algorithms for the densest sublattice problem
play

Algorithms for the Densest Sublattice Problem Daniele Micciancio - PowerPoint PPT Presentation

May 24, 2023 •186 likes •1.06k views

Algorithms for the Densest Sublattice Problem Daniele Micciancio (UCSD) (Joint work with D. Dadush SODA 2013) January 2013 Daniele Micciancio Algorithms for the Densest Sublattice Problem (Point) Lattices Traditional area of mathematics

  1. Algorithms for the Densest Sublattice Problem Daniele Micciancio (UCSD) (Joint work with D. Dadush – SODA 2013) January 2013 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  2. (Point) Lattices Traditional area of mathematics ◦ ◦ ◦ Lagrange Gauss Minkowski Daniele Micciancio Algorithms for the Densest Sublattice Problem

  3. (Point) Lattices Traditional area of mathematics ◦ ◦ ◦ Lagrange Gauss Minkowski Key to many algorithmic applications Cryptanalysis (e.g., breaking low-exponent RSA) Coding Theory (e.g., wireless communications) Optimization (e.g., Integer Programming with fixed number of variables) Cryptography (e.g., Cryptographic functions from worst-case complexity assumptions, Fully Homomorphic Encryption) Daniele Micciancio Algorithms for the Densest Sublattice Problem

  4. Outline Daniele Micciancio Algorithms for the Densest Sublattice Problem

  5. Lattices: Definition e 1 e 2 The simplest lattice in n -dimensional space is the integer lattice Λ = Z n Daniele Micciancio Algorithms for the Densest Sublattice Problem

  6. Lattices: Definition b 1 e 1 b 2 e 2 The simplest lattice in Other lattices are obtained by n -dimensional space is the applying a linear transformation integer lattice Λ = B Z n ( B ∈ R d × n ) Λ = Z n Daniele Micciancio Algorithms for the Densest Sublattice Problem

  7. Lattice Determinant / Density b 1 e 1 b 2 e 2 Definition (Determinant) The determinant of a lattice is the volume of a fundamental region 1 det( B Z n ) = vol n ( B [0 , 1) n ) = density(Λ) Daniele Micciancio Algorithms for the Densest Sublattice Problem

  8. The Densest Sublattice Problem (DSP) Definition (Densest Sublattice Problem ( k -DSP)) Given a lattice Λ, find a k -dimensional sublattice Λ ′ ⊆ Λ that minimizes det(Λ ′ ). Daniele Micciancio Algorithms for the Densest Sublattice Problem

  9. The Densest Sublattice Problem (DSP) Definition (Densest Sublattice Problem ( k -DSP)) Given a lattice Λ, find a k -dimensional sublattice Λ ′ ⊆ Λ that minimizes det(Λ ′ ). Λ ′ = Λ ∩ S , dim( S ) = k Λ ′ = b Z and det(Λ ′ ) = � b � Daniele Micciancio Algorithms for the Densest Sublattice Problem

  10. The Densest Sublattice Problem (DSP) Definition (Densest Sublattice Problem ( k -DSP)) Given a lattice Λ, find a k -dimensional sublattice Λ ′ ⊆ Λ that minimizes det(Λ ′ ). Λ ′ = Λ ∩ S , dim( S ) = k Λ ′ = b Z and det(Λ ′ ) = � b � Small det ⇔ High density Daniele Micciancio Algorithms for the Densest Sublattice Problem

  11. The Densest Sublattice Problem (DSP) Definition (Densest Sublattice Problem ( k -DSP)) Given a lattice Λ, find a k -dimensional sublattice Λ ′ ⊆ Λ that minimizes det(Λ ′ ). Λ ′ = Λ ∩ S , dim( S ) = k Λ ′ = b Z and det(Λ ′ ) = � b � Small det ⇔ High density 1-DSP = SVP (Shortest Vector Problem) Daniele Micciancio Algorithms for the Densest Sublattice Problem

  12. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n b ∗ b 2 2 b ∗ 1 = b 1 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  13. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ b ∗ b 2 2 b ∗ 1 = b 1 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  14. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ Daniele Micciancio Algorithms for the Densest Sublattice Problem

  15. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ Any t can be efficiently rounded to v ∈ Λ Daniele Micciancio Algorithms for the Densest Sublattice Problem

