on the quantitative hardness of cvp
play

On the Quantitative Hardness of CVP Huck Bennett, Alexander - PowerPoint PPT Presentation

Feb 11, 2024 •209 likes •1.05k views

On the Quantitative Hardness of CVP Huck Bennett, Alexander Golovnev, Noah Stephens-Davidowitz NYCAC 2017 Outline Closest Vector Problem Applications Hardness Isolating Parallelepipeds The Closest Vector Problem n is the rank

  1. On the Quantitative Hardness of CVP Huck Bennett, Alexander Golovnev, Noah Stephens-Davidowitz NYCAC 2017

  2. Outline ■ Closest Vector Problem ■ Applications ■ Hardness ■ Isolating Parallelepipeds

  3. The Closest Vector Problem

  4. n is the rank of , d is the (ambient) dimension Lattice ■ A lattice L is the set of all integer combinations of linearly independent basis vectors ⃗ b 1 , . . . ,⃗ b n ∈ R d n { } L = L ( ⃗ b 1 , . . . ,⃗ z i ⃗ ∑ b n ) := b i : z i ∈ Z i = 1

  5. Lattice ■ A lattice L is the set of all integer combinations of linearly independent basis vectors ⃗ b 1 , . . . ,⃗ b n ∈ R d n { } L = L ( ⃗ b 1 , . . . ,⃗ z i ⃗ ∑ b n ) := b i : z i ∈ Z i = 1 ■ n is the rank of L , d is the (ambient) dimension

  6. Lattice. Example b 1 b 2

  7. Lattice. Example b 1 b 1 + b 2 b 2

  8. Lattice. Example 2 b 1 + b 2 b 1 b 1 + b 2 b 2

  9. Lattice. Example 2 b 1 + b 2 b 1 b 1 + b 2 b 2

  10. Lattice. Example 2 b 1 + b 2 b 1 t b 1 + b 2 b 2

  11. Lattice. Example 2 b 1 + b 2 b 1 t b 1 + b 2 b 2

  12. Lattice. Example b 1 b 2

  13. Lattice. Example b 1 t b 2

  14. Lattice. Example b 1 t b 2

  15. Distance is defjned in terms of the p norm; for 1 p : p p p 1 p x p x 1 x 2 x d for p : x 1 i d x i CVP p —Closest Vector Problem in the p norm Closest Vector Problem ■ Given a basis for a L ⊂ R d and a target t ∈ R d , compute the distance from t to L

  16. CVP p —Closest Vector Problem in the p norm Closest Vector Problem ■ Given a basis for a L ⊂ R d and a target t ∈ R d , compute the distance from t to L ■ Distance is defjned in terms of the ℓ p norm; for 1 ≤ p < ∞ : x ∥ p := ( | x 1 | p + | x 2 | p + · · · + | x d | p ) 1 / p ∥ ⃗ for p = ∞ : x ∥ ∞ := max 1 ≤ i ≤ d | x i | ∥ ⃗

  17. Closest Vector Problem ■ Given a basis for a L ⊂ R d and a target t ∈ R d , compute the distance from t to L ■ Distance is defjned in terms of the ℓ p norm; for 1 ≤ p < ∞ : x ∥ p := ( | x 1 | p + | x 2 | p + · · · + | x d | p ) 1 / p ∥ ⃗ for p = ∞ : x ∥ ∞ := max 1 ≤ i ≤ d | x i | ∥ ⃗ ■ CVP p —Closest Vector Problem in the ℓ p norm

  18. Applications

  19. Integer Programming [Len83,Kan87,DPV11] Cryptanalysis [Odl90,JS98,NS01] Applications ■ Factoring polynomials over the rationals [LLL’82]

  20. Cryptanalysis [Odl90,JS98,NS01] Applications ■ Factoring polynomials over the rationals [LLL’82] ■ Integer Programming [Len83,Kan87,DPV11]

  21. Applications ■ Factoring polynomials over the rationals [LLL’82] ■ Integer Programming [Len83,Kan87,DPV11] ■ Cryptanalysis [Odl90,JS98,NS01]

  22. Effjciency, Parallelism, Simplicity Worst-Case Hardness Proofs Powerful Cryptography: FHE, ABE About to be Deployed Lattice-Based Cryptography ■ Conjectured Quantum Security

  23. Worst-Case Hardness Proofs Powerful Cryptography: FHE, ABE About to be Deployed Lattice-Based Cryptography ■ Conjectured Quantum Security ■ Effjciency, Parallelism, Simplicity

