On the Hardness of the Shortest Vector

An n-dimensional lattice is the set of all integral linear combinations of n linearly independent vectors in R m. One of the most studied algorithmic problems on lattices is the shortest vector problem (SVP): given a lattice, nd the shortest non-zero vector in it. We prove that the shortest vector problem is NP-hard (for randomized reductions) to approximate within some constant factor greater than 1 in any l p norm (p 1). In particular, we prove the NP-hardness of approximating SVP in the Eu-clidean norm l 2 within any factor less than p 2. The same NP-hardness results hold for deterministic non-uniform reductions. A deterministic uniform reduction is also given under a reasonable number theoretic conjecture concerning the distribution of smooth numbers. In proving the NP-hardness of SVP we develop a number of technical tools that might be of independent interest. In particular, a lattice packing is constructed with the property that the number of unit spheres contained in an n-dimensional ball of radius greater than 1 + p 2 grows exponentially in n, and a new constructive version of Sauer's lemma (a combinatorial result somehow related to the notion of VC-dimension) is presented, considerably simplifying all previously known constructions. Acknowledgments First and foremost I'd like to thank Shaa Goldwasser, my thesis supervisor. Needless to say, this work would have hardly been possible without her continuous help and encouragement in both technical and non-technical matters. I would especially like to thank her for the enthusiasm she succeeded in transmitting to me at a point when I wasn't even sure I wanted to pursue a PhD degree in computer science. A special thanks also to my thesis readers, Oded Goldreich and Madhu Sudan, for the many hours they spent with me discussing both the content and the form of this thesis. I am the only one to blame for possible errors and inaccuracies in this thesis, but if any merit is there, I'd like to share it with them (and Shaa of course). Thanks to all the members of the Theory of Computation group at MIT and the Cryptography and Information Security group in particular for providing such an exiting environment to work in. Thanks to my ooce mate Tal Malkin for time-sharing the ooce during these last few years. Although we mostly worked on diierent time shifts, it was nice to meet her early in the morning or late at …