lovász lattice basis reduction algorithm produces a "relatively short vector" in polynomial time, but does not solve the problem. Kannan's HKZ basis reduction algorithm solves the problem in ${\displaystyle n^{{\frac {n}{2e}}+o(n)}}$ time where n is the dimension. Lastly, Schnorr presented a technique that interpolates between LLL and HKZ called Block Reduction. Block reduction works with HKZ bases and if the number of blocks is chosen to be larger than the dimension, the resulting algorithm Kannan's full HKZ basis reduction.

GapSVP

The problem ${\displaystyle GapSVP_{\beta }}$ consists of differentiating between the instances of SVP in which the answer is at most 1 or larger than ${\displaystyle \beta }$, where ${\displaystyle \beta }$ can be a fixed function of ${\displaystyle n}$, the number of vectors. Given a basis for the lattice, the algorithm must decide whether ${\displaystyle \lambda (L)\leq 1}$ or ${\displaystyle \lambda (L)>\beta }$. Like other promise problems, the algorithm is allowed to err on all other cases.

Yet another version of the problem is ${\displaystyle GapSVP_{\zeta ,\gamma }}$ for some functions ${\displaystyle \zeta ,\gamma }$. The input to the algorithm is a basis ${\displaystyle B}$ and a number ${\displaystyle d}$. It is assured that all the vectors in the Gram–Schmidt orthogonalization are of length at least 1, and that ${\displaystyle \lambda (L(B))\leq \zeta (n)}$ and that ${\displaystyle 1\leq d\leq \zeta (n)/\gamma (n)}$ where ${\displaystyle n}$ is the dimension. The algorithm must accept if ${\displaystyle \lambda (L(B))\leq d}$, and reject if ${\displaystyle \lambda (L(B))\geq \gamma (n).d}$. For large ${\displaystyle \zeta }$ (${\displaystyle \zeta (n)>2^{n/2}}$), the problem is equivalent to ${\displaystyle GapSVP_{\gamma }}$ because^[3] a preprocessing done using the LLL algorithm makes the second condition (and hence, ${\displaystyle \zeta }$) redundant.

Closest vector problem (CVP)

• Lattice problems by example
• 

  The SVP by example

• 

  The CVP by example

In CVP, a basis of a vector space V and a metric M (often L²) are given for a lattice L, as well as a vector v in V but not necessarily in L. It is desired to find the vector in L closest to v (as measured by M). In the ${\displaystyle \gamma }$-approximation version ${\displaystyle CVP_{\gamma }}$, one must find a lattice vector at distance at most ${\displaystyle \gamma }$.

Relationship with SVP

The closest vector problem is a generalization of the shortest vector problem. It is easy^[4] to show that given an oracle for ${\displaystyle CVP_{\gamma }}$ (defined below), one can solve ${\displaystyle SVP_{\gamma }}$ by making some queries to the oracle. The naive method to find the shortest vector by calling the ${\displaystyle CVP_{\gamma }}$ oracle to find the closest vector to 0 does not work because 0 is itself a lattice vector and the algorithm could potentially output 0.

The reduction from ${\displaystyle SVP_{\gamma }}$ to ${\displaystyle CVP_{\gamma }}$ is as follows: Suppose that the input to the ${\displaystyle SVP_{\gamma }}$ problem is the basis for lattice ${\displaystyle B=[b_{1},b_{2},\ldots ,b_{n}]}$. Consider the basis ${\displaystyle B^{i}=[b_{1},\ldots ,2b_{i},\ldots ,b_{n}]}$ and let ${\displaystyle x_{i}}$ be the vector returned by ${\displaystyle CVP_{\gamma }(B^{i},b_{i})}$. The claim is that the shortest vector in the set ${\displaystyle \{x_{i}-b_{i}\}}$ is the shortest vector in the given lattice.

Known results

Goldreich et al.^[5] showed that any hardness of SVP implies the same hardness for CVP. Using PCP tools, Arora et al.^[6] showed that CVP is hard to approximate within factor ${\displaystyle 2^{\log ^{1-\epsilon }(n)}}$ unless ${\displaystyle \operatorname {NP} \subseteq \operatorname {DTIME} (2^{poly(\log n)})}$. Dinur et al.^[7] strengthened this by giving a NP-hardness result with ${\displaystyle \epsilon =(\log \log n)^{c}}$ for ${\displaystyle c<1/2}$.

Sphere decoding

The algorithm for CVP, especially the Fincke and Pohst variant,^[8] have been used, for example, for data detection in multiple-input multiple-output (MIMO) wireless communication systems (for coded and uncoded signals)^[9] .^[10] It is called sphere decoding.^[11]

It has been applied in the field of the integer ambiguity resolution of carrier-phase GNSS (GPS) .^[12] It is called LAMBDA method in that field.

