Zero-Knowledge Interactive Proof Systems for New Lattice Problems

Abstract

In this work we introduce a new hard problem in lattices called Isometric Lattice Problem (ILP) and reduce Linear Code Equivalence over prime fields and Graph Isomorphism to this problem. We also show that this problem has an (efficient prover) perfect zero-knowledge interactive proof; this is the only hard problem in lattices that is known to have this property (with respect to malicious verifiers). Under the assumption that the polynomial hierarchy does not collapse, we also show that ILP cannot be NP-complete. We finally introduce a variant of ILP over the rationals radicands and provide similar results for this new problem.

C. Crépeau and R.A. Kazmi—Supported in part by Québec’s FRQNT, Canada’s NSERC and CIFAR.

A Computing Sine and Cosine Efficiently

Let p(n) be any desired publicly known positive polynomial. Recall that

$$\begin{aligned} \sin \left( \frac{\pi }{2^{p(n)}}\right) =\frac{1}{2}\underbrace{<\frac{1}{2},2-<\frac{1}{2},2+\cdots +<\frac{1}{2},2>>\cdots >}_{p(n)-1} \end{aligned}$$

$$\begin{aligned} \cos \left( \frac{\pi }{2^{p(n)}}\right) =\frac{1}{2}\underbrace{<\frac{1}{2},2+<\frac{1}{2},2+\cdots +<\frac{1}{2},2>>\cdots >}_{p(n)-1}. \end{aligned}$$

Suppose we have to compute \(\sin \!\left( \frac{l\cdot \pi }{2^{p(n)}}\right) \) for some \(0\le l\le 2^{p(n)}\).

$$\begin{aligned}&\sin (\alpha +\beta )=\sin (\alpha )\cos (\beta )+\sin (\beta )\cos (\alpha )\\&\cos (\alpha +\beta )=\cos (\alpha )\cos (\beta )-\sin (\alpha )\sin (\beta ) \end{aligned}$$

Write \(l=\sum _{i=0}^{k}x_i \cdot 2^i,\) \(x_i\in \{0,1\}\) and \(k\le p(n)\). WLOG we can assume that l is not even.

$$\begin{aligned} \sin \!\left( \frac{l\cdot \pi }{2^{p(n)}}\right)&=\sin \!\left( \frac{\pi }{2^{p(n)-k}}+\dots +\frac{\pi }{2^{p(n)}}\right) \\&=\sin \!\left( \frac{\pi }{2^{p(n)-k}}\right) \cos \left( \frac{\left[ \sum _{i=0}^{k-1}x_i 2^i\right] \pi }{2^{p(n)}}\right) \\&\quad +\sin \left( \frac{\left[ \sum _{i=0}^{k-1}x_i 2^i\right] \pi }{2^{p(n)}}\right) \cos \left( \frac{\pi }{2^{p(n)-k}}\right) \!. \end{aligned}$$

Note that \(\sin \!\left( \frac{\pi }{2^{p(n)-k}}\right) \) and \(\cos \left( \frac{\pi }{2^{p(n)-k}}\right) \) can be computed directly. Now we can recursively compute \(\cos \left( \frac{\left[ \sum _{i=0}^{k-1}x_i 2^i\right] \pi }{2^{p(n)}}\right) \) and \(\sin \left( \frac{\left[ \sum _{i=0}^{k-1}x_i 2^i\right] \pi }{2^{p(n)}}\right) \). But since \(\sin (\theta )^2=1-\cos ^2(\theta ),\) in recursion we will only have to compute either \(\cos \left( \frac{\left[ \sum _{i=0}^{k-1}x_i 2^i\right] \pi }{2^{p(n)}}\right) \) or \(\sin \left( \frac{\left[ \sum _{i=0}^{k-1}x_i 2^i\right] \pi }{2^{p(n)}}\right) \).

Clearly depth of the recursion is \(k\le p(n)\) and for each recursive step we will have four values, with each value is of size O(p(n)). Hence in total running time is at most O(p(n)) operations. Similarly, one can show that \(\cos \!\left( \frac{l\cdot \pi }{2^{p(n)}}\right) \) for any \(0\le l\le 2^{p(n)},\) can be computed in polynomial time as well.