Worst-case to average-case reductions based on Gaussian measures

Daniele Micciancio, Oded Regev

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

We show that solving modular linear equation on the average is at least as hard as approximating several lattice problems in the worst case within a factor almost linear in the rank of the lattice. The lattice problems we consider are the shortest vector problem, the shortest independent vectors problem and the covering radius problem. The approximation factor we obtain is Õ(n) for all three problems. This greatly improves on all previous work on the subject starting from Ajtai's seminal paper (STOC, 1996), up to the strongest previously known results by Micciancio (STOC, 2002). Our results also bring us closer to the limit where the problems are no longer known to be in NP ∩ coNP. Our main tools are Gaussian measures on lattices and the high dimensional Fourier transform. We start by defining a new lattice parameter which determines the amount of Gaussian noise that one has to add to a lattice in order to get close to a uniform distribution. In addition to yielding quantitatively much stronger results, the use of this parameter allows us to simplify many of the complications in previous work. Our technical contributions are two-fold. First, we show tight connections between this new parameter and existing lattice parameters. One such important connection is between this parameter and the length of the shortest set of linearly independent vectors. Second, we prove that the distribution that one obtains after adding Gaussian noise to the lattice has the following interesting property: the distribution of the noise vector when conditioning on the final value behaves in many respects like the original Gaussian noise vector. In particular, its moments remain essentially unchanged.

Original languageEnglish (US)
Title of host publicationProceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS
Pages372-381
Number of pages10
StatePublished - 2004
EventProceedings - 45th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2004 - Rome, Italy
Duration: Oct 17 2004Oct 19 2004

Other

OtherProceedings - 45th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2004
CountryItaly
CityRome
Period10/17/0410/19/04

Fingerprint

Lattice constants
Linear equations
Fourier transforms

ASJC Scopus subject areas

  • Engineering(all)

Cite this

Micciancio, D., & Regev, O. (2004). Worst-case to average-case reductions based on Gaussian measures. In Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS (pp. 372-381)

Worst-case to average-case reductions based on Gaussian measures. / Micciancio, Daniele; Regev, Oded.

Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS. 2004. p. 372-381.

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Micciancio, D & Regev, O 2004, Worst-case to average-case reductions based on Gaussian measures. in Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS. pp. 372-381, Proceedings - 45th Annual IEEE Symposium on Foundations of Computer Science, FOCS 2004, Rome, Italy, 10/17/04.
Micciancio D, Regev O. Worst-case to average-case reductions based on Gaussian measures. In Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS. 2004. p. 372-381
Micciancio, Daniele ; Regev, Oded. / Worst-case to average-case reductions based on Gaussian measures. Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS. 2004. pp. 372-381
@inproceedings{65b6040dfc4b43fe85bb26ce1f421e89,
title = "Worst-case to average-case reductions based on Gaussian measures",
abstract = "We show that solving modular linear equation on the average is at least as hard as approximating several lattice problems in the worst case within a factor almost linear in the rank of the lattice. The lattice problems we consider are the shortest vector problem, the shortest independent vectors problem and the covering radius problem. The approximation factor we obtain is {\~O}(n) for all three problems. This greatly improves on all previous work on the subject starting from Ajtai's seminal paper (STOC, 1996), up to the strongest previously known results by Micciancio (STOC, 2002). Our results also bring us closer to the limit where the problems are no longer known to be in NP ∩ coNP. Our main tools are Gaussian measures on lattices and the high dimensional Fourier transform. We start by defining a new lattice parameter which determines the amount of Gaussian noise that one has to add to a lattice in order to get close to a uniform distribution. In addition to yielding quantitatively much stronger results, the use of this parameter allows us to simplify many of the complications in previous work. Our technical contributions are two-fold. First, we show tight connections between this new parameter and existing lattice parameters. One such important connection is between this parameter and the length of the shortest set of linearly independent vectors. Second, we prove that the distribution that one obtains after adding Gaussian noise to the lattice has the following interesting property: the distribution of the noise vector when conditioning on the final value behaves in many respects like the original Gaussian noise vector. In particular, its moments remain essentially unchanged.",
author = "Daniele Micciancio and Oded Regev",
year = "2004",
language = "English (US)",
pages = "372--381",
booktitle = "Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS",

}

TY - GEN

T1 - Worst-case to average-case reductions based on Gaussian measures

AU - Micciancio, Daniele

AU - Regev, Oded

PY - 2004

Y1 - 2004

N2 - We show that solving modular linear equation on the average is at least as hard as approximating several lattice problems in the worst case within a factor almost linear in the rank of the lattice. The lattice problems we consider are the shortest vector problem, the shortest independent vectors problem and the covering radius problem. The approximation factor we obtain is Õ(n) for all three problems. This greatly improves on all previous work on the subject starting from Ajtai's seminal paper (STOC, 1996), up to the strongest previously known results by Micciancio (STOC, 2002). Our results also bring us closer to the limit where the problems are no longer known to be in NP ∩ coNP. Our main tools are Gaussian measures on lattices and the high dimensional Fourier transform. We start by defining a new lattice parameter which determines the amount of Gaussian noise that one has to add to a lattice in order to get close to a uniform distribution. In addition to yielding quantitatively much stronger results, the use of this parameter allows us to simplify many of the complications in previous work. Our technical contributions are two-fold. First, we show tight connections between this new parameter and existing lattice parameters. One such important connection is between this parameter and the length of the shortest set of linearly independent vectors. Second, we prove that the distribution that one obtains after adding Gaussian noise to the lattice has the following interesting property: the distribution of the noise vector when conditioning on the final value behaves in many respects like the original Gaussian noise vector. In particular, its moments remain essentially unchanged.

AB - We show that solving modular linear equation on the average is at least as hard as approximating several lattice problems in the worst case within a factor almost linear in the rank of the lattice. The lattice problems we consider are the shortest vector problem, the shortest independent vectors problem and the covering radius problem. The approximation factor we obtain is Õ(n) for all three problems. This greatly improves on all previous work on the subject starting from Ajtai's seminal paper (STOC, 1996), up to the strongest previously known results by Micciancio (STOC, 2002). Our results also bring us closer to the limit where the problems are no longer known to be in NP ∩ coNP. Our main tools are Gaussian measures on lattices and the high dimensional Fourier transform. We start by defining a new lattice parameter which determines the amount of Gaussian noise that one has to add to a lattice in order to get close to a uniform distribution. In addition to yielding quantitatively much stronger results, the use of this parameter allows us to simplify many of the complications in previous work. Our technical contributions are two-fold. First, we show tight connections between this new parameter and existing lattice parameters. One such important connection is between this parameter and the length of the shortest set of linearly independent vectors. Second, we prove that the distribution that one obtains after adding Gaussian noise to the lattice has the following interesting property: the distribution of the noise vector when conditioning on the final value behaves in many respects like the original Gaussian noise vector. In particular, its moments remain essentially unchanged.

UR - http://www.scopus.com/inward/record.url?scp=17744363914&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=17744363914&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:17744363914

SP - 372

EP - 381

BT - Proceedings - Annual IEEE Symposium on Foundations of Computer Science, FOCS

ER -