### Abstract

Let p > 1 be any fixed real. We show that assuming NP ⊈ RP, there is no polynomial time algorithm that approximates the Shortest Vector Problem (SVP) in ℓ
_{p} norm within a constant factor. Under the stronger assumption NP ⊈ RTIME(2
^{poly(log n)}), we show that there is no polynomial-time algorithm with approximation ratio 2
^{(log n)}
^{1/2-ε} where n is the dimension of the lattice and ε > 0 is an arbitrarily small constant. We first give a new (randomized) reduction from Closest Vector Problem (CVP) to SVP that achieves some constant factor hardness. The reduction is based on BCH Codes. Its advantage is that the SVP instances produced by the reduction behave well under the augmented tensor product, a new variant of tensor product that we introduce. This enables us to boost the hardness factor to 2
^{(log n)1/2-ε}.

Original language | English (US) |
---|---|

Pages (from-to) | 789-808 |

Number of pages | 20 |

Journal | Journal of the ACM |

Volume | 52 |

Issue number | 5 |

DOIs | |

State | Published - Sep 2005 |

### Fingerprint

### Keywords

- Approximation algorithms
- Cryptography
- Hardness of approximation
- Lattices
- Shortest vector problem

### ASJC Scopus subject areas

- Hardware and Architecture
- Information Systems
- Computer Graphics and Computer-Aided Design
- Software
- Theoretical Computer Science
- Computational Theory and Mathematics

### Cite this

**Hardness of approximating the shortest vector problem in lattices.** / Khot, Subhash.

Research output: Contribution to journal › Article

*Journal of the ACM*, vol. 52, no. 5, pp. 789-808. https://doi.org/10.1145/1089023.1089027

}

TY - JOUR

T1 - Hardness of approximating the shortest vector problem in lattices

AU - Khot, Subhash

PY - 2005/9

Y1 - 2005/9

N2 - Let p > 1 be any fixed real. We show that assuming NP ⊈ RP, there is no polynomial time algorithm that approximates the Shortest Vector Problem (SVP) in ℓ p norm within a constant factor. Under the stronger assumption NP ⊈ RTIME(2 poly(log n)), we show that there is no polynomial-time algorithm with approximation ratio 2 (log n) 1/2-ε where n is the dimension of the lattice and ε > 0 is an arbitrarily small constant. We first give a new (randomized) reduction from Closest Vector Problem (CVP) to SVP that achieves some constant factor hardness. The reduction is based on BCH Codes. Its advantage is that the SVP instances produced by the reduction behave well under the augmented tensor product, a new variant of tensor product that we introduce. This enables us to boost the hardness factor to 2 (log n)1/2-ε.

AB - Let p > 1 be any fixed real. We show that assuming NP ⊈ RP, there is no polynomial time algorithm that approximates the Shortest Vector Problem (SVP) in ℓ p norm within a constant factor. Under the stronger assumption NP ⊈ RTIME(2 poly(log n)), we show that there is no polynomial-time algorithm with approximation ratio 2 (log n) 1/2-ε where n is the dimension of the lattice and ε > 0 is an arbitrarily small constant. We first give a new (randomized) reduction from Closest Vector Problem (CVP) to SVP that achieves some constant factor hardness. The reduction is based on BCH Codes. Its advantage is that the SVP instances produced by the reduction behave well under the augmented tensor product, a new variant of tensor product that we introduce. This enables us to boost the hardness factor to 2 (log n)1/2-ε.

KW - Approximation algorithms

KW - Cryptography

KW - Hardness of approximation

KW - Lattices

KW - Shortest vector problem

UR - http://www.scopus.com/inward/record.url?scp=27344453570&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=27344453570&partnerID=8YFLogxK

U2 - 10.1145/1089023.1089027

DO - 10.1145/1089023.1089027

M3 - Article

AN - SCOPUS:27344453570

VL - 52

SP - 789

EP - 808

JO - Journal of the ACM

JF - Journal of the ACM

SN - 0004-5411

IS - 5

ER -