Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Closest Vector is Hard to Approximate and now, for unlimited time only with Pre - Processing !! Nisheeth vishnoi Subhash Khot Michael Alekhnovich Joint.

Published byBeverley Jacobs Modified over 9 years ago

Similar presentations

Presentation on theme: "The Closest Vector is Hard to Approximate and now, for unlimited time only with Pre - Processing !! Nisheeth vishnoi Subhash Khot Michael Alekhnovich Joint."— Presentation transcript:

1 The Closest Vector is Hard to Approximate and now, for unlimited time only with Pre - Processing !! Nisheeth vishnoi Subhash Khot Michael Alekhnovich Joint work with Guy Kindler Microsoft Research

2 In this talk: In this talk: Lattices Lattices The closest vector problem: background The closest vector problem: background Our results: NP-hardness for CV-PP Our results: NP-hardness for CV-PP Proving hardness with preprocessing Proving hardness with preprocessing Something about our proof: new property of PCPs Something about our proof: new property of PCPs

3  A lattice, L: A discrete additive subgroup of R n.  A basis for L: b 1,…,b n 2 R n, s.t. L={  i a i b i : a 1,..,a n 2 Z }.

4 The Closest Vector Problem ( CVP )

5  CVP : Given a lattice L and a target vector t, find the point in L closest to t in  l p distance.  [Regev Ronen 05] Hardness results in l 2 carry for any l p.  [Ajtai Kumar Sivakumar 01]: 2 O(nloglog(n)/log n) =2 o(n) approx.  [Dinur Kindler Raz Safra 98]: n O(1/loglog n) =n o(1) hardness.  [Lagarias Lenstra Schnorr 90, Banaszczyk 93, Goldreich Goldwasser 00, Aharonov Regev 04] NP-hardness of (n/log n) 1/2 would collapse the polynomial hierarchy.

6 Motivation for studying CVP  [Ajtai 96]: Worst case to average case reductions for lattice problems.  [Ajtai Dwork 97] Based cryptosystems on lattice problems.  [Goldreich Goldwasser Halevi 97] Cryptosystem based on CVP.  [Micciancio Vadhan 03] Identification scheme based on (n/log n) 1/2 hardness for CVP. t L t – message. L – coding function: known in advance, and reused.

7 Is it safe to reuse L as key?  CV-PP : Preprocess L for unlimited time, Given t, solve CVP on L,t.  [Kannan 87, Lagarias Lenstra Schnorr 90, Aharonov Regev ] O(n 1/2 )-approx. for CV-PP.  [Feige Micciancio 02] (5/3) 1/p approx. hardness for CV-PP.  [Regev 03] 3 1/p approx. hardness for CV-PP.

8 Our Results  Thm: CV-PP in NP-hard(!) to approximate within any constant. Also applies to NC-PP.  Unless NP µ DTIME(2 polylog n ), NC-PP is hard to approximate within (log n) 1-  NC-PP is hard to approximate within (log n) 1-  CV-PP is hard to approximate within (log n) (1/p)-  CV-PP is hard to approximate within (log n) (1/p)-   1st Proof : By reduction from E-k-HVC [DGKR 03].  2nd proof: Using PCP-PP constructions, plus smoothing technique of [Khot 02].

9 Proving hardness with preprocessing  Hardness of approximation within gap g: I 2 ¦ ) dist(t,L) · d I  ¦ ) dist(t,L) ¸ d ¢ g I : Instance of ¦ 2 NPC Reduction L, t

10 Proving hardness with preprocessing I : Instance of ¦ 2 NPC Reduction L, t  Hardness of approximation within g, with preprocessing: Size of I Partial Input Generator Preprocessed L CV-PP t t I 2 ¦ ) dist(t,L) · d I  ¦ ) dist(t,L) ¸ d ¢ g  Hardness of approximation within gap g:

11 Size of I Partial Input Generator I : Instance of ¦ 2 NPC Reduction PCP with preprocessing ( PCP-PP ) Preprocessed L t t CV-PP LEFT RIGHT PCP-PP I 2 ¦ ) dist(t,L) · d I  ¦ ) dist(t,L) ¸ d ¢ g  PCP : Gap version of Q uadratic equations. x 2 +2xy=7 x 2 +z 2 =5..

12 Size of I Partial Input Generator I : Instance of ¦ 2 NPC Reduction PCP with preprocessing ( PCP-PP ) LEFT RIGHT PCP-PP I 2 ¦ ) opt(LEFT,RIGHT)=1 I  ¦ ) opt(LEFT,RIGHT) · c<1  PCP : Gap version of Q uadratic equations. x 2 +2xy=7 x 2 +z 2 =5..

13 Size of I Partial Input Generator I : Instance of ¦ 2 NPC Reduction PCP with preprocessing ( PCP-PP ) LEFT RIGHT PCP-PP  PCP : Gap version of Q uadratic equations.

14 Size of I I : Instance of ¦ 2 NPC PCP with preprocessing ( PCP-PP ) LEFT RIGHT Preprocessed L t t CV-PP  PCP : Gap version of Q uadratic equations. PCP-PP

15 PCP with preprocessing ( PCP-PP ) LEFT RIGHT PCP-PP  PCP : Gap version of Q uadratic equations.

16 PCP-PP construction LEFT RIGHT PCP-PP  PCP : Gap version of Q uadratic equations. Just (carefully) apply usual PCP construction!

17 Open problems  Get better hardness parameters for CV-PP (perhaps using methods from [DKRS 98] ).  Get improved hardness results for lattice problems, under stronger assumptions than NP  P.  Find more uses for PCP-PP constructions.

