Skip to main content
Log in

The closest vector problem in tensored root lattices of type A and in their duals

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

In this work we consider the closest vector problem (CVP)—a problem also known as maximum-likelihood decoding—in the tensor of two root lattices of type A (\(A_m \otimes A_n\)), as well as in their duals (\(A^*_m \otimes A^*_n\)). This problem is mainly motivated by lattice based cryptography, where the cyclotomic rings \({\mathbb {Z}}[\zeta _c]\) (resp. its co-different \({\mathbb {Z}}[\zeta _c]^\vee \)) play a central role, and turn out to be isomorphic as lattices to tensors of \(A^*\) lattices (resp. A root lattices). In particular, our results lead to solving CVP in \({\mathbb {Z}}[\zeta _c]\) and in \({\mathbb {Z}}[\zeta _c]^\vee \) for conductors of the form \(c = 2^\alpha p^\beta q^\gamma \) for any two odd primes pq. For the primal case \(A_m \otimes A_n\), we provide a full characterization of the Voronoi region in terms of simple cycles in the complete directed bipartite graph \(K_{m+1,n+1}\). This leads—relying on the Bellman-Ford algorithm for negative cycle detection—to a CVP algorithm running in polynomial time. Precisely, our algorithm performs \(O(l\ m^2 n^2 \min \{m,n\})\) operations on reals, where l is the number of bits per coordinate of the input target. For the dual case, we use a gluing-construction to solve CVP in sub-exponential time \(O(n m^{n+1})\).

This is a preview of subscription content, log in via an institution to check access.

Access this article

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

Notes

  1. We remind that this lattice has dimension \(\varphi (c)\), the Euler totient of c.

  2. Such details are out of the scope of this paper, but are described in the B.S. Thesis of the second author, available online https://www.math.leidenuniv.nl/scripties/BachVanWoerden.pdf.

  3. The algorithm is typically stated with \(C = |V|\), the number of vertices.

  4. Where \(K_{m',n'}(\mathbf {u})\) denotes the weigthed complete bipartite graph, as defined in the proof of Lemma 7.

References

  1. Babai L.: On Lovász’ lattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986). doi:10.1007/BF02579403.

    Article  MathSciNet  MATH  Google Scholar 

  2. Bonifas N., Dadush D.: Short paths on the Voronoi graph and the closest vector problem with preprocessing. CoRR (2014). http://arxiv.org/abs/1412.6168.

  3. Conway J., Sloane N.: Fast quantizing and decoding and algorithms for lattice quantizers and codes. IEEE Trans. Inf. Theory 28(2), 227–232 (1982). doi:10.1109/TIT.1982.1056484.

    Article  MathSciNet  MATH  Google Scholar 

  4. Conway J., Sloane N.: Voronoi regions of lattices, second moments of polytopes, and quantization. IEEE Trans. Inf. Theory 28(2), 211–226 (1982).

    Article  MathSciNet  MATH  Google Scholar 

  5. Conway J., Sloane N.: Sphere Packings. Lattices and Groups. Grundlehren der mathematischen Wissenschaften. Springer, New York (1998).

    Google Scholar 

  6. Cormen T.H., Leiserson C.E., Rivest R.L., Stein C.: Introduction to Algorithms, 3rd edn. MIT Press, Cambridge (2009).

    MATH  Google Scholar 

  7. Lyubashevsky V., Peikert C., Regev O.: On Ideal Lattices and Learning with Errors over Rings, pp. 1–23. Springer, Berlin (2010). doi:10.1007/978-3-642-13190-5_1.

    MATH  Google Scholar 

  8. Lyubashevsky V., Peikert C., Regev O.: A Toolkit for Ring-LWE Cryptography, pp. 35–54. Springer, Berlin (2013). doi:10.1007/978-3-642-38348-9_3.

    MATH  Google Scholar 

  9. McKilliam R.G., Clarkson I.V.L., Quinn B.G.: An algorithm to compute the nearest point in the lattice \({A}_n^*\). CoRR 54, 4378–4381 (2008). http://arxiv.org/abs/0801.1364.

  10. McKilliam R.G., Clarkson I.V.L., Smith W.D., Quinn B.G.: A linear-time nearest point algorithm for the lattice \({A}_n^*\). In: International Symposium on Information Theory and Its Applications, 2008. ISITA 2008, pp. 1–5 (2008). doi:10.1109/ISITA.2008.4895596.

  11. Micciancio D., Voulgaris P.: A deterministic single exponential time algorithm for most lattice problems based on voronoi cell computations. In: Proceedings of the Forty-second ACM Symposium on Theory of Computing, STOC ’10, pp. 351–358. ACM, New York, NY, USA (2010). doi:10.1145/1806689.1806739.

  12. Oggier F., Viterbo E.: Algebraic Number Theory and Code Design for Rayleigh Fading Channels. Now Publishers Inc, Hanover (2004).

    MATH  Google Scholar 

  13. Voronoi G.: Nouvelles applications des paramètres continus à la théorie des formes quadratiques. deuxième mémoire. recherches sur les parallélloèdres primitifs. Journal für die reine und angewandte Mathematik 134, 198–287 (1908). http://eudml.org/doc/149291.

Download references

Acknowledgements

The authors wish to thank Onno Berrevoets, Marcello Bonsangue, Daniel Dadush and Daan van Gent for their interest and helpful feedback on this work. This work has been supported by a grant from CWI from budget for public–private-partnerships and in part by a grant from NXP Semiconductors.

Author information

Authors and Affiliations

Authors

Corresponding author

Correspondence to Léo Ducas.

Additional information

Communicated by S. D. Galbraith.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Ducas, L., van Woerden, W.P.J. The closest vector problem in tensored root lattices of type A and in their duals. Des. Codes Cryptogr. 86, 137–150 (2018). https://doi.org/10.1007/s10623-017-0332-x

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10623-017-0332-x

Keywords

Mathematics Subject Classification

Navigation