New (and Old) Proof Systems for Lattice Problems

We continue the study of statistical zero-knowledge (SZK) proofs, both interactive and noninteractive, for computational problems on point lattices. We are particularly interested in the problem GapSPP of approximating the ε-smoothing parameter (for some ε < 1/2) of an n-dimensional lattice. The smoothing parameter is a key quantity in the study of lattices, and GapSPP has been emerging as a core problem in lattice-based cryptography, e.g., in worst-case to average-case reductions. We show that GapSPP admits SZK proofs for remarkably low approximation factors, improving on prior work by up to roughly √ n. Specifically: • There is a noninteractive SZK proof for O(log(n) √ log(1/ε))-approximate GapSPP. Moreover, for any negligible ε and a larger approximation factor Õ( √ n log(1/ε)), there is such a proof with an efficient prover. • There is an (interactive) SZK proof with an efficient prover for O(log n + √ log(1/ε)/ log n)approximate coGapSPP. We show this by proving that O(log n)-approximate GapSPP is in coNP. In addition, we give an (interactive) SZK proof with an efficient prover for approximating the lattice covering radius to within an O( √ n) factor, improving upon the prior best factor of ω( √ n log n). ∗Computer Science and Engineering, University of Michigan. Email: [email protected]. †Computer Science and Engineering, University of Michigan. Email: [email protected]. This material is based upon work supported by the National Science Foundation under CAREER Award CCF-1054495 and CNS-1606362, the Alfred P. Sloan Foundation, and by a Google Research Award. The views expressed are those of the authors and do not necessarily reflect the official policy or position of the National Science Foundation, the Sloan Foundation, or Google. ‡Courant Institute of Mathematical Sciences, New York University. Email: [email protected]. Supported by the National Science Foundation (NSF) under Grant No. CCF-1320188, and the Defense Advanced Research Projects Agency (DARPA) and Army Research Office (ARO) under Contract No. W911NF-15-C-0236. Part of this work was done while visiting the second author at the University of Michigan.