  24. Powerful Cryptography: FHE, ABE About to be Deployed Lattice-Based Cryptography ■ Conjectured Quantum Security ■ Effjciency, Parallelism, Simplicity ■ Worst-Case Hardness Proofs

  25. About to be Deployed Lattice-Based Cryptography ■ Conjectured Quantum Security ■ Effjciency, Parallelism, Simplicity ■ Worst-Case Hardness Proofs ■ Powerful Cryptography: FHE, ABE

  26. Lattice-Based Cryptography ■ Conjectured Quantum Security ■ Effjciency, Parallelism, Simplicity ■ Worst-Case Hardness Proofs ■ Powerful Cryptography: FHE, ABE ■ About to be Deployed

  27. Real Life Cryptography

  28. Real Life Cryptography

  29. Real Life Cryptography

  30. Hardness

  31. CVP 2 can be solved in 2 n o n time [ADS15] Cryptographic applications require quantitative hardness of CVP [ADPS16,BCD+16,NIS16]: a 2 n 20 -time algorithm would break these schemes in practice Hardness of CVP ■ CVP p is NP-hard for every 1 ≤ p ≤ ∞ [vEB81]

  32. Cryptographic applications require quantitative hardness of CVP [ADPS16,BCD+16,NIS16]: a 2 n 20 -time algorithm would break these schemes in practice Hardness of CVP ■ CVP p is NP-hard for every 1 ≤ p ≤ ∞ [vEB81] ■ CVP 2 can be solved in 2 n + o ( n ) time [ADS15]

  33. Hardness of CVP ■ CVP p is NP-hard for every 1 ≤ p ≤ ∞ [vEB81] ■ CVP 2 can be solved in 2 n + o ( n ) time [ADS15] ■ Cryptographic applications require quantitative hardness of CVP [ADPS16,BCD+16,NIS16]: a 2 n / 20 -time algorithm would break these schemes in practice

  34. n Boolean vars, m clauses, clause length k SETH [IP99]. There exists a constant k : no algorithm solves k -SAT in 2 0 99 n time Goal: Reduce k -SAT on n vars to CVP on a rank- n lattice k -SAT ■ ( x 1 ∨ ¬ x 2 ∨ . . . ∨ x k ) ∧ . . . ∧ ( x 7 ∨ ¬ x 4 ∨ . . . ∨ x 3 )

  35. SETH [IP99]. There exists a constant k : no algorithm solves k -SAT in 2 0 99 n time Goal: Reduce k -SAT on n vars to CVP on a rank- n lattice k -SAT ■ ( x 1 ∨ ¬ x 2 ∨ . . . ∨ x k ) ∧ . . . ∧ ( x 7 ∨ ¬ x 4 ∨ . . . ∨ x 3 ) ■ n Boolean vars, m clauses, clause length ≤ k

  36. Goal: Reduce k -SAT on n vars to CVP on a rank- n lattice k -SAT ■ ( x 1 ∨ ¬ x 2 ∨ . . . ∨ x k ) ∧ . . . ∧ ( x 7 ∨ ¬ x 4 ∨ . . . ∨ x 3 ) ■ n Boolean vars, m clauses, clause length ≤ k ■ SETH [IP99]. There exists a constant k : no algorithm solves k -SAT in 2 0 . 99 n time

  37. k -SAT ■ ( x 1 ∨ ¬ x 2 ∨ . . . ∨ x k ) ∧ . . . ∧ ( x 7 ∨ ¬ x 4 ∨ . . . ∨ x 3 ) ■ n Boolean vars, m clauses, clause length ≤ k ■ SETH [IP99]. There exists a constant k : no algorithm solves k -SAT in 2 0 . 99 n time ■ Goal: Reduce k -SAT on n vars to CVP on a rank- n lattice

  38. A Very Special Case: 2 -SAT x 1 x 2 x n − 1 x n · · · x 1 2 α 0 0 0 · · · α x 2 0 2 α 0 0 · · · α . . . . ... . . . . . . . 0 0 . x n 0 0 0 2 α · · · α C 1 = ( x 1 ∨ x 2 ) 2 2 0 0 3 · · · C 2 = ( x 1 ∨ x n ) 2 0 0 2 3 · · · . . . . . . ... . . . . . . . . . . . . C m = ( x n − 1 ∨ x n ) 0 0 2 2 3 · · ·

