Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Worst--Case to Average--Case Reductions for SIS over integers

Konstantinos A. Draziotis, Myrto Eleftheria Gkogkou

Abstract

In the present paper we study a non-modular variant of the Short Integer Solution problem over the integers. Given a random matrix $A \in \mathbb{Z}^{n\times m}$ with entries $a_{ij}$ such that $0\le a_{ij}< Q,$ for some $Q>0,$ the goal is to find a nonzero vector ${\bf x}\in\mathbb{Z}^m$ such that $A{\bf x}={\bf 0}$ and $\|{\bf x}\|_\infty \le β,$ for a given bound $β.$ We show that an algorithm that solves random instances of this problem with non-negligible probability yields a polynomial-time algorithm for approximating $\mathrm{SIVP}$ within a factor $\widetilde{O}(n^{3/2})$ (with $\ell_2$ norm) in the worst case for any $n-$dimensional integer lattice.

Worst--Case to Average--Case Reductions for SIS over integers

Abstract

In the present paper we study a non-modular variant of the Short Integer Solution problem over the integers. Given a random matrix with entries such that for some the goal is to find a nonzero vector such that and for a given bound We show that an algorithm that solves random instances of this problem with non-negligible probability yields a polynomial-time algorithm for approximating within a factor (with norm) in the worst case for any dimensional integer lattice.
Paper Structure (16 sections, 25 theorems, 97 equations, 1 algorithm)

This paper contains 16 sections, 25 theorems, 97 equations, 1 algorithm.

Table of Contents

  1. Introduction
  2. Our Contribution
  3. Related Work
  4. Roadmap
  5. Preliminaries
  6. Notation
  7. Lattices
  8. Definition of ${\rm{SIS}}_{\mathbb{Z}}$
  9. $SIS_{\mathbb{Z}}$ and $SIS_q$
  10. Some basic lemmata
  11. Gaussian distribution
  12. Discrete Gaussian
  13. Smoothing parameter
  14. Siegel's constant
  15. Solving ${\rm{SIVP}}_{\tilde{O}(n^{1.5})}$ with an ${\rm{SIS}}_{\mathbb{Z}}$-oracle ${\mathcal{O}}$
  16. ...and 1 more sections

Key Result

Theorem 1.1

For an integer $m = O(n^2)$, if there exists a polynomial-time probabilistic algorithm that solves $\ell_{\infty}-{\rm{SIS}}_{\mathbb{Z}}$ for uniformly random $A \in {\mathcal{C}}_Q^{n\times m}$ ($Q$ is a positive integer, ${\mathcal{C}}_Q=\{0,1,...,Q-1\})$, then the SIVP problem can be approximate

Theorems & Definitions (61)

  • Theorem 1.1
  • Definition 2.1
  • Definition 2.2
  • Definition 2.3
  • Definition 2.4
  • Lemma 2.5
  • proof
  • Definition 2.6
  • Definition 2.7: Lifting property $(LP)$
  • Lemma 2.8: Sufficient condition for $(LP)$
  • ...and 51 more