The Closest Vector is Hard to Approximate and now, for unlimited time only with Pre - Processing !! Nisheeth vishnoi Subhash Khot Michael Alekhnovich Joint.

Slides:

Advertisements

Similar presentations

Hardness of Reconstructing Multivariate Polynomials. Parikshit Gopalan U. Washington Parikshit Gopalan U. Washington Subhash Khot NYU/Gatech Rishi Saket.

Advertisements

Combinatorial Auctions with Complement-Free Bidders – An Overview Speaker: Michael Schapira Based on joint works with Shahar Dobzinski & Noam Nisan.

Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.

The Unique Games Conjecture and Graph Expansion School on Approximability, Bangalore, January 2011 Joint work with S Prasad Raghavendra Georgia Institute.

Shortest Vector In A Lattice is NP-Hard to approximate

Fearful Symmetry: Can We Solve Ideal Lattice Problems Efficiently?

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Inapproximability of MAX-CUT Khot,Kindler,Mossel and O ’ Donnell Moshe Ben Nehemia June 05.

On the Unique Games Conjecture Subhash Khot Georgia Inst. Of Technology. At FOCS 2005.

Hardness of Robust Graph Isomorphism, Lasserre Gaps, and Asymmetry of Random Graphs Ryan O’Donnell (CMU) John Wright (CMU) Chenggang Wu (Tsinghua) Yuan.

Enumerative Lattice Algorithms in any Norm via M-Ellipsoid Coverings Daniel Dadush (CWI) Joint with Chris Peikert and Santosh Vempala.

On Combinatorial vs Algebraic Computational Problems Boaz Barak – MSR New England Based on joint works with Benny Applebaum, Guy Kindler, David Steurer,

Lecture 24 Coping with NPC and Unsolvable problems. When a problem is unsolvable, that's generally very bad news: it means there is no general algorithm.

MaxClique Inapproximability Seminar on HARDNESS OF APPROXIMATION PROBLEMS by Dr. Irit Dinur Presented by Rica Gonen.

NP-complete and NP-hard problems Transitivity of polynomial-time many-one reductions Concept of Completeness and hardness for a complexity class Definition.

Two Query PCP with Subconstant Error Dana Moshkovitz Princeton University and The Institute for Advanced Study Ran Raz The Weizmann Institute 1.

Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.

1 The Complexity of Lattice Problems Oded Regev, Tel Aviv University Amsterdam, May 2010 (for more details, see LLL+25 survey)

Introduction to PCP and Hardness of Approximation Dana Moshkovitz Princeton University and The Institute for Advanced Study 1.

1/17 Optimal Long Test with One Free Bit Nikhil Bansal (IBM) Subhash Khot (NYU)

Umans Complexity Theory Lectures Lecture 15: Approximation Algorithms and Probabilistically Checkable Proofs (PCPs)

Inapproximability from different hardness assumptions Prahladh Harsha TIFR 2011 School on Approximability.

Two Query PCP with Sub-constant Error Dana Moshkovitz Princeton University Ran Raz Weizmann Institute 1.

PCPs and Inapproximability Introduction. My T. Thai 2 Why Approximation Algorithms  Problems that we cannot find an optimal solution.

Lattice-based Cryptography Oded Regev Tel-Aviv University Oded Regev Tel-Aviv University CRYPTO 2006, Santa Barbara, CA.

New Lattice Based Cryptographic Constructions

1 On the Hardness Of TSP with Neighborhoods and related Problems (some slides borrowed from Dana Moshkovitz) O. Schwartz & S. Safra.

阮風光 Phong Q. Nguyên (École normale supérieure) עודד רגב Oded Regev עודד רגב Oded Regev (Tel Aviv University) Learning a Parallelepiped: Cryptanalysis of.

Robust Network Design with Exponential Scenarios By: Rohit Khandekar Guy Kortsarz Vahab Mirrokni Mohammad Salavatipour.

Oded Regev Tel-Aviv University On Lattices, Learning with Errors, Learning with Errors, Random Linear Codes, Random Linear Codes, and Cryptography and.

On The Achromatic Number Problem Guy Kortsarz Rutgers University, Camden.

ON THE PROVABLE SECURITY OF HOMOMORPHIC ENCRYPTION Andrej Bogdanov Chinese University of Hong Kong Bertinoro Summer School | July 2014 based on joint work.

