The closest vector problem in tensored root lattices of type A and in their duals

In this work we consider the closest vector problem (CVP) —a problem also known as maximum-likelihood decoding— in the tensor of two root lattices of type A (Am⊗An), as well as in their duals (Am⊗An). This problem is mainly motivated by lattice based cryptography, where the cyclotomic rings Z[ζc] (resp. its co-different Z[ζc]) play a central role, and turn out to be isomorphic as lattices to tensors of A∗ lattices (resp. A root lattices). In particular, our results lead to solving CVP in Z[ζc] and in Z[ζc] for conductors of the form c = 2pq for any two odd primes p, q. For the primal case Am⊗An, we provide a full characterization of the Voronoi region in terms of simple cycles in the complete directed bipartite graphKm+1,n+1. This leads —relying on the Bellman-Ford algorithm for negative cycle detection— to a CVP algorithm running in polynomial time. Precisely, our algorithm performs O(l mn min{m,n}) operations on reals, where l is the number of bits per coordinate of the input target. For the dual case, we use a gluing-construction to solve CVP in sub-exponential time O(nm).