  16. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ Any t can be efficiently rounded to v ∈ Λ � t − v � ≤ 1 i � b ∗ �� i � 2 2 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  17. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ Any t can be efficiently rounded to v ∈ Λ � t − v � ≤ 1 i � b ∗ �� i � 2 2 v solves CVP when � t − v � ≤ min � b ∗ i � / 2 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  18. Lattice rounding Gram-Schmidt orthogonalization B ∗ [0 , 1] n is also a fundamental region for Λ Any t can be efficiently rounded to v ∈ Λ � t − v � ≤ 1 i � b ∗ �� i � 2 2 v solves CVP when � t − v � ≤ min � b ∗ i � / 2 Lemma (Nearest Plane Algorithm [Babai 1986]) Rounding w.r.t B ∗ approximates CVP within √ n · max i � b ∗ i � min i � b ∗ i � Daniele Micciancio Algorithms for the Densest Sublattice Problem

  19. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Daniele Micciancio Algorithms for the Densest Sublattice Problem

  20. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Sort � b 1 � ≤ � b 2 � ≤ . . . ≤ � b n � Daniele Micciancio Algorithms for the Densest Sublattice Problem

  21. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Sort � b 1 � ≤ � b 2 � ≤ . . . ≤ � b n � Still, typically � b ∗ 1 � > � b ∗ 2 � > . . . > � b ∗ n � Daniele Micciancio Algorithms for the Densest Sublattice Problem

  22. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Sort � b 1 � ≤ � b 2 � ≤ . . . ≤ � b n � Still, typically � b ∗ 1 � > � b ∗ 2 � > . . . > � b ∗ n � This is unavoidable, even for k = 2, e.g., for “exagonal” lattice 2 � = � b 1 � 2 � b 1 � 2 � = � b 1 � · � b 1 � 2 det(Λ) ≤ γ 2 = √ ≈ 1 . 1547 � b ∗ � b 1 � · � b ∗ 3 Daniele Micciancio Algorithms for the Densest Sublattice Problem

  23. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Sort � b 1 � ≤ � b 2 � ≤ . . . ≤ � b n � Still, typically � b ∗ 1 � > � b ∗ 2 � > . . . > � b ∗ n � This is unavoidable, even for k = 2, e.g., for “exagonal” lattice 2 � = � b 1 � 2 � b 1 � 2 � = � b 1 � · � b 1 � 2 det(Λ) ≤ γ 2 = √ ≈ 1 . 1547 � b ∗ � b 1 � · � b ∗ 3 Minimizing � b 1 � / � b ∗ 2 � is equivalent to SVP Daniele Micciancio Algorithms for the Densest Sublattice Problem

  24. Basis reduction Definition (Basis reduction problem) Given a lattice, find a basis such that � b ∗ i � ≈ det(Λ) 1 / n , or, more generally, the � b ∗ i � do not decrease too quickly. Sort � b 1 � ≤ � b 2 � ≤ . . . ≤ � b n � Still, typically � b ∗ 1 � > � b ∗ 2 � > . . . > � b ∗ n � This is unavoidable, even for k = 2, e.g., for “exagonal” lattice 2 � = � b 1 � 2 � b 1 � 2 � = � b 1 � · � b 1 � 2 det(Λ) ≤ γ 2 = √ ≈ 1 . 1547 � b ∗ � b 1 � · � b ∗ 3 Minimizing � b 1 � / � b ∗ 2 � is equivalent to SVP Hemite constant: � 2 � � b 1 � γ n = sup inf = Θ( n ) det(Λ) 1 / n B Λ Daniele Micciancio Algorithms for the Densest Sublattice Problem

  25. LLL basis reduction algorithm Theorem (Lenstra, Lenstra, Lovasz (LLL) 1982) Every lattice has an efficiently computable basis such that i � for all i, and max i � b ∗ i � � b ∗ γ 2 · � b ∗ i � = 2 O ( n ) i +1 � ≥ ˜ min i � b ∗ Daniele Micciancio Algorithms for the Densest Sublattice Problem

  26. LLL basis reduction algorithm Theorem (Lenstra, Lenstra, Lovasz (LLL) 1982) Every lattice has an efficiently computable basis such that i � for all i, and max i � b ∗ i � � b ∗ γ 2 · � b ∗ i � = 2 O ( n ) i +1 � ≥ ˜ min i � b ∗ B = [ b 1 , . . . , b n ] Daniele Micciancio Algorithms for the Densest Sublattice Problem