1 The PCP starting point. 2 Overview In this lecture we’ll present the Quadratic Solvability problem. We’ll see this problem is closely related to PCP.

1 Slides by Asaf Shapira & Michael Lewin & Boaz Klartag & Oded Schwartz. Adapted from things beyond us.

Dana Moshkovitz, MIT Joint work with Subhash Khot, NYU.

Diophantine Approximation and Basis Reduction

Primer on Fourier Analysis Dana Moshkovitz Princeton University and The Institute for Advanced Study.

1 Sublinear Algorithms Lecture 1 Sofya Raskhodnikova Penn State University TexPoint fonts used in EMF. Read the TexPoint manual before you delete this.

1 Within an Almost Polynomial Factor is NP-hard Approximating Closest Vector Irit Dinur Joint work with G. Kindler and S. Safra.

Public-key cryptanalysis: lattice attacks Nguyen Dinh Thuc University of Science, HCMC

PROPRIETARY AND CONFIDENTIAL Lattice Breaking Times William Whyte NTRU Cryptosystems March 2004.

Fast algorithm for the Shortest Vector Problem er (joint with Aggarwal, Dadush, and Stephens-Davidowitz) Oded Regev Courant Institute, NYU UC Irvine, Sloan.

Find the value of y such that

A Sieving Algorithm for Approximate Integer Programming Daniel Dadush, CWI.

1/19 Minimizing weighted completion time with precedence constraints Nikhil Bansal (IBM) Subhash Khot (NYU)

Secure Parameters for SWIFFT Johannes Buchmann Richard Lindner.

Lattice-based cryptography and quantum Oded Regev Tel-Aviv University.

Copyright 2012, Toshiba Corporation. A Survey on the Algebraic Surface Cryptosystems Koichiro Akiyama ( TOSHIBA Corporation ) Joint work with Prof. Yasuhiro.

Unique Games Approximation Amit Weinstein Complexity Seminar, Fall 2006 Based on: “Near Optimal Algorithms for Unique Games" by M. Charikar, K. Makarychev,

Lattice Based Signatures Johannes Buchmann Erik Dahmen Richard Lindner Markus Rückert Michael Schneider.

SSAT A new characterization of NP and the hardness of approximating CVP. joint work with G., R. Raz, and S. Safra joint work with G. Kindler, R. Raz, and.

1 2 Introduction In this lecture we’ll cover: Definition of PCP Prove some classical hardness of approximation results Review some recent ones.

NP Completeness Piyush Kumar. Today Reductions Proving Lower Bounds revisited Decision and Optimization Problems SAT and 3-SAT P Vs NP Dealing with NP-Complete.

Conditional Lower Bounds for Dynamic Programming Problems Karl Bringmann Max Planck Institute for Informatics Saarbrücken, Germany.

Hardness of Hyper-Graph Coloring Irit Dinur NEC Joint work with Oded Regev and Cliff Smyth.

Polynomial integrality gaps for

Generalized Sparsest Cut and Embeddings of Negative-Type Metrics

On Bounded Distance Decoding, Unique Shortest Vectors, and the

Attack on Fully Homomorphic Encryption over Principal Ideal Lattice

Background: Lattices and the Learning-with-Errors problem

An average-case lower bound against ACC0

Introduction to PCP and Hardness of Approximation

On the effect of randomness on planted 3-coloring models

S.Safra I.Dinur G.Kindler

Lattices. Svp & cvp. lll algorithm. application in cryptography

On The Quantitative Hardness of the Closest Vector Problem

Daniel Dadush Centrum Wiskunde & Informatica (CWI) Aussois 2019

Every set in P is strongly testable under a suitable encoding

No Guarantee Unless P equals NP

2-to-2 Games Theorem via Expansion in the Grassmann Graph

Presentation transcript:

The Closest Vector is Hard to Approximate and now, for unlimited time only with Pre - Processing !! Nisheeth vishnoi Subhash Khot Michael Alekhnovich Joint work with Guy Kindler Microsoft Research

In this talk: In this talk: Lattices Lattices The closest vector problem: background The closest vector problem: background Our results: NP-hardness for CV-PP Our results: NP-hardness for CV-PP Proving hardness with preprocessing Proving hardness with preprocessing Something about our proof: new property of PCPs Something about our proof: new property of PCPs

 A lattice, L: A discrete additive subgroup of R n.  A basis for L: b 1,…,b n 2 R n, s.t. L={  i a i b i : a 1,..,a n 2 Z }.

