Lower bounds of shortest vector lengths in random knapsack lattices and random NTRU lattices
نویسندگان
چکیده
Finding the shortest vector of a lattice is one of the most important problems in computational lattice theory. For a random lattice, one can estimate the length of the shortest vector using the Gaussian heuristic. However, no rigorous proof can be provided for some classes of lattices, as the Gaussian heuristic may not hold for them. In the paper we study two types of random lattices in cryptography: the knapsack lattices and the NTRU lattices. For random knapsack lattices, we prove lower bounds of shortest vector lengths, which are very close to lengths predicted by the Gaussian heuristic. For a random NTRU lattice, we prove that with a overwhelming probability, the ratio between the length of the shortest vector and the length of the target vector, which corresponds to the secret key, is at least a constant, independent of the dimension of the lattice. The main technique we use is the incompressibility method from the theory of Kolmogorov complexity.
منابع مشابه
Lower Bounds of Shortest Vector Lengths in Random NTRU Lattices
Finding the shortest vector of a lattice is one of the most important problems in computational lattice theory. For a random lattice, one can estimate the length of the shortest vector using the Gaussian heuristic. However, no rigorous proof can be provided for some classes of lattices, as the Gaussian heuristic may not hold for them. In this paper, we propose a general method to estimate lower...
متن کاملILTRU: An NTRU-Like Public Key Cryptosystem Over Ideal Lattices
In this paper we present a new NTRU-Like public key cryptosystem with security provably based on the worst case hardness of the approximate both Shortest Vector Problem (SVP) and Closest Vector Problem (CVP) in some structured lattices, called ideal lattices. We show how to modify the ETRU cryptosystem, an NTRU-Like public key cryptosystem based on the Eisenstein integers 3 [ ] where 3 is a...
متن کاملGeneralized Compact Knapsacks Are Collision Resistant
The generalized knapsack problem is the following: given m random elements a1, . . . , am in a ring R, and a target t ∈ R, find z1, . . . , zm ∈ D such that P aizi = t, where D is some fixed subset of R. In (Micciancio, FOCS 2002) it was proved that for appropriate choices of R and D, solving the generalized compact knapsack problem on the average is as hard as solving certain worst-case proble...
متن کاملDeterministic and Non-deterministic Basis Reduction Techniques for Ntru Lattices
Author: Daniel Socek Title: Deterministic and Non-Deterministic Basis Reduction Techniques for NTRU Lattices Institution: Florida Atlantic University Thesis Advisor: Dr. Spyros S. Magliveras Degree: Master of Science Year: 2002 Finding the shortest or a “short enough” vector in an integral lattice of substantial dimension is a difficult problem. The problem is not known to be but most people be...
متن کاملOn Nearly Orthogonal Lattice Bases and Random Lattices
We study lattice bases where the angle between any basis vector and the linear subspace spanned by the other basis vectors is at least π 3 radians; we denote such bases as “nearly orthogonal.” We show that a nearly orthogonal lattice basis always contains a shortest lattice vector. Moreover, we prove that if the basis vector lengths are “nearly equal,” then the basis is the unique nearly orthog...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2011 شماره
صفحات -
تاریخ انتشار 2011