  27. LLL basis reduction algorithm Theorem (Lenstra, Lenstra, Lovasz (LLL) 1982) Every lattice has an efficiently computable basis such that i � for all i, and max i � b ∗ i � � b ∗ γ 2 · � b ∗ i � = 2 O ( n ) i +1 � ≥ ˜ min i � b ∗ B = [ b 1 , . . . , b n ] Locally modify each 2-dim sublattice [ b i , b i +1 ] so � b ∗ i � is (almost) minimal Daniele Micciancio Algorithms for the Densest Sublattice Problem

  28. LLL basis reduction algorithm Theorem (Lenstra, Lenstra, Lovasz (LLL) 1982) Every lattice has an efficiently computable basis such that i � for all i, and max i � b ∗ i � � b ∗ γ 2 · � b ∗ i � = 2 O ( n ) i +1 � ≥ ˜ min i � b ∗ B = [ b 1 , . . . , b n ] Locally modify each 2-dim sublattice [ b i , b i +1 ] so � b ∗ i � is (almost) minimal LLL terminates because each local modification makes “progress” towards reducing the basis Daniele Micciancio Algorithms for the Densest Sublattice Problem

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Densest/Heaviest k -subgraph on Interval Graphs, Chordal Graphs and Planar Graphs Presented by

Densest/Heaviest k -subgraph on Interval Graphs, Chordal Graphs and Planar Graphs Presented by

Densest/Heaviest k -subgraph on Interval Graphs, Chordal Graphs and Planar Graphs Presented by Jian Li, Fudan University Mar 2007, HKUST May 8, 2006 1 / 25 Problem Definition: Densest k -Subgraph Problem(DS- k ): Input: G ( V, E ) , k > 0 .

398 views • 25 slides
CORE DECOMPOSITION AND DENSEST SUBGRAPH IN MULTILAYER NETWORKS CORE DECOMPOSITION AND DENSEST

CORE DECOMPOSITION AND DENSEST SUBGRAPH IN MULTILAYER NETWORKS CORE DECOMPOSITION AND DENSEST

E. GALIMBERTI, F. BONCHI, F. GULLO CORE DECOMPOSITION AND DENSEST SUBGRAPH IN MULTILAYER NETWORKS CORE DECOMPOSITION AND DENSEST SUBGRAPH IN MULTILAYER NETWORKS AGENDA Multilayer Networks Core Decomposition and Densest Subgraph

759 views • 27 slides
Whats the densest sphere packing in a million dimensions? Henry Cohn Microsoft Research New

Whats the densest sphere packing in a million dimensions? Henry Cohn Microsoft Research New

Whats the densest sphere packing in a million dimensions? Henry Cohn Microsoft Research New England Arnold Ross Lecture November 5, 2014 The sphere packing problem How densely can we pack identical spheres into space? Not allowed to

586 views • 41 slides
Hyperbolic Color Codes on Densest Tessellations Clarice Dias de Albuquerque (UFCA) Reginaldo

Hyperbolic Color Codes on Densest Tessellations Clarice Dias de Albuquerque (UFCA) Reginaldo

Hyperbolic Color Codes on Densest Tessellations Hyperbolic Color Codes on Densest Tessellations Clarice Dias de Albuquerque (UFCA) Reginaldo Palazzo Junior (UNICAMP) 27/07/2018 Hyperbolic Color Codes on Densest Tessellations Topological

545 views • 35 slides
Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem

Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem

Algorithms COSC 1010 Algorithms Algorithm - A clear specification of how to solve a problem E ff ective method: Measured in the resources solved in dependence of the size of the problem Time Memory Algorithms

477 views • 16 slides
The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V.