GapCVP

This problem is similar to the GapSVP problem. For ${\displaystyle GapCVP_{\beta }}$, the input consists of a lattice basis and a vector ${\displaystyle v}$ and the algorithm must answer whether

• there is a lattice vector such that the distance between it and ${\displaystyle v}$ is at most 1.
• every lattice vector is at a distance greater than ${\displaystyle \beta }$ away from ${\displaystyle v}$.

Known results

The problem is trivially contained in NP for any approximation factor.

Schnorr,^[13] in 1987, showed that deterministic polynomial time algorithms can solve the problem for ${\displaystyle \beta =2^{O(n(\log \log n)^{2}/\log n)}}$. Ajtai et al.^[14] showed that probabilistic algorithms can achieve a slightly better approximation factor of ${\displaystyle \beta =2^{O(n\log \log n/\log n)}}$

In 1993, Banaszczyk^[15] showed that ${\displaystyle GapCVP_{n}}$ is in ${\displaystyle NP\cap coNP}$. In 2000, Goldreich and Goldwasser^[16] showed that ${\displaystyle \beta ={\sqrt {n/\log n}}}$ puts the problem in both NP and coAM. In 2005, Aharonov and Regev^[17] showed that for some constant ${\displaystyle c}$, the problem with ${\displaystyle \beta =c{\sqrt {n}}}$ is in ${\displaystyle NP\cap coNP}$.

For lower bounds, Dinur et al.^[18] showed in 1998 that the problem is NP-hard for ${\displaystyle \beta =n^{o(1/\log {\log {n}})}}$.

Shortest independent vectors problem (SIVP)

Given a lattice L of dimension n, the algorithm must output n linearly independent ${\displaystyle v_{1},v_{2},\ldots ,v_{n}}$ so that ${\displaystyle \max \|v_{i}\|<\max _{B}\|b_{i}\|}$ where the right hand side considers all basis ${\displaystyle B=\{b_{1},\ldots ,b_{n}\}}$ of the lattice.

In the ${\displaystyle \gamma }$-approximate version, given a lattice L with dimension n, find n linearly independent vectors ${\displaystyle v_{1},v_{2},\ldots ,v_{n}}$ of length max ||${\displaystyle v_{i}}$|| ≤ ${\displaystyle \gamma \lambda _{n}(L)}$, where ${\displaystyle \lambda _{n}(L)}$ is the ${\displaystyle n}$'th successive mininum of ${\displaystyle L}$.

Bounded distance decoding

This problem is similar to CVP. Given a vector such that its distance from the lattice is at most ${\displaystyle \lambda (L)/2}$, the algorithm must output the closest lattice vector to it.

Covering radius problem

Given a basis for the lattice, the algorithm must find the largest distance (or in some versions, its approximation) from any vector to the lattice.

Shortest basis problem

Many problems become easier if the input basis consists of short vectors. An algorithm that solves the Shortest Basis Problem (SBP) must, given a lattice basis${\displaystyle B}$, output an equivalent basis ${\displaystyle B'}$ such that the length of the longest vector in ${\displaystyle B'}$ is as short as possible.

The approximation version ${\displaystyle SBP_{\gamma }}$ problem consist of finding a basis whose longest vector is at most ${\displaystyle \gamma }$ times longer than the longest vector in the shortest basis.

Use in cryptography

Mining Engineer (Excluding Oil ) Truman from Alma, loves to spend time knotting, largest property developers in singapore developers in singapore and stamp collecting. Recently had a family visit to Urnes Stave Church.

Average case hardness of problems forms a basis for proofs-of-security for most cryptographic schemes. However, experimental evidence suggests that most NP-hard problems lack this property: they are probably only worst case hard. Many lattice problems have been conjectured or proven to be average-case hard, making them an attractive class of problems to base cryptographic schemes on. Moreover, worst-case hardness of some lattice problems have been used to create secure cryptographic schemes. The use of worst-case hardness in such schemes makes them among the very few schemes that are very likely secure even against quantum computers.

The above lattice problems are easy to solve if the algorithm is provided with a "good" basis. Lattice reduction algorithms aim, given a basis for a lattice, to output a new basis consisting of relatively short, nearly orthogonal vectors. The LLL algorithm^[19] was an early efficient algorithm for this problem which could output an almost reduced lattice basis in polynomial time. This algorithm and its further refinements were used to break several cryptographic schemes, establishing its status as a very important tool in cryptanalysis. The success of LLL on experimental data led to a belief that lattice reduction might be an easy problem in practice. However, this belief was challenged when in the late 1990s, several new results on the hardness of lattice problems were obtained, starting with the result of Ajtai.^[20]

In his seminal papers,^[20][21] Ajtai showed that the SVP problem was NP-hard and discovered some connections between the worst-case complexity and average-case complexity of some lattice problems. Building on these results, Ajtai and Dwork^[22] created a public-key cryptosystem whose security could be proven using only the worst case hardness of a certain version of SVP, thus making it the first^[23] result to have used worst-case hardness to create secure systems.

