Considerations on computational lattice problems

  1. Wagner, Urs
Dirigée par:
  1. Joachim Rosenthal Directeur/trice

Université de défendre: Universität Zürich

Fecha de defensa: 14 juin 2013

Jury:
  1. Gerard Maze President
  2. Chris Monico Secrétaire
  3. Joan-Josep Climent Coloma Rapporteur

Type: Thèses

Résumé

Lattices are discrete subgroups of the Euclidean space. While they are highly structured objects and their elements can easily be described by means of integer linear combinations of their basis vectors, it is possible to define NP-hard problems on them. Due to the existence of a class of lattices with favorable worst-case to average-case connection, these problems are well suited as basis for provable secure cryptosystems. The problems appearing in this thesis are the shortest vector problem (SVP), the closest vector problem (CVP) and their approximate versions respectively. All known algorithms that solve these problems exactly run in exponential time, while there are polynomial-time algorithms that solve these problems approximately. The latter ones either perform or are based on basis reduction. Any improvement on these algorithms has direct impact on the security parameters of various cryptographic functions proposed. This thesis contains results on the algorithmic side as well as theoretical considerations. Concerning approximation of SVP, a polynomial time improvement of LLL |probably the most famous lattice basis reduction algorithm| is presented. Further, improvements on both, an algorithm to solve the SVP exactly and an algorithm to solve the CVP exactly, are given. The first extends the AKS sieve algorithm while the second is a closest point search algorithm based on HKZ bases. The more theoretical results are two-fold: on the one hand, we prove new inequalities on the harmonic, geometric and arithmetic means inequalities if two of the means are known. This leads to new inequalities between the orthogonality defect and the Seysen measure of a lattice basis, both quantifying the reducedness of a basis. On the other hand, the natural density of rectangular unimodular matrices is computed, giving partial answers on the probability that randomly chosen lattice vectors can be completed into a basis or generate the lattice respectively.