The Closest Vector Problem ( CVP )

 CVP : Given a lattice L and a target vector t, find the point in L closest to t in  l p distance.  [Regev Ronen 05] Hardness results in l 2 carry for any l p.  [Ajtai Kumar Sivakumar 01]: 2 O(nloglog(n)/log n) =2 o(n) approx.  [Dinur Kindler Raz Safra 98]: n O(1/loglog n) =n o(1) hardness.  [Lagarias Lenstra Schnorr 90, Banaszczyk 93, Goldreich Goldwasser 00, Aharonov Regev 04] NP-hardness of (n/log n) 1/2 would collapse the polynomial hierarchy.

Motivation for studying CVP  [Ajtai 96]: Worst case to average case reductions for lattice problems.  [Ajtai Dwork 97] Based cryptosystems on lattice problems.  [Goldreich Goldwasser Halevi 97] Cryptosystem based on CVP.  [Micciancio Vadhan 03] Identification scheme based on (n/log n) 1/2 hardness for CVP. t L t – message. L – coding function: known in advance, and reused.

Is it safe to reuse L as key?  CV-PP : Preprocess L for unlimited time, Given t, solve CVP on L,t.  [Kannan 87, Lagarias Lenstra Schnorr 90, Aharonov Regev ] O(n 1/2 )-approx. for CV-PP.  [Feige Micciancio 02] (5/3) 1/p approx. hardness for CV-PP.  [Regev 03] 3 1/p approx. hardness for CV-PP.

Our Results  Thm: CV-PP in NP-hard(!) to approximate within any constant. Also applies to NC-PP.  Unless NP µ DTIME(2 polylog n ), NC-PP is hard to approximate within (log n) 1-  NC-PP is hard to approximate within (log n) 1-  CV-PP is hard to approximate within (log n) (1/p)-  CV-PP is hard to approximate within (log n) (1/p)-   1st Proof : By reduction from E-k-HVC [DGKR 03].  2nd proof: Using PCP-PP constructions, plus smoothing technique of [Khot 02].

Proving hardness with preprocessing  Hardness of approximation within gap g: I 2 ¦ ) dist(t,L) · d I  ¦ ) dist(t,L) ¸ d ¢ g I : Instance of ¦ 2 NPC Reduction L, t

Proving hardness with preprocessing I : Instance of ¦ 2 NPC Reduction L, t  Hardness of approximation within g, with preprocessing: Size of I Partial Input Generator Preprocessed L CV-PP t t I 2 ¦ ) dist(t,L) · d I  ¦ ) dist(t,L) ¸ d ¢ g  Hardness of approximation within gap g:

Size of I Partial Input Generator I : Instance of ¦ 2 NPC Reduction PCP with preprocessing ( PCP-PP ) Preprocessed L t t CV-PP LEFT RIGHT PCP-PP I 2 ¦ ) dist(t,L) · d I  ¦ ) dist(t,L) ¸ d ¢ g  PCP : Gap version of Q uadratic equations. x 2 +2xy=7 x 2 +z 2 =5..

Size of I Partial Input Generator I : Instance of ¦ 2 NPC Reduction PCP with preprocessing ( PCP-PP ) LEFT RIGHT PCP-PP I 2 ¦ ) opt(LEFT,RIGHT)=1 I  ¦ ) opt(LEFT,RIGHT) · c<1  PCP : Gap version of Q uadratic equations. x 2 +2xy=7 x 2 +z 2 =5..

Size of I Partial Input Generator I : Instance of ¦ 2 NPC Reduction PCP with preprocessing ( PCP-PP ) LEFT RIGHT PCP-PP  PCP : Gap version of Q uadratic equations.

Size of I I : Instance of ¦ 2 NPC PCP with preprocessing ( PCP-PP ) LEFT RIGHT Preprocessed L t t CV-PP  PCP : Gap version of Q uadratic equations. PCP-PP

PCP with preprocessing ( PCP-PP ) LEFT RIGHT PCP-PP  PCP : Gap version of Q uadratic equations.

PCP-PP construction LEFT RIGHT PCP-PP  PCP : Gap version of Q uadratic equations. Just (carefully) apply usual PCP construction!

Open problems  Get better hardness parameters for CV-PP (perhaps using methods from [DKRS 98] ).  Get improved hardness results for lattice problems, under stronger assumptions than NP  P.  Find more uses for PCP-PP constructions.