  39. A Very Special Case: 2 -SAT x 1 x 2 x n − 1 x n · · · x 1 2 α 0 0 0 · · · α x 2 0 2 α 0 0 · · · α . . . . ... . . . . . . . 0 0 . x n 0 0 0 2 α · · · α C 1 = ( x 1 ∨ x 2 ) 2 2 0 0 3 · · · C 2 = ( x 1 ∨ x n ) 2 0 0 2 3 · · · . . . . . . ... . . . . . . . . . . . . C m = ( x n − 1 ∨ x n ) 0 0 2 2 3 · · ·

  40. A Very Special Case: 2 -SAT x 1 x 2 x n − 1 x n · · · x 1 2 α 0 0 0 · · · α x 2 0 2 α 0 0 · · · α . . . . ... . . . . . . . 0 0 . x n 0 0 0 2 α · · · α C 1 = ( x 1 ∨ x 2 ) 2 2 0 0 3 · · · C 2 = ( x 1 ∨ x n ) 2 0 0 2 3 · · · . . . . . . ... . . . . . . . . . . . . C m = ( x n − 1 ∨ x n ) 0 0 2 2 3 · · ·

  41. 0 1 n , If x fjrst n lines give p distance n 0 1 n , If x distance is p n 1 A Very Special Case: 2 -SAT. Proof x 1 x 2 x n − 1 x n · · · 2 α 0 0 0 · · · α α is very large 0 2 α 0 0 · · · α . . . ... . . . . . 0 0 . 0 0 0 2 α · · · α 2 2 0 0 3 · · · 2 0 0 2 3 · · · . . . . . ... . . . . . . . . . . 0 0 2 2 3 · · ·

  42. 0 1 n , If x distance is p n 1 A Very Special Case: 2 -SAT. Proof x 1 x 2 x n − 1 x n · · · 2 α 0 0 0 · · · α α is very large 0 2 α 0 0 · · · α If x ∈ { 0 , 1 } n , . . . ... . . . . . 0 0 . fjrst n lines give 0 0 0 2 α · · · α distance n α p 2 2 0 0 3 · · · 2 0 0 2 3 · · · . . . . . ... . . . . . . . . . . 0 0 2 2 3 · · ·

  43. A Very Special Case: 2 -SAT. Proof x 1 x 2 x n − 1 x n · · · 2 α 0 0 0 · · · α α is very large 0 2 α 0 0 · · · α If x ∈ { 0 , 1 } n , . . . ... . . . . . 0 0 . fjrst n lines give 0 0 0 2 α · · · α distance n α p 2 2 0 0 3 · · · If x ̸∈ { 0 , 1 } n , 2 0 0 2 3 · · · distance is . . . . . ... . . . . . . . . . . ≥ ( n + 1 ) α p 0 0 2 2 3 · · ·

  44. sat clause con- tributes 1 to the distance unsat clause contributes 3 p 1 A Very Special Case: 2 -SAT. Proof x 1 x 2 x n − 1 x n · · · x ∈ { 0 , 1 } n 2 α 0 0 0 · · · α 0 2 α 0 0 · · · α . . . ... . . . . . 0 0 . 0 0 0 2 α · · · α 2 2 0 0 3 · · · 2 0 0 2 3 · · · . . . . . ... . . . . . . . . . . 0 0 2 2 3 · · ·

  45. unsat clause contributes 3 p 1 A Very Special Case: 2 -SAT. Proof x 1 x 2 x n − 1 x n · · · x ∈ { 0 , 1 } n 2 α 0 0 0 · · · α 0 2 α 0 0 · · · α sat clause con- . . . ... . . . . . 0 0 . tributes 1 to 0 0 0 2 α · · · α the distance 2 2 0 0 3 · · · 2 0 0 2 3 · · · . . . . . ... . . . . . . . . . . 0 0 2 2 3 · · ·

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness

Mechanical Properties of Paint Coatings Hardness Measurement Shore Hardness D Barcol Hardness ASTM D2583 Fiberglass Aluminum Aluminum Alloys Soft Metals Plastics Scratch Hardness- (IS 101 - Part 5/Sec 2) BS 3900 Hardness can

1.89k views • 30 slides
Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical

Beyond NP [HMU06,Chp.11a] Tautology Problem NP-Hardness and co-NP Historical Comments Optimization Problems More Complexity Classes 1 Tautology Problem &amp; NP-Hardness &amp; co-NP 2 NP-Hardness Another

559 views • 23 slides
Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP

Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP

Subsection 2 NP -hardness 36 / 109 NP -Hardness Do hard problems exist? Depends on P = NP Next best thing: define hardest problem in NP A problem P is NP -hard if Every problem Q in NP can be solved in this way: 1. given an instance

609 views • 14 slides
Quantitative Quantitative Quantitative Quantitative Modal Modal Transition Transition