The Shortest Vector Problem (Lattice Reduction Algorithms) Approximation Algorithms by V. Vazirani, Chapter 27 - Problem statement, general discussion - Lattices: brief introduction - The Gauss algorithm in R 2 - Lower bound via

295 views • 13 slides
Two-step melting of three-sublattice order Kedar Damle, TIFR, Mumbai JNU-ICTP Workshop Feb 10

Two-step melting of three-sublattice order Kedar Damle, TIFR, Mumbai JNU-ICTP Workshop Feb 10

Two-step melting of three-sublattice order Kedar Damle, TIFR, Mumbai JNU-ICTP Workshop Feb 10 2015 Symmetry breaking transitions: Generalities Symmetry-breaking state characterized by long-range correlations of order-parameter O

764 views • 30 slides
Algorithms and Architecture 1 Introduction to Algorithms Alexandre David 1 Outline Notion

Algorithms and Architecture 1 Introduction to Algorithms Alexandre David 1 Outline Notion

Algorithms and Architecture 1 Introduction to Algorithms Alexandre David 1 Outline Notion of algorithms, GCD example. Algorithmic problem solving. Problem types. Sorting example. Numerical example. Analyzing algorithms.

333 views • 12 slides
BI G OH NOTATI ON Classification of Algorithms The running time of most algorithms is

BI G OH NOTATI ON Classification of Algorithms The running time of most algorithms is

BI G OH NOTATI ON Classification of Algorithms The running time of most algorithms is proportional to one of the following functions : instructions run only once constant solve a big problem by log N transforming it into a smaller problem

476 views • 8 slides
CARLA HST Results OR THE HST GRISM CONFIRMATION RESULTS OF THE 20 DENSEST CARLA CANDIDATE

CARLA HST Results OR THE HST GRISM CONFIRMATION RESULTS OF THE 20 DENSEST CARLA CANDIDATE

CARLA HST Results OR THE HST GRISM CONFIRMATION RESULTS OF THE 20 DENSEST CARLA CANDIDATE CLUSTERS AT 1.4<z<2.8 Gal Noirot +the CARLA Collaboration Daniel Stern, Jol Vernet, Carlos De Breuck, Simona Mei, Audrey Galametz, Dominika

311 views • 18 slides
Algorithms Theory Algorithms Theory 13 13 Bin Packing Bi P ki P.D. Dr. Alexander Souza

Algorithms Theory Algorithms Theory 13 13 Bin Packing Bi P ki P.D. Dr. Alexander Souza

Algorithms Theory Algorithms Theory 13 13 Bin Packing Bi P ki P.D. Dr. Alexander Souza Winter term 11/12 Bin packing 1. Problem definition and general observations 2 Approximation algorithms for the online bin packing problem 2.

148 views • 12 slides
Using Genetic Algorithms to solve the Minimum Labeling Spanning Tree Problem MLST; problem

Using Genetic Algorithms to solve the Minimum Labeling Spanning Tree Problem MLST; problem

Using Genetic Algorithms to solve the Minimum Labeling Spanning Tree Problem MLST; problem set-up Genetic Algorithms Oliver Rourke, oliverr@umd.edu MLST: GA Advisor: Dr Bruce L. Golden, bgolden@rhsmith.umd.edu MLST: GA++ R. H. Smith

479 views • 47 slides
Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr

Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr

Context Low-qubits k -xor algorithms k -xor algorithms with qRAM Quantum Algorithms for the k -xor Problem Lorenzo Grassi 1 , Mara Naya-Plasencia 2 , Andr Schrottenloher 2 1 IAIK, Graz University of Technology, Austria 2 Inria, France December

428 views • 24 slides
densest packings with congruent copies of a convex body (Part 2) David de Laat (TU Delft)

densest packings with congruent copies of a convex body (Part 2) David de Laat (TU Delft)

Computing upper bounds for densest packings with congruent copies of a convex body (Part 2) David de Laat (TU Delft) Fernando Oliveira (FU Berlin Universidade de S ao Paulo) Frank Vallentin (Universit at zu K oln) Second ERC

765 views • 31 slides
Top-Down Approach to Algorithms Understanding Algorithms Amtoft (Howell) Introduction Sorting

Top-Down Approach to Algorithms Understanding Algorithms Amtoft (Howell) Introduction Sorting

Top-Down Approach to Algorithms Understanding Algorithms Amtoft (Howell) Introduction Sorting Reduction: Solve a problem by using a solution to a Maximum Subsequence Sum simpler problem. Top-Down Approach to Algorithms Understanding

621 views • 35 slides
Algorithms Software Development Method 1. Specify the problem requirements 2. Analyze the

Algorithms Software Development Method 1. Specify the problem requirements 2. Analyze the

Algorithms Software Development Method 1. Specify the problem requirements 2. Analyze the problem 3. Design the algorithm to solve the problem 4. Implement the algorithm 5. Test and verify the completed program 6. Maintain and update the

497 views • 13 slides
Three strategies for the dead-zone string matching algorithm J. Daykin, R. Groult, Y. Guesnet, T.

