A New Class of Algorithms for Finding Short Vectors in Lattices Lifted from Co-dimension $k$ Codes

TL;DR

This work presents a new projection-based, 1-step Euclidean-update algorithm for finding short vectors in lattices arising from codes of co-dimension $k$ over $\mathbb{Z}_P^d$, leveraging mod $P$ duality and a sorting step to ensure monotone projection reduction and bounded length growth. The co-dimension $1$ case is developed in depth, with a rigorous regularity proof ensuring nonzero lattice vectors and explicit bounds on output length that depend on the number of iterations. The authors extend the method to co-dimension $k$, generalized input sets, and a multi-party block reduction, yielding a family of polynomial-time algorithms that, in practice, produce shorter vectors than LLL (L^2) in large-dimension settings and offer substantial speed advantages. Empirical results on Darmstadt SVP Challenge instances and large-scale experiments (up to $d=8000$) demonstrate the method’s ability to beat Gaussian heuristic targets and outperform LLL in both vector quality and runtime, highlighting its potential as a practical SVP approximation scheme distinct from near-exact SVP reductions. The work also lays out theoretical and computational avenues for further refinements and broader applicability in lattice-based cryptography contexts.

Abstract

We introduce a new class of algorithms for finding a short vector in lattices defined by codes of co-dimension $k$ over $\mathbb{Z}_P^d$, where $P$ is prime. The co-dimension $1$ case is solved by exploiting the packing properties of the projections mod $P$ of an initial set of non-lattice vectors onto a single dual codeword. The technical tools we introduce are sorting of the projections followed by single-step pairwise Euclidean reduction of the projections, resulting in monotonic convergence of the positive-valued projections to zero. The length of vectors grows by a geometric factor each iteration. For fixed $P$ and $d$, and large enough user-defined input sets, we show that it is possible to minimize the number of iterations, and thus the overall length expansion factor, to obtain a short lattice vector. Thus we obtain a novel approach for controlling the output length, which resolves an open problem posed by Noah Stephens-Davidowitz (the possibility of an approximation scheme for the shortest-vector problem (SVP) which does not reduce to near-exact SVP). In our approach, one may obtain short vectors even when the lattice dimension is quite large, e.g., 8000. For fixed $P$, the algorithm yields shorter vectors for larger $d$. We additionally present a number of extensions and generalizations of our fundamental co-dimension $1$ method. These include a method for obtaining many different lattice vectors by multiplying the dual codeword by an integer and then modding by $P$; a co-dimension $k$ generalization; a large input set generalization; and finally, a "block" generalization, which involves the replacement of pairwise (Euclidean) reduction by a $k$-party (non-Euclidean) reduction. The $k$-block generalization of our algorithm constitutes a class of polynomial-time algorithms indexed by $k\geq 2$, which yield successively improved approximations for the short vector problem.

Figures (4)

• Figure 1: Numerical fit to number of iterations $n_{0,opt}$ of equation \ref{['iter']} at which $P_{n_{0,opt}}=1$ given $d=1000$ with initial condition $P_1 = P$, versus $P$.
• Figure 2: Numerical fit to number of iterations $n_{0,opt}$ of equation \ref{['iter']} at which $P_{n_{0,opt}}=1$ given $d=10^{10}$ with initial condition $P_1 = P$, versus $P$.
• Figure 3: Numerical fit to the coefficient $c_d$ extracted by fitting equation \ref{['itermodel']} for different fixed $d$ and varying $P$ from $10^2$ up to $10^{160}$.
• Figure : Our Algorithm with $q$-Multiplied $\bm{v}$