See also

• Learning with errors

References

43 year old Petroleum Engineer Harry from Deep River, usually spends time with hobbies and interests like renting movies, property developers in singapore new condominium and vehicle racing. Constantly enjoys going to destinations like Camino Real de Tierra Adentro.

• Daniele Micciancio: The Shortest Vector Problem is {NP}-hard to approximate to within some constant. SIAM Journal on Computing. 2001, http://cseweb.ucsd.edu/~daniele/papers/SVP.html.
• Phong Q. Nguyen and Jacques Stern, "Lattice Reduction in Cryptology: An Update," in Proceedings of the 4th International Symposium on Algorithmic Number Theory (Springer-Verlag, 2000), 85–112, http://portal.acm.org/citation.cfm?id=749906.
• One of the biggest reasons investing in a Singapore new launch is an effective things is as a result of it is doable to be lent massive quantities of money at very low interest rates that you should utilize to purchase it. Then, if property values continue to go up, then you'll get a really high return on funding (ROI). Simply make sure you purchase one of the higher properties, reminiscent of the ones at Fernvale the Riverbank or any Singapore landed property Get Earnings by means of Renting
  
  In its statement, the singapore property listing - website link, government claimed that the majority citizens buying their first residence won't be hurt by the new measures. Some concessions can even be prolonged to chose teams of consumers, similar to married couples with a minimum of one Singaporean partner who are purchasing their second property so long as they intend to promote their first residential property. Lower the LTV limit on housing loans granted by monetary establishments regulated by MAS from 70% to 60% for property purchasers who are individuals with a number of outstanding housing loans on the time of the brand new housing purchase. Singapore Property Measures - 30 August 2010 The most popular seek for the number of bedrooms in Singapore is 4, followed by 2 and three. Lush Acres EC @ Sengkang
  
  Discover out more about real estate funding in the area, together with info on international funding incentives and property possession. Many Singaporeans have been investing in property across the causeway in recent years, attracted by comparatively low prices. However, those who need to exit their investments quickly are likely to face significant challenges when trying to sell their property – and could finally be stuck with a property they can't sell. Career improvement programmes, in-house valuation, auctions and administrative help, venture advertising and marketing, skilled talks and traisning are continuously planned for the sales associates to help them obtain better outcomes for his or her shoppers while at Knight Frank Singapore. No change Present Rules
  
  Extending the tax exemption would help. The exemption, which may be as a lot as $2 million per family, covers individuals who negotiate a principal reduction on their existing mortgage, sell their house short (i.e., for lower than the excellent loans), or take part in a foreclosure course of. An extension of theexemption would seem like a common-sense means to assist stabilize the housing market, but the political turmoil around the fiscal-cliff negotiations means widespread sense could not win out. Home Minority Chief Nancy Pelosi (D-Calif.) believes that the mortgage relief provision will be on the table during the grand-cut price talks, in response to communications director Nadeam Elshami. Buying or promoting of blue mild bulbs is unlawful.
  
  A vendor's stamp duty has been launched on industrial property for the primary time, at rates ranging from 5 per cent to 15 per cent. The Authorities might be trying to reassure the market that they aren't in opposition to foreigners and PRs investing in Singapore's property market. They imposed these measures because of extenuating components available in the market." The sale of new dual-key EC models will even be restricted to multi-generational households only. The models have two separate entrances, permitting grandparents, for example, to dwell separately. The vendor's stamp obligation takes effect right this moment and applies to industrial property and plots which might be offered inside three years of the date of buy. JLL named Best Performing Property Brand for second year running
  
  The data offered is for normal info purposes only and isn't supposed to be personalised investment or monetary advice. Motley Fool Singapore contributor Stanley Lim would not personal shares in any corporations talked about. Singapore private home costs increased by 1.eight% within the fourth quarter of 2012, up from 0.6% within the earlier quarter. Resale prices of government-built HDB residences which are usually bought by Singaporeans, elevated by 2.5%, quarter on quarter, the quickest acquire in five quarters. And industrial property, prices are actually double the levels of three years ago. No withholding tax in the event you sell your property. All your local information regarding vital HDB policies, condominium launches, land growth, commercial property and more
  
  There are various methods to go about discovering the precise property. Some local newspapers (together with the Straits Instances ) have categorised property sections and many local property brokers have websites. Now there are some specifics to consider when buying a 'new launch' rental. Intended use of the unit Every sale begins with 10 p.c low cost for finish of season sale; changes to 20 % discount storewide; follows by additional reduction of fiftyand ends with last discount of 70 % or extra. Typically there is even a warehouse sale or transferring out sale with huge mark-down of costs for stock clearance. Deborah Regulation from Expat Realtor shares her property market update, plus prime rental residences and houses at the moment available to lease Esparina EC @ Sengkang