Download ppt "The Closest Vector is Hard to Approximate and now, for unlimited time only with Pre - Processing !! Nisheeth vishnoi Subhash Khot Michael Alekhnovich Joint."

Similar presentations

Hardness of Reconstructing Multivariate Polynomials. Parikshit Gopalan U. Washington Parikshit Gopalan U. Washington Subhash Khot NYU/Gatech Rishi Saket.

Hardness of Reconstructing Multivariate Polynomials. Parikshit Gopalan U. Washington Parikshit Gopalan U. Washington Subhash Khot NYU/Gatech Rishi Saket.
Combinatorial Auctions with Complement-Free Bidders – An Overview Speaker: Michael Schapira Based on joint works with Shahar Dobzinski & Noam Nisan.

Combinatorial Auctions with Complement-Free Bidders – An Overview Speaker: Michael Schapira Based on joint works with Shahar Dobzinski & Noam Nisan.
Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.

Linear-Degree Extractors and the Inapproximability of Max Clique and Chromatic Number David Zuckerman University of Texas at Austin.
The Unique Games Conjecture and Graph Expansion School on Approximability, Bangalore, January 2011 Joint work with S Prasad Raghavendra Georgia Institute.

The Unique Games Conjecture and Graph Expansion School on Approximability, Bangalore, January 2011 Joint work with S Prasad Raghavendra Georgia Institute.
Shortest Vector In A Lattice is NP-Hard to approximate

Shortest Vector In A Lattice is NP-Hard to approximate
Fearful Symmetry: Can We Solve Ideal Lattice Problems Efficiently?

Fearful Symmetry: Can We Solve Ideal Lattice Problems Efficiently?
Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)

Approximate List- Decoding and Hardness Amplification Valentine Kabanets (SFU) joint work with Russell Impagliazzo and Ragesh Jaiswal (UCSD)
Inapproximability of MAX-CUT Khot,Kindler,Mossel and O ’ Donnell Moshe Ben Nehemia June 05.

Inapproximability of MAX-CUT Khot,Kindler,Mossel and O ’ Donnell Moshe Ben Nehemia June 05.
On the Unique Games Conjecture Subhash Khot Georgia Inst. Of Technology. At FOCS 2005.

On the Unique Games Conjecture Subhash Khot Georgia Inst. Of Technology. At FOCS 2005.
Hardness of Robust Graph Isomorphism, Lasserre Gaps, and Asymmetry of Random Graphs Ryan O’Donnell (CMU) John Wright (CMU) Chenggang Wu (Tsinghua) Yuan.

Hardness of Robust Graph Isomorphism, Lasserre Gaps, and Asymmetry of Random Graphs Ryan O’Donnell (CMU) John Wright (CMU) Chenggang Wu (Tsinghua) Yuan.
Enumerative Lattice Algorithms in any Norm via M-Ellipsoid Coverings Daniel Dadush (CWI) Joint with Chris Peikert and Santosh Vempala.

Enumerative Lattice Algorithms in any Norm via M-Ellipsoid Coverings Daniel Dadush (CWI) Joint with Chris Peikert and Santosh Vempala.
On Combinatorial vs Algebraic Computational Problems Boaz Barak – MSR New England Based on joint works with Benny Applebaum, Guy Kindler, David Steurer,

On Combinatorial vs Algebraic Computational Problems Boaz Barak – MSR New England Based on joint works with Benny Applebaum, Guy Kindler, David Steurer,
Lecture 24 Coping with NPC and Unsolvable problems. When a problem is unsolvable, that's generally very bad news: it means there is no general algorithm.

Lecture 24 Coping with NPC and Unsolvable problems. When a problem is unsolvable, that's generally very bad news: it means there is no general algorithm.
MaxClique Inapproximability Seminar on HARDNESS OF APPROXIMATION PROBLEMS by Dr. Irit Dinur Presented by Rica Gonen.

MaxClique Inapproximability Seminar on HARDNESS OF APPROXIMATION PROBLEMS by Dr. Irit Dinur Presented by Rica Gonen.
NP-complete and NP-hard problems Transitivity of polynomial-time many-one reductions Concept of Completeness and hardness for a complexity class Definition.

NP-complete and NP-hard problems Transitivity of polynomial-time many-one reductions Concept of Completeness and hardness for a complexity class Definition.
Two Query PCP with Subconstant Error Dana Moshkovitz Princeton University and The Institute for Advanced Study Ran Raz The Weizmann Institute 1.

Two Query PCP with Subconstant Error Dana Moshkovitz Princeton University and The Institute for Advanced Study Ran Raz The Weizmann Institute 1.
Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.

Derandomized parallel repetition theorems for free games Ronen Shaltiel, University of Haifa.
1 The Complexity of Lattice Problems Oded Regev, Tel Aviv University Amsterdam, May 2010 (for more details, see LLL+25 survey)

1 The Complexity of Lattice Problems Oded Regev, Tel Aviv University Amsterdam, May 2010 (for more details, see LLL+25 survey)
Introduction to PCP and Hardness of Approximation Dana Moshkovitz Princeton University and The Institute for Advanced Study 1.

Introduction to PCP and Hardness of Approximation Dana Moshkovitz Princeton University and The Institute for Advanced Study 1.
1/17 Optimal Long Test with One Free Bit Nikhil Bansal (IBM) Subhash Khot (NYU)

1/17 Optimal Long Test with One Free Bit Nikhil Bansal (IBM) Subhash Khot (NYU)

Similar presentations

Ads by Google