Quantitative Quantitative Quantitative Quantitative Modal Modal Transition Transition

Quantitative Quantitative Quantitative Quantitative Modal Modal Transition Transition Systems Systems Kim Guldstrand Larsen Aalborg University Aalborg University, DENMARK The Early Days Edinburgh 83-85 Milner Symposium, Kim

661 views • 47 slides
G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen,

G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen,

G-APD radiation hardness D. Renker 1 , Y. Musienko 2, * 1) Paul Scherrer Institute, Villigen, Switzerland 2) Northeastern University, Boston, USA * ) on leave from INR(Moscow) LIGHT 07, September 26, 2007, Ringberg Castle G-APD radiation hardness

375 views • 23 slides
From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems

From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems

From CATS to SAT: Modeling Empirical Hardness to Understand and Solve Hard Computational Problems Kevin Leyton Brown Computer Science Department University of British Columbia CATS Empirical Hardness Models EHMs for SAT SATzilla Intro

1.15k views • 75 slides
Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay

Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay

Viterbi Training for PCFGs: Hardness Results and Competitiveness of Uniform Initialization Shay Cohen Noah Smith Carnegie Mellon University July 14, 2010 Outline Hardness results for unsupervised learning of PCFGs Background and problem

602 views • 46 slides
Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit

Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit

Parameters of Two-Prover-One-Round Game and The Hardness of Connectivity Problems Bundit Laekhanukit McGill University 1 This Talk Investigate the connection between 2-Prover-1-Round Game (2P1R) and Hardness of Approximating

540 views • 43 slides
NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers

NP-Hardness Proofs . . . Usual Proofs of NP- . . . Proofs of NP- . . . Pedagogical Problem . . . NP-Hardness Proofs With What Problems We . . . What Problems We . . . Realistic Computers Instead What Is NP-Hard: . . . Proof that . . . of

296 views • 12 slides
Welcome to the course! Quantitative Risk Management in R About me Professor in

Welcome to the course! Quantitative Risk Management in R About me Professor in

QUANTITATIVE RISK MANAGEMENT IN R Welcome to the course! Quantitative Risk Management in R About me Professor in mathematical statistics, actuarial science, and quantitative finance Author of Quantitative Risk Management: Concepts,

733 views • 23 slides
Introduction to Quantitative Measurements Issues and Techniques What is a Quantitative

Introduction to Quantitative Measurements Issues and Techniques What is a Quantitative

Introduction to Quantitative Measurements Issues and Techniques What is a Quantitative Measurement? A record of data in the form of numbers. Example: Let s say a technician wants to find the temperature of a vat of hot water. He

180 views • 5 slides
Unified characterisations of resolution hardness measures Olaf Beyersdorff 1 Oliver Kullmann 2 1

Unified characterisations of resolution hardness measures Olaf Beyersdorff 1 Oliver Kullmann 2 1

Unified characterisations of resolution hardness measures Olaf Beyersdorff 1 Oliver Kullmann 2 1 School of Computing, University of Leeds, UK 2 Computer Science Department, Swansea University, UK 1 Hardness measures for resolution Historically

659 views • 23 slides
Hardness vs Randomness for Bounded Depth Arithmetic Circuits Chi-Ning Chou Mrinal Kumar Noam

Hardness vs Randomness for Bounded Depth Arithmetic Circuits Chi-Ning Chou Mrinal Kumar Noam

Hardness vs Randomness for Bounded Depth Arithmetic Circuits Chi-Ning Chou Mrinal Kumar Noam Solomon Harvard University 1 Outline Arithmetic circuits and algebraic complexity classes Polynomial identity testing (PIT) Hardness vs

1.8k views • 145 slides
Hardness of Mastermind Giovanni Viglietta Department of Computer Science, University of Pisa,

Hardness of Mastermind Giovanni Viglietta Department of Computer Science, University of Pisa,

Hardness of Mastermind Giovanni Viglietta Department of Computer Science, University of Pisa, Italy Venice - June 5 th , 2012 Easy to learn. Easy to play. But not so easy to win. Mastermind commercial, 1981 Hardness of Mastermind

1.16k views • 60 slides
Quantitative characterization Quantitative characterization of mixtures and complex fo mation

Quantitative characterization Quantitative characterization of mixtures and complex fo mation

EMBO Global Exchange Lecture Course 3 May 2011 Beijing China Quantitative characterization Quantitative characterization of mixtures and complex fo mation formation Peter Konarev European Molecular Biology Laboratory, Hamburg Outstation