Three strategies for the dead-zone string matching algorithm J. Daykin, R. Groult, Y. Guesnet, T.

Three strategies for the dead-zone string matching algorithm J. Daykin, R. Groult, Y. Guesnet, T. Lecroq, A. Lefebvre, M. eonard, L. Mouchard, L E. Prieur-Gaston and B. Watson SeqBio 2018 19 20 November 2018 Rouen, France

702 views • 44 slides
MA/CSSE 473 Day 26 String Search Horspool Boyer-Moore MA/CSSE 473 Day 26 Tomorrow!

MA/CSSE 473 Day 26 String Search Horspool Boyer-Moore MA/CSSE 473 Day 26 Tomorrow!

MA/CSSE 473 Day 26 String Search Horspool Boyer-Moore MA/CSSE 473 Day 26 Tomorrow! Take-home exam available by Oct 29 (Friday) at 9:55 AM, due Nov 1 (Monday) at 8 AM. Student Questions Horspool string search algorithm

390 views • 9 slides
String Matching: Boyer-Moore Algorithm Greg Plaxton Theory in Programming Practice, Fall 2005

String Matching: Boyer-Moore Algorithm Greg Plaxton Theory in Programming Practice, Fall 2005

String Matching: Boyer-Moore Algorithm Greg Plaxton Theory in Programming Practice, Fall 2005 Department of Computer Science University of Texas at Austin The (Exact) String Matching Problem Given a text string t and a pattern string p ,

407 views • 19 slides
A Method for Companionability, Applied to Group Actions and Valuations with Aye Berkman and

A Method for Companionability, Applied to Group Actions and Valuations with Aye Berkman and

A Method for Companionability, Applied to Group Actions and Valuations with Aye Berkman and with zlem Beyarslan, Daniel Max Hoffmann, and Gnen Onay David Pierce Mimar Sinan Gzel Sanatlar niversitesi, stanbul Delphi, July,

243 views • 12 slides
The Eight-Point Algorithm COMPSCI 527 Computer Vision COMPSCI 527 Computer Vision The

The Eight-Point Algorithm COMPSCI 527 Computer Vision COMPSCI 527 Computer Vision The

The Eight-Point Algorithm COMPSCI 527 Computer Vision COMPSCI 527 Computer Vision The Eight-Point Algorithm 1 / 17 Outline 1 Summary: The Epipolar Constraint 2 The Eight-Point Algorithm: t , R 3 Triangulation: P m 4 Bundle Adjustment

579 views • 17 slides
Construction Algorithms for (Polynomial) Lattice Points Peter Kritzer Johann Radon Institute for

Construction Algorithms for (Polynomial) Lattice Points Peter Kritzer Johann Radon Institute for

Construction Algorithms for (Polynomial) Lattice Points Peter Kritzer Johann Radon Institute for Computational and Applied Mathematics (RICAM) Austrian Academy of Sciences Joint work with J. Dick, A. Ebert, G. Leobacher, D. Nuyens, O.O.

561 views • 55 slides
Relativistic Effects Relativistic Bit . . . Can Keep Data Secret: Relativistic Bit . . . Why

Relativistic Effects Relativistic Bit . . . Can Keep Data Secret: Relativistic Bit . . . Why

Computer Security . . . Computer Security . . . Main Idea Newtonian . . . Relativistic Effects Relativistic Bit . . . Can Keep Data Secret: Relativistic Bit . . . Why This Works A Simple Scheme Limitations of This . . . Second Algorithm

356 views • 13 slides
COMP 3403 Algorithm Analysis Part 3 Chapters 6 7 Jim Diamond CAR 409 Jodrey School

COMP 3403 Algorithm Analysis Part 3 Chapters 6 7 Jim Diamond CAR 409 Jodrey School

COMP 3403 Algorithm Analysis Part 3 Chapters 6 7 Jim Diamond CAR 409 Jodrey School of Computer Science Acadia University Chapter 6 Transform-and-Conquer Jim Diamond, Jodrey School of Computer Science, Acadia University Chapter 6

558 views • 36 slides

More recommend