557 views • 42 slides
Quantitative Reasoning + Skills Reasoning (QR): what + why Challenges New Faculty Winter

Quantitative Reasoning + Skills Reasoning (QR): what + why Challenges New Faculty Winter

2/7/20 Outline Quantitative Quantitative Reasoning + Skills Reasoning (QR): what + why Challenges New Faculty Winter Workshop 2019 Teaching Strategies Lin Winton, Quantitative Resource Center Resources Quantitative Resource

335 views • 4 slides
Plug-and-Play Methods Provably Converge with Properly Trained Denoisers Ernest K. Ryu 1 Sicheng

Plug-and-Play Methods Provably Converge with Properly Trained Denoisers Ernest K. Ryu 1 Sicheng

Plug-and-Play Methods Provably Converge with Properly Trained Denoisers Ernest K. Ryu 1 Sicheng Wang 2 Jialin Liu 1 Xiaohan Chen 2 Zhangyang Wang 2 Wotao Yin 1 2019 International Conference on Machine Learning 1 UCLA Mathematics 2 Texas A&amp;M

1.26k views • 50 slides
Lecture 7.6: Rings of fractions Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 7.6: Rings of fractions Matthew Macauley Department of Mathematical Sciences Clemson

Lecture 7.6: Rings of fractions Matthew Macauley Department of Mathematical Sciences Clemson University http://www.math.clemson.edu/~macaule/ Math 4120, Modern Algebra M. Macauley (Clemson) Lecture 7.6: Rings of fractions Math 4120, Modern

334 views • 6 slides
A Network Coding Approach A Network Coding Approach to IP Traceback Pegah Sattari, Minas Gjokas,

A Network Coding Approach A Network Coding Approach to IP Traceback Pegah Sattari, Minas Gjokas,

A Network Coding Approach A Network Coding Approach to IP Traceback Pegah Sattari, Minas Gjokas, Athina Markopoulou EECS, UC Irvine Outline Outline o Background on Traceback o Background on Traceback o Main idea PPM+NC o Practical PPM+NC

490 views • 28 slides
Deep Approximation via Deep Learning Zuowei Shen Department of Mathematics National University

Deep Approximation via Deep Learning Zuowei Shen Department of Mathematics National University

Deep Approximation via Deep Learning Zuowei Shen Department of Mathematics National University of Singapore Outline Introduction of approximation theory 1 Approximation of functions by compositions 2 Approximation rate in term of number of

1.03k views • 74 slides
PROPOSED CAPITAL IMPROVEMENT PROGRAM FY2020 FY2024 CAPITAL IMPROVEMENT PROGRAM (CIP)

PROPOSED CAPITAL IMPROVEMENT PROGRAM FY2020 FY2024 CAPITAL IMPROVEMENT PROGRAM (CIP)

PROPOSED CAPITAL IMPROVEMENT PROGRAM FY2020 FY2024 CAPITAL IMPROVEMENT PROGRAM (CIP) Drafted annually &amp; parallels with the Citys annual operating budget process. Five year outlook allows for planning &amp; prioritization of

419 views • 19 slides
The Slide Master and Sections for Organization: Inserting, Deleting, and Moving Around Slides and

The Slide Master and Sections for Organization: Inserting, Deleting, and Moving Around Slides and

The Slide Master and Sections for Organization: Inserting, Deleting, and Moving Around Slides and Sections Welcome to the next lesson in the third module of this PowerPoint course. This time around, we are going to continue with our efforts to

889 views • 10 slides
EDUCATION 1 50-930C, 5/20/0 How To Use GoToWebinar 2 employer_education@strsoh.org 1 STATE

EDUCATION 1 50-930C, 5/20/0 How To Use GoToWebinar 2 employer_education@strsoh.org 1 STATE

STATE TEACHERS RETIREMENT SYSTEM OF OHIO Calculating Service Credit Using Days Calculating Service Credit Using Days EMPLOYER EDUCATION 1 50-930C, 5/20/0 How To Use GoToWebinar 2 employer_education@strsoh.org 1 STATE TEACHERS RETIREMENT

886 views • 14 slides
Core Principles of Financial Management National HOPWA Institute 2017 Tampa, FL The HOPWA

Core Principles of Financial Management National HOPWA Institute 2017 Tampa, FL The HOPWA

Core Principles of Financial Management National HOPWA Institute 2017 Tampa, FL The HOPWA Institute: Housings Role in Ending the HIV Epidemic Presentation Objectives 5 Goals Communicate clear guidelines Increase understanding of

811 views • 